|
1.安装环境: 操作系统:centos 7.5地址规划:192.168.254.10 openstack-server架构:所有组件(包括控制节点、计算节点、网络节点)全部安装一个节点2.系统配置: [root@localhost ~]# hostname openstack-server) a, J+ W( `4 d% Z. w
$ Z0 b8 y9 ^7 p8 g[root@openstack-server ~]# vim /etc/hostname' j7 s* m6 F2 Z$ F1 N
openstack-server
, N0 P* N' w& f! a) |! ][root@openstack-server ~]# vim /etc/hosts9 d7 n; ^6 V4 t6 S; p; H
192.168.254.10 openstack-server openstack-server.smoke.com
8 B, c$ q3 p. |7 E+ }! z# z[root@openstack-server ~]# ifconfig
9 z8 ], Z) A- \' j- }enp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
) E+ n# s* T5 t inet 192.168.254.10 netmask 255.255.255.224 broadcast 192.168.254.31 $ q+ U% V( X9 q0 I, _" _
inet6 fe80::119a:26d0:b028:74d0 prefixlen 64 scopeid 0x20<link>
% e1 ^6 Y4 r/ K8 m1 E% h ether 00:e0:4c:0f:ff:a9 txqueuelen 1000 (Ethernet)
0 f" E d& I+ G3 k' h/ S J RX packets 42277 bytes 39441483 (37.6 MiB)
; D4 D' a: Q& { RX errors 0 dropped 0 overruns 0 frame 0 ) Q/ O# P; s, a9 f+ u" Z( p9 `; E
TX packets 14912 bytes 1016294 (992.4 KiB) + @# N1 u5 m: A! Q h
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0- Y" O! b; k# u l5 A
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
8 p& \9 l5 Q/ |% U1 V! g inet 127.0.0.1 netmask 255.0.0.0
# E; \: i4 G6 y- Y) O inet6 ::1 prefixlen 128 scopeid 0x10<host>
( E3 z3 \6 \- _0 n: H loop txqueuelen 1000 (Local Loopback)
1 f2 T8 E! R/ k9 d RX packets 32 bytes 2792 (2.7 KiB) - Q8 `. F7 }) ~
RX errors 0 dropped 0 overruns 0 frame 0
" d* b# A& F# G9 L TX packets 32 bytes 2792 (2.7 KiB)
# I5 I; `8 S; d TX errors 0 dropped 0 overruns 0 carrier 0 collisions 00 Y( [' m+ s" Y# O( E% f2 x4 _
3.安装时间同步服务NTP:
5 b1 a K3 v; `! B[root@openstack-server ~]# yum install chrony 修改chrony服务配置: [root@openstack-server ~]# vim /etc/chrony.conf5 h! J3 s$ y. D h
allow 192.168.254.0/27" S% O6 M$ w; T4 r2 e% |
启动chrony服务: [root@openstack-server ~]# systemctl enable chronyd.service U7 V" Q$ o9 E3 [2 W
[root@openstack-server ~]# systemctl start chronyd.service2 U! N6 j I% ]3 l1 Y- u* q1 A
设置时区:
( R) R! M" J# s* I[root@openstack-server ~]# timedatectl set-timezone Asia/Shanghai 4.安装阿里的OpenStack源: [root@openstack-server ~]# vim /etc/yum.repos.d/OpenStack-Rocky.repo
* i. |) d r1 u[openstack-rocky]
( }% j8 g F- f9 lname=openstack-rocky2 Y. W3 f+ C0 |7 t. M( j
baseurl=https://mirrors.aliyun.com/centos/7.5.1804/cloud/x86_64/openstack-rocky/
7 i. h, `9 A! k9 l1 Ugpgcheck=0
* _4 F' E9 X( v! s% p# h* lgpgkey=https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-75 L7 k! [* }$ q$ f. K
repo_gpgcheck=0
- u. L: S$ S L9 X# cenabled=1
: N! T* e& E9 r D" ?. d! O, N[root@openstack-server ~]# yum clean all: d" Z; [* T! X
[root@openstack-server ~]# yum makecache& X2 L: f8 t' K& O
还可以使用官方yum源方式: [root@openstack-server ~]# yum install centos-release-openstack-rocky* M0 U5 x( [( M* h6 m2 u0 M* c
[root@openstack-server ~]# yum install https://rdoproject.org/repos/rdo-release.rpm $ B+ Q, `* r; Y, e
升级软件包:
. g0 _* X7 L# r! S3 @9 W8 }[root@openstack-server ~]# yum -y upgrade 安装OpenStack client:! K: M% Q! {/ ]9 q0 Y5 c+ L' M- T
[root@openstack-server ~]# yum -y install python-openstackclient 安装openstack-selinux:3 ]4 i' v+ [7 }: }+ P4 S" N
[root@openstack-server ~]# yum -y install openstack-selinux 5.安装Mariadb:4 G0 P9 D( q- N0 M
[root@openstack-server ~]# yum -y install mariadb mariadb-server python2-PyMySQL 修改Mariadb配置文件: [root@openstack-server ~]# mv /etc/my.cnf /etc/my.cnf.bak
1 R% _3 m+ |; d2 s1 }8 j3 ?[root@openstack-server ~]# cp /usr/share/mariadb/my-large.cnf /etc/my.cnf
% k, |1 [6 n* A |) \[root@openstack-server ~]# vim /etc/my.cnf
9 m T" i: n/ T) _: W5 B[mysqld]
! O$ r1 Z$ b8 n$ A. [0 C. P: k4 Ubind-address = 192.168.254.109 Y) `- a- U2 j
default-storage-engine = innodb
% J+ f6 O5 x' D. ~* V, `2 `innodb_file_per_table = on1 R% b( A8 ]- h
max_connections = 4096
$ M$ z4 P- _3 m* B% g8 c' Ycollation-server = utf8_general_ci
2 U% q+ H* H Lcharacter-set-server = utf8& S! }" ]5 \+ n* l( ^+ v
启动Mariadb服务: [root@openstack-server ~]# systemctl enable mariadb.service1 ^3 ^2 l' Z' G1 G
[root@openstack-server ~]# systemctl start mariadb.service
8 B, _, h' Z6 ?* ]( q初始化Mariadb:: ~3 X* _8 S' b! { n2 m! `
[root@openstack-server ~]# mysql_secure_installation(按提示操作设置root密码) 6.安装rabbitmq-server:
( v9 B/ g3 F6 Q5 N[root@openstack-server ~]# yum -y install rabbitmq-server 启动rabbitmq-server服务: [root@openstack-server ~]# systemctl enable rabbitmq-server.service8 n. [' S/ J! U X( ]
[root@openstack-server ~]# systemctl start rabbitmq-server.service
% q- E4 r8 _; k) s, u) ~, R添加openstack用户: [root@openstack-server ~]# rabbitmqctl add_user openstack openstack! a3 h& N) I2 \9 h6 k; S
[root@openstack-server ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
# {4 D4 n6 `0 t( W* v/ `& _% P开启web管理插件:
, u3 T" E6 B& h0 M2 }( {[root@openstack-server ~]# rabbitmq-plugins enable rabbitmq_management 使用web访问rabbitmq-server(默认账号guest,密码guest):
) q0 u- W9 w: i. A5 C1 O 设置openstack用户Tags为administrator(点击Admin -- openstack): 5 {- ^- E- x/ Q& r V+ {' h7 ~
 点击Update this user:
; t" t1 h* `& _- p% ]9 w: D+ F4 E 查看设置:
& h1 s4 v6 S+ E7 J9 z) e: ` 7.安装memcached:8 G! s+ f, {; s4 Q9 t. |! V3 s
[root@openstack-server ~]# yum -y install memcached python-memcached 修改memcached服务配置: [root@openstack-server ~]# vim /etc/sysconfig/memcached9 V j& n" r: @ L
PORT="11211"
0 z+ @; N& x" I+ hUSER="memcached"8 [' I2 M t6 b% r4 C" F
MAXCONN="1024", ?; j) H+ Z q$ d f
CACHESIZE="64"3 p, T! Y7 X8 s7 `* Q! `
OPTIONS="-l 0.0.0.0,::1"
1 [$ F! `/ [# O+ I+ b) W3 n7 U& J启动memcached服务: [root@openstack-server ~]# systemctl enable memcached.service' i0 Y0 z+ T6 a9 m0 R
[root@openstack-server ~]# systemctl start memcached.service( D8 @# W8 N6 |& `- N. a3 P. F, X
8.安装etcd服务:6 v/ |' U; |( [
[root@openstack-server ~]# yum -y install etcd 修改etcd服务配置: [root@openstack-server ~]# vim /etc/etcd/etcd.conf$ W N: {& l7 M" |+ J& D- x
#[Member]
5 T9 K( j. {& I w4 d7 E( n" w: SETCD_DATA_DIR="/var/lib/etcd/default.etcd"; l: I' _: j6 c8 e
ETCD_LISTEN_PEER_URLS="http://192.168.254.10:2380"
4 C# p9 ^# L4 S# y% lETCD_LISTEN_CLIENT_URLS="http://192.168.254.10:2379"' Z* |9 t+ g4 e; j9 I3 X' E
ETCD_NAME="openstack-server"
: `# o( X0 ^ e' B#[Clustering]
6 X! a, D6 k1 l* y: `' zETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.254.10:2380"
* L8 n, j# c8 N5 S, aETCD_ADVERTISE_CLIENT_URLS="http://192.168.254.10:2379"
& U4 Y! r# H5 N% jETCD_INITIAL_CLUSTER="openstack-server=http://192.168.254.10:2380"# w8 n4 G! s. D' ]: ]* G6 J
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"3 _$ ]% Y; T$ @! ]: C
ETCD_INITIAL_CLUSTER_STATE="new"
: f/ L/ c1 K: F9 A6 X启动etcd服务: [root@openstack-server ~]# systemctl enable etcd
! T% ~/ G- W6 |+ F9 x# [7 Z[root@openstack-server ~]# systemctl start etcd! y, v/ { H$ M- l, x7 W$ p* a
9.安装keystone:
, T' z$ i9 u2 x( y% _: ^! x在Mariadb创建keystone库和用户: [root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE keystone;"
& H m; `8 e. }9 {! b[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';"0 ~4 H; U7 }0 y& P
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';"
1 J1 Z6 b+ H+ `7 K C/ [/ i安装keystone:
$ j% z1 L* g+ U2 E! }[root@openstack-server ~]# yum -y install openstack-keystone httpd mod_wsgi 修改keystone服务配置: [root@openstack-server ~]# vim /etc/keystone/keystone.conf& \& q9 I5 N' X
[database]8 g) m7 Y/ \0 {6 P
connection = mysql+pymysql://keystone:keystone@openstack-server/keystone
: }& p7 E e$ v: ][token]provider = fernet" g0 R* Y7 y' ^0 X( G" ~& d* ?
同步数据库:2 M# o2 P4 r6 r8 l6 S: {- Y* S
[root@openstack-server ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone 初始化Fernet key仓库: [root@openstack-server ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
: E, a1 b$ a6 S# a) }7 G, ~3 E[root@openstack-server ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone0 ~5 u, \8 ~& E. b% Y
引导身份服务: [root@openstack-server ~]# keystone-manage bootstrap --bootstrap-password admin --bootstrap-admin-url http://openstack-server:5000/v3/ --bootstrap-internal-url http://openstack-server:5000/v3/ --bootstrap-public-url http://openstack-server:5000/v3/ --bootstrap-region-id RegionOne修改httpd服务配置: [root@openstack-server ~]# vim /etc/httpd/conf/httpd.conf
/ ]1 T( ]7 z# V4 a* Z4 ]0 V# B/ wServerName openstack-server' V" m4 l/ ]; J% r8 x( C. X
创建wsgi-keysone配置文件链接:
" O8 I3 e) L+ J# T" m[root@openstack-server ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ 启动httpd服务: [root@openstack-server ~]# systemctl enable httpd.service; {- M& G1 X* I+ Y
[root@openstack-server ~]# systemctl start httpd.service
2 ~8 S" h3 D0 X- Q6 O! l2 P[root@openstack-server ~]# vim admin-openrc.sh K* C" N, c( c& x9 G$ b7 R0 \
export OS_USERNAME=admin
7 ~8 [/ x Z. c4 X5 f& Oexport OS_PASSWORD=admin, d+ q5 R+ e7 I2 i ?0 P
export OS_PROJECT_NAME=admin
4 ^; B/ ^! [# Y K+ ?& uexport OS_USER_DOMAIN_NAME=Default" \' o% L: X) N* L
export OS_PROJECT_DOMAIN_NAME=Default
$ Y X# G0 z. }4 t- a$ b8 Hexport OS_AUTH_URL=http://openstack-server:5000/v3
, f" R4 S3 H) S+ V4 C1 }0 P* ?( `export OS_IDENTITY_API_VERSION=3
: y5 a6 Q+ B9 x! W1 r. t7 h0 J6 h: x' ^ j% |0 I% q
+ q& d+ P- K% @6 T3 ~创建域,项目,用户,角色: [root@openstack-server ~]# . admin-openrc.sh5 V. H8 ]' M( g7 }8 h. k1 @
[root@openstack-server ~]# openstack domain create --description "An Example Domain" example
# l' L0 T4 {$ W2 L; c/ ^# }5 Q* X2 v[root@openstack-server ~]# openstack project create --domain default --description "Service Project" service4 I" J$ w$ }' Z9 {1 i. R
[root@openstack-server ~]# openstack project create --domain default --description "Demo Project" myproject
/ F4 p: s- x- j8 T4 k) m[root@openstack-server ~]# openstack user create --domain default --password-prompt myuser
7 `( Z4 M: e2 c7 c$ S. L[root@openstack-server ~]# openstack role create myrole& H9 g# Z# C5 e
[root@openstack-server ~]# openstack role add --project myproject --user myuser myrole4 c1 ?) [" U7 u+ k$ |7 D
验证keystone是否安装成功: [root@openstack-server ~]# unset OS_AUTH_URL OS_PASSWORD, |$ F; W( w( w2 e8 J2 T5 w
[root@openstack-server ~]# openstack --os-auth-url http://openstack-server:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
2 p8 \: s+ A* G; {- E7 w创建myuser环境变量: [root@openstack-server ~]# vim myuser-openrc.sh
/ m5 d6 \7 Z1 R6 O( R5 O2 ^export OS_USERNAME=myuser( F3 [8 o( m- Y7 g$ O% Q. y0 }
export OS_PASSWORD=myuser; t0 e* [& K& M) P( c: h: C, T9 t
export OS_PROJECT_NAME=myproject
' N6 s, W( i/ q& i" ?export OS_USER_DOMAIN_NAME=Default2 w& W* ^/ F+ E3 ]
export OS_PROJECT_DOMAIN_NAME=Default2 g' B& Q. x( ^* C
export OS_AUTH_URL=http://openstack-server:5000/v33 t7 N S6 s- E8 D4 T, [( C# d
export OS_IDENTITY_API_VERSION=3
5 e- ?4 _5 R& S; n4 `' M* g+ p$ l/ S7 y' |4 H
使用myuser用户进行测试: [root@openstack-server ~]# . myuser-openrc.sh. R- C& P$ r. F: n
[root@openstack-server ~]# openstack --os-auth-url http://openstack-server:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue5 s: z* t2 z+ M
修改用户环境变量脚本: [root@openstack-server ~]# vim admin-openrc.sh
% U; l% I- A' b: F! X# C6 \export OS_USERNAME=admin$ l7 \ M- j' F
export OS_PASSWORD=admin
( Q6 f2 B! y2 Gexport OS_PROJECT_NAME=admin! N8 Z8 @8 c2 B* v, D8 U8 z
export OS_USER_DOMAIN_NAME=Default
; W/ C" H1 g) P3 Zexport OS_PROJECT_DOMAIN_NAME=Default1 F# B4 W4 v; B8 N u
export OS_AUTH_URL=http://openstack-server:5000/v3/ M _" s! o/ p2 L9 F: c
export OS_IDENTITY_API_VERSION=3
, x: D. I9 l7 b9 G2 ^* eexport OS_IMAGE_API_VERSION=2
7 Z8 X$ v, n" j: d[root@openstack-server ~]# vim myuser-openrc.sh
0 p5 _ @1 K2 ^1 [5 Oexport OS_USERNAME=myuser
/ s1 E6 \4 A1 z1 z0 G6 rexport OS_PASSWORD=myuser
, `$ c5 N! G7 j1 u4 L* @export OS_PROJECT_NAME=myproject: S. S7 T S4 y9 A& F, |
export OS_USER_DOMAIN_NAME=Default# Q! F" r6 k5 d ]3 {5 r; y4 M
export OS_PROJECT_DOMAIN_NAME=Default0 P$ ^& g$ A+ R
export OS_AUTH_URL=http://openstack-server:5000/v3
+ |8 W1 ?7 Y( Vexport OS_IDENTITY_API_VERSION=3
, I4 y- O. b& q0 q; M% Eexport OS_IMAGE_API_VERSION=2& T1 `- T# J3 g( R- A
使用脚本测试: [root@openstack-server ~]# . admin-openrc.sh
' A5 u' Y8 d& f: r[root@openstack-server ~]# openstack token issue
9 F: v% f$ m) F/ z4 z$ c10.安装glance:
! G$ N. E, E0 C在Mariadb创建glance库和用户: [root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE glance;"
; Q9 V* E1 n5 Z$ ]& X5 t[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';" u& W4 b# _1 S7 w
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';"9 k* E8 S, u: z+ f W
创建glance用户,服务,端点: [root@openstack-server ~]# . admin-openrc.sh) m& V) |' j" E$ j( a
[root@openstack-server ~]# openstack user create --domain default --password-prompt glance
+ Z0 x( F9 y( w! y3 p8 w[root@openstack-server ~]# openstack role add --project service --user glance admin
( ]; K- Q; ]$ h' i[root@openstack-server ~]# openstack service create --name glance --description "OpenStack Image" image
/ \+ s& I* G( N1 H! C( m[root@openstack-server ~]# openstack endpoint create --region RegionOne image public http://openstack-server:9292
$ ~3 f3 k0 s) l8 o+ H7 u[root@openstack-server ~]# openstack endpoint create --region RegionOne image internal http://openstack-server:9292# k' H! A( z, y& p3 |% n, Z+ N
[root@openstack-server ~]# openstack endpoint create --region RegionOne image admin http://openstack-server:9292
5 i' |% Y9 g& j2 e! q' V安装glance:
7 f2 J) \4 W7 V[root@openstack-server ~]# yum -y install openstack-glance 修改glance-api和glance-registry服务配置: [root@openstack-server ~]# vim /etc/glance/glance-api.conf
& |5 ? g% j; W$ @& K7 b[database]
- s7 @, I) ?. z5 K* Zconnection = mysql+pymysql://glance:glance@openstack-server/glance a$ T9 j* k2 \$ m$ ], Z
[keystone_authtoken]
" P& Q, U8 a ^2 d( n* F pwww_authenticate_uri = http://openstack-server:5000
' ^9 J/ ]" I: P5 W$ pauth_url = http://openstack-server:5000
2 M* V4 Z. m. T$ f7 [* Jmemcached_servers = openstack-server:11211
& v$ ~/ y/ x3 `5 j) U) _* `1 }1 Aauth_type = password
2 ^% R& E" ?9 Eproject_domain_name = Default
+ \# ~, R) [: B+ @3 J5 Quser_domain_name = Default+ \$ C8 Z- G# L m
project_name = service) F6 A) @5 S" R6 E
username = glance
: n" ~' y* V" k! M$ xpassword = glance* _/ ], I5 e+ y2 c/ u# _* Z( }+ u; Z
[paste_deploy]1 [# D. g0 I# t3 S2 c" R
flavor = keystone
; y4 A, H+ k$ P[glance_store]
2 @! F' y# [5 `1 U' \, J4 Pstores = file,http. D8 |0 V+ H/ I# C2 O0 X6 s
default_store = file
z5 S- M( C, N- K1 Xfilesystem_store_datadir = /var/lib/glance/images& ^4 ~5 C$ U+ `
[root@openstack-server ~]# vim /etc/glance/glance-registry.conf3 l) r. z8 F2 r' D7 j, z1 U3 a
[database]
. g! D" l+ [ v X" D4 I! m& D! ?connection = mysql+pymysql://glance:glance@openstack-server/glance2 Q0 D7 f! S w1 i( L( m
[keystone_authtoken]+ D2 ?. f3 O/ Q1 C. G
www_authenticate_uri = [url=http://openstack-server:http://openstack-server:5000' ]2 N% q# t$ |7 M; r; O
auth_url = [url=http://openstack-server:http://openstack-server:5000
' W- F; f) O( Z8 h5 b3 Omemcached_servers = openstack-server:11211
$ [6 p' b0 O7 B6 p' [auth_type = passwordp, E4 {% L8 w5 d+ o6 g: M
roject_domain_name = Defaultu
9 D6 _0 i5 Z' M) I8 `3 u Oser_domain_name = Default
2 y( A4 P4 n3 v! l& Aproject_name = serviceusername = glance/ I! C" p; ^1 ?0 v, e8 ]: y
password = glance
7 U: N% k ?! l' D[paste_deploy]
2 D5 x; \ a, l/ e; v9 g. G; h4 Z# tflavor = keystone! N1 e$ G: P3 q( f; d& ~" u
同步glance数据库:5 t7 j6 e) e9 O
[root@openstack-server ~]# su -s /bin/sh -c "glance-manage db_sync" glance 启动glance-api和glance-registry服务: [root@openstack-server ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service, q1 L# H! e3 M3 i" w$ v Y! Y
[root@openstack-server ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service' V1 n+ x, X( \+ } X, a5 |. |
使用sdb1创建lvm用于存储镜像: [root@openstack-server ~]# fdisk -l /dev/sdb8 _8 H# |/ _0 M5 B7 D N, R
磁盘 /dev/sdb:250.1 GB, 250059350016 字节,488397168 个扇区Units = 扇区 of 1 * 512 = 512 bytes
. b' ?! t$ O0 k' m: } L! y扇区大小(逻辑/物理):512 字节 / 512 字节I/O 大小(最小/最佳):512 字节 / 512 3 D. j. V+ ?7 N2 N
字节磁盘标签类型:dos磁盘标识符:0x441e1e17 ' h/ E" o( f( c( T4 U- G
设备 Boot Start End Blocks Id System/dev/sdb1 2048 104859647 52428800 8 e Linux LVM
+ Z- }+ a" f3 A: E# ~[root@openstack-server ~]# pvcreate /dev/sdb1$ ^( l; ^' m* B9 Z0 k: F
[root@openstack-server ~]# vgcreate glance-vg /dev/sdb1& w3 o4 K+ P) U
[root@openstack-server ~]# lvcreate -L 50G -n glance-lv glance-vg0 D( y/ ^4 q( {$ w/ C N6 U
[root@openstack-server ~]# mkfs.xfs /dev/glance-vg/glance-lv/ |7 m4 F% a, C1 Q
[root@openstack-server ~]# blkid /dev/glance-vg/glance-lv: O. j I0 s6 }6 N* t9 D. W
/dev/glance-vg/glance-lv: UUID="072c4d36-7502-484b-b857-357a870dcc87" TYPE="xfs"& b) T5 U' j0 U; p9 [
3 H' f, H- H0 c( u. @[root@openstack-server ~]# vim /etc/fstab
/ Q9 v/ e7 S! f) B8 X: O5 w3 SUUID=072c4d36-7502-484b-b857-357a870dcc87 /var/lib/glance/images/ xfs defaults 0 0
! {1 w0 Y+ _) s+ S* b[root@openstack-server ~]# mount -a; J4 o+ A1 h( I6 F% s
[root@openstack-server ~]# chown -R glance:glance /var/lib/glance/$ N {: F2 d z+ h, h" `- p6 K; D
/ K( q+ p, @0 M; G- O7 O- d验证操作: [root@openstack-server ~]# . admin-openrc.sh' R# H8 ]! D P% B5 c$ l
[root@openstack-server ~]# wget http://download.cirros-cloud.net ... 4.0-x86_64-disk.img
; a/ x7 _( k* ?* U- s[root@openstack-server ~]# openstack image create "cirros" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --public
( K* r) S+ w- F/ E[root@openstack-server ~]# openstack image list
/ F+ h# P+ r. }# o+--------------------------------------+--------+--------+) @1 k8 b- B' A; Y) f0 @
| ID | Name | Status |
; e. Y- D) S, M) |1 @: |" d" e3 b! S+--------------------------------------+--------+--------+
7 O" c) F- Z# K# l5 r. ]& O| 99b186e3-b29f-4366-ab5c-ebf5e53ef262 | cirros | active |" D+ ?9 \) k& U. L% A0 [5 K/ P2 q- b, a* B9 D
+--------------------------------------+--------+--------+
; M1 a! {+ X% c11.安装nova:
; |/ Y; H: q R) a' b* H在Mariadb创建nova相关库和用户(控制节点): [root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE nova_api;"
: [& E3 R# x Z; K9 m' J[root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE nova;") { z% T" ]6 U y
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE nova_cell0;"' X! H7 s6 J/ C i
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE placement;"
/ N5 c) q( D/ _/ Y8 h9 X[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';"
/ X: G( ?$ c9 u& k# ?[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova''%' IDENTIFIED BY 'nova';"; [0 |$ g$ }+ k* O* q. O
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@‘localhost' IDENTIFIED BY 'nova';"
5 d+ O0 @/ z$ I5 `& {5 }3 B* K[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';"! \! A0 I% v. y( o2 f
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';" q- r0 s5 F- s+ x" e* h. \
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova';"
+ R' V& x. U) P d% Q- P5 R; J[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'placement';"" @9 c# W& ?+ W$ @
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'placement';"+ C5 Z# L* J$ \+ `- B- N
创建nova用户,服务,端点; [root@openstack-server ~]# . admin-openrc.sh
7 o" C9 @* ~2 {) u' }5 |[root@openstack-server ~]# openstack user create --domain default --password-prompt nova6 O! I, ^, Y+ S) i
[root@openstack-server ~]# openstack role add --project service --user nova admin4 t: r/ u$ }$ ]' E- i! r5 ~& B
[root@openstack-server ~]# openstack service create --name nova --description "OpenStack Compute" compute& ^& B6 N. ^$ ^0 }+ s
[root@openstack-server ~]# openstack endpoint create --region RegionOne compute public http:/openstack-server:8774/v2.1
- c( ?7 \. s/ |- x: p2 @[root@openstack-server ~]# openstack endpoint create --region RegionOne compute internal http://openstack-server:8774/v2.18 f! l0 m& Z, h; i( @
[root@openstack-server ~]# openstack endpoint create --region RegionOne compute admin http://openstack-server:8774/v2.1
3 O/ x& z3 i7 V2 q- Z' o1 F创建placement用户,服务,端点: [root@openstack-server ~]# openstack user create --domain default --password-prompt placement. U- v' t3 S& W- a' l
[root@openstack-server ~]# openstack role add --project service --user placement admin1 L8 U* D1 q( O3 d' o) z* G8 G
[root@openstack-server ~]# openstack service create --name placement --description "Placement API" placement
+ r% A8 g8 D" m( t/ P2 A[root@openstack-server ~]# openstack endpoint create --region RegionOne placement public http://openstack-server:8778: h6 I$ k& U$ s# Z
[root@openstack-server ~]# openstack endpoint create --region RegionOne placement internal http://openstack-server:8778
. J% i1 K! w( e[root@openstack-server ~]# openstack endpoint create --region RegionOne placement admin http://openstack-server:8778
, W8 g& W0 }& Q! ?) k2 K安装nove-api、nova-conductor、nova-console、nova-novncproxy、nova-schedule、nova-placement-api服务(控制节点): [root@openstack-server ~]# yum -y install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api修改nova服务配置: [root@openstack-server ~]# vim /etc/nova/nova.conf
. i) C2 {. Y# O[DEFAULT]
$ }8 t* G/ W+ V1 M& Benabled_apis=osapi_compute,metadata1 A/ ?' m( q6 t
transport_url=rabbit://openstack:openstack@openstack-server
7 _! h& n8 W9 {: S* h3 C& tmy_ip=192.168.254.10& M3 T d2 X. N2 W3 t
use_neutron=true# Y! X$ e) @: p" t i
firewall_driver=nova.virt.firewall.NoopFirewallDriver
5 d6 y0 W# O v! u, P[api_database]
! t- m9 F& p" L" `3 jconnection=mysql+pymysql://nova:nova@openstack-server/nova_api, Q0 \' n9 A* D V7 R/ C
[database]
5 w* |* u, ^7 @, F( ]connection=mysql+pymysql://nova:nova@openstack-server/nova/ h0 A6 i3 q* S4 L
[placement_database]( s+ o7 R/ p* W8 M8 k! [
connection=mysql+pymysql://placement:placement@openstack-server/placement
; D# F( h. U/ d) I[api]
( Y: v# F8 h6 [! |auth_strategy=keystone
4 T% {2 m! K: C[keystone_authtoken]7 W/ T! ^$ v3 F8 R: s! Q9 U/ k
auth_url=http://openstack-server:5000/v3& A$ t" n) d+ t
memcached_servers=openstack-server:11211
4 H) ~5 K8 D, rauth_type=password1 G U L9 T3 J- B1 L" j: W& I1 \% A
project_domain_name = default
& ? |8 T2 r) V/ p8 Z; G# euser_domain_name = default1 P2 x) V+ w; V3 ?" A+ E0 e) E' O
project_name = service: |- Q8 Y9 R. w& I; a
username = nova
# L4 H2 `; B$ c* k' ?( npassword = nova
# ?9 N; a- P$ _( d. K0 m: |[vnc]
# W+ J+ |3 ]( f) f \' ~7 B" Lenabled=true
* u9 ]" R& n4 Y% r( R8 y: M: S+ u( Bserver_listen=0.0.0.0
. @& Y5 B+ ]5 eserver_proxyclient_address=$my_ip
: u1 a! H$ |4 j7 Q! s[glance]
, n ^: z* E7 R7 x) Q5 Dapi_servers=http://openstack-server:9292
4 |4 B; M$ S& d9 t; b- |& U[oslo_concurrency]% \" t$ t! M' E! T, a( D5 F! x
lock_path=/var/lib/nova/tmp
& E0 C2 J4 N: j0 `0 S5 C8 e[placement]
+ S ^; p+ D" d/ r; K: pregion_name=RegionOne6 f: r( l, E) v9 b
project_domain_name = Default
3 }# R2 e5 E" ^! v; y3 o$ eproject_name = service
* S O# c& h v5 ]! J3 j0 Aauth_type = password
( S+ h) T* S4 j0 ~user_domain_name = Default7 y3 q: H4 q, D! ]% j
auth_url = http://openstack-server:5000/v3
% D# d6 Q+ `( Yusername = placement7 I# ]! h5 k3 v, j
password = placement
# y: l5 }2 g, V$ }: L& E, ]' M( p) o7 V: s% Y
官网文档提示包bug问题,需要修改 /etc/httpd/conf.d/00-nova-placement-api.conf,添加/usr/bin相关内容到文件尾部; [root@openstack-server ~]# vim /etc/httpd/conf.d/00-nova-placement-api.conf' m6 ]8 E9 F( A) c5 h" t' V* \
<Directory /usr/bin>
- `8 Z" M! }$ m. u6 s5 v9 U <IfVersion >= 2.4> Require all granted </IfVersion> % X7 d9 ?$ G8 U' |9 i3 I) K: D
<IfVersion < 2.4> Order allow,deny Allow from all </IfVersion>0 K. U4 n3 z0 _4 F Q, t/ o; J
</Directory>! F# m( D; o2 r$ S) _# i/ x' ]
重启httpd服务:+ B+ Y. f t8 u* z1 ~, t3 v
[root@openstack-server ~]# systemctl restart httpd 同步nova数据库: [root@openstack-server ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
/ B5 f: r9 e; E4 \' V- b[root@openstack-server ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova, B9 i3 e: F ~* I
[root@openstack-server ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova28087259-877a-4ff7-b2a3-a4367a1fbd8d7 j$ r) i4 ^- R- @( d3 G
[root@openstack-server ~]# su -s /bin/sh -c "nova-manage db sync" nova, @0 E# y+ L5 T) Q; V
[root@openstack-server ~]# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
4 [+ f+ Q' e- w启动nova-api、nova-scheduler、nova-conductor、nova-novncproxy服务: [root@openstack-server ~]# systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service4 O: M- z4 o, `4 u w3 e: E$ X# _2 f
[root@openstack-server ~]# systemctl start openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
: d" o" P7 }3 ?$ S
J7 E$ z8 r1 F' O: e安装nova-compute(计算节点):# b0 g$ P0 [+ a5 T
[root@openstack-server ~]# yum install openstack-nova-compute 修改nova配置文件: [root@openstack-server ~]# vim /etc/nova/nova.conf
5 n3 x3 o7 b) R4 G[DEFAULT]
0 O: |3 {0 y2 D# n, ?$ Qenabled_apis=osapi_compute,metadata, J" g r* {( o4 z1 ~5 d# `
transport_url=rabbit://openstack:openstack@openstack-server
9 l# j. ^% A& l, imy_ip=192.168.254.102 d$ Z& U& Q5 \, U. Z
use_neutron=true% k4 U6 q9 m x+ O5 t0 W
firewall_driver=nova.virt.firewall.NoopFirewallDriver
( B( L, H- t# m% J. }' X[api]: J/ z! K( `3 O
auth_strategy=keystone R7 c+ h( m9 h7 s* b' P' [
[keystone_authtoken]& |2 \ l0 H- Y; G/ x; P
auth_url = http://openstack-server:5000/v3
$ y, t' }# |, f3 } Z; z1 umemcached_servers=openstack-server:11211
3 V3 L! K/ k/ {. l7 Jauth_type=password7 G- Q) p6 S4 S$ l6 Z
project_domain_name = default6 r2 l* `: P% I0 U$ O. O
user_domain_name = default# ~ I& g( f( ~. P& N5 \: ?
project_name = service/ k* B" f6 h7 f# G% h. e
username = nova
) @8 a( X4 k; P$ O" A, rpassword = nova' Q. ^3 y# S4 n$ e( A8 z% _, n L
[vnc]( u( p- |3 Z; T" B+ |- `
enabled=true1 H5 z) I+ |& A6 e4 I9 s% N3 }
server_listen=0.0.0.0
! v8 [% z% Y: ?& l: o/ }server_proxyclient_address=$my_ip2 h+ h/ [: t, V; }3 V& w& g( `
novncproxy_base_url = http://openstack-server:6080/vnc_auto.html2 U# X$ @ n% _- {0 T
[glance]api_servers=http://openstack-server:9292
* k; A" t' V$ T5 N[oslo_concurrency]7 J8 C& w7 J9 q8 v* i% }
lock_path=/var/lib/nova/tmp) m& d: i( ~5 w% I
[placement]" d6 l! y) X( [& }! ~
region_name=RegionOne. k7 i/ r; p; O9 f9 S8 S( G
project_domain_name = Default
. \, g" x* T& J2 r2 v& J9 @project_name = service2 Q( ?. T* Q# f1 X$ g/ N
auth_type = password
& Q+ `, p, N, n6 c- z4 }user_domain_name = Default
/ u3 \* Z# X9 e, Q2 gauth_url = http://openstack-server:5000/v3: s( y, Q; _/ ]+ x3 x# X' Y) O0 |. t
username = placementpassword = placement. o/ [5 ~" P1 D
查看cpu是否支持虚拟化(0代表不支持): [root@openstack-server ~]# egrep -c '(vmx|svm)' /proc/cpuinfo4修改虚拟化类型,如果不支持cpu虚拟化使用qemu,如果支持使用kvm: [root@openstack-server ~]# vim /etc/nova/nova.conf- S. O- U; t3 j8 W. Y" ?5 e; ?: d
[libvirt]) t1 @& U# o/ M, Z0 F1 u+ U! e4 s; { R
virt_type=kvm
( H/ B% M* }" f- h- m; Z启动nova-compute和libvirtd服务: [root@openstack-server ~]# systemctl enable libvirtd.service openstack-nova-compute.service
, R- O/ K/ q% M[root@openstack-server ~]# systemctl start libvirtd.service openstack-nova-compute.service7 s7 _1 e1 F' _
将计算节点cell数据库: [root@openstack-server ~]# . admin-openrc.sh
1 z' L0 J$ g; V1 ^% s- b M. l$ f, N[root@openstack-server ~]# openstack compute service list --service nova-compute
( b" T& X( d" D( N$ R[root@openstack-server ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
" E* n7 P6 A8 \+ S编辑nova服务配置: [root@openstack-server ~]# vim /etc/nova/nova.conf+ d5 }; V7 I: C4 r3 f# M- n
[scheduler]
" b1 v$ w2 \0 b7 h7 _' m: o) qdiscover_hosts_in_cells_interval=300
8 c& a8 {+ R7 O9 P& y7 K# X/ P, T验证操作:
( A, _1 P) j+ q5 F y/ Q' f[root@openstack-server ~]# . admin-openrc.sh [root@openstack-server ~]# openstack compute service list# w+ k9 L a1 @3 W
+----+----------------+------------------+----------+---------+-------+----------------------------+
$ h* T! ?' ~+ f. T| ID | Binary | Host | Zone | Status | State | Updated At |% g; b/ v" ~* U6 Q4 p
+----+----------------+------------------+----------+---------+-------+----------------------------+
, U4 N+ v: i, v0 m/ D% j+ ^9 f| 1 | nova-conductor | openstack-server | internal | enabled | up | 2018-10-23T13:45:26.000000 |
. H/ ~: g7 ^* `' I| 3 | nova-scheduler | openstack-server | internal | enabled | up | 2018-10-23T13:45:26.000000 |0 P. p3 k3 [1 ]" y# [! p
| 10 | nova-compute | openstack-server | nova | enabled | up | 2018-10-23T13:45:27.000000 |
, R- \+ o5 i2 }' M* a+----+----------------+------------------+----------+---------+-------+----------------------------+
+ L& w1 i9 G( a( z" `) }[root@openstack-server ~]# openstack catalog list
9 X+ I& ?' A( g" q4 K+-----------+-----------+-----------------------------------------------+3 V% {) J9 C8 R
| Name | Type | Endpoints |- G1 m- i0 e6 V3 M" k2 `5 V6 f
+-----------+-----------+-----------------------------------------------++ K0 z* d: o6 o$ H
| glance | image | RegionOne |
+ M! [+ N5 k0 ~7 |8 G- i| | | internal: http://openstack-server:9292 |
& l! ~- M# N' R& C4 z| | | RegionOne |7 v0 {1 g% h( O. h* I% O6 P
| | | public: http://openstack-server:9292 |
: O& ]$ _* t/ a* F! X4 y| | | RegionOne |
) O6 z0 G' T" c& ]; N. l| | | admin: http://openstack-server:9292 | U# m# ^& n( u8 V
| | | |
; z$ y) j' T- l( X: Z& ]4 F| keystone | identity | RegionOne |
. {- `5 Q, X2 u: E8 V l| | | admin: http://openstack-server:5000/v3/ |4 q8 o4 i7 Y8 ~ x0 Z
| | | RegionOne |' p. ], t/ C: m+ U1 f: F
| | | internal: http://openstack-server:5000/v3/ |
F' E6 L1 V4 l% x( {' H| | | RegionOne |
6 E+ Z$ Z# h6 t; q) o3 K! V| | | public: http://openstack-server:5000/v3/ |
- ?3 H' m: v& e$ @. H| | | |
9 B x8 v9 H" t! [, v| placement | placement | RegionOne |2 d8 M. n2 ]; _, x# @; d8 U
| | | public: http://openstack-server:8778 |1 s1 F4 C- D+ z4 \; d) \
| | | RegionOne |+ x; h( e# ]. u5 O: h p; k0 G- l
| | | admin: http://openstack-server:8778 |) E1 u! n" ~- T: Q
| | | RegionOne |
M# T! r- F1 U" J/ ]3 l6 g5 \* N| | | internal: http://openstack-server:8778 |
% u/ x3 M0 E% v3 E: v| | | |+ _% d$ Y- Y" s& U* |
| nova | compute | RegionOne |
% b- U( `4 l1 p5 K# U| | | public: http://openstack-server:8774/v2.1 |' W1 U% x. _( F9 m
| | | RegionOne |% {7 L$ b5 [' u7 P8 t" P" B9 L$ S
| | | admin: http://openstack-server:8774/v2.1 |
* C: s# Y9 C6 U* L8 }8 c| | | RegionOne |% a* d& h. ?, J" d. V0 e
| | | internal: http://openstack-server:8774/v2.1 |% ` Y9 `7 }! l# y9 j1 b8 W
| | | |! f" u8 }4 e& p( @; \
+-----------+-----------+-----------------------------------------------+
* O+ x- [+ f9 O$ Y& | C( w9 k/ U- j
' P b$ D- ~2 G[root@openstack-server ~]# openstack image list3 x2 b' {: K Y6 e# p2 {
+--------------------------------------+--------+--------+
8 ~" P; R3 Q- S| ID | Name | Status |' @2 {, W+ \! M* ]3 a
+--------------------------------------+--------+--------+( F+ m* O0 w4 v+ u( T
| 99b186e3-b29f-4366-ab5c-ebf5e53ef262 | cirros | active |. X) E$ z7 j: h3 s1 [/ r
+--------------------------------------+--------+--------+
3 r T M9 W( z- D[root@openstack-server ~]# nova-status upgrade check8 l% A/ R! s5 {$ s6 L
+-------------------------------+/ Y1 j" ]5 p7 a- p3 h( b2 E
| 升级检查结果 |
( ~% |2 P4 d3 B6 Y, a Z1 u+-------------------------------+
* |0 ^4 X# c4 Z% o) D# U; `, O' h1 `3 T| 检查: Cells v2 |
, X- Z8 a# y( Y6 }# ]| 结果: 成功 |
4 C* Y' u7 F* \& d0 p* t: g3 E5 j| 详情: None | a5 S! u: ]# L/ g* r- v1 S1 J
+-------------------------------+7 O. i7 T/ ]- a3 b1 K
| 检查: Placement API |% D/ u0 Z' p0 Q' s
| 结果: 成功 |; x: j; j& Y0 ]2 H+ s3 Z6 N
| 详情: None |9 a, r" Z- S }0 w! m
+-------------------------------+$ k9 ^* m, U6 u& [, R; W7 e
| 检查: Resource Providers |( x- a$ Z7 K- I3 R g% e
| 结果: 成功 |, x8 m7 r$ F7 t0 n- X) ^0 K# Z
| 详情: None |4 d( T# z9 H3 v
+-------------------------------+. |" f) m! T4 l' o8 b! t' u
| 检查: Ironic Flavor Migration |
) j' Z% v: p4 O. S' h| 结果: 成功 |
. I1 _& K" P0 n1 H. F+ k4 B* F| 详情: None |
0 S3 M3 e! R) c: a% T+-------------------------------+
: {/ G0 r M' W( ~1 `7 Z* { P* a| 检查: API Service Version |( ~4 h7 o) Y5 N8 ?, |; o7 R
| 结果: 成功 |7 I& f4 F# Y+ G2 e7 }: @; H
| 详情: None |9 v. ]& F' i1 J6 e
+-------------------------------+
5 a3 Y% [! D& t7 || 检查: Request Spec Migration |6 ]' y5 M! d# j/ P7 b9 \0 J
| 结果: 成功 |
0 y$ c9 H& i* Q3 ^" n/ s9 a* h9 |* k| 详情: None |
. C9 m2 I; r5 @( d6 r/ x+-------------------------------+4 V3 v2 [. ^/ n6 i3 `
/ T/ l' m Q" u
! f; P0 @0 l3 r" z12.安装neutron:
0 l% | E* A1 J6 H. ^) V, T5 W* U在Mariadb创建neutron相关库和用户(控制节点): [root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE neutron;"
) G) b9 W+ V2 [9 y& f3 M. Q1 c9 A[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';"
. n/ g8 l# n* {9 l: G& B# G. [# p) N[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';"
" V8 a |# g0 p5 }" ?$ b创建neutron用户、服务、端点; [root@openstack-server ~]# . admin-openrc.sh& t' x4 m8 g4 ~5 E1 B' Z9 O# J
[root@openstack-server ~]# openstack user create --domain default --password-prompt neutron
4 l. K+ r+ c' @) @% C[root@openstack-server ~]# openstack role add --project service --user neutron admin
4 e1 d- u" l! M1 l- p0 v[root@openstack-server ~]# openstack service create --name neutron --description "OpenStack Networking" network
! ]/ X- L+ k$ U. N! n) u8 j[root@openstack-server ~]# openstack endpoint create --region RegionOne network public http://openstack-server:9696
# {8 Z( Y8 K8 w1 u[root@openstack-server ~]# openstack endpoint create --region RegionOne network internal http://openstack-server:9696
5 X8 \& Y5 {6 \* F0 y' c/ @+ N, l[root@openstack-server ~]# openstack endpoint create --region RegionOne network admin http://openstack-server:9696- N; z K4 P7 S. b# G4 s
Networking Option 1: Provider networks:
# H% m9 D9 L! [) j, x安装neutron、neutron-ml2、neutron-linuxbridge、ebtables: [root@openstack-server ~]# yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables修改neutron服务配置: [root@openstack-server ~]# vim /etc/neutron/neutron.conf$ u" o3 E. I" E& g7 a( w" v. Y' q
[database]) z" b; x' q5 |3 N4 u/ l& S
connection = mysql+pymysql://neutron:neutron@openstack-server/neutron/ i) r; z% N) B
[DEFAULT]
# \( p* A& L- ?- @; E$ Jcore_plugin = ml2. i$ s6 C" d; s+ {" J& g
transport_url = rabbit://openstack:openstack@openstack-server
, C! H3 S# x- Y3 G% V3 j, y: d9 sauth_strategy = keystone' D" X2 h6 Y2 q% D ?7 }$ O( m
notify_nova_on_port_status_changes = true: N* `/ S* Z, ]- [( V! S0 n
notify_nova_on_port_data_changes = true
6 B r# B& u# y: d" T0 l# ^1 I9 E7 k[keystone_authtoken]' A0 d2 a: T. o5 t0 D$ t' H0 {
www_authenticate_uri = http://openstack-server:5000
3 Q, q. I+ f W% `$ e6 X7 b, cauth_url = http://openstack-server:50000 N) w6 _/ N4 I. i6 G% `) i
memcached_servers = openstack-server:11211# W+ Z' \9 ]' [& k
auth_type = password) [' j1 r3 V) Z, h/ u
project_domain_name = default
* N4 u4 F+ U: W8 d0 R9 u- t6 v Wuser_domain_name = default- y$ {* v, A2 `
project_name = service+ h/ {' S1 T6 s7 x
username = neutron
- `; v T0 U/ r* h: ypassword = neutron' M$ K5 ?1 U {) t V# p
[nova], q# c! f- O4 W- E+ l) Q+ o* K' u2 G; g- H
auth_url = http://openstack-server:5000
1 |0 f' }: v! Q2 aauth_type = password
, y7 ]2 s% D) W+ a$ fproject_domain_name = default" I5 c- ]: n6 G
user_domain_name = default( L3 w! `. K+ ~) j) Y; m9 n
region_name = RegionOne
8 F6 k5 g% k* t7 v; N$ kproject_name = service
|5 @+ T0 O' Pusername = nova
) g+ E: ^5 B: K( n8 l2 H9 `# Qpassword = nova% P+ w5 R: X, C! h2 c- R
[oslo_concurrency]
1 Q+ o! S- b: m& \. g. alock_path = /var/lib/neutron/tmp
( M+ B4 ^ |- \7 K1 f修改ml2配置文件: [root@openstack-server ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini- X& c- Y& I: G/ Q3 l- a0 \# p5 H
[ml2]
) R! R" Y& Q7 w/ g- W7 Otype_drivers = flat,vlan
1 N& I i* H' W( ]1 dtenant_network_types = flat3 ^4 i4 X6 }1 j" l2 Q$ X
mechanism_drivers = linuxbridge
3 T& u+ l& B q9 S0 j; oextension_drivers = port_security. X2 I+ V7 W2 ?3 o( p$ Q( ]
[ml2_type_flat]3 U/ n' l0 k( B, H3 F. Y
flat_networks = provider6 V9 a9 |+ z8 i/ V' ]
[securitygroup]
& D" Q3 z3 w* s$ P7 h5 uenable_ipset = true
3 z" q& y4 P* A3 G修改linuxbridge_agent配置文件: [root@openstack-server ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini! y1 n/ `! A! \- L; N/ T( f3 c# v
[linux_bridge]
5 P2 Y* I6 U4 x' hphysical_interface_mappings = provider:enp4s0' s' v1 Y( j- u. O9 j) g/ o
[vxlan]
# I4 X! A1 ~( p. }+ O- c& l: K Kenable_vxlan = false
6 J; \/ J, P; ^8 U; k4 [[securitygroup]1 s- Y' g8 s% d. }% o7 W$ R0 k( w* J
enable_security_group = true
& ~) O% n" M3 h: W2 Sfirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
9 H3 o* |7 s5 z V5 s: [' @, O& u) b开启系统内核支持网络桥防火墙: [root@openstack-server ~]# modprobe bridge
5 R6 Z2 v; ^ l$ Q& i+ r[root@openstack-server ~]# modprobe br_netfilter6 I) A2 k; J' |% U" {
[root@openstack-server ~]# vim /etc/sysctl.conf
3 H+ l$ a# J3 b, a3 T0 f0 G Gnet.bridge.bridge-nf-call-iptables = 1( L6 ~& w$ E% x/ R2 h* z3 t
net.bridge.bridge-nf-call-ip6tables = 1
( q/ t5 j8 m" ~: P# K8 T[root@openstack-server ~]# sysctl -p /etc/sysctl.conf
, I, V6 v5 Y; ^( ]5 `0 i) U修改dhcp_agent配置文件: [root@openstack-server ~]# vim /etc/neutron/dhcp_agent.ini
. l6 S4 q D5 @) Y3 r. n- |[DEFAULT]) h1 {3 W2 ~) h7 {
interface_driver = linuxbridge$ p1 g% u2 Z k
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq* ^# |" E. J6 Z
enable_isolated_metadata = true& U; a9 l& A% U& n' e( F! i
Networking Option 2: Self-service networks:
( S2 c4 R0 E' f安装openstack-neutron、openstack-neutron-ml2、openstack-neutron-linuxbridge、ebtables服务; [root@openstack-server ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables修改neutron服务配置: [root@openstack-server ~]# vim /etc/neutron/neutron.conf
1 I! O* N; q4 |: X[database]
: _) M% i' p. E2 _% z7 s) P/ j$ Kconnection = mysql+pymysql://neutron:neutron@openstack-server/neutron; U/ o+ x/ }/ x
[DEFAULT]
# h, X" j/ O' score_plugin = ml2
0 i; K7 R( a3 L. n* Q0 e: H5 ?- tservice_plugins = router
8 {5 i% w& B! o. }( Qtransport_url = rabbit://openstack:openstack@openstack-server* d: l$ q4 m3 ` |' f6 r$ n
auth_strategy = keystone0 J i0 L3 l4 X$ j, J5 ~
notify_nova_on_port_status_changes = true
2 T# r0 [: h; E- @notify_nova_on_port_data_changes = true
( |. F; {3 s3 X# g/ p' d( [) S[keystone_authtoken]
+ [+ K0 H2 s' \: B, Cwww_authenticate_uri = http://openstack-server:5000+ S# N! C& e7 m. F# F
auth_url = http://openstack-server:5000
; ^7 R. z1 C) ]$ ]2 J* Smemcached_servers = openstack-server:11211
& _7 A7 _: P1 N1 y5 t2 hauth_type = password
1 d% u% G$ @8 b; K! {8 Oproject_domain_name = default; Q0 Z2 {! W5 |0 h0 c8 L
user_domain_name = default% m9 E1 J/ p5 k; ~9 d; a
project_name = service; R* z% g+ f* L6 ?% O
username = neutron4 ^" y8 z- N/ w* O
password = neutron' S1 r: s0 F' ~. o
[nova]
) v! a* ~! c0 F- E; V. ^# oauth_url = http://openstack-server:5000
2 C5 k; x9 F% @$ O6 Z, _( wauth_type = password0 S$ C0 j& r8 A0 g. t9 x* H/ r
project_domain_name = default
: P0 j" j3 h2 c% a: Yuser_domain_name = default
( l* Z" r- L* G3 O$ a9 [" f7 m- X! Gregion_name = RegionOne G5 l( W) ?5 V6 L/ }
project_name = service! v7 A# y5 B- o& D
username = nova6 [$ m8 o/ l& s0 f
password = nova/ C$ Q/ j; {4 _& H' `/ o+ ]7 A
[oslo_concurrency]
: y& @. i/ N9 p6 h# nlock_path = /var/lib/neutron/tmp! ?6 W/ F, Z: l% k* _5 \( [$ j
J' S" x+ [3 x, [) D1 D9 o5 k, ?. v, M7 J
修改ml2配置文件: [root@openstack-server ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini; [8 y4 I$ Y8 |2 i: W1 }& M; }4 h+ O
[ml2]1 W$ Z# S" K7 i N4 j. G+ X
type_drivers = flat,vlan,vxlan; A' k' J9 |. M g+ u% O
tenant_network_types = vxlan! m5 X1 r; H1 w, U
mechanism_drivers = linuxbridge,l2population, f- u4 W9 |% t% R% }4 }) S
extension_drivers = port_security/ D8 q; }, ^5 I, ?$ X% b
[ml2_type_flat]
1 e8 M6 V+ F" O: N4 p" ^. mflat_networks = provider1 Z+ R- O' o# e3 a
[ml2_type_vxlan]9 o6 c4 Q! j; a S9 y m9 Q
vni_ranges = 1:10009 x; l3 w3 |$ a0 s
[securitygroup]4 T7 a+ V6 A% \
enable_ipset = true
' u9 k7 E% U% W* _修改linuxbridge_agent配置文件: [root@openstack-server ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
* ]: `; I& l8 v3 |: @[linux_bridge]
& Y1 \) A( [+ `) D9 Pphysical_interface_mappings = provider:enp4s04 y' d/ \: c4 H, Z
[vxlan]% g# a/ G4 }' l5 d, ?4 A% @9 J* S
enable_vxlan = true
8 c: @/ r3 j# m/ Alocal_ip = 192.168.254.10
0 y+ `4 [5 y. i. _1 c6 Nl2_population = true$ c/ P9 {3 R! g; N% K' j
[securitygroup]
0 I5 T0 w6 R5 f9 ?3 ]# [ F# denable_security_group = true
^& u- ?7 U5 r f4 Dfirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver; H& ?8 x7 R! h7 G
开启系统内核支持网络桥防火墙: [root@openstack-server ~]# modprobe bridge
" L- S2 G3 H; [7 Z$ n% d" l[root@openstack-server ~]# modprobe br_netfilter
! X2 M. x) y: A% i8 N; u h: d[root@openstack-server ~]# vim /etc/sysctl.conf
2 U! m# ~& N# Ynet.bridge.bridge-nf-call-iptables = 1
. @6 i/ \7 \- M/ Enet.bridge.bridge-nf-call-ip6tables = 1
6 W0 J8 G4 M# v[root@openstack-server ~]# sysctl -p /etc/sysctl.conf
# G9 A7 |5 f2 N. S修改layer-3_agent配置文件: [root@openstack-server ~]# vim /etc/neutron/l3_agent.ini
, A0 }* F$ ^6 H% A X+ f" `[DEFAULT], f% n2 T/ `; F" n( L* c
interface_driver = linuxbridge) q( }( m# h+ ^8 ~. X
修改dhcp_agent配置文件: [root@openstack-server ~]# vim /etc/neutron/dhcp_agent.ini
; p p8 B) a w) u2 w7 G: `[DEFAULT]
' ]2 F5 c9 k$ f2 I( h$ e, u# K1 n7 Uinterface_driver = linuxbridge: T# U# o7 W7 T( A" h! X v$ U
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq8 l# [7 d- |7 q3 N
enable_isolated_metadata = true
2 _4 w; u$ Z0 U1 v修改metadata_agent配置文件: [root@openstack-server ~]# vim /etc/neutroNetworking Option 2: Self-service networks:n/metadata_agent.ini
& L3 F) L4 c- c+ K& D[DEFAULT]
+ C9 K+ d9 ^& N# Vnova_metadata_host = openstack-server; x1 l$ `2 n% r
metadata_proxy_shared_secret = neutron(neutron和nova通信共享秘钥)
* a! B4 k- m, i3 I0 U6 ~8 m3 c: I# b修改nova服务配置: [root@openstack-server ~]# vim /etc/nova/nova.conf2 D) @& m+ Q7 i# V8 m3 ?
[neutron]
& S; a1 \" A1 k2 K& Kurl = http://openstack-server:9696, }: L4 V; t( |# T& i
auth_url = http://openstack-server:5000
8 f; q; g7 O9 _# `6 sauth_type = password6 o1 Q o, H# T* X# l1 a
project_domain_name = default
( U: a" U% B7 suser_domain_name = default
4 B9 c- U: A$ Q, j, ]$ k, Zregion_name = RegionOne
4 M) t) L9 P2 H( `0 x: jproject_name = service
/ T) Z. k; u/ i. r& K" ~1 N1 {username = neutron
# u* D' |& H% vpassword = neutron
1 }3 _9 M* @, Q% Oservice_metadata_proxy = true
% _+ T% z1 R" p/ e* F% @" V M- Gmetadata_proxy_shared_secret = neutron(nova和neutron通信共享秘钥). M4 b) ^) K2 s' T/ M
创建网络服务初始化脚本软连接:; g' F3 ` T: A5 A! P, u
[root@openstack-server ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini 同步neutron数据库: [root@openstack-server ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron重启nova-api服务:
2 i! Q6 T# r! T[root@openstack-server ~]# systemctl restart openstack-nova-api.service 启动neutron-server、 neutron-linuxbridge-agent、neutron-dhcp-agent、neutron-metadata-agent服务: [root@openstack-server ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
" k# I0 |9 O1 M- T6 m[root@openstack-server ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
/ c' C7 g& X# A0 Q- J9 k- ^; Q0 S如果使用Networking Option 2: Self-service networks还需要启动neutron-l3-agent服务: [root@openstack-server ~]# systemctl enable neutron-l3-agent.service
5 n7 x( l8 l0 A8 i+ A[root@openstack-server ~]# systemctl start neutron-l3-agent.service
2 w( c" L; E5 Q/ w ?' i安装openstack-neutron-linuxbridge、ebtables、ipset(计算节点):9 \& V$ D/ O# S4 F2 _
[root@openstack-server ~]# yum install openstack-neutron-linuxbridge ebtables ipset 修改neutron服务配置: [root@openstack-server ~]# vim /etc/neutron/neutron.conf" D: ^# s6 N9 [! s) I7 B
[DEFAULT]
1 }" Y3 L _6 Y( X. I3 e, E& m; Atransport_url = rabbit://openstack:openstack@openstack-server5 r- K& a7 E5 ?5 [ N( T+ `) b3 O
auth_strategy = keystone4 Z% j: _$ o3 D- |7 s3 a
[keystone_authtoken]5 Q/ H7 f* T% @6 M
www_authenticate_uri = http://openstack-server:5000
# o6 a/ ^/ G; iauth_url = http://openstack-server:5000
; e' D( ?, W& ^ kmemcached_servers = openstack-server:11211
" ?3 [7 Z1 X4 W Y, a1 jauth_type = passwordp0 G% D8 `3 u$ D5 C6 ~" I9 G' e
roject_domain_name = defaultu
~, Q6 q# x# p4 L; tser_domain_name = default! [2 g# G, m* q* F' W1 x
project_name = service: z" l# X/ o5 S1 X. |9 k+ Z9 u
username = neutron! g1 _% L. f+ M0 s' ]& ]
password = neutron
. ]4 ^ E3 R7 \[oslo_concurrency]
E! }) v0 S4 [1 m) w' N5 klock_path = /var/lib/neutron/tmp( A& d: k! p; T$ r! u
h8 W7 R& J! B, n P- ^ O u5 S' _: n
Networking Option 1: Provider networks:1 q: U+ y! k3 U6 {5 s
修改linuxbridge_agent配置文件: [root@openstack-server ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini% q# \7 }1 b& T* e* K9 P
[linux_bridge]physical_interface_mappings = provider:enp4s0
$ C9 D6 }, g/ P. N[vxlan]enable_vxlan = false9 o2 q7 ^- w7 h! E$ ^
[securitygroup]
! m" J1 z. Q: N+ Z3 Venable_security_group = true
2 y9 U* H: e- H- tfirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver& X9 R2 Y, l' z* |) u
开启系统内核支持网络桥防火墙: [root@openstack-server ~]# modprobe bridge9 ^4 P3 O! l4 y. `0 U- k) Q7 N! ^
[root@openstack-server ~]# modprobe br_netfilter
: ?( o$ f; Q+ l8 l3 R" b[root@openstack-server ~]# cat >> /etc/sysctl.conf << EOF2 i, H; h* x# G; u- C
> net.bridge.bridge-nf-call-iptables = 1
# _9 n: ?4 `+ o! e) u> net.bridge.bridge-nf-call-ip6tables = 1) G8 \ g8 `- n4 t' G
> EOF
! K/ g! X$ C. m1 |+ j[root@openstack-server ~]# sysctl -p /etc/sysctl.conf
& B3 l: Y! w& g3 p- j% k6 _Networking Option 2: Self-service networks:6 i% i/ p! o; i1 }+ n0 `& D
修改linuxbridge_agent配置文件: [root@openstack-server ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini6 L4 c! J+ j, v/ _9 K
[linux_bridge]" }2 L. O5 h- n$ u* g9 c
physical_interface_mappings = provider:enp4s0% ]; k' g# F9 V# C- O, l
[vxlan]
+ V3 |& E+ F; lenable_vxlan = true
+ G* m {+ ^: e7 m% @1 V, Glocal_ip = 192.168.254.10
, G) m# {9 K4 Z$ El2_population = true
! K5 \7 |( w; S! m+ `# J[securitygroup]' {8 t* v1 C( ]
enable_security_group = true+ [: Y+ g5 s- b4 H9 H
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver4 X3 `- ` y4 S# c# n
开启系统内核支持网络桥防火墙: [root@openstack-server ~]# modprobe bridge4 i h2 j7 ~2 x/ x& z
[root@openstack-server ~]# modprobe br_netfilter
7 ], w; Y: h8 W& z[root@openstack-server ~]# cat >> /etc/sysctl.conf << EOF
1 L2 b+ }4 E# C5 X4 w> net.bridge.bridge-nf-call-iptables = 14 M% X' I% p3 A$ q. L* a: q
> net.bridge.bridge-nf-call-ip6tables = 1/ r5 `/ G4 L6 B3 S
> EOF" V: A' b q; d6 `+ s
5 O$ U K0 o8 e; |1 u% {
[root@openstack-server ~]# sysctl -p /etc/sysctl.conf
5 @. v. t/ v3 N3 @2 N修改nova服务配置: [root@openstack-server ~]# vim /etc/nova/nova.conf
$ N6 m5 ^. D& P' Q$ @[neutron]+ o* F& `( O ?$ R4 v- _4 K8 n
url = http://openstack-server:9696
2 V8 W6 x% N6 ~; p# b, v& Uauth_url = http://openstack-server:50009 a- e; k8 A, X5 m
auth_type = password N7 Y8 h: F+ W3 z1 e& E# p/ [
project_domain_name = default/ i2 s( x6 K" ~' S% E: d( G
user_domain_name = default
% w' v; C1 m, d: E; S- v+ Tregion_name = RegionOnep
: g" c1 H4 P, v' I7 {8 xroject_name = service
) J' y4 \: ^, Y% w6 k- s* `username = neutron
* ~% {9 c! F9 R5 a- |+ Mpassword = neutron$ k5 v6 a0 z/ Y: ?
重启nova-compute服务(控制节点):/ {) X; V. o6 C) L5 ?
[root@openstack-server ~]# systemctl restart openstack-nova-compute.service 启动neutron-linuxbridge-agent服务: [root@openstack-server ~]# systemctl enable neutron-linuxbridge-agent.service
+ D: m4 X4 y' n. K/ b# d7 n[root@openstack-server ~]# systemctl start neutron-linuxbridge-agent.service
% |: b8 p& x8 U" n验证操作:; ^( a7 d' K% Q
[root@openstack-server ~]# . admin-openrc.sh [root@openstack-server ~]# openstack extension list --network
, G6 D3 |) U4 x: R) v! I* M1 \+-----------------------------------------------------------------------------------------------------------------------------------------+--------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+7 L/ y* J( |+ V
| Name | Alias | Description |
5 g5 ~ Y2 P8 I; Q! @! p' d+-----------------------------------------------------------------------------------------------------------------------------------------+--------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------++ w& o' S3 h* r) e$ M+ U; ]
| Default Subnetpools | default-subnetpools | Provides ability to mark and use a subnetpool as the default. |
! c! B6 T, p" U6 `) g| Network IP Availability | network-ip-availability | Provides IP availability data for each network and subnet. |. V) w' |) w0 B6 I$ p8 B B
| Network Availability Zone | network_availability_zone | Availability zone support for network. |
) K/ C8 b; b& r6 Y| Network MTU (writable) | net-mtu-writable | Provides a writable MTU attribute for a network resource. | z3 C8 J0 t6 ]' d' ]; W: D4 A1 C8 V
| Port Binding | binding | Expose port bindings of a virtual port to external application |
1 K7 Y3 P5 e" J' s8 R( X' M| agent | agent | The agent management extension. |1 M+ {0 E2 w: _
| Subnet Allocation | subnet_allocation | Enables allocation of subnets from a subnet pool |9 O8 R( {% m% q1 ^1 w( t
| DHCP Agent Scheduler | dhcp_agent_scheduler | Schedule networks among dhcp agents |
7 G% C' H# }6 F2 C' || Neutron external network | external-net | Adds external network attribute to network resource. |
3 y4 j, r) T" A8 c7 J* v+ H| Neutron Service Flavors | flavors | Flavor specification for Neutron advanced services. |$ h' B8 ]8 V; U9 `- f
| Network MTU | net-mtu | Provides MTU attribute for a network resource. |' h' b5 z( E# D5 e; s
| Availability Zone | availability_zone | The availability zone extension. |
$ h$ g. f) `1 a| Quota management support | quotas | Expose functions for quotas management per tenant |
8 M5 w4 t6 W9 w. d9 w2 H& [- p! F1 O| Tag support for resources with standard attribute: subnet, trunk, router, network, policy, subnetpool, port, security_group, floatingip | standard-attr-tag | Enables to set tag on resources with standard attribute. |0 Z+ Z2 K. a' Z( y- }& @ H6 W
| Availability Zone Filter Extension | availability_zone_filter | Add filter parameters to AvailabilityZone resource |
/ J; ?8 X% T8 y' I7 p: F| If-Match constraints based on revision_number | revision-if-match | Extension indicating that If-Match based on revision_number is supported. |
( k; Z& _- e' M; `8 D' S3 t0 d| Filter parameters validation | filter-validation | Provides validation on filter parameters. |0 i) K* o0 }' X9 m/ _7 z6 N% }- G
| Multi Provider Network | multi-provider | Expose mapping of virtual networks to multiple physical networks |
7 v* Y' F" w l6 T* s' J s8 ~| Quota details management support | quota_details | Expose functions for quotas usage statistics per project |8 H2 T0 @8 a( e* E' {
| Address scope | address-scope | Address scopes extension. |
# W1 h+ _! A' g| Empty String Filtering Extension | empty-string-filtering | Allow filtering by attributes with empty string value | {' B, P, Q+ Y4 n
| Subnet service types | subnet-service-types | Provides ability to set the subnet service_types field |
8 ?3 ~' `, |/ K- J; P e+ r* r| Neutron Port MAC address regenerate | port-mac-address-regenerate | Network port MAC address regenerate |0 |$ K# Z7 K( Y* u. \
| Resource timestamps | standard-attr-timestamp | Adds created_at and updated_at fields to all Neutron resources that have Neutron standard attributes. |: p: r6 ~2 ]& ~- G- M$ j! Q, f$ Z
| Provider Network | provider | Expose mapping of virtual networks to physical networks |3 G' V! {: M) G5 } E0 i$ b
| Neutron Service Type Management | service-type | API for retrieving service providers for Neutron advanced services |
5 W2 n2 K+ V7 T8 T| Neutron Extra DHCP options | extra_dhcp_opt | Extra options configuration for DHCP. For example PXE boot options to DHCP clients can be specified (e.g. tftp-server, server-ip-address, bootfile-name) |' x& W7 n I( o! ^5 F: }
| Port filtering on security groups | port-security-groups-filtering | Provides security groups filtering when listing ports |
4 C/ t6 M) m% ]" [6 |$ B/ `7 d h# z|Resource revision numbers | standard-attr-revisions | This extension will display the revision number of neutron resources. |
2 c$ ^+ ~3 E+ g, ]9 W5 B1 M3 t| Pagination support | pagination | Extension that indicates that pagination is enabled. |0 D& c) D7 r7 ?* W$ p$ D
| Sorting support | sorting | Extension that indicates that sorting is enabled. |3 D- m% Y2 {9 I$ J
| security-group | security-group | The security groups extension. |3 @9 S* ^- p% M. N
| RBAC Policies | rbac-policies | Allows creation and modification of policies that control tenant access to resources. |
8 u; ^; _! D' w1 ^. \| standard-attr-description | standard-attr-description | Extension to add descriptions to standard attributes |
; D" {9 b, X5 d1 z1 t| IP address substring filtering | ip-substring-filtering | Provides IP address substring filtering when listing ports |6 E0 o! i; e+ ^+ f2 m$ L4 d: ]2 s( i/ z5 a
| Port Security | port-security | Provides port security |' d2 J$ A; l7 f1 D& ~2 A d# I
| Allowed Address Pairs | allowed-address-pairs | Provides allowed address pairs |
: h' x8 ]+ K$ i| project_id field enabled | project-id | Extension that indicates that project_id field is enabled. |
" y4 B7 F1 ?, R: b$ k| Port Bindings Extended | binding-extended | Expose port bindings of a virtual port to external application |
( o( v& F. m; m% B' W9 _+-----------------------------------------------------------------------------------------------------------------------------------------+--------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
; H. L+ ?% Q3 ?& n2 W1 }; m5 t[root@openstack-server ~]# openstack network agent list2 u$ s$ C6 j2 U& k4 }2 W" x
+--------------------------------------+--------------------+------------------+-------------------+-------+-------+---------------------------+* z8 b( m' D f0 G7 |
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |! D/ a: v% L3 d2 a
+--------------------------------------+--------------------+------------------+-------------------+-------+-------+---------------------------+, V& [& _% k0 i" ^8 n3 H! q5 s
| 12d016a1-f747-49cc-b6be-0d793877d394 | Linux bridge agent | openstack-server | None | :-) | UP | neutron-linuxbridge-agent |! f7 i8 @2 Y1 `" ]
| 9639fcea-da54-4bad-b3a6-16ffb96f3243 | Metadata agent | openstack-server | None | :-) | UP | neutron-metadata-agent |* o: b% m& D( \2 |) c
| dc6d79c5-62e0-48fb-8a19-556b68bc7063 | DHCP agent | openstack-server | nova | :-) | UP | neutron-dhcp-agent |
2 p0 v% x t4 O& n% ]- I7 n( S+--------------------------------------+--------------------+------------------+-------------------+-------+-------+---------------------------+
8 T) y P) l& F! h13.安装Dashboard:
$ S1 U9 f. \& I$ v2 ]安装openstack-dashboard(控制节点):
' _7 U+ K: u- m% L& x0 E' t' e# `[root@openstack-server ~]# yum -y install openstack-dashboard 修改dashboard配置文件: [root@openstack-server ~]# vim /etc/openstack-dashboard/local_settings
$ j- X% v/ c2 @ ^OPENSTACK_HOST = "openstack-server"
$ W( N! S' N4 ^+ jALLOWED_HOSTS = ['openstack-server', 'localhost']! d, N3 V, |! a
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
; T7 l. d* A( E4 U/ @CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'openstack-server:11211', }}9 K7 h4 e, Y; J
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
: i% U& A: V$ Z6 h9 f$ JOPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True8 _& @+ `% }" [- x! a
OPENSTACK_API_VERSIONS = { "identity": 3, "image": 2, "volume": 2,}" Y! ^# ]7 r4 J1 n! ^$ w
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default'# M& H; G* u6 ]
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"$ @( l) g; O4 u5 |! _" p
OPENSTACK_NEUTRON_NETWORK = { 'enable_router': False, 'enable_quotas': False, 'enable_distributed_router': False, 'enable_ha_router': False, 'enable_lb': False, 'enable_firewall': False, 'enable_***': False, 'enable_fip_topology_check': False,}8 r8 | N0 Z; d6 z) Q% Q2 B9 v* W. z
TIME_ZONE = "Asia/Shanghai"
5 i R, y, Q7 E修改openstack-dashboard服务配置: [root@openstack-server ~]# vim /etc/httpd/conf.d/openstack-dashboard.conf
0 U, ^, I) H# A2 sWSGIApplicationGroup %{GLOBAL}
1 \# R. \( m6 s重启httpd服务:( @+ i0 Y- l: Q X+ o( @5 v u
[root@openstack-server ~]# systemctl restart httpd.service memcached.service 验证操作: 0 R, v: K& ^6 T
通过浏览器访问http://openstack-server/dashboard 输入域default,账号myuser,密码myuser;
4 E& ^ z F4 p0 \3 l, U 14.安装cinder:
% Y, q( c( G( L" q1 P在Mariadb创建cinder相关库和用户(控制节点): [root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE cinder;"# K4 F- f9 k8 a' T, C
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';"! s7 B( Q/ h) G7 r h' A
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';"4 J) C5 s/ c; A$ A7 u' Y
创建cinder用户、服务、端点; [root@openstack-server ~]# . admin-openrc.sh
1 J" P* ~1 f1 ~+ i; ~& Y0 X) X[root@openstack-server ~]# openstack user create --domain default --password-prompt cinder! n4 j3 {$ t, M% j
[root@openstack-server ~]# openstack role add --project service --user cinder admin
/ K# c8 I' i: D5 c6 C. b[root@openstack-server ~]# openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
- z0 \% `, {* V, P; a[root@openstack-server ~]# openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev38 m7 E9 |7 c' L; s
[root@openstack-server ~]# openstack endpoint create --region RegionOne volumev2 public http://openstack-server:8776/v2/%\(project_id\)s
4 |7 L" u+ T& n0 K8 r& F$ `[root@openstack-server ~]# openstack endpoint create --region RegionOne volumev2 internal http://openstack-server:8776/v2/%\(project_id\)s
$ z5 W$ S3 S% m# x1 p[root@openstack-server ~]# openstack endpoint create --region RegionOne volumev2 admin http://openstack-server:8776/v2/%\(project_id\)s8 q' J- T6 U! T) E
[root@openstack-server ~]# openstack endpoint create --region RegionOne volumev3 public http://openstack-server:8776/v3/%\(project_id\)s
6 a. M( V. Y, b6 E6 S P+ \; F" d[root@openstack-server ~]# openstack endpoint create --region RegionOne volumev3 internal http://openstack-server:8776/v3/%\(project_id\)s
+ e' A) ]9 X: a% N3 f[root@openstack-server ~]# openstack endpoint create --region RegionOne volumev3 admin http://openstack-server:8776/v3/%\(project_id\)s6 l! C! }3 b" C1 Q+ L
安装openstack-cinder:
- f6 f5 w4 B5 C0 J1 S+ {[root@openstack-server ~]# yum -y install openstack-cinder 修改cinder服务配置:" ^* L! s7 D' s- b2 u
[root@openstack-server ~]# vim /etc/cinder/cinder.conf [database]
9 H: n" |/ J1 r+ m2 aconnection = mysql+pymysql://cinder:cinder@openstack-server/cinder# |& k2 V( g, [- \ E
[DEFAULT]' l' S- P% z. b2 d& ?* }
transport_url = rabbit://openstack:openstack@openstack-server
% [0 X1 i, a7 `0 H6 Rauth_strategy = keystone! E; R4 `0 V( J% n
my_ip = 192.168.254.10- m* _1 ^; Y. }/ c
[keystone_authtoken]
5 X, m% J g" v/ X9 I4 N$ g) K6 jauth_uri = http://openstack-server:5000
# L; Q0 y9 \* |) Y$ Mauth_url = http://openstack-server:50000 i/ o0 r3 a( r# f
memcached_servers = openstack-server:11211
9 x* }' D |5 P1 T6 @auth_type = password! A9 ~2 l0 }0 K8 m
project_domain_id = default3 C% v( `0 {3 K
user_domain_id = default
6 H3 R% k9 |6 X$ V# Zproject_name = serviceu/ a. Z' y( H+ M( ?8 N( o8 O$ a* M4 g( f
sername = cinder7 w9 ]5 H$ i- O0 U
password = cinder
5 N, C6 }, U# p8 ?* x[oslo_concurrency]# k7 i+ N. g [* j
lock_path = /var/lib/cinder/tmp
3 B& {, S: X$ I/ V* v同步cinder数据库:( U3 l. G4 P. t& ] A! w
[root@openstack-server ~]# su -s /bin/sh -c "cinder-manage db sync" cinder 修改nova服务配置: [root@openstack-server ~]# vim /etc/nova/nova.conf
- ^/ _9 Y; B! a' _[cinder]4 D, H; j# K8 W
os_region_name = RegionOne
# a% y6 n" A/ M重启nova-api服务:3 ?1 d* q5 s) y
[root@openstack-server ~]# systemctl restart openstack-nova-api.service 启动cinder-api、cinder-scheduler服务: [root@openstack-server ~]# systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
8 {2 r% f* f3 q- e3 w[root@openstack-server ~]# systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service+ a8 }$ C+ `0 R% ]2 G& g0 y
安装lvm2、device-mapper-persistent-data(计算节点):
7 Y! `+ A( x Y" M- y[root@openstack-server ~]# yum -y install lvm2 device-mapper-persistent-data 启动lvm2-lvmetad服务: [root@openstack-server ~]# systemctl enable lvm2-lvmetad.service, n- F8 N F7 o* J! x
[root@openstack-server ~]# systemctl start lvm2-lvmetad.service
; A: z c2 l# ~( N将/dev/sdb2作为vlm块存储设备: [root@openstack-server ~]# fdisk -l /dev/sdb5 A$ A, e* `* k' @
磁盘 /dev/sdb:250.1 GB, 250059350016 字节,488397168 个扇区Units = 扇区 of 1 * 512 = 512 bytes扇区大小(逻辑/物理):512 字节 / 512 字节I/O 大小(最小/最佳):512 字节 / 512 字节磁盘标签类型:dos磁盘标识符:0x441e1e17
1 Q+ N, s8 \! ]! l: S3 c* a6 p设备 Boot Start End Blocks Id System/dev/sdb1 2048 106956799 53477376 8e Linux LVM/dev/sdb2 106956800 276826111 84934656 8e Linux LVM
. h5 ^- B+ C) Y! e5 Y2 I# o[root@openstack-server ~]# pvcreate /dev/sdb2
- d) w4 c* e' b3 {! X! F[root@openstack-server ~]# vgcreate cinder-volumes /dev/sdb2) {) g" i1 l6 `; }! m- l3 ]$ a
修改lvm配置文件: [root@openstack-server ~]# vim /etc/lvm/lvm.conf
/ C0 |: q% f1 P- o1 tdevices {...filter = [ "a/sdb2/","r/.*/"]...} b# k) C7 I X( |! u) d
安装openstack-cinder、targetcli python-keystone服务:
/ _5 I3 G7 N+ H1 G* G4 P; z z8 i[root@openstack-server ~]# yum -y install openstack-cinder targetcli python-keystone 修改cinder服务配置: [root@openstack-server ~]# vim /etc/cinder/cinder.conf
4 ~* K5 Z2 X" b+ y[database]
: ? Q+ ?# ?$ j8 D rconnection = mysql+pymysql://cinder:cinder@openstack-server/cinder# v$ k: f, @7 L. F" }
[DEFAULT]1 e: X' ?, [9 t/ y9 c( M, X
transport_url = rabbit://openstack:openstack@openstack-server
1 S/ Z. [( s) R0 `" dauth_strategy = keystone
, x2 n w0 v# a8 M) k9 u$ ^4 c( dmy_ip = 192.168.254.10e6 n0 n- Z7 O& \ l9 \% U, T
nabled_backends = lvm
! _8 D! l8 }. u, Wglance_api_servers = http://openstack-server:9292
. V o9 G6 q" f- [& e- N! V) p[keystone_authtoken]
& w+ h9 E( \) G5 x% @0 Qwww_authenticate_uri = http://openstack-server:50000 u' W8 m) g- i; Y/ `2 W
auth_url = http://openstack-server:5000
6 }; B* B5 `5 \% P- tmemcached_servers = openstack-server:11211
5 Z/ F" N# _; Eauth_type = password
& ]! b* Z) S, qproject_domain_id = default
+ h6 v4 p2 J' I6 ^4 duser_domain_id = default; G1 H& X+ x2 d: Z
project_name = service" X9 G/ M2 I2 ^7 t8 p2 `& @& @
username = cinder
, ~1 G+ n! U0 L3 h! \password = cinder+ W* {# e4 H7 S @
[lvm]
, |; i7 \* q F! T2 Qvolume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver$ O9 _" p! w& @3 G/ S
volume_group = cinder-volumes
. u3 _* l+ o6 q* k$ {iscsi_protocol = iscsi
7 x$ R! u& W, G W: viscsi_helper = lioadm3 ~: p! J0 P, a1 V J- ?
[oslo_concurrency]7 r, G1 \% _( T1 D" m
lock_path = /var/lib/cinder/tmp1 Q7 Z' _, D0 M1 t9 }5 F/ F( B
启动cinder-volume、target服务: [root@openstack-server ~]# systemctl enable openstack-cinder-volume.service target.service1 H$ B9 T5 M, g5 z
[root@openstack-server ~]# systemctl start openstack-cinder-volume.service target.service+ t: V ?7 V; N
验证操作: [root@openstack-server ~]# openstack volume service list
3 K' z1 f6 V3 F5 `' I+------------------+----------------------+------+---------+-------+----------------------------+( E3 [* G5 t- u( b, g# w" D
| Binary | Host | Zone | Status | State | Updated At |
$ ~0 j$ e1 t7 m9 G+------------------+----------------------+------+---------+-------+----------------------------+; r# G, P! e% P* T
| cinder-scheduler | openstack-server | nova | enabled | up | 2018-10-25T14:07:19.000000 |# g8 `" c3 q- O7 W6 q0 z$ g
| cinder-volume | openstack-server@lvm | nova | enabled | up | 2018-10-25T14:07:24.000000 |. n1 w/ k" Q1 f: w6 f; \$ o
+------------------+----------------------+------+---------+-------+----------------------------+
, h) U# K% F) Z/ j9 d15.启动虚拟机实例:1 W* ?' Z( f! X# S" r/ o$ ^- L- i
创建Provider network网络: [root@openstack-server ~]# . myuser-openrc.sh
# m% l, p; F1 S% L& U1 H[root@openstack-server ~]# openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider
2 e4 a+ q! v1 r# C4 [, o[root@openstack-server ~]# openstack subnet create --network provider --allocation-pool start=192.168.254.11,end=192.168.254.15 --dns-nameserver 114.114.114.114 --gateway 192.168.254.1 --subnet-range 192.168.254.0/27 provider
, j/ z! X. i( I[root@openstack-server ~]# openstack network list8 d* ^# _# ^; J
+--------------------------------------+----------+--------------------------------------+
( A2 t7 W" T. g5 \9 S1 D| ID | Name | Subnets |
M3 k8 h9 F8 r& e. a+--------------------------------------+----------+--------------------------------------+
) e- q4 z+ c7 }+ J- {| 9979b724-3868-42b9-9e0b-61b42fd794a0 | provider | 12dbf504-9f38-40d1-b273-e1409bc712b2 |8 `9 V0 G& K% U ~" y
+--------------------------------------+----------+--------------------------------------+- l5 o; v$ Z/ Y" R+ @* l0 S: T v
创建Self-service network网络: [root@openstack-server ~]# . myuser-openrc.sh. B: C! x8 Y; @! T$ k! P
[root@openstack-server ~]# openstack network create selfservice
3 U+ s. t+ u# I0 O+ }8 y, V' j% i[root@openstack-server ~]# openstack subnet create --network selfservice --dns-nameserver 114.114.114.114 --gateway 172.16.1.1 --subnet-range 172.16.1.0/24 selfservice
- V" d. M; w! n( k; @6 \: ][root@openstack-server ~]# openstack router create router
# o- y0 G7 A% a- A% f" v* q1 T$ U[root@openstack-server ~]# openstack router add subnet router selfservice
4 B3 P0 Q, h# Q7 f( d[root@openstack-server ~]# openstack router set router --external-gateway provider. L* o3 q) f( |4 ?" ]0 {. c* A
验证操作: [root@openstack-server ~]# . admin-openrc.sh
/ M3 Y$ m# t: R+ `/ `: a[root@openstack-server ~]# ip netns; E( ?& B) j7 L9 N
qrouter-0251f464-87d3-466e-9889-5b58eaeeb19b (id: 2)
4 ` j" ]7 _, |) E# F3 \: Hqdhcp-ad37ab93-04df-4b47-99d3-10dc0b2e630e (id: 1)9 j. f8 `2 d" C% A4 w- a/ R
qdhcp-cd105ed5-cb4d-4fd9-a4f3-3ab1642d7cb4 (id: 0)$ x* F% X4 k& C5 M
[root@openstack-server ~]# openstack port list --router router9 j4 ~5 R6 W+ z5 W) W+ E
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------+--------+# m& d0 G8 [5 Y2 h3 h/ ^! O
| ID | Name | MAC Address | Fixed IP Addresses | Status |/ S3 E/ `+ L- W/ J4 t3 S( O. p' U
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------+--------+# B- q9 ^1 C& ^+ P" b7 G
| 6390935b-7ab1-4608-a386-8f8d068a2ee0 | | fa:16:3e:4a:74:9e | ip_address='192.168.254.14', subnet_id='9e8f1c21-fc37-4dd7-b111-b4e25160b731' | ACTIVE |/ N5 ]1 _: q; I# |
| d44e3892-fb37-4c8e-b962-f1035f164409 | | fa:16:3e:c1:1c:72 | ip_address='172.16.1.1', subnet_id='f5ae3b68-4397-4caf-be61-63ef193e024c' | ACTIVE |
, a; d+ B0 S) X2 ?$ B' w+ `* S% N+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------+--------+* s1 d* \2 k: u( {# J7 [
创建flavor模板: 9 W; e1 { ^5 q9 f# ~
[root@openstack-server ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano 创建秘钥链: [root@openstack-server ~]# . myuser-openrc.sh
# v- r* m- r" O; R Q/ O1 q- q[root@openstack-server ~]# ssh-keygen -q -N ""
7 t$ u' M- k" M W; n[root@openstack-server ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
0 k- w* F& B# E+ F' A# L验证操作: [root@openstack-server ~]# openstack keypair list
1 T1 B8 K/ k( C* K, [+-------+-------------------------------------------------+. C6 q6 P) p. A6 K+ V, E
| Name | Fingerprint |4 A+ B: J- S6 S% _- O+ `
+-------+-------------------------------------------------+7 V! ]% W( r5 F" J, o8 s2 G3 n
| mykey | f3:95:1d:7f:24:e0:ba:a2:7f:9a:e8:98:7a:79:f7:f6 |3 v1 n5 M* V/ I. P: q6 _9 m
+-------+-------------------------------------------------+
* m/ \6 M h% A8 W' f- b添加安全组: [root@openstack-server ~]# openstack security group rule create --proto icmp default
* T; a( Y8 o: j: ^4 ?. X[root@openstack-server ~]# openstack security group rule create --proto tcp --dst-port 22 default
8 ^$ M8 i' l' r1 P( o% Z2 M+ R4 C[root@openstack-server ~]# openstack security group list
& L% j7 L) M. f, O+--------------------------------------+---------+-------------+----------------------------------+------+
$ A- ~* s/ h4 R7 O% i [% Q' ? Y# `| ID | Name | Description | Project | Tags |2 h) W0 {( y3 l
+--------------------------------------+---------+-------------+----------------------------------+------++ [9 n4 R9 G; t. R5 { @( L) B
| 5c642955-4c0d-4913-83ac-ecd7fdc95846 | default | 缺省安全组 | f9d82471a2d84cdca15994649ad3ce17 | [] |$ l2 p" W8 l' u! k4 m' ]
+--------------------------------------+---------+-------------+----------------------------------+------+
* X, l- f8 j) o$ oLaunch an instance on the provider network(在provider网络运行实例): [root@openstack-server ~]# . demo-openrc/ t: n* g3 k8 L' f1 a' B% s
[root@openstack-server ~]# openstack flavor list. A( D3 E* P" g2 e+ G e* M% Q
+----+---------+-----+------+-----------+-------+-----------+! U( p, | [% t$ k# h0 c
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |: R1 p2 P8 c) j$ N" ^( m1 ~
+----+---------+-----+------+-----------+-------+-----------+$ _2 P0 X* s T v; i
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
7 k. `1 y+ r! Z- V; U6 s# G0 r- O+----+---------+-----+------+-----------+-------+-----------+
- q" p% B# K- q- b6 ^% x[root@openstack-server ~]# openstack image list7 A4 M, Y* c2 X1 Q
+--------------------------------------+--------+--------+
2 Q5 Q1 X+ S9 W! h ?9 X$ B8 `1 E| ID | Name | Status |9 X$ B8 L0 x% C
+--------------------------------------+--------+--------+6 q5 w0 u* Z9 h; m. _. v
| 68cc1d9d-3018-4c42-a20c-70d0e4215a24 | cirros | active |4 ]1 v9 |# \% j- T% F) z) f- m
+--------------------------------------+--------+--------+0 K; g4 N6 v/ D3 ~
[root@openstack-server ~]# openstack network list
0 R; f& o2 @: [+ g/ _+--------------------------------------+-------------+--------------------------------------+7 h' K# X3 w6 c0 U* l5 N8 @
| ID | Name | Subnets |) v9 M6 D8 Q" q
+--------------------------------------+-------------+--------------------------------------+7 |' N! D- F& Z! o! p
| ad37ab93-04df-4b47-99d3-10dc0b2e630e | selfservice | f5ae3b68-4397-4caf-be61-63ef193e024c |
7 ]) N* a! [- z| cd105ed5-cb4d-4fd9-a4f3-3ab1642d7cb4 | provider | 9e8f1c21-fc37-4dd7-b111-b4e25160b731 |
5 e3 `) s- G3 {7 d& w1 m2 \* y+--------------------------------------+-------------+--------------------------------------+
7 z- z7 c! K, F+ _; e& ][root@openstack-server ~]# openstack security group list
: r& z6 V8 j0 G% S3 P6 n+--------------------------------------+---------+-------------+----------------------------------+------+4 w' |1 `4 o6 t- D' G. s; x
| ID | Name | Description | Project | Tags |
( I; R. _3 \& P' A) a+--------------------------------------+---------+-------------+----------------------------------+------+
5 l- p4 J& [" s9 K| 48512492-a516-4219-9a94-c81ac593963d | default | 缺省安全组 | c6b624a854694b4bb6dacd361bd7589d | [] |
: f, |. ?% d& r* q3 |. i+--------------------------------------+---------+-------------+----------------------------------+------+9 o4 b" E. r$ Q4 X2 f) P
[root@openstack-server ~]# openstack server create --flavor m1.nano --image cirros --nic net-id=9979b724-3868-42b9-9e0b-61b42fd794a0 --security-group default --key-name mykey provider-instance, C8 N9 Y/ [8 g3 T( s7 O
[root@openstack-server ~]# openstack console url show selfservice-instance(获取vnc url) Launch an instance on the self-service network(在self-service网络运行实例): [root@openstack-server ~]# . myuser-openrc.sh' n( ?. e- O: O5 X) n" \
[root@openstack-server ~]# openstack flavor list
. ^* b! a' Y9 }0 b; _+----+---------+-----+------+-----------+-------+-----------+( ?% V) S+ s' |6 A e
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
5 J- L3 K d6 q5 u8 r x+----+---------+-----+------+-----------+-------+-----------+
( O' k& T4 f) Q7 q; ~| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
& f% @$ ^7 {+ U" j. L7 [5 k$ P' @+----+---------+-----+------+-----------+-------+-----------+# t" B; o U6 J9 n# C8 E2 t
[root@openstack-server ~]# openstack image list
- {2 Q' T# _2 y' ~% A& ^+--------------------------------------+--------+--------+
( \; x& A1 J. @: u9 m| ID | Name | Status |+--------------------------------------+--------+--------+
$ V2 d! i& A8 E| 68cc1d9d-3018-4c42-a20c-70d0e4215a24 | cirros | active |
$ N' f7 W/ R3 [4 h/ e) V+--------------------------------------+--------+--------+
$ N$ r- h* ?7 }4 C0 [' P3 }, Y[root@openstack-server ~]# openstack network list
) D8 }' o D& O. i4 n/ J+--------------------------------------+-------------+--------------------------------------+9 e* b) S0 }# C" Z8 I
| ID | Name | Subnets |, n6 @0 ~: J1 A* y+ d
+--------------------------------------+-------------+--------------------------------------+" z# [6 b7 j. K/ e8 m; G- B I& a
|ad37ab93-04df-4b47-99d3-10dc0b2e630e | selfservice | f5ae3b68-4397-4caf-be61-63ef193e024c |
4 \4 V$ H4 G: d+ Z, E, X' x| cd105ed5-cb4d-4fd9-a4f3-3ab1642d7cb4 | provider | 9e8f1c21-fc37-4dd7-b111-b4e25160b731 |1 S! z0 X- d D0 R C( L8 [9 m' z
+--------------------------------------+-------------+--------------------------------------+
$ t& c7 v2 f% Q: m; O" T4 i4 R[root@openstack-server ~]# openstack security group list
( Q5 N& N- B+ a# Q8 v9 B8 W+--------------------------------------+---------+-------------+----------------------------------+------+
: g+ g6 x2 w8 T3 f' J, S: f R+ R! F| ID | Name | Description | Project | Tags |& O! A& c0 e! |2 y; C+ R2 T( V( s+ B$ D& N
+--------------------------------------+---------+-------------+----------------------------------+------+2 d& Z( [. H6 ^/ p
| 48512492-a516-4219-9a94-c81ac593963d | default | 缺省安全组 | c6b624a854694b4bb6dacd361bd7589d | [] |% ?. C" i3 ~! g; g& q' u
+--------------------------------------+---------+-------------+----------------------------------+------+
, k$ S+ L6 _+ e[root@openstack-server ~]# openstack server create --flavor m1.nano --image cirros --nic net-id=ad37ab93-04df-4b47-99d3-10dc0b2e630e --security-group default --key-name mykey selfservice-instance
6 Z T9 @. W& P* G' L[root@openstack-server ~]# openstack server list
, V2 G! G, {) q6 A; ^+ G ?7 v8 ~+--------------------------------------+----------------------+--------+-------------------------+--------+---------+
- H+ e+ l2 l: q" l" ^2 S" g| ID | Name | Status | Networks | Image | Flavor |
- m" u# S* _. t+--------------------------------------+----------------------+--------+-------------------------+--------+---------+
( ]0 M8 Q& ]+ U8 R6 m) J| 105e9757-7ba5-4a3f-81b7-cecdff2fa167 | selfservice-instance | ACTIVE | selfservice=172.16.1.10 | cirros | m1.nano |, `' j$ g8 p- ]. [# Y- v
+--------------------------------------+----------------------+--------+-------------------------+--------+---------+% v' u$ b; N! Y2 s" U
[root@openstack-server ~]# openstack console url show selfservice-instance(获取vnc url) 创建卷: [root@openstack-server ~]# . myuser-openrc.sh
; N. V& G) D0 j/ M/ Q[root@openstack-server ~]# openstack volume create --size 1 volume1
9 t$ b9 ?9 ~7 i. t+---------------------+--------------------------------------+1 N2 o X. D; h+ A2 H/ w& I
| Field | Value |4 P5 k! O8 P3 Z) b2 E
+---------------------+--------------------------------------+' b& i7 a/ w1 e4 w
| attachments | [] |7 v" I4 T C/ s" _8 s0 D
| availability_zone | nova |" ^+ @( T% r/ }
| bootable | false |
, @3 c6 S- L* s2 `' \| consistencygroup_id | None |
! I3 u: w( t. a8 o6 a| created_at | 2018-11-04T14:38:32.000000 |
/ V# D& U- q i3 j8 _9 a/ q| description | None |
0 c! {9 y9 |% Z* R. r9 g/ }0 Q| encrypted | False |8 J+ x" v+ \* S5 `
| id | 2a67c881-b7d6-47fb-9da4-c37dcb0ccf72 |8 v+ I) Y7 O; i
| multiattach | False |" ]0 P) O' F& ?, j
| name | volume1 |
* n: R6 f5 E, y- h0 ^; B9 E+ l6 J| properties | |2 _5 i3 i+ D& ]8 v1 t- ^7 u9 O
| replication_status | None |7 J' i( c3 T, \5 k- p V
| size | 1 |9 V# R/ G1 K) v& `6 T8 L8 a& ^6 N
| snapshot_id | None |
# T( y7 a& L' ?4 |. a5 D; T| source_volid | None ||
) V2 C& i$ ]; y5 P5 D status | creating |, @; b/ l- z! j/ G" _7 `
| type | None |+ q( e4 g* |3 D
| updated_at | None |' N7 h3 e, h# m! e b; i4 i
| user_id | 2a2e5a1a1a464efaabaca83b439999e4 |
7 g: Z3 A4 ?9 E; z! b5 K2 n6 W, b+---------------------+--------------------------------------+
+ c' ~: ~) n5 x0 m[root@openstack-server ~]# openstack volume list
$ e& f; b* k* q' e9 z( o4 {0 E+--------------------------------------+---------+-----------+------+----------------------------------+3 z. n2 e8 {+ W# g6 k$ Y
| ID | Name | Status | Size | Attached to |
! M* l2 J) {$ [+--------------------------------------+---------+-----------+------+----------------------------------+
8 A5 L- M, t: {& e8 M4 S( j* Q| 2a67c881-b7d6-47fb-9da4-c37dcb0ccf72 | volume1 | available | 1 | |: q+ V9 {% ? o
| a63a0afe-3be8-45aa-b7be-820d88874fc4 | | in-use | 20 | Attached to centos6 on /dev/vda |
. L, j9 ~' Q) c; ^' v! O* P+--------------------------------------+---------+-----------+------+----------------------------------++ O0 [0 \! @2 g$ j Z) S
|
发表于 2019-1-8 09:32:12