|
1.安装环境: 操作系统:centos 7.5地址规划:192.168.254.10 openstack-server架构:所有组件(包括控制节点、计算节点、网络节点)全部安装一个节点2.系统配置: [root@localhost ~]# hostname openstack-server. [- k0 T4 t4 T6 p' Y
' P7 w* T. s1 K1 Q: j[root@openstack-server ~]# vim /etc/hostname, Z& P1 z* @4 g u' {
openstack-server
$ x# V2 ~' w Z0 I7 j: t[root@openstack-server ~]# vim /etc/hosts
) l$ R3 z* R/ b S$ j' s/ Y192.168.254.10 openstack-server openstack-server.smoke.com
* G6 n& T" c8 o9 p! ~2 F[root@openstack-server ~]# ifconfig
. \9 v* ?) V, J2 W- senp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 4 H P1 j r0 u, `% {% M0 U @
inet 192.168.254.10 netmask 255.255.255.224 broadcast 192.168.254.31
- W6 \6 j% Y K4 b4 w2 h! n. C inet6 fe80::119a:26d0:b028:74d0 prefixlen 64 scopeid 0x20<link> ) K( _- N% i( u+ v
ether 00:e0:4c:0f:ff:a9 txqueuelen 1000 (Ethernet) ; r4 }* w2 B) v5 m, N; a' l. {2 ^
RX packets 42277 bytes 39441483 (37.6 MiB) - f( I3 A& ?5 e6 c! X9 u
RX errors 0 dropped 0 overruns 0 frame 0
- n0 v w2 ?. }; {- @2 z TX packets 14912 bytes 1016294 (992.4 KiB)
- \( s, V: }4 k( E8 \% m. @. z TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0& ^& W. v1 |! y6 f
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
! o* {4 q8 m% R+ z: @- t inet 127.0.0.1 netmask 255.0.0.0 " i9 B7 }; G ~5 `9 G$ A$ G& n
inet6 ::1 prefixlen 128 scopeid 0x10<host>
- K0 i3 p" ]. I) Q$ D: R; v+ R loop txqueuelen 1000 (Local Loopback)
7 |! L2 y. x# K, F4 w: z RX packets 32 bytes 2792 (2.7 KiB)
$ ]9 ]$ x" ^+ y! l RX errors 0 dropped 0 overruns 0 frame 0
U$ Z. E0 v% S0 n TX packets 32 bytes 2792 (2.7 KiB) 9 |4 M' Q. H9 E: b: }' j
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
! ^' i6 j _9 J F3.安装时间同步服务NTP:
; ]7 C: I8 I& k: q[root@openstack-server ~]# yum install chrony 修改chrony服务配置: [root@openstack-server ~]# vim /etc/chrony.conf+ l$ c0 c1 V8 C: W& B: a0 a
allow 192.168.254.0/27( e: I6 r9 X( p4 O9 |% B, P
启动chrony服务: [root@openstack-server ~]# systemctl enable chronyd.service
: ~* h3 s6 x5 a4 N; @[root@openstack-server ~]# systemctl start chronyd.service# r" X9 N, n. I# h9 u- V1 o6 ]6 e0 B
设置时区:
9 q( |7 t7 h" j! g- h[root@openstack-server ~]# timedatectl set-timezone Asia/Shanghai 4.安装阿里的OpenStack源: [root@openstack-server ~]# vim /etc/yum.repos.d/OpenStack-Rocky.repo) [( w; k6 L. C1 E% q1 a
[openstack-rocky]8 S' G9 B. L9 c9 F
name=openstack-rocky+ k) Z A3 } j+ ]. v
baseurl=https://mirrors.aliyun.com/centos/7.5.1804/cloud/x86_64/openstack-rocky/3 T1 V/ |. Q6 m* K6 H: D9 r+ x
gpgcheck=06 P! ?5 I0 g1 t2 P
gpgkey=https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-78 I) A8 t1 j8 g! E% N; I# h/ _
repo_gpgcheck=0, b& G1 r: C% L7 g! {! o8 m- O0 s
enabled=1
- F: S( z# \+ B# h6 d[root@openstack-server ~]# yum clean all; B, D9 [+ x( a* [. n- P
[root@openstack-server ~]# yum makecache6 l' e: b' _3 u, A
还可以使用官方yum源方式: [root@openstack-server ~]# yum install centos-release-openstack-rocky
/ P" Q- ]* j+ V5 v9 h; y1 n[root@openstack-server ~]# yum install https://rdoproject.org/repos/rdo-release.rpm
& t t7 W7 ~% _6 i+ K升级软件包:
4 U% m; v% k7 W% w0 z' W" \+ ?0 D0 D9 t[root@openstack-server ~]# yum -y upgrade 安装OpenStack client:( Z( x0 B; ?3 J& R3 X; N6 P$ [ H
[root@openstack-server ~]# yum -y install python-openstackclient 安装openstack-selinux:
* H. V1 E, m3 I5 {7 |- E[root@openstack-server ~]# yum -y install openstack-selinux 5.安装Mariadb:: f. S& A9 J R X$ A! j
[root@openstack-server ~]# yum -y install mariadb mariadb-server python2-PyMySQL 修改Mariadb配置文件: [root@openstack-server ~]# mv /etc/my.cnf /etc/my.cnf.bak- z1 l8 P& o% y
[root@openstack-server ~]# cp /usr/share/mariadb/my-large.cnf /etc/my.cnf) J7 U$ L3 N+ {$ y0 _- X- B3 y, n" J
[root@openstack-server ~]# vim /etc/my.cnf. @- e1 x/ w" ]
[mysqld]
4 V3 C4 h( B' e3 F* Y% f8 h9 obind-address = 192.168.254.10
. {: ]- {! @4 T! i8 udefault-storage-engine = innodb
8 h/ }' c2 ^7 J( V' I* Qinnodb_file_per_table = on) r, E/ o& s7 c* B: ~
max_connections = 4096
) \* [# U3 N) X$ Y A0 fcollation-server = utf8_general_ci
* r. j" G3 H5 Y1 fcharacter-set-server = utf8
. j# p' @' p' E# j3 L1 z启动Mariadb服务: [root@openstack-server ~]# systemctl enable mariadb.service8 X6 J# I8 s0 d
[root@openstack-server ~]# systemctl start mariadb.service
0 c R" U; j6 x8 d/ o4 O初始化Mariadb:; X9 Q& s( j$ D2 G
[root@openstack-server ~]# mysql_secure_installation(按提示操作设置root密码) 6.安装rabbitmq-server:
' O' d; u/ C: ^! S: }3 l* X[root@openstack-server ~]# yum -y install rabbitmq-server 启动rabbitmq-server服务: [root@openstack-server ~]# systemctl enable rabbitmq-server.service
. |5 W" _/ Y/ a& F. O- w[root@openstack-server ~]# systemctl start rabbitmq-server.service
2 A, A: Z% @- a/ y添加openstack用户: [root@openstack-server ~]# rabbitmqctl add_user openstack openstack6 O) U/ \/ C/ f+ Z$ o1 U
[root@openstack-server ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
7 }2 B8 V1 F) _3 P9 ?开启web管理插件:
$ x! o4 P. m5 Y1 o[root@openstack-server ~]# rabbitmq-plugins enable rabbitmq_management 使用web访问rabbitmq-server(默认账号guest,密码guest): 4 m5 T* I+ [+ K, N' p% A N
 设置openstack用户Tags为administrator(点击Admin -- openstack): 6 ~. T$ ~8 H, I6 h% }* e4 \8 U; {8 z
 点击Update this user:% U/ Y( C3 F# B6 Z* z/ k
查看设置:
6 ~7 x, w1 U* l; _ 7.安装memcached:7 ?; y2 _( G) r5 N+ `" K& m' ^% W
[root@openstack-server ~]# yum -y install memcached python-memcached 修改memcached服务配置: [root@openstack-server ~]# vim /etc/sysconfig/memcached/ s g( j1 q) q h* m: S
PORT="11211": s, x" @ N; Q7 e* t
USER="memcached"
7 f8 m8 J( ^0 p0 E. UMAXCONN="1024"
4 t/ n% v) U" x- G1 [CACHESIZE="64"
* Q- D2 a/ F. s: P; I5 C: lOPTIONS="-l 0.0.0.0,::1"# a7 R6 `8 G) O: r
启动memcached服务: [root@openstack-server ~]# systemctl enable memcached.service- J) ]8 i) E8 ~: j
[root@openstack-server ~]# systemctl start memcached.service
7 a- }3 n6 n2 B7 x8 O; P. k8.安装etcd服务:
5 [( I2 e9 q: K1 O7 S[root@openstack-server ~]# yum -y install etcd 修改etcd服务配置: [root@openstack-server ~]# vim /etc/etcd/etcd.conf
$ Z1 s9 p) ?$ F Q3 ~& y5 ~& I#[Member]2 v, ~: ]6 i" f5 [5 [
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"$ j+ \9 n# Y0 ]4 ~5 n
ETCD_LISTEN_PEER_URLS="http://192.168.254.10:2380"
- x- L1 N5 A8 z% P/ q5 B+ UETCD_LISTEN_CLIENT_URLS="http://192.168.254.10:2379"2 \' e7 E. v3 {
ETCD_NAME="openstack-server"
" \. Y" u! r$ s E4 h b8 [#[Clustering]# j% i4 X; g# ^7 U3 T0 p; I
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.254.10:2380"
& }/ C$ t7 }: k5 ^, oETCD_ADVERTISE_CLIENT_URLS="http://192.168.254.10:2379"
+ x! }: Z: P8 s$ DETCD_INITIAL_CLUSTER="openstack-server=http://192.168.254.10:2380"
& V( K& H: G7 M; f) tETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
, f9 ^" t! f' d. c% X1 fETCD_INITIAL_CLUSTER_STATE="new"
/ W; q$ e9 B5 J. D0 I3 g D启动etcd服务: [root@openstack-server ~]# systemctl enable etcd
3 P; H" w- P7 j' g; b0 B+ |3 k[root@openstack-server ~]# systemctl start etcd
& ]; k4 Q( @5 j* t! e- p8 _, w9.安装keystone:* {- n: ^: S" s) r( q, }* [. w, j
在Mariadb创建keystone库和用户: [root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE keystone;") T: y& B6 y L/ |2 t% E$ i$ |
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';"
% H5 b2 N0 L2 o: q7 L3 r3 d[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';"6 K2 R! A. H @# z! A% F f$ J
安装keystone:2 D5 E& t8 ?! Y/ E2 @
[root@openstack-server ~]# yum -y install openstack-keystone httpd mod_wsgi 修改keystone服务配置: [root@openstack-server ~]# vim /etc/keystone/keystone.conf
: m4 j: O3 A7 ?# d+ a. m[database]
E8 u* i6 F* K A, E+ ?, ~connection = mysql+pymysql://keystone:keystone@openstack-server/keystone
, J2 w4 M! |* K( D0 {[token]provider = fernet
7 w$ `' T+ x8 h+ W: G `同步数据库:
' Q0 N2 M( x& s5 ]8 z[root@openstack-server ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone 初始化Fernet key仓库: [root@openstack-server ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
9 P" W& w! V% o# c8 P- S# V[root@openstack-server ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
1 Z( n5 M- ~; M* T G引导身份服务: [root@openstack-server ~]# keystone-manage bootstrap --bootstrap-password admin --bootstrap-admin-url http://openstack-server:5000/v3/ --bootstrap-internal-url http://openstack-server:5000/v3/ --bootstrap-public-url http://openstack-server:5000/v3/ --bootstrap-region-id RegionOne修改httpd服务配置: [root@openstack-server ~]# vim /etc/httpd/conf/httpd.conf
/ \; k' f* U+ `) TServerName openstack-server. e9 g( h: d, {0 g8 W) a. C+ J
创建wsgi-keysone配置文件链接:9 ?, H, K" h3 a$ v! G ]* T
[root@openstack-server ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ 启动httpd服务: [root@openstack-server ~]# systemctl enable httpd.service
/ i! s4 X7 ^ Z" ?[root@openstack-server ~]# systemctl start httpd.service; X% p* r# |3 u% {4 B" G
[root@openstack-server ~]# vim admin-openrc.sh
5 h9 N. U3 v) M# Zexport OS_USERNAME=admin
6 ]! o; x6 ]3 _export OS_PASSWORD=admin
7 C% p) r0 z3 Z) j# g9 a; K \export OS_PROJECT_NAME=admin
' Z! f Z$ j: K! c: Z4 fexport OS_USER_DOMAIN_NAME=Default, y9 }) j+ S+ M* W
export OS_PROJECT_DOMAIN_NAME=Default, h; X6 Y2 }5 v2 m) `! ]; x. U
export OS_AUTH_URL=http://openstack-server:5000/v3' H. ]* z" ?$ |! o q! e# y
export OS_IDENTITY_API_VERSION=3) H) u8 q7 n, n, q# G; T; Q
" X; k! S: m- F. F' f
6 L9 B! G4 V' B4 A创建域,项目,用户,角色: [root@openstack-server ~]# . admin-openrc.sh( t* P9 `6 u* M3 c
[root@openstack-server ~]# openstack domain create --description "An Example Domain" example
$ B( I) n) e# T9 m- s[root@openstack-server ~]# openstack project create --domain default --description "Service Project" service
4 \/ K) y; T. r: ~[root@openstack-server ~]# openstack project create --domain default --description "Demo Project" myproject, y- C/ [# k! J+ W2 z+ }. {
[root@openstack-server ~]# openstack user create --domain default --password-prompt myuser
6 |2 m/ G! \8 d6 x: h K[root@openstack-server ~]# openstack role create myrole3 [" q/ a+ N5 S7 f
[root@openstack-server ~]# openstack role add --project myproject --user myuser myrole
) U/ G4 h6 b j! w, e: M/ _验证keystone是否安装成功: [root@openstack-server ~]# unset OS_AUTH_URL OS_PASSWORD
3 Z Z( [' H0 M+ f. p* q! s1 Y) E[root@openstack-server ~]# openstack --os-auth-url http://openstack-server:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue5 _1 ^* t2 Z: Z) l
创建myuser环境变量: [root@openstack-server ~]# vim myuser-openrc.sh# X5 ~$ f4 E2 e
export OS_USERNAME=myuser
/ Y, u J+ v8 |! W' y+ U% Cexport OS_PASSWORD=myuser9 a- ]! u+ p/ `0 l- q
export OS_PROJECT_NAME=myproject' T& ?; a2 D# D; {
export OS_USER_DOMAIN_NAME=Default! s$ a) v A6 I
export OS_PROJECT_DOMAIN_NAME=Default
! W" G) T! l* Sexport OS_AUTH_URL=http://openstack-server:5000/v3- N: g" i T2 l, n& m
export OS_IDENTITY_API_VERSION=32 o3 W {4 _1 l+ Z" A
! ^& n" p5 i( _/ ^- U/ D6 B
使用myuser用户进行测试: [root@openstack-server ~]# . myuser-openrc.sh8 [2 F# r9 j4 S( Y5 ]2 q
[root@openstack-server ~]# openstack --os-auth-url http://openstack-server:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue; s0 A3 [4 u+ x; Q* @* U* p
修改用户环境变量脚本: [root@openstack-server ~]# vim admin-openrc.sh
( p. x0 a1 F( i& H: a5 H, Mexport OS_USERNAME=admin) {* v* `( u$ R4 b; m6 l, [2 K/ M
export OS_PASSWORD=admin3 I% q- v6 R: U5 c6 c+ d6 j& r/ H
export OS_PROJECT_NAME=admin0 g3 w7 z% D8 V, D3 D' q
export OS_USER_DOMAIN_NAME=Default' W% S8 X! e( i- b; q3 p
export OS_PROJECT_DOMAIN_NAME=Default! m. W5 ]& B2 b+ U: Y( `$ [) a- {+ _
export OS_AUTH_URL=http://openstack-server:5000/v3
. Z0 E; r0 d/ Oexport OS_IDENTITY_API_VERSION=3/ q0 @$ ?; H# M
export OS_IMAGE_API_VERSION=2( ~- @ i. K9 j6 c$ X/ e# B+ ]& m
[root@openstack-server ~]# vim myuser-openrc.sh& u/ `% u$ [% \; m' M" N, P7 X
export OS_USERNAME=myuser
% M9 a; M5 W) U, Cexport OS_PASSWORD=myuser' A& \: n7 F0 p6 y! ]
export OS_PROJECT_NAME=myproject, n/ u% @2 M# b& z$ R4 P# N7 F
export OS_USER_DOMAIN_NAME=Default T. o! j$ J2 R# @: r
export OS_PROJECT_DOMAIN_NAME=Default% D# N0 q% h N. Z) U
export OS_AUTH_URL=http://openstack-server:5000/v3
3 W4 }; e+ u! {5 Texport OS_IDENTITY_API_VERSION=3: R: r- g& l5 g
export OS_IMAGE_API_VERSION=2( O L+ V9 |0 z* q3 I: r
使用脚本测试: [root@openstack-server ~]# . admin-openrc.sh
6 T) E( c' }1 A$ h2 l" G7 ]; m[root@openstack-server ~]# openstack token issue
/ e" u( I6 J1 v8 K) [3 {8 S' c10.安装glance:
6 n5 G. V9 ~! T0 @在Mariadb创建glance库和用户: [root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE glance;"! W7 ?! P, g! V4 S! l$ ? o
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';"* _4 K2 N' m, l3 I
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';"
5 ?1 c0 d5 i! f( _& c5 ]8 z3 d创建glance用户,服务,端点: [root@openstack-server ~]# . admin-openrc.sh
2 ?& Q+ [/ {' J. F* c+ b: I5 ?[root@openstack-server ~]# openstack user create --domain default --password-prompt glance' u9 b; T U x7 s& V
[root@openstack-server ~]# openstack role add --project service --user glance admin M! }$ }: M! W' h
[root@openstack-server ~]# openstack service create --name glance --description "OpenStack Image" image( K* s( `' a9 A" g
[root@openstack-server ~]# openstack endpoint create --region RegionOne image public http://openstack-server:9292
' g: H1 m6 b: g+ M0 U[root@openstack-server ~]# openstack endpoint create --region RegionOne image internal http://openstack-server:9292
9 ~( w3 Y/ s9 t Y[root@openstack-server ~]# openstack endpoint create --region RegionOne image admin http://openstack-server:9292
* _' [% m0 V* s5 a7 p9 F安装glance:2 ~/ ]' j/ F5 G
[root@openstack-server ~]# yum -y install openstack-glance 修改glance-api和glance-registry服务配置: [root@openstack-server ~]# vim /etc/glance/glance-api.conf
P: l, G( ^& V. A( e" s3 n- G( l( @[database]1 d9 w3 s) V! P* y4 ]
connection = mysql+pymysql://glance:glance@openstack-server/glance" A& `2 v ~/ g! M, B" K
[keystone_authtoken]$ n3 D J3 t, z/ w# m
www_authenticate_uri = http://openstack-server:5000
6 e) l5 {( W7 L4 i6 ~: O; Kauth_url = http://openstack-server:5000
3 F# y" k, B# ?/ `2 ~memcached_servers = openstack-server:11211
, Z4 o5 v4 q# `* D0 M, S. c+ Q, ]( {auth_type = password& m( N% R: \/ v2 g
project_domain_name = Default
" h* ?' i1 l) r$ Vuser_domain_name = Default& [6 {/ J3 N5 e; B& z
project_name = service) `5 ~0 U8 f" d$ a* V
username = glance
# ?$ l0 L' v" i+ S }; Z5 rpassword = glance* b, H, Y9 K5 T$ N9 q
[paste_deploy]8 D" m4 {+ j7 O- k
flavor = keystone
6 j u2 T% a1 M[glance_store]4 ~; q% u5 T+ m$ ^4 ]2 B
stores = file,http: ?) w9 L d6 m' Q4 }1 S
default_store = file
! [; U1 k4 K$ m- Jfilesystem_store_datadir = /var/lib/glance/images
1 s. L7 T# x" A+ X. Z$ M1 V, f[root@openstack-server ~]# vim /etc/glance/glance-registry.conf
9 `+ K" w+ [) E& J% t+ {[database]
7 Z; w! b; M! D3 y+ M* {( Gconnection = mysql+pymysql://glance:glance@openstack-server/glance2 m: _% x* [1 d- v+ t
[keystone_authtoken]
8 I! Y1 ^( [4 _1 W) |www_authenticate_uri = [url=http://openstack-server:http://openstack-server:50001 x$ A+ d H( K, j
auth_url = [url=http://openstack-server:http://openstack-server:5000
1 C; u5 V5 k1 w0 f/ D7 s3 l& i1 qmemcached_servers = openstack-server:11211. c; p9 ^( ?# p$ b/ _
auth_type = passwordp
3 J7 e$ J% n' D' v$ h7 mroject_domain_name = Defaultu* k! V% ~4 b5 y
ser_domain_name = Default/ N- R% _. E1 d S. m& c0 [
project_name = serviceusername = glance! E a& l% R7 m2 V7 I
password = glance
1 J) s" k j: D* F6 K" u9 @! b) D[paste_deploy]
: o9 d9 l8 g6 p/ l2 K8 p* R( I; Kflavor = keystone
3 r* \7 u" b# Y同步glance数据库:. h! k/ y* H" d. g" _+ z% |
[root@openstack-server ~]# su -s /bin/sh -c "glance-manage db_sync" glance 启动glance-api和glance-registry服务: [root@openstack-server ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service* w9 p: `) t6 g" Z' v- L
[root@openstack-server ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service) t2 |. {: B( B1 q$ s
使用sdb1创建lvm用于存储镜像: [root@openstack-server ~]# fdisk -l /dev/sdb k* N" ~3 G- i
磁盘 /dev/sdb:250.1 GB, 250059350016 字节,488397168 个扇区Units = 扇区 of 1 * 512 = 512 bytes8 K2 _/ p$ R. m
扇区大小(逻辑/物理):512 字节 / 512 字节I/O 大小(最小/最佳):512 字节 / 512 . ^% A/ C% K1 C1 h( @
字节磁盘标签类型:dos磁盘标识符:0x441e1e17
3 D6 p& {; l Y- V设备 Boot Start End Blocks Id System/dev/sdb1 2048 104859647 52428800 8 e Linux LVM* N( n1 e1 v7 U
[root@openstack-server ~]# pvcreate /dev/sdb1
* X4 Y5 N" E& d6 F0 a3 F- k[root@openstack-server ~]# vgcreate glance-vg /dev/sdb1
9 O) p8 f+ ]: o) j4 i[root@openstack-server ~]# lvcreate -L 50G -n glance-lv glance-vg
, M# U* d' ]* C! _[root@openstack-server ~]# mkfs.xfs /dev/glance-vg/glance-lv9 r8 G$ @( ?1 h3 n1 A, b* S
[root@openstack-server ~]# blkid /dev/glance-vg/glance-lv
% @% |: V$ S# ?2 z/dev/glance-vg/glance-lv: UUID="072c4d36-7502-484b-b857-357a870dcc87" TYPE="xfs"5 |5 @( j" s4 g5 e' g5 `
# z% t( x/ ?. T* k* P
[root@openstack-server ~]# vim /etc/fstab
" z1 E, ~2 J) }2 ^% d) yUUID=072c4d36-7502-484b-b857-357a870dcc87 /var/lib/glance/images/ xfs defaults 0 0* S% y" w" x5 A3 K
[root@openstack-server ~]# mount -a% S# a7 F! k M) c) ~
[root@openstack-server ~]# chown -R glance:glance /var/lib/glance/
( S- C$ z; J/ t0 |$ `0 N
0 i- C0 H" A" v' T' v验证操作: [root@openstack-server ~]# . admin-openrc.sh8 h! }, ]1 M% n
[root@openstack-server ~]# wget http://download.cirros-cloud.net ... 4.0-x86_64-disk.img5 C/ x* m: x6 o. R
[root@openstack-server ~]# openstack image create "cirros" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --public% ?+ e. J/ g$ G* d' x4 R
[root@openstack-server ~]# openstack image list
: K6 j) P# \) X5 R+--------------------------------------+--------+--------+
( A- u$ |% L& J7 L! V# v- m| ID | Name | Status |$ \; E2 U: u3 I; @& R9 {! |. Z
+--------------------------------------+--------+--------+6 B- A+ W* [( r* }* h. T# }' Z
| 99b186e3-b29f-4366-ab5c-ebf5e53ef262 | cirros | active |, Q9 S( G8 n$ I" \ {% S; W
+--------------------------------------+--------+--------+$ h( `1 Z5 {2 {" Q d
11.安装nova:
- i% i& G2 t A) l- w; j6 d l/ V& x在Mariadb创建nova相关库和用户(控制节点): [root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE nova_api;"
& h+ b+ M, B7 f- h[root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE nova;"
; g* S: C6 X$ C; T[root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE nova_cell0;"
9 p5 O" t2 o/ ^. r) p6 E: f, e9 D: a[root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE placement;"1 Z0 `/ c0 e6 ~: ^5 T- J
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';"! ~7 o3 e6 x! t. @
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova''%' IDENTIFIED BY 'nova';"9 ^: f7 u! i# n" M' c8 h# j
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@‘localhost' IDENTIFIED BY 'nova';"
4 D5 O, e! E% _' T7 @. ~+ y" R[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';"9 N: A) D% @( ?! ]2 [
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';", n) p; N9 d: D. T f/ \
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova';"* n5 z3 E9 D( B2 `" j. n, Z G' p
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'placement';"4 L2 k. p( k0 r4 s* r* n
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'placement';"
1 `* r* T6 I( l, }创建nova用户,服务,端点; [root@openstack-server ~]# . admin-openrc.sh8 ?. E& C5 T o9 m! d5 {
[root@openstack-server ~]# openstack user create --domain default --password-prompt nova
# g7 _, ?, m* ^% x7 f[root@openstack-server ~]# openstack role add --project service --user nova admin7 ?& C1 {7 s4 K3 C+ O5 ?# v5 d
[root@openstack-server ~]# openstack service create --name nova --description "OpenStack Compute" compute6 V, t- B6 `' m8 K# x" w; O. r
[root@openstack-server ~]# openstack endpoint create --region RegionOne compute public http:/openstack-server:8774/v2.1
6 z6 Z. c0 w: a9 D[root@openstack-server ~]# openstack endpoint create --region RegionOne compute internal http://openstack-server:8774/v2.1
" e B, B+ w* K P[root@openstack-server ~]# openstack endpoint create --region RegionOne compute admin http://openstack-server:8774/v2.19 e! r6 z/ r' j4 \& ]
创建placement用户,服务,端点: [root@openstack-server ~]# openstack user create --domain default --password-prompt placement9 d* f, X4 Z: u. y& B
[root@openstack-server ~]# openstack role add --project service --user placement admin9 t( F, B$ d. ~
[root@openstack-server ~]# openstack service create --name placement --description "Placement API" placement
* [3 ?7 y8 n4 {& `8 y7 m6 Q[root@openstack-server ~]# openstack endpoint create --region RegionOne placement public http://openstack-server:8778
( w) r. t( X/ I2 t[root@openstack-server ~]# openstack endpoint create --region RegionOne placement internal http://openstack-server:8778
" e4 O6 w- B* o, _# e" b& _+ l5 C: @, b[root@openstack-server ~]# openstack endpoint create --region RegionOne placement admin http://openstack-server:8778) {" A5 A4 i& v
安装nove-api、nova-conductor、nova-console、nova-novncproxy、nova-schedule、nova-placement-api服务(控制节点): [root@openstack-server ~]# yum -y install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api修改nova服务配置: [root@openstack-server ~]# vim /etc/nova/nova.conf
- d. H" _; C0 ]) {8 n[DEFAULT]0 w9 C. X0 {* F2 M1 ]- M/ j1 y# l
enabled_apis=osapi_compute,metadata/ o6 b8 F, z; i
transport_url=rabbit://openstack:openstack@openstack-server+ `/ S2 Y! @( [! s5 q O
my_ip=192.168.254.109 r! d3 ^; w! ~0 ^! E& V1 r7 ^( E
use_neutron=true
$ b9 p+ ]' H/ l* H- c: f% T' Yfirewall_driver=nova.virt.firewall.NoopFirewallDriver
* h1 T9 f& s/ P7 F2 h7 t[api_database]
2 _' I- ]. l1 W; iconnection=mysql+pymysql://nova:nova@openstack-server/nova_api1 l, v+ v d8 a% Y8 R
[database]$ v9 T3 R& ?* x
connection=mysql+pymysql://nova:nova@openstack-server/nova
' k; r( ~) P% p[placement_database]
, G* j! G) w: T0 N3 p, Kconnection=mysql+pymysql://placement:placement@openstack-server/placement
! K9 ^. m( ~* w" [/ C+ l[api]" u/ k* c" ]: n# p; b
auth_strategy=keystone
/ z7 P+ t, `: R9 ^& Z. D[keystone_authtoken]6 K5 ^0 R- H0 {- F( [6 u7 m
auth_url=http://openstack-server:5000/v3
/ p( h) E; f, `5 T6 n' k% cmemcached_servers=openstack-server:112113 u; D+ G% x: v% \6 y
auth_type=password
; x1 B/ {% p/ u, kproject_domain_name = default
' x7 T& s7 ~5 K1 J* Duser_domain_name = default+ u6 k! V* U- g2 w# \
project_name = service
, W; L0 o1 K# d/ Eusername = nova* W0 N0 I" Q1 v$ w0 `& k
password = nova
. K0 `1 L# o# W% r; d! P: F2 X[vnc], }7 R9 k8 \0 ?4 R! E- b3 K4 Q
enabled=true
4 U% h$ @$ @6 N0 C0 @server_listen=0.0.0.02 j9 N: K+ [) e8 h$ K# P
server_proxyclient_address=$my_ip8 K! |6 q- y' F! M5 J% h' f' t9 K' f
[glance]
# S) `1 Z- `' [! \+ Q/ R x9 Oapi_servers=http://openstack-server:9292
, f. |8 m2 H8 ^8 r, Q[oslo_concurrency]( Y2 R6 a! F. F+ R- p7 v5 B, x2 ~6 m
lock_path=/var/lib/nova/tmp
) E; y9 M9 }, \3 M8 |. m u2 s$ r8 T[placement]( B/ `+ \; t' m c
region_name=RegionOne
+ T. y6 T4 k4 V2 uproject_domain_name = Default5 G9 d8 @& W* ^0 x }
project_name = service: p* ?. j$ f+ A2 q9 r* l8 {
auth_type = password4 W# W7 s* N& _/ b7 j b
user_domain_name = Default9 H0 ]: d1 P) }. H1 f( G0 y
auth_url = http://openstack-server:5000/v35 L% {8 [, E. p7 \7 g! \. k
username = placement
' D$ _- |) i0 q3 [password = placement
2 |, ^3 Z. l: I. M9 a6 c4 H
5 G E# L) J* o" j官网文档提示包bug问题,需要修改 /etc/httpd/conf.d/00-nova-placement-api.conf,添加/usr/bin相关内容到文件尾部; [root@openstack-server ~]# vim /etc/httpd/conf.d/00-nova-placement-api.conf9 [3 H! {* H" @! S2 N
<Directory /usr/bin>
4 I, ]2 t+ T' g9 w" L <IfVersion >= 2.4> Require all granted </IfVersion> ! _5 S8 S: `8 S$ d5 f1 Y/ _
<IfVersion < 2.4> Order allow,deny Allow from all </IfVersion>2 v6 v$ r. _" j( x, W& L
</Directory>
* G1 L( ~# @# p$ [重启httpd服务:
" j$ V. g- B o& a9 A c[root@openstack-server ~]# systemctl restart httpd 同步nova数据库: [root@openstack-server ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
& ~1 X) K r* d* W[root@openstack-server ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova4 t6 P% U2 v7 h) ^4 V
[root@openstack-server ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova28087259-877a-4ff7-b2a3-a4367a1fbd8d
/ U0 e: w# f; ?. L[root@openstack-server ~]# su -s /bin/sh -c "nova-manage db sync" nova
: `. Y" l6 o, S. A9 r& Q# E; d4 ?9 j7 y( \[root@openstack-server ~]# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova+ ]: x3 T! A5 ]& t5 V
启动nova-api、nova-scheduler、nova-conductor、nova-novncproxy服务: [root@openstack-server ~]# systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service4 L, q1 c7 `2 s5 }/ O+ f5 l
[root@openstack-server ~]# systemctl start openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service( S( ?* I+ {/ c
- f" S, z! ?2 o2 H$ j3 ^
安装nova-compute(计算节点):9 X% J5 e1 w4 d' j- e9 S
[root@openstack-server ~]# yum install openstack-nova-compute 修改nova配置文件: [root@openstack-server ~]# vim /etc/nova/nova.conf
+ t; o: H% E4 b7 N- Z+ D5 I[DEFAULT]
/ j* _* _$ n7 X) jenabled_apis=osapi_compute,metadata/ c* O6 T0 q0 H) T' Y% A
transport_url=rabbit://openstack:openstack@openstack-server# K# X* V6 D1 I% ]- [- V7 Y
my_ip=192.168.254.10
3 w4 o& I$ G' w" K% Euse_neutron=true1 Y/ x4 A/ j! R- w3 k) i
firewall_driver=nova.virt.firewall.NoopFirewallDriver
+ O5 s1 D& o1 ~[api]2 L1 X* [$ ?( x* z" t
auth_strategy=keystone
3 K S0 h8 U. x[keystone_authtoken]- e, z! k& _! y3 F4 m
auth_url = http://openstack-server:5000/v3
' x' M) I$ y) N! w/ X( D2 Ymemcached_servers=openstack-server:11211
" T" ]+ l0 c' Uauth_type=password+ z! N3 Q. o; U8 ^( P
project_domain_name = default
- ^: b, K) ?$ T; r9 Z4 {" suser_domain_name = default+ P; V: A* z; x7 l* y) U
project_name = service
$ h9 G5 U. E4 y- pusername = nova6 l9 h4 I) \ F
password = nova0 R2 _- F3 x* h6 ]
[vnc]
* @ X$ u' Z! V2 c6 z3 A1 eenabled=true/ H) F, r- Y! h; R) n
server_listen=0.0.0.0
! b& m1 S; e8 j0 Kserver_proxyclient_address=$my_ip
, i) I" X( M" pnovncproxy_base_url = http://openstack-server:6080/vnc_auto.html/ a" b3 b/ f+ N# y$ [
[glance]api_servers=http://openstack-server:9292# D# [, o0 n( ?' f6 o
[oslo_concurrency]
( m! P+ M% {- Block_path=/var/lib/nova/tmp7 Y2 e9 i" P" |* V$ i' q
[placement]% S" H6 N% x: t! o5 [
region_name=RegionOne
2 O" {# i, Z4 hproject_domain_name = Default# L7 G- R3 J1 D% d4 _4 M
project_name = service
/ S) L1 [9 U/ h' K+ x8 ]auth_type = password
- {6 ]) ~" f8 t. ?8 Cuser_domain_name = Default
$ x3 A0 m, T. e1 H3 j+ Y, h6 Sauth_url = http://openstack-server:5000/v3
4 V3 V7 F; _+ p1 y, ~& cusername = placementpassword = placement
0 X3 [6 s6 P* {: R w% x查看cpu是否支持虚拟化(0代表不支持): [root@openstack-server ~]# egrep -c '(vmx|svm)' /proc/cpuinfo4修改虚拟化类型,如果不支持cpu虚拟化使用qemu,如果支持使用kvm: [root@openstack-server ~]# vim /etc/nova/nova.conf
% @" K+ B6 o* t' Y# f4 k[libvirt]
) R& C% V8 c' R2 V2 r- i/ {virt_type=kvm
0 {% l# A- z4 A! P启动nova-compute和libvirtd服务: [root@openstack-server ~]# systemctl enable libvirtd.service openstack-nova-compute.service; Z" U' n3 ?$ U: u, B; h u
[root@openstack-server ~]# systemctl start libvirtd.service openstack-nova-compute.service2 I" H; T% ~1 C, a$ o+ i2 u% |
将计算节点cell数据库: [root@openstack-server ~]# . admin-openrc.sh8 H+ W0 Y+ K& k" f- f) j- M0 ~
[root@openstack-server ~]# openstack compute service list --service nova-compute0 @! M( L# D6 A Q0 z
[root@openstack-server ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
" s) j& y9 ~6 a% U/ F) Q编辑nova服务配置: [root@openstack-server ~]# vim /etc/nova/nova.conf
& u; H c' T0 e: h/ k# d4 F2 L7 k[scheduler]! Y# D8 X9 H' K7 u" @9 W
discover_hosts_in_cells_interval=300" g! g6 N8 N0 y0 t4 r
验证操作:
' q. _- X- ^2 C/ A[root@openstack-server ~]# . admin-openrc.sh [root@openstack-server ~]# openstack compute service list: p# ?3 e/ m- L$ Q: @* A$ D
+----+----------------+------------------+----------+---------+-------+----------------------------+7 X* j( |" P i9 c6 i. }
| ID | Binary | Host | Zone | Status | State | Updated At |
2 ~# ^- C9 `- |+----+----------------+------------------+----------+---------+-------+----------------------------+, ^5 b- D1 h+ n: H r
| 1 | nova-conductor | openstack-server | internal | enabled | up | 2018-10-23T13:45:26.000000 |
; P, @) q! G- U! @8 f7 a4 j| 3 | nova-scheduler | openstack-server | internal | enabled | up | 2018-10-23T13:45:26.000000 |( l6 M7 L" ]- q8 w. l+ a2 N$ N
| 10 | nova-compute | openstack-server | nova | enabled | up | 2018-10-23T13:45:27.000000 |. D# d4 R0 A4 S3 d7 K: D
+----+----------------+------------------+----------+---------+-------+----------------------------+) T$ [5 h) w1 e( m
[root@openstack-server ~]# openstack catalog list( Y4 b; M4 I4 N0 j, q Z/ G9 @( D9 l
+-----------+-----------+-----------------------------------------------+' j+ D) f3 v9 l) h) x& n8 r
| Name | Type | Endpoints |4 Q7 ^6 Y# H# A) G, R4 Z" k
+-----------+-----------+-----------------------------------------------+$ J5 Y4 }: k4 W7 U0 I" h; d
| glance | image | RegionOne |
1 |0 T; B; j1 E9 w; F| | | internal: http://openstack-server:9292 |. H C$ U' Z: i# F
| | | RegionOne |7 J, l9 [- b9 B; r9 D: b+ B
| | | public: http://openstack-server:9292 |; { n8 I1 m2 K" S. X
| | | RegionOne |- h% s' g! }+ l1 S4 r& X, D9 c. R
| | | admin: http://openstack-server:9292 |
- ~* j% _. |9 _$ W| | | |
( @4 c. o3 e# G4 u- N2 g+ j| keystone | identity | RegionOne |; k2 W$ k/ ?) [- k7 W$ @
| | | admin: http://openstack-server:5000/v3/ |, j4 A( V) {. ? E! i8 ^" o
| | | RegionOne |
, ^+ |+ D# B3 g; n" @2 J| | | internal: http://openstack-server:5000/v3/ |7 {2 }- s M0 { E5 E$ J
| | | RegionOne |6 G# I, A- t/ l* C& Y
| | | public: http://openstack-server:5000/v3/ |: {6 n7 }0 R0 j0 x" b( \
| | | |
( K' Q, J$ p0 P" t' [: U5 j| placement | placement | RegionOne |
4 W( |4 g, Y) i. e: A5 z| | | public: http://openstack-server:8778 |
) |- s4 ]6 S% M3 U; b| | | RegionOne |
! G, @3 Y" e8 `- J- N+ T/ {| | | admin: http://openstack-server:8778 |& ^" \ G8 s1 J2 T5 N
| | | RegionOne |
; O( F7 r Y8 T* B9 z6 A; B| | | internal: http://openstack-server:8778 |5 C, b8 H" ^ @
| | | |% S) m- R5 @/ U$ p( o1 a
| nova | compute | RegionOne |' [. S4 |- F% U: k/ g+ D: P/ f4 c. @
| | | public: http://openstack-server:8774/v2.1 |2 D9 _& G C$ D/ @) `. D2 s
| | | RegionOne |$ \2 J* V% p# Q# {7 Z$ A- a; d: O. j
| | | admin: http://openstack-server:8774/v2.1 |5 _2 [ r8 |6 m R U* l
| | | RegionOne |( u: ~# t% s, e) Z, v! u
| | | internal: http://openstack-server:8774/v2.1 |
' q! o+ H7 [$ ~3 D* C6 J/ ^/ W8 G| | | |
: m/ O- E5 P% Z4 P, t+-----------+-----------+-----------------------------------------------+7 |) p* g# q$ u# o" |2 l# q" X
: i& F( {! m1 W, L r! o! V( @9 m0 P+ V& h% r. H
[root@openstack-server ~]# openstack image list/ a4 e) Q8 z6 S+ x% [* R% I4 ^
+--------------------------------------+--------+--------+: @& r! |1 {8 P
| ID | Name | Status |2 G0 V& D8 D2 O8 {
+--------------------------------------+--------+--------+6 V+ {; X, h6 E8 N+ x# M
| 99b186e3-b29f-4366-ab5c-ebf5e53ef262 | cirros | active |5 v' Q) a X8 s) z6 e
+--------------------------------------+--------+--------+
" U4 _1 k5 y7 w1 n[root@openstack-server ~]# nova-status upgrade check+ R( ]. m+ \* C
+-------------------------------+
; J, _8 k$ Z. d5 N| 升级检查结果 |) ?1 M$ R- K; \. Y4 n* I
+-------------------------------+( u$ D# k4 E& p& D: U( ~+ A
| 检查: Cells v2 |: k: D! t' y I- M7 D x2 m
| 结果: 成功 |
* b2 @- W! K0 X2 m. y| 详情: None |0 [4 B( u9 @) D h4 w5 P
+-------------------------------+: x g$ |" ]+ y* u& l. j" h$ ? u
| 检查: Placement API |# _0 a7 a! z1 _3 Z/ m2 m2 U. c8 L
| 结果: 成功 |
. d' O, n3 ^) |+ O. D' I4 g| 详情: None |; @; ]# J2 p' B$ \
+-------------------------------+
5 p; w5 m2 R3 k: z* B& U: _% Z4 ]| 检查: Resource Providers |, r+ W0 i6 e& M2 G2 Z- C$ A4 m! o
| 结果: 成功 |
" y1 ]+ @; |, V: @0 M. A" I9 o| 详情: None |
/ ?2 n; z! z& z' N+-------------------------------+
3 S. @9 ^6 z* ^6 W| 检查: Ironic Flavor Migration |9 @/ o; U3 c( O5 p( J. ~8 q
| 结果: 成功 |
/ G; w9 h* E. S9 ~ v, @, ?6 s ~| 详情: None |9 t3 R7 V) u; F3 `- g, ^ W2 N
+-------------------------------+1 D5 A3 r, |5 W
| 检查: API Service Version |; n6 ?2 E8 Y% H3 ^
| 结果: 成功 |. S5 b3 c8 t4 l" P
| 详情: None |
1 s$ w' u9 v, {7 o4 r* e% \+-------------------------------+
+ F- b% m6 |7 a0 `# n| 检查: Request Spec Migration |1 L: z. s% M* U3 N7 \
| 结果: 成功 |
, ]' X$ J1 }: ]: k b1 M1 J| 详情: None |
( c3 \. u' u5 T& _, o0 y+-------------------------------+6 j3 E/ S# c( n6 A( Q' l" D
! j% b3 Q# x# |8 i
; c# y. ]; `6 U2 d4 n* p
12.安装neutron:0 q- [2 d7 Q* x& Y& @
在Mariadb创建neutron相关库和用户(控制节点): [root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE neutron;"/ H e- [2 o. h
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';"6 H1 m( N2 Z8 r, v; @
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';"
' y% i. N, p2 Q2 u& ^2 }& ]6 @/ ?创建neutron用户、服务、端点; [root@openstack-server ~]# . admin-openrc.sh3 J/ H; X9 f7 S: x
[root@openstack-server ~]# openstack user create --domain default --password-prompt neutron# M' L; D( [2 T" {2 d. v7 w; `' q7 z( z
[root@openstack-server ~]# openstack role add --project service --user neutron admin5 [ J( L8 u3 s' ^" q% m+ V+ ^
[root@openstack-server ~]# openstack service create --name neutron --description "OpenStack Networking" network; W4 |7 F9 y" u9 q" l8 C
[root@openstack-server ~]# openstack endpoint create --region RegionOne network public http://openstack-server:9696
( m& Z9 m& l: f% {[root@openstack-server ~]# openstack endpoint create --region RegionOne network internal http://openstack-server:9696
6 c: C6 D9 z A[root@openstack-server ~]# openstack endpoint create --region RegionOne network admin http://openstack-server:9696
1 m+ n' I& `7 v4 F) p+ H4 _5 [Networking Option 1: Provider networks:! ^9 M" E1 o' Y% z/ i( z
安装neutron、neutron-ml2、neutron-linuxbridge、ebtables: [root@openstack-server ~]# yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables修改neutron服务配置: [root@openstack-server ~]# vim /etc/neutron/neutron.conf. Q. ]5 g; a! h! h) ^
[database]2 l" M! {2 c: k1 m1 C" f% k
connection = mysql+pymysql://neutron:neutron@openstack-server/neutron; I3 O6 t5 G1 F- u
[DEFAULT]
6 Q! l! y( x7 ]% R3 v% rcore_plugin = ml2
. J) W+ I( z6 b, X4 ~/ z8 D# ptransport_url = rabbit://openstack:openstack@openstack-server
7 Z3 Q0 U( p: n3 Sauth_strategy = keystone' g( {2 m3 K8 U z8 Y R
notify_nova_on_port_status_changes = true' V. t; H3 W- R7 }
notify_nova_on_port_data_changes = true; w8 [0 m8 i8 X9 O# J+ W
[keystone_authtoken]
" ^. K5 {' P: r! J9 xwww_authenticate_uri = http://openstack-server:5000% Q8 h) S- s/ v0 g) w$ o( F
auth_url = http://openstack-server:50002 E9 j* b& ~7 v4 {2 d) ^" I
memcached_servers = openstack-server:11211
. q; S9 |+ j# F5 G g+ J) V# b7 Rauth_type = password
/ U3 c a1 c% \6 _6 V8 I0 xproject_domain_name = default9 t o* f2 a% Y
user_domain_name = default) u6 e: i2 A. q7 y! f
project_name = service
5 \7 r' C3 I, W6 [9 Gusername = neutron6 V) X( _6 h' }" {- \
password = neutron
1 m& _( z" K- t* w; s[nova]
: ] ]" B# o# b8 Dauth_url = http://openstack-server:5000
4 g: {0 i, Y1 Dauth_type = password- v4 s- _8 b, X0 P/ K7 n; I
project_domain_name = default
; E, [5 y9 j, d1 V* \% ~, Kuser_domain_name = default# P8 [/ @( S% V
region_name = RegionOne
9 n+ I0 {: U# ~ I* x& t3 |6 [project_name = service
+ k" d* y" p) _% B# U& t( Ausername = nova
+ `/ s% S7 O: r9 C7 H X7 M, Dpassword = nova: l8 f5 X2 Q5 n6 l
[oslo_concurrency]
$ f, q* t' F( V* d2 r, Dlock_path = /var/lib/neutron/tmp
1 b r; f+ J, l8 @修改ml2配置文件: [root@openstack-server ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
: q7 g) G1 a8 ?! ]4 ~[ml2]7 e* I9 B2 _) U# ^9 m1 G5 d
type_drivers = flat,vlan( t, I% r: @+ \5 T& o: Y# i7 ], I0 ^
tenant_network_types = flat, P) C7 e6 v1 F; P
mechanism_drivers = linuxbridge
4 w- Q; v& x+ ^extension_drivers = port_security. V% G: ]# r' |4 o& }/ h% O
[ml2_type_flat]9 i. [) a) \; y9 Y
flat_networks = provider
- u* }9 B/ S" D! v8 i: c[securitygroup]
% L; B$ y% C9 ?( genable_ipset = true* ~1 h" p6 U* }7 ?
修改linuxbridge_agent配置文件: [root@openstack-server ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini6 q1 A6 [, e* a
[linux_bridge]
# T( `9 ^8 c6 Zphysical_interface_mappings = provider:enp4s0! z; m) v" T1 Y$ G# L- C. ?1 b5 F
[vxlan]+ g7 l% `, p+ k4 a0 V
enable_vxlan = false
* g4 t* X7 d& |- ^) Z Z[securitygroup]. R/ A) }- M- ?) ~) u7 R* u
enable_security_group = true
! Q' d' S' T; H/ mfirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver8 R o: V$ C2 d) i Y1 u% u2 i
开启系统内核支持网络桥防火墙: [root@openstack-server ~]# modprobe bridge% c( ~% j$ d. z9 {! T% P6 i$ P4 w
[root@openstack-server ~]# modprobe br_netfilter
6 y- X5 l: o; s p[root@openstack-server ~]# vim /etc/sysctl.conf
- O( n' ]- O$ p! Snet.bridge.bridge-nf-call-iptables = 1: C/ {/ s" P, }7 F D2 ]2 J( M
net.bridge.bridge-nf-call-ip6tables = 1
, ]( a8 O. @' _# |: S/ p9 L[root@openstack-server ~]# sysctl -p /etc/sysctl.conf9 g% i8 W- `2 z7 G; `! `
修改dhcp_agent配置文件: [root@openstack-server ~]# vim /etc/neutron/dhcp_agent.ini1 u3 l: {: c$ g* }
[DEFAULT]
' r# q5 g8 p) Rinterface_driver = linuxbridge
; b. |* |% A: F- _* i5 Ldhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
1 x* ^- r9 m! `/ y) Benable_isolated_metadata = true( ~) r" u/ g! B
Networking Option 2: Self-service networks:
4 V. H- z1 K! y& l" o安装openstack-neutron、openstack-neutron-ml2、openstack-neutron-linuxbridge、ebtables服务; [root@openstack-server ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables修改neutron服务配置: [root@openstack-server ~]# vim /etc/neutron/neutron.conf$ i' G; x2 Y' C, ~/ H
[database]( G0 l6 c* p" j
connection = mysql+pymysql://neutron:neutron@openstack-server/neutron; b. z' U4 q: E# o# g, q, S
[DEFAULT]
; |; R" `' I8 g4 bcore_plugin = ml2# C# \- F3 o0 X+ U) M8 s2 p9 M# t# e- A
service_plugins = router! }' @" O2 C; n) y& i0 @) b# C
transport_url = rabbit://openstack:openstack@openstack-server& q/ W% W% n7 O8 E
auth_strategy = keystone! i& u! {2 P8 `& F- l' j( O
notify_nova_on_port_status_changes = true
, W8 G* ~, B% w. o8 Hnotify_nova_on_port_data_changes = true
% x B! V9 H- Y[keystone_authtoken]
- b c' H, A9 p& e* Q: ?* B* d4 e+ hwww_authenticate_uri = http://openstack-server:5000
, a& [# w( [0 D% Y+ s- X2 p7 mauth_url = http://openstack-server:5000
" E7 D9 b$ T% R6 F* F3 Pmemcached_servers = openstack-server:11211$ r: A6 m0 p, q$ a7 D
auth_type = password
: T$ @* a l7 H9 B/ B5 {+ Uproject_domain_name = default' P1 L0 i7 L& U+ |& r
user_domain_name = default. T8 j5 x' u& V1 V6 Z" N
project_name = service
* b9 f* U$ M/ Nusername = neutron0 I" a/ I1 k% R% {0 }
password = neutron: l* U% ^8 z+ R& P( J. y+ k
[nova]
; M! Z* W2 p9 g9 F$ K2 Y8 gauth_url = http://openstack-server:5000
9 L* z3 F- N4 C+ _auth_type = password9 p& }) f p6 G
project_domain_name = default
6 R" p: T) o' @6 _. }9 Tuser_domain_name = default- d# J3 C6 X4 R( ]5 k+ i. V9 e! X
region_name = RegionOne+ m5 J, n* \3 ~: P$ \
project_name = service8 h- v' h9 I. w+ A( m) r( I+ r
username = nova, }" H/ Z$ d0 D( j2 v s! L* R
password = nova
9 @- U t* g( q7 p" n2 ~* f[oslo_concurrency]- e" v9 k; f- I" k, J5 a2 o( f8 U
lock_path = /var/lib/neutron/tmp
9 k/ v, c# s7 W* x8 W8 U1 D' u! P# |9 u) E% c
7 [+ m6 W1 V5 h1 B1 I# A3 E6 H
修改ml2配置文件: [root@openstack-server ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini$ R7 a1 w" Y( p
[ml2]
8 q7 a$ d. K% `7 q# Y, qtype_drivers = flat,vlan,vxlan; v. H& {. A0 i" j* D, D# M
tenant_network_types = vxlan
9 }; @4 Z( ~: b, B+ z" k+ {1 tmechanism_drivers = linuxbridge,l2population3 \) V9 s! H* i+ A6 K: N! B3 o" z
extension_drivers = port_security* d v g7 z J- f" V6 M( M; M( r
[ml2_type_flat]
% R! M/ k7 n4 q8 W5 G" P dflat_networks = provider
8 ^& P/ ^) u& N% [( z/ C[ml2_type_vxlan]
' Z0 s' u+ a+ s+ X9 b6 ]0 Kvni_ranges = 1:1000
* m! b7 {/ ~& q6 u3 F+ o9 T+ C4 e[securitygroup]
& h( w2 Y R( X4 S; genable_ipset = true
3 g7 r. J& w( A: N修改linuxbridge_agent配置文件: [root@openstack-server ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini; s4 m3 A$ j) y3 y! {4 f
[linux_bridge]' ]4 m+ l8 s% z# ?: G4 W
physical_interface_mappings = provider:enp4s0
0 W9 T" [* y& e4 r8 n[vxlan]/ v1 V) M5 `/ n
enable_vxlan = true5 t5 _. v0 J! G2 G1 b/ s
local_ip = 192.168.254.108 Z' y3 m) P+ N! `, V
l2_population = true L0 L x% T$ o! X
[securitygroup]
B/ \$ B3 n. G6 b" M, Xenable_security_group = true, F/ }6 p, I' H( F7 d
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
1 V( J( G, g0 s8 E& z开启系统内核支持网络桥防火墙: [root@openstack-server ~]# modprobe bridge
: B5 h5 ~8 ^/ \7 {: p% N2 Z6 N[root@openstack-server ~]# modprobe br_netfilter6 x( t; u$ h0 x; J# w7 u/ Y$ g' c& q
[root@openstack-server ~]# vim /etc/sysctl.conf" o! j, p/ j! K$ o& ^1 ^) {( P/ F2 G
net.bridge.bridge-nf-call-iptables = 10 c% o+ M$ u7 _" D6 \
net.bridge.bridge-nf-call-ip6tables = 1
: h2 Q$ L' V6 l3 }, y2 @# m[root@openstack-server ~]# sysctl -p /etc/sysctl.conf
7 @3 ~$ ]& J( K6 z; w修改layer-3_agent配置文件: [root@openstack-server ~]# vim /etc/neutron/l3_agent.ini E, p& y4 w7 Q5 i) u
[DEFAULT]' H; q% z' e( P8 r J
interface_driver = linuxbridge
! o* W$ d( N+ H! O" A$ R修改dhcp_agent配置文件: [root@openstack-server ~]# vim /etc/neutron/dhcp_agent.ini/ P# n9 t" O6 P/ H# |" U6 A
[DEFAULT]
, M {8 l8 Q* e& R7 ^interface_driver = linuxbridge
; W* q0 I% \8 t; hdhcp_driver = neutron.agent.linux.dhcp.Dnsmasq' l3 S" u. \) w6 O
enable_isolated_metadata = true; D5 v/ ? C' D( R: ?* c# V7 _8 S
修改metadata_agent配置文件: [root@openstack-server ~]# vim /etc/neutroNetworking Option 2: Self-service networks:n/metadata_agent.ini
( \# X4 i. w8 T1 U9 ?3 e[DEFAULT]
9 ~% t4 x, A% Anova_metadata_host = openstack-server: t+ E- Q, O2 {3 L# _
metadata_proxy_shared_secret = neutron(neutron和nova通信共享秘钥)
: g( ]9 e, ?( V3 X+ X }2 m修改nova服务配置: [root@openstack-server ~]# vim /etc/nova/nova.conf5 H, x" R% @& w
[neutron]
7 x' F) o& O9 p6 s; A1 C) m' ?url = http://openstack-server:96966 c; N3 r' I/ {) R& @
auth_url = http://openstack-server:5000
9 ]" s/ N- `6 G3 a( `$ Eauth_type = password8 P" p6 `8 C2 @' T. x/ l3 r
project_domain_name = default, N- k9 X6 u+ f5 N9 v
user_domain_name = default
7 Y, F/ h$ K) q. U% W) Xregion_name = RegionOne
0 ~* V; E7 m: J8 V- I& kproject_name = service
, ]% M; d! J& \; zusername = neutron
- h( c: |: o3 |# @password = neutron
3 p' z! L, n! Y$ w1 t3 B' h! Rservice_metadata_proxy = true
2 }7 q+ n3 Y5 W4 t& u$ Xmetadata_proxy_shared_secret = neutron(nova和neutron通信共享秘钥)
1 `& E1 m& u! E8 m创建网络服务初始化脚本软连接:
# `* Z: N( L8 f" {8 Y+ a[root@openstack-server ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini 同步neutron数据库: [root@openstack-server ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron重启nova-api服务:
! W: G: T0 o/ W) N8 ? I7 d[root@openstack-server ~]# systemctl restart openstack-nova-api.service 启动neutron-server、 neutron-linuxbridge-agent、neutron-dhcp-agent、neutron-metadata-agent服务: [root@openstack-server ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
- `8 a3 o w& w) r! _$ r1 B" t1 b[root@openstack-server ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
" i0 t5 j. g' y- d0 o0 ~' X! f如果使用Networking Option 2: Self-service networks还需要启动neutron-l3-agent服务: [root@openstack-server ~]# systemctl enable neutron-l3-agent.service" |3 N% V5 }( p
[root@openstack-server ~]# systemctl start neutron-l3-agent.service
: j- {% e( Q+ p( P# |. t4 Y+ y安装openstack-neutron-linuxbridge、ebtables、ipset(计算节点):
L% A, C* U1 t& i[root@openstack-server ~]# yum install openstack-neutron-linuxbridge ebtables ipset 修改neutron服务配置: [root@openstack-server ~]# vim /etc/neutron/neutron.conf R/ b; x& X& S. s: R
[DEFAULT]+ T: p1 J$ V6 u4 m& p" I
transport_url = rabbit://openstack:openstack@openstack-server
* l0 Z# _: _3 g, M/ cauth_strategy = keystone" f+ r' y% w+ ?1 j" \6 w# C: J
[keystone_authtoken]
9 B% C! t9 m3 U5 Z5 w$ q3 awww_authenticate_uri = http://openstack-server:5000
4 S; a5 c; ~% I% Dauth_url = http://openstack-server:5000
+ \$ _0 I4 b x2 vmemcached_servers = openstack-server:11211
, u. K8 Y3 l9 N6 X5 ]# K3 J: y& b3 Zauth_type = passwordp9 x. U1 w, E9 H, R9 s. e3 o; X
roject_domain_name = defaultu ~' N* b+ Q: h3 v/ }4 `( K
ser_domain_name = default% h" I3 C( w, ?' M6 [) ^6 N
project_name = service3 |* H5 `6 ]# H
username = neutron/ f' a- t* p. p: [
password = neutron
! L$ w- n4 b8 ^! n' B: u[oslo_concurrency]( o- K! ]1 l* r K
lock_path = /var/lib/neutron/tmp' `( d& k; S+ w
7 |( \0 b% }' u$ C5 T! A7 i9 m9 h
Networking Option 1: Provider networks:
7 r8 V+ Q: M" {9 J修改linuxbridge_agent配置文件: [root@openstack-server ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
6 I6 r* k* j$ q$ N X[linux_bridge]physical_interface_mappings = provider:enp4s0# c+ @( A# C# t) G7 _' a( I, P
[vxlan]enable_vxlan = false
& L F$ U9 n5 U1 @ A$ q( h& r[securitygroup]$ D2 Q. d* U& ^$ j
enable_security_group = true
4 `+ ~- G) k+ `1 B; t7 \5 y, jfirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver5 U$ B |. K+ h* m. }- w, A4 t' e) v
开启系统内核支持网络桥防火墙: [root@openstack-server ~]# modprobe bridge
& K: Z4 u0 c" \0 l/ E ?) |: v: p[root@openstack-server ~]# modprobe br_netfilter; u! T- g5 a) Y7 J: Z& |& l
[root@openstack-server ~]# cat >> /etc/sysctl.conf << EOF5 B5 ^; f; m& h4 j3 z7 |
> net.bridge.bridge-nf-call-iptables = 1
8 A$ N/ x1 r$ \0 E. _6 \> net.bridge.bridge-nf-call-ip6tables = 1
" b( N# r, B, }( k: {7 z! ]> EOF
R; j1 p% S, H$ p; Z' s4 L+ W" O[root@openstack-server ~]# sysctl -p /etc/sysctl.conf
^. v/ g: s3 r7 QNetworking Option 2: Self-service networks:" f/ ?! q% s$ q$ ~1 N1 L% V: Y$ E
修改linuxbridge_agent配置文件: [root@openstack-server ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini! h6 @6 ?" Q2 f5 k: v* Y5 |
[linux_bridge]/ |, u6 V5 {7 E! C+ L; h# J1 @- s
physical_interface_mappings = provider:enp4s0
# Q+ J: r: ^8 d+ N) V1 O& y[vxlan], S% f' L6 a; Z4 p) u3 p
enable_vxlan = true5 Y, M$ I% I M
local_ip = 192.168.254.10
% x3 ]: b, p1 \$ Y8 g0 y: ol2_population = true5 K+ J& v. e' ~$ q1 n! ~: z
[securitygroup]+ T( l" T' r b" q. z) ?
enable_security_group = true
; Q( k! O3 ~( `; D$ t% ]3 B) ?firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
# a7 `' @' D- Z1 Y6 o, z& ]开启系统内核支持网络桥防火墙: [root@openstack-server ~]# modprobe bridge% q3 [# c# l% i. G# \
[root@openstack-server ~]# modprobe br_netfilter
% N& P0 g# N3 Z# I2 H[root@openstack-server ~]# cat >> /etc/sysctl.conf << EOF
! \8 R' ~! \3 h0 N' q) b, a> net.bridge.bridge-nf-call-iptables = 1
: N3 W3 D$ p3 a2 m- A> net.bridge.bridge-nf-call-ip6tables = 1. e6 V9 K, U( ~! @' ^' G5 ~+ w
> EOF
3 P8 m7 [# |$ R9 ]
, g+ W P/ V Y7 ^0 J[root@openstack-server ~]# sysctl -p /etc/sysctl.conf5 \- A ^2 e" U( K
修改nova服务配置: [root@openstack-server ~]# vim /etc/nova/nova.conf! u, s$ u# T' s( O" R/ d* O) _
[neutron]
. c% r. p6 u. o) h5 g9 ^% {+ @6 [url = http://openstack-server:9696
( |3 X. c' f; w- \auth_url = http://openstack-server:50005 u& a% z' }9 Y" V& P3 R9 ] h! }& U
auth_type = password
# C# v0 w1 q0 ~& `5 h; ]project_domain_name = default
& l3 x. E# B9 c+ M1 ^: h3 Juser_domain_name = default
/ p0 t/ k5 a2 n m9 R/ Sregion_name = RegionOnep
9 S' A% @) h# z- lroject_name = service9 q, H4 Q' Z- q. i+ x0 f# j& i
username = neutron
+ o5 C9 t% L. v& Wpassword = neutron
3 V1 p$ |" v9 ?, t# ]- S重启nova-compute服务(控制节点):: M; L3 z+ ^) b; R- i7 G/ q( F* H
[root@openstack-server ~]# systemctl restart openstack-nova-compute.service 启动neutron-linuxbridge-agent服务: [root@openstack-server ~]# systemctl enable neutron-linuxbridge-agent.service
9 j g) B9 C' H9 j# F- Q[root@openstack-server ~]# systemctl start neutron-linuxbridge-agent.service3 F7 |$ }" p3 v$ a& Z9 E. C
验证操作:
3 _$ q- T, i$ A* E[root@openstack-server ~]# . admin-openrc.sh [root@openstack-server ~]# openstack extension list --network0 P' V! M G. v" N) H% t
+-----------------------------------------------------------------------------------------------------------------------------------------+--------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
$ H6 M5 h5 A# q# x3 Y) P$ @$ ^: S3 y| Name | Alias | Description |
; g1 v! W# @; [% X+-----------------------------------------------------------------------------------------------------------------------------------------+--------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+- i/ t9 |0 c( N, W
| Default Subnetpools | default-subnetpools | Provides ability to mark and use a subnetpool as the default. |
9 o# R8 l! Z, J+ X) R. @; ~| Network IP Availability | network-ip-availability | Provides IP availability data for each network and subnet. |; k& _( o8 h- u: c5 W c
| Network Availability Zone | network_availability_zone | Availability zone support for network. |* Y& r- @7 H. J! u, g6 n
| Network MTU (writable) | net-mtu-writable | Provides a writable MTU attribute for a network resource. |
% N, m0 J( r9 m x| Port Binding | binding | Expose port bindings of a virtual port to external application |& H" i8 ] U4 f/ B9 Z- f
| agent | agent | The agent management extension. |
' _- j1 H X8 _& I0 K9 ~| Subnet Allocation | subnet_allocation | Enables allocation of subnets from a subnet pool |
, W, ]: v/ F S. q3 o4 l| DHCP Agent Scheduler | dhcp_agent_scheduler | Schedule networks among dhcp agents |) O! _% m( {* g$ o. K7 T
| Neutron external network | external-net | Adds external network attribute to network resource. |
& `% a% Z! c/ B| Neutron Service Flavors | flavors | Flavor specification for Neutron advanced services. |
! }, B' Z, E7 c| Network MTU | net-mtu | Provides MTU attribute for a network resource. |# b! Q, |- A& F1 m+ ^/ ^
| Availability Zone | availability_zone | The availability zone extension. |
/ M a: n V% \$ a y6 j: U! a9 p| Quota management support | quotas | Expose functions for quotas management per tenant |
2 f2 g6 F8 E7 k2 \/ k) p, r, X' `| Tag support for resources with standard attribute: subnet, trunk, router, network, policy, subnetpool, port, security_group, floatingip | standard-attr-tag | Enables to set tag on resources with standard attribute. |
4 A/ Q7 t4 r" J4 q* d0 z7 c| Availability Zone Filter Extension | availability_zone_filter | Add filter parameters to AvailabilityZone resource |
/ _+ I$ {$ d3 c* C2 C1 |# l J! ]| If-Match constraints based on revision_number | revision-if-match | Extension indicating that If-Match based on revision_number is supported. |/ T5 r3 i% J) u/ e' a" Z: r
| Filter parameters validation | filter-validation | Provides validation on filter parameters. |7 F+ K* K3 N3 P. [- q
| Multi Provider Network | multi-provider | Expose mapping of virtual networks to multiple physical networks |
: F2 r- ~" [- e" c5 h. X* G* p| Quota details management support | quota_details | Expose functions for quotas usage statistics per project |* e" r c; C& L& m
| Address scope | address-scope | Address scopes extension. |2 b& V* F$ \4 t# ~
| Empty String Filtering Extension | empty-string-filtering | Allow filtering by attributes with empty string value |! }. v0 D% h0 ~) K7 S1 r _
| Subnet service types | subnet-service-types | Provides ability to set the subnet service_types field |8 R' y+ j" O* e3 B& a: R
| Neutron Port MAC address regenerate | port-mac-address-regenerate | Network port MAC address regenerate |
& a$ k1 v4 f, S| Resource timestamps | standard-attr-timestamp | Adds created_at and updated_at fields to all Neutron resources that have Neutron standard attributes. |6 p# V/ s% [+ z5 j
| Provider Network | provider | Expose mapping of virtual networks to physical networks |
5 @. W$ ^/ ~' c+ J0 ~# X. P5 U3 ^| Neutron Service Type Management | service-type | API for retrieving service providers for Neutron advanced services |
/ G3 ^' p; J7 I5 J: o| Neutron Extra DHCP options | extra_dhcp_opt | Extra options configuration for DHCP. For example PXE boot options to DHCP clients can be specified (e.g. tftp-server, server-ip-address, bootfile-name) |$ g6 @1 b3 _5 a; ^( d
| Port filtering on security groups | port-security-groups-filtering | Provides security groups filtering when listing ports |
; L! u# R3 N. R: G/ d|Resource revision numbers | standard-attr-revisions | This extension will display the revision number of neutron resources. |0 A1 Z" n) E1 c% C8 j5 I; K, y
| Pagination support | pagination | Extension that indicates that pagination is enabled. |
7 O# W+ A: ]: Q, e| Sorting support | sorting | Extension that indicates that sorting is enabled. |
9 @: \: l' s$ s x( o| security-group | security-group | The security groups extension. |
7 t( h, y; L- w3 r* ] u* Q| RBAC Policies | rbac-policies | Allows creation and modification of policies that control tenant access to resources. |& L/ |) x* \& F0 l+ o
| standard-attr-description | standard-attr-description | Extension to add descriptions to standard attributes |
3 d% e: P# p% x% g5 e ~| IP address substring filtering | ip-substring-filtering | Provides IP address substring filtering when listing ports |
1 x* Z! d- n9 R2 p| Port Security | port-security | Provides port security |
# r% R w0 l2 O| Allowed Address Pairs | allowed-address-pairs | Provides allowed address pairs |6 {1 y+ e% o: O4 T. O/ H
| project_id field enabled | project-id | Extension that indicates that project_id field is enabled. |
% B! i9 i' q: g| Port Bindings Extended | binding-extended | Expose port bindings of a virtual port to external application |: j* S' o6 ]: t) J1 x
+-----------------------------------------------------------------------------------------------------------------------------------------+--------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
( `5 m. X/ N2 m C) O1 H/ Y5 p% y[root@openstack-server ~]# openstack network agent list: d) q9 C* }5 y% v1 b0 P7 f# X* O
+--------------------------------------+--------------------+------------------+-------------------+-------+-------+---------------------------+# l$ a6 O0 z6 G" p
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |) H4 x9 ^2 I, Z' s% x; Q
+--------------------------------------+--------------------+------------------+-------------------+-------+-------+---------------------------+
8 B( _2 n5 Y& `+ {6 `9 |& Y' {6 _| 12d016a1-f747-49cc-b6be-0d793877d394 | Linux bridge agent | openstack-server | None | :-) | UP | neutron-linuxbridge-agent |
' k9 V3 s& m! j| 9639fcea-da54-4bad-b3a6-16ffb96f3243 | Metadata agent | openstack-server | None | :-) | UP | neutron-metadata-agent |5 V: u8 Z& O$ g, Q2 o8 Z
| dc6d79c5-62e0-48fb-8a19-556b68bc7063 | DHCP agent | openstack-server | nova | :-) | UP | neutron-dhcp-agent |: `' S3 c+ O9 S, L+ Z
+--------------------------------------+--------------------+------------------+-------------------+-------+-------+---------------------------+
2 n8 ]& j4 a- u" z2 \& u+ T13.安装Dashboard:
$ c+ N0 @: P# A! B) t3 ]: ]* N安装openstack-dashboard(控制节点):0 _3 a O2 N+ v! Z3 g
[root@openstack-server ~]# yum -y install openstack-dashboard 修改dashboard配置文件: [root@openstack-server ~]# vim /etc/openstack-dashboard/local_settings
; o" y) \1 l( m5 tOPENSTACK_HOST = "openstack-server"& u7 @3 h8 U. w6 t0 n" A. L3 ?% l. ^0 }
ALLOWED_HOSTS = ['openstack-server', 'localhost']
. t ]* P% ^. h/ v N3 @4 r2 f( ZSESSION_ENGINE = 'django.contrib.sessions.backends.cache'* Q2 T( [; I$ Z# _* _
CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'openstack-server:11211', }}
1 A. d9 F/ n7 `! DOPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST0 d- z# R+ m% E
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True% G& O+ a$ J7 E7 f# i( k2 j9 d
OPENSTACK_API_VERSIONS = { "identity": 3, "image": 2, "volume": 2,}/ n1 z/ g: V/ S, X4 \; x7 m
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default'- Y0 d6 [- F# S& j4 p
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
( O) k' n1 C" g; o0 ZOPENSTACK_NEUTRON_NETWORK = { 'enable_router': False, 'enable_quotas': False, 'enable_distributed_router': False, 'enable_ha_router': False, 'enable_lb': False, 'enable_firewall': False, 'enable_***': False, 'enable_fip_topology_check': False,}
) t& z# y& `7 l1 T8 o* [+ MTIME_ZONE = "Asia/Shanghai"5 b% L# Y6 ~. g J9 {" D! e
修改openstack-dashboard服务配置: [root@openstack-server ~]# vim /etc/httpd/conf.d/openstack-dashboard.conf2 U7 D0 K7 K- ^* Q3 ] z. t
WSGIApplicationGroup %{GLOBAL}
7 T3 B2 X/ b) d; X重启httpd服务:$ Q9 @! `- f& k3 {* \
[root@openstack-server ~]# systemctl restart httpd.service memcached.service 验证操作: 9 _0 b# B8 v' d3 [0 D
通过浏览器访问http://openstack-server/dashboard 输入域default,账号myuser,密码myuser;
* G0 Q$ L0 t2 z* C0 ` 14.安装cinder:
# `( g4 d0 n" Q, v J1 g在Mariadb创建cinder相关库和用户(控制节点): [root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE cinder;"
% N" k5 l7 S( r$ ][root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';"9 Q- y, d, ]* e3 t: a; s" W
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';"
D4 n! P3 P9 |6 z- c创建cinder用户、服务、端点; [root@openstack-server ~]# . admin-openrc.sh+ R0 }5 R/ d# @( R; J! e/ W
[root@openstack-server ~]# openstack user create --domain default --password-prompt cinder
3 a- y5 k" G* z2 _4 x& e9 N0 k[root@openstack-server ~]# openstack role add --project service --user cinder admin
! c8 q# j( S! X9 |; E[root@openstack-server ~]# openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2' Y- {# `4 j l. W5 a5 N
[root@openstack-server ~]# openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3
; F8 X/ n$ O4 y) H" I M# V6 W3 h" b[root@openstack-server ~]# openstack endpoint create --region RegionOne volumev2 public http://openstack-server:8776/v2/%\(project_id\)s
- x: D* s2 X! O[root@openstack-server ~]# openstack endpoint create --region RegionOne volumev2 internal http://openstack-server:8776/v2/%\(project_id\)s% \; O6 I2 l" ^! b7 v
[root@openstack-server ~]# openstack endpoint create --region RegionOne volumev2 admin http://openstack-server:8776/v2/%\(project_id\)s
! g: V+ V8 Y" |3 t9 b {% d- M0 }[root@openstack-server ~]# openstack endpoint create --region RegionOne volumev3 public http://openstack-server:8776/v3/%\(project_id\)s5 E" x( [; \/ O6 ?) j! n. g
[root@openstack-server ~]# openstack endpoint create --region RegionOne volumev3 internal http://openstack-server:8776/v3/%\(project_id\)s) L$ y4 g3 \. I
[root@openstack-server ~]# openstack endpoint create --region RegionOne volumev3 admin http://openstack-server:8776/v3/%\(project_id\)s
& [" b6 T. \5 o% K% z: ]# b安装openstack-cinder:
8 ~- q7 l2 m8 d/ F[root@openstack-server ~]# yum -y install openstack-cinder 修改cinder服务配置:
& [, Y& m+ ~+ c, O) N[root@openstack-server ~]# vim /etc/cinder/cinder.conf [database]& r2 t; o9 ^$ n3 j
connection = mysql+pymysql://cinder:cinder@openstack-server/cinder6 |# I b$ {0 Q! }
[DEFAULT]: r! C5 W) x, D7 A
transport_url = rabbit://openstack:openstack@openstack-server
! u/ b+ U! p# Q7 |/ @auth_strategy = keystone
8 ?* i+ W0 U7 ^# ]2 [my_ip = 192.168.254.10
. K3 P1 p- b/ G1 c[keystone_authtoken]- v2 U1 t4 t3 o) j& O+ W
auth_uri = http://openstack-server:5000( E7 f2 w3 L5 @
auth_url = http://openstack-server:5000
# u5 v4 C5 C: R! l; ^, N5 ?memcached_servers = openstack-server:11211
5 E# e5 X) S7 Cauth_type = password
, G7 A! g5 e5 T! _9 ^* qproject_domain_id = default
2 p: I5 [6 e7 X6 i. O( a9 ]' P5 xuser_domain_id = default
0 w: _7 j, q' I2 |/ U7 sproject_name = serviceu. I8 ]: W* Q7 D1 k ]
sername = cinder- W. _. M; d% m8 w0 w
password = cinder+ z0 d( J' S" y8 Q( M8 X1 W; n5 f* x
[oslo_concurrency]. C8 O) W0 N9 E
lock_path = /var/lib/cinder/tmp; R% B' w3 u( m. T
同步cinder数据库:
* u9 G; ]) u: ][root@openstack-server ~]# su -s /bin/sh -c "cinder-manage db sync" cinder 修改nova服务配置: [root@openstack-server ~]# vim /etc/nova/nova.conf
- D; J' }% B. i% a[cinder]4 E5 v+ A. W; e5 y" }
os_region_name = RegionOne
7 T8 I! o' `9 T* D重启nova-api服务:& k2 L$ @1 g5 m, o6 |
[root@openstack-server ~]# systemctl restart openstack-nova-api.service 启动cinder-api、cinder-scheduler服务: [root@openstack-server ~]# systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service: k: M1 C, I5 R4 u2 j% z! j
[root@openstack-server ~]# systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service) u" ^1 ?9 Z* K
安装lvm2、device-mapper-persistent-data(计算节点):" O; g2 f2 Y+ d) U# T
[root@openstack-server ~]# yum -y install lvm2 device-mapper-persistent-data 启动lvm2-lvmetad服务: [root@openstack-server ~]# systemctl enable lvm2-lvmetad.service, D) L# X: ]2 C# @6 n1 B3 Q
[root@openstack-server ~]# systemctl start lvm2-lvmetad.service' g" J0 b' Z; o' |
将/dev/sdb2作为vlm块存储设备: [root@openstack-server ~]# fdisk -l /dev/sdb
6 d$ w. B ~( v磁盘 /dev/sdb:250.1 GB, 250059350016 字节,488397168 个扇区Units = 扇区 of 1 * 512 = 512 bytes扇区大小(逻辑/物理):512 字节 / 512 字节I/O 大小(最小/最佳):512 字节 / 512 字节磁盘标签类型:dos磁盘标识符:0x441e1e17
! n# e5 A' ?' I+ V. @# K: S设备 Boot Start End Blocks Id System/dev/sdb1 2048 106956799 53477376 8e Linux LVM/dev/sdb2 106956800 276826111 84934656 8e Linux LVM
, @/ v; l. G$ B8 I# f& |' F[root@openstack-server ~]# pvcreate /dev/sdb2
9 i# N; o: ]" L8 s5 J2 p[root@openstack-server ~]# vgcreate cinder-volumes /dev/sdb2- z/ [9 l- d" Q7 u
修改lvm配置文件: [root@openstack-server ~]# vim /etc/lvm/lvm.conf
! x# P1 x& P* Adevices {...filter = [ "a/sdb2/","r/.*/"]...}3 P( A( i3 {( q4 @
安装openstack-cinder、targetcli python-keystone服务:
8 Q5 M# O! [. z6 z7 ?[root@openstack-server ~]# yum -y install openstack-cinder targetcli python-keystone 修改cinder服务配置: [root@openstack-server ~]# vim /etc/cinder/cinder.conf
" d% U% T/ Z+ o7 F, t( g[database]
6 e2 {5 k& |' O) Hconnection = mysql+pymysql://cinder:cinder@openstack-server/cinder8 @1 Q( L4 \4 B0 q
[DEFAULT]
- c( P0 W. W7 `/ a4 ^transport_url = rabbit://openstack:openstack@openstack-server+ t# r6 H+ E/ L
auth_strategy = keystone( V2 \/ v% p' \ ^3 u: E- |* r+ @
my_ip = 192.168.254.10e
: M+ E! j- v! _9 Znabled_backends = lvm* O, {- R$ }7 x$ _% n5 b9 ?# E
glance_api_servers = http://openstack-server:9292
' Q7 n9 ]9 i* o- n3 p6 R[keystone_authtoken]
! Y5 z: m. o! q" M$ hwww_authenticate_uri = http://openstack-server:50009 a; X( C$ J3 M5 p! Y# K5 {# H% _8 r
auth_url = http://openstack-server:5000
( Y( {9 s2 ?! Xmemcached_servers = openstack-server:11211
! k7 ?' k% X3 a+ e& d$ bauth_type = password4 [5 P# ` S4 ]* {; @: j( e
project_domain_id = default
2 ]) }- R- a4 G' ~ x0 vuser_domain_id = default5 o* |/ ?2 X; [' j- ]- i
project_name = service* H4 z' R; I# e4 e9 Q
username = cinder
( @* v) d4 I3 c6 d( ~9 B3 Kpassword = cinder
4 k7 w$ _2 T! N7 H* A5 n D% t[lvm]
0 F. z' S# Q+ `" Z4 G1 I) B8 \) O; s2 Bvolume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver8 E1 A, E# O4 U Y1 a
volume_group = cinder-volumes
. V! ?' P p& ~* u) K- ciscsi_protocol = iscsi
% C' W3 l5 ?+ b/ W2 |' siscsi_helper = lioadm2 t) x. k; C( o& A5 w3 i
[oslo_concurrency]
8 F' o% [) c% }, Wlock_path = /var/lib/cinder/tmp
" P) m) y* f. J启动cinder-volume、target服务: [root@openstack-server ~]# systemctl enable openstack-cinder-volume.service target.service
p, ]6 Z& e6 T' c[root@openstack-server ~]# systemctl start openstack-cinder-volume.service target.service
' I: i. ]) S+ k/ V5 u验证操作: [root@openstack-server ~]# openstack volume service list% B- j$ P3 T8 V8 V
+------------------+----------------------+------+---------+-------+----------------------------+
; ^; c6 D9 ?! t! l$ r5 }| Binary | Host | Zone | Status | State | Updated At |
6 M, F+ [, g8 H5 q( Y+------------------+----------------------+------+---------+-------+----------------------------+
$ \0 J: e- q& V$ m; M, D| cinder-scheduler | openstack-server | nova | enabled | up | 2018-10-25T14:07:19.000000 |
7 b6 y+ P) W, ^! N% t% T* K8 {| cinder-volume | openstack-server@lvm | nova | enabled | up | 2018-10-25T14:07:24.000000 |; m$ f, S. X* _3 t9 I! ^) E0 Q
+------------------+----------------------+------+---------+-------+----------------------------+ Y! Y- ]5 B2 P E7 ^
15.启动虚拟机实例:
8 R8 B( P* y' v$ ^) E# U创建Provider network网络: [root@openstack-server ~]# . myuser-openrc.sh
5 ]* q$ z: {' e) [[root@openstack-server ~]# openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider
$ m. z3 @; \& N* h* n. e% F1 Q5 [[root@openstack-server ~]# openstack subnet create --network provider --allocation-pool start=192.168.254.11,end=192.168.254.15 --dns-nameserver 114.114.114.114 --gateway 192.168.254.1 --subnet-range 192.168.254.0/27 provider# T; }% R/ A( j& O: f! E
[root@openstack-server ~]# openstack network list" B$ t, z! X$ c9 W! m/ j
+--------------------------------------+----------+--------------------------------------+) ?4 ^9 v, D8 G2 H( M
| ID | Name | Subnets |
6 w# X4 J! j8 \* }9 Z8 d# N X7 V! k+--------------------------------------+----------+--------------------------------------+
2 H: O0 e7 c7 L| 9979b724-3868-42b9-9e0b-61b42fd794a0 | provider | 12dbf504-9f38-40d1-b273-e1409bc712b2 |
" `& n: h! H! ?3 h/ L# L& z/ L+--------------------------------------+----------+--------------------------------------+
" Y' J1 C* n$ y& J' F3 o9 [创建Self-service network网络: [root@openstack-server ~]# . myuser-openrc.sh
5 b1 @3 V [) y' z[root@openstack-server ~]# openstack network create selfservice# t6 d" x# M; }5 p7 E
[root@openstack-server ~]# openstack subnet create --network selfservice --dns-nameserver 114.114.114.114 --gateway 172.16.1.1 --subnet-range 172.16.1.0/24 selfservice: C2 f. I. A$ M" w- z/ r
[root@openstack-server ~]# openstack router create router
2 P f D$ P$ u h& Q2 P[root@openstack-server ~]# openstack router add subnet router selfservice
' O2 O3 ^1 U4 S2 Z, k0 g! ?[root@openstack-server ~]# openstack router set router --external-gateway provider
- [( c* @( W! V* [8 f9 \4 R验证操作: [root@openstack-server ~]# . admin-openrc.sh4 F ~! I1 w7 @
[root@openstack-server ~]# ip netns
( H4 s, e i# s0 S, ^3 t: I) Wqrouter-0251f464-87d3-466e-9889-5b58eaeeb19b (id: 2); f- \$ N9 q( j* U. J' J
qdhcp-ad37ab93-04df-4b47-99d3-10dc0b2e630e (id: 1)8 x0 j3 V/ i. A: D5 }5 i9 x# K
qdhcp-cd105ed5-cb4d-4fd9-a4f3-3ab1642d7cb4 (id: 0)
- [) \& O, Q1 W[root@openstack-server ~]# openstack port list --router router+ M! y2 g. P8 v
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------+--------+
. u( e8 t, @& || ID | Name | MAC Address | Fixed IP Addresses | Status |$ i4 O3 z; S I0 ^6 o6 r
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------+--------+
) M, G, e- v% |, {| 6390935b-7ab1-4608-a386-8f8d068a2ee0 | | fa:16:3e:4a:74:9e | ip_address='192.168.254.14', subnet_id='9e8f1c21-fc37-4dd7-b111-b4e25160b731' | ACTIVE |( V, ^+ B5 f% x4 w/ z
| d44e3892-fb37-4c8e-b962-f1035f164409 | | fa:16:3e:c1:1c:72 | ip_address='172.16.1.1', subnet_id='f5ae3b68-4397-4caf-be61-63ef193e024c' | ACTIVE |- A0 n' E8 l. @( |9 e
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------+--------++ N4 ? K# g" W/ D2 l% j
创建flavor模板: % j& p! D4 m( ^) c
[root@openstack-server ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano 创建秘钥链: [root@openstack-server ~]# . myuser-openrc.sh
/ o% U: v1 r4 y+ S" ^[root@openstack-server ~]# ssh-keygen -q -N ""$ b, }6 r: x9 s& {; H
[root@openstack-server ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
% l6 r" a3 V5 C+ ~验证操作: [root@openstack-server ~]# openstack keypair list
9 Z3 g+ {- V1 M5 n/ `! g- Y+-------+-------------------------------------------------+
1 J% |0 O7 S `% U* `| Name | Fingerprint |; |6 R* R8 V3 h+ \2 B( T
+-------+-------------------------------------------------+
8 d; G/ m' ?, V& l| mykey | f3:95:1d:7f:24:e0:ba:a2:7f:9a:e8:98:7a:79:f7:f6 |
7 ^+ m# x& F/ O* Q. Q+-------+-------------------------------------------------+
4 K7 A8 R' V* M7 j添加安全组: [root@openstack-server ~]# openstack security group rule create --proto icmp default
( l( E$ \' V% q: z- k% T& n[root@openstack-server ~]# openstack security group rule create --proto tcp --dst-port 22 default B2 l( f% f, S( C$ \
[root@openstack-server ~]# openstack security group list
/ C: F$ Z, z j. V# K, d% ~+--------------------------------------+---------+-------------+----------------------------------+------+
g/ X t/ j$ D% Q. V/ C- [| ID | Name | Description | Project | Tags |
# ]1 e" k I5 S, \% h+ ~2 r+--------------------------------------+---------+-------------+----------------------------------+------+# S+ f4 x' n7 B* B, d
| 5c642955-4c0d-4913-83ac-ecd7fdc95846 | default | 缺省安全组 | f9d82471a2d84cdca15994649ad3ce17 | [] |
; u' k- w. Y% R8 U# Z! N+--------------------------------------+---------+-------------+----------------------------------+------+
" X. Z# G2 y; K8 L2 sLaunch an instance on the provider network(在provider网络运行实例): [root@openstack-server ~]# . demo-openrc
3 }; ]3 x; u( _& L: E _[root@openstack-server ~]# openstack flavor list
# Z0 s& }! l) M+----+---------+-----+------+-----------+-------+-----------+
) Z" S: R! C2 m2 G| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public | Y4 D5 r9 `9 W3 ?% V2 `6 X5 C4 H8 @6 C: r
+----+---------+-----+------+-----------+-------+-----------+
0 x/ T6 c. `0 z! }! I7 H| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
/ r' Q6 y, b8 V/ G3 C1 p: o. v+----+---------+-----+------+-----------+-------+-----------+
7 F- s# z: X0 @5 z5 t! W$ o[root@openstack-server ~]# openstack image list
& C l( v4 g& O2 j/ m+--------------------------------------+--------+--------+6 M9 }# g1 V# g
| ID | Name | Status |
* L- t( r- ~% |9 z9 J1 E1 C2 x8 u+--------------------------------------+--------+--------+
; X- Y) c) ~/ ^$ h+ Q5 L| 68cc1d9d-3018-4c42-a20c-70d0e4215a24 | cirros | active | N9 k; v1 E% s$ u- P1 @8 C9 _% O
+--------------------------------------+--------+--------+
' N t( }# S0 p5 H! X2 q9 l! ]- r[root@openstack-server ~]# openstack network list
S: `; B' R, z ], s* k; {+--------------------------------------+-------------+--------------------------------------+6 @3 J3 I! x: l* q( H- d5 y( ~
| ID | Name | Subnets |
: z. \4 o+ Q/ a1 F4 |; q- u/ Q8 ^5 u1 D+--------------------------------------+-------------+--------------------------------------+
& z; q, f+ A% c. [, R| ad37ab93-04df-4b47-99d3-10dc0b2e630e | selfservice | f5ae3b68-4397-4caf-be61-63ef193e024c |1 H& h$ L/ k1 a- T
| cd105ed5-cb4d-4fd9-a4f3-3ab1642d7cb4 | provider | 9e8f1c21-fc37-4dd7-b111-b4e25160b731 |7 ^8 C, q n& `: [$ g1 S+ o- C8 ]' C
+--------------------------------------+-------------+--------------------------------------+2 G7 Q0 }7 D( b' b0 v: H$ o
[root@openstack-server ~]# openstack security group list! Q5 u t. P" U7 Y8 B9 O' b, ?( z Y
+--------------------------------------+---------+-------------+----------------------------------+------+$ W0 k( |7 d: w# k) r5 r
| ID | Name | Description | Project | Tags |
% N9 y; h5 d/ O. h& u9 ]) }& {! z+--------------------------------------+---------+-------------+----------------------------------+------+
7 L: _ g1 j( G! C* R& d| 48512492-a516-4219-9a94-c81ac593963d | default | 缺省安全组 | c6b624a854694b4bb6dacd361bd7589d | [] |
' f5 z4 [6 g/ ^$ O+--------------------------------------+---------+-------------+----------------------------------+------+
+ j$ l! k3 h3 E6 e8 X" O( X! C* u[root@openstack-server ~]# openstack server create --flavor m1.nano --image cirros --nic net-id=9979b724-3868-42b9-9e0b-61b42fd794a0 --security-group default --key-name mykey provider-instance6 O6 ]" l! ]. e( }( b. p5 h5 m3 r
[root@openstack-server ~]# openstack console url show selfservice-instance(获取vnc url) Launch an instance on the self-service network(在self-service网络运行实例): [root@openstack-server ~]# . myuser-openrc.sh0 r+ y7 q& @7 H
[root@openstack-server ~]# openstack flavor list8 `9 q% F4 p+ _# A& u: w
+----+---------+-----+------+-----------+-------+-----------+
; s( y3 P9 a7 `( K# G/ H" a* O( A. p! g| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |" K1 M+ W# E" y2 q
+----+---------+-----+------+-----------+-------+-----------+
2 F7 N! e ?& s* T# j R( @4 e| 0 | m1.nano | 64 | 1 | 0 | 1 | True |7 J9 P3 S% M- n& T- k" @# M
+----+---------+-----+------+-----------+-------+-----------+
9 @/ P% A) k8 U8 i" b6 A[root@openstack-server ~]# openstack image list
8 c# z, g% w! f+--------------------------------------+--------+--------+
@/ e# f2 Y6 _1 t$ ?/ w {| ID | Name | Status |+--------------------------------------+--------+--------+4 p Y* L6 |- T; [) `: Y
| 68cc1d9d-3018-4c42-a20c-70d0e4215a24 | cirros | active |) X* D7 f7 }9 P' O
+--------------------------------------+--------+--------+; w& _4 o/ _ U& v
[root@openstack-server ~]# openstack network list
# Y2 x! k+ \" z& F i3 T+--------------------------------------+-------------+--------------------------------------+
( j- T; _3 M' a/ v; w: s5 x5 i" U| ID | Name | Subnets |
0 Q* F; \6 g6 A5 K1 F% S L& K+--------------------------------------+-------------+--------------------------------------+
7 T6 ?3 G' `: F# }: h* E3 j7 e|ad37ab93-04df-4b47-99d3-10dc0b2e630e | selfservice | f5ae3b68-4397-4caf-be61-63ef193e024c |
3 I# ?( x3 z: \2 {6 J| cd105ed5-cb4d-4fd9-a4f3-3ab1642d7cb4 | provider | 9e8f1c21-fc37-4dd7-b111-b4e25160b731 |) r1 b: Z; Z3 t
+--------------------------------------+-------------+--------------------------------------+! S# g; u" M) }! E/ k! I1 }; v" J& `% G
[root@openstack-server ~]# openstack security group list& J- C) l& L H u2 v
+--------------------------------------+---------+-------------+----------------------------------+------+( s2 E) H2 q" @; Y- T9 P( o
| ID | Name | Description | Project | Tags |
. ]: I8 E, b0 a# F1 f+--------------------------------------+---------+-------------+----------------------------------+------+8 }5 r- F2 E& r, |" K
| 48512492-a516-4219-9a94-c81ac593963d | default | 缺省安全组 | c6b624a854694b4bb6dacd361bd7589d | [] |
' q F" N% V. u: O+--------------------------------------+---------+-------------+----------------------------------+------+
+ C1 i+ j* h+ m) y6 C8 b[root@openstack-server ~]# openstack server create --flavor m1.nano --image cirros --nic net-id=ad37ab93-04df-4b47-99d3-10dc0b2e630e --security-group default --key-name mykey selfservice-instance/ B) p. q i! |, }; I
[root@openstack-server ~]# openstack server list$ h7 @9 H$ {9 H! \
+--------------------------------------+----------------------+--------+-------------------------+--------+---------+. c! g# S' O# Q0 b" w B1 v8 p
| ID | Name | Status | Networks | Image | Flavor |
' X* ~* V% @4 y5 E7 H. q: ^ w+--------------------------------------+----------------------+--------+-------------------------+--------+---------+
& T) P3 U0 z. r| 105e9757-7ba5-4a3f-81b7-cecdff2fa167 | selfservice-instance | ACTIVE | selfservice=172.16.1.10 | cirros | m1.nano |/ g' B2 e8 R' O
+--------------------------------------+----------------------+--------+-------------------------+--------+---------+& k4 o- }$ Z: I' s# i
[root@openstack-server ~]# openstack console url show selfservice-instance(获取vnc url) 创建卷: [root@openstack-server ~]# . myuser-openrc.sh% P8 ^+ R B8 o6 C/ |
[root@openstack-server ~]# openstack volume create --size 1 volume1
) @% g' H- `: \, z5 F9 w+---------------------+--------------------------------------+* s. ~0 O9 U) B! w) B$ E
| Field | Value |* d) m5 M( x+ Z8 F$ Q" x8 J
+---------------------+--------------------------------------+
3 p3 W$ ~& r& O1 P- T9 h| attachments | [] |
( m/ Z4 d+ ?7 k| availability_zone | nova |! w/ P7 D: q- Z6 W
| bootable | false |
/ } i0 |0 l; h1 H* i2 J v| consistencygroup_id | None |* w# d: K/ I9 s
| created_at | 2018-11-04T14:38:32.000000 |# _6 d4 I$ h: E' Z+ D
| description | None |
" D" C& H5 L. s E1 q( E- n| encrypted | False |
2 a' Q% j1 Q/ T. h| id | 2a67c881-b7d6-47fb-9da4-c37dcb0ccf72 |$ o" T( ?$ v0 O. r4 N$ x) Q& j
| multiattach | False |0 `# C8 l R& q# h
| name | volume1 |8 }: _# ^+ q1 P B$ ^% A" a
| properties | |3 A/ g8 X+ I# f5 b/ u7 e S l
| replication_status | None |
! t$ a; v+ D4 J( H1 e| size | 1 |
2 z3 ?) k8 n4 Y1 \" }4 k I| snapshot_id | None |
; n: n+ |$ }: j+ q) n; R; M N" k| source_volid | None ||9 X- |' `% c9 X! D# l
status | creating |, j+ Z$ ]8 Y6 e8 {& n
| type | None |
; M: \6 c/ m4 x& A- {+ ]0 u+ v| updated_at | None |; }1 w5 P' x4 o7 e8 {
| user_id | 2a2e5a1a1a464efaabaca83b439999e4 |, | s0 @& h7 D6 [1 p6 T% @
+---------------------+--------------------------------------+7 B/ o$ K7 ^6 H: r$ X I9 s7 ]' F7 T
[root@openstack-server ~]# openstack volume list2 u+ j! h1 y( m8 q; K
+--------------------------------------+---------+-----------+------+----------------------------------+
$ z) R0 c$ E0 y- s7 a1 `& f2 ]| ID | Name | Status | Size | Attached to |) a, S# Y5 M* S- Z
+--------------------------------------+---------+-----------+------+----------------------------------+4 [) }" Q! x) Y5 l" O
| 2a67c881-b7d6-47fb-9da4-c37dcb0ccf72 | volume1 | available | 1 | |2 ~- u2 R' k( u9 ~# N8 W
| a63a0afe-3be8-45aa-b7be-820d88874fc4 | | in-use | 20 | Attached to centos6 on /dev/vda |! S* G, N" h' v% f
+--------------------------------------+---------+-----------+------+----------------------------------+& p) z, v6 W/ B! n2 c: f
|
发表于 2019-1-8 09:32:12