|
1.安装环境: 操作系统:centos 7.5地址规划:192.168.254.10 openstack-server架构:所有组件(包括控制节点、计算节点、网络节点)全部安装一个节点2.系统配置: [root@localhost ~]# hostname openstack-server. Z6 L7 m2 p% N3 B6 E/ Z
6 Q) c! u F7 N) E4 ?- D
[root@openstack-server ~]# vim /etc/hostname q3 Z" }2 {( e' a. P! j2 j
openstack-server
3 B+ u8 w- h8 Q3 x3 g& y* q9 c5 ~7 o[root@openstack-server ~]# vim /etc/hosts
% P1 l: W. u" q) ^7 G2 Z192.168.254.10 openstack-server openstack-server.smoke.com1 p( p b! m" m
[root@openstack-server ~]# ifconfig ' h& n/ r4 V- y- @% \2 V" u) K
enp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 : g( Q' ^& M! E1 ]
inet 192.168.254.10 netmask 255.255.255.224 broadcast 192.168.254.31 ; q* |/ O! \/ P; {
inet6 fe80::119a:26d0:b028:74d0 prefixlen 64 scopeid 0x20<link> . |5 L' Q n9 V; e" ]
ether 00:e0:4c:0f:ff:a9 txqueuelen 1000 (Ethernet)
6 \. v2 a1 f5 P; f$ a* m0 k# t RX packets 42277 bytes 39441483 (37.6 MiB)
% r4 P6 O3 o! K+ z$ Z RX errors 0 dropped 0 overruns 0 frame 0 % {2 x1 M! i0 {3 ^ I! a
TX packets 14912 bytes 1016294 (992.4 KiB) $ g4 u! S- ?% R, W A
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 06 z- D6 {! y t' T
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 " V- z' c a* o% Z) J0 U
inet 127.0.0.1 netmask 255.0.0.0
! r6 g7 M0 u# U0 q& i4 e inet6 ::1 prefixlen 128 scopeid 0x10<host> $ j4 D: P# f( h1 O1 L) w5 z, d" }' I
loop txqueuelen 1000 (Local Loopback) ! |- C0 f$ X7 N2 p) @3 J% \1 x
RX packets 32 bytes 2792 (2.7 KiB)
3 c4 d6 ` w4 s2 r5 M* \0 | RX errors 0 dropped 0 overruns 0 frame 0
+ y' L# ~5 u$ _& o2 Y* t. d TX packets 32 bytes 2792 (2.7 KiB) " ]* D4 S! y0 J/ W# R7 Z8 }6 y
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
2 u8 ?1 G+ Y3 [3 E3 @, n7 p. |! b3.安装时间同步服务NTP:! ?) | f# `5 q7 t4 P/ A1 r# _
[root@openstack-server ~]# yum install chrony 修改chrony服务配置: [root@openstack-server ~]# vim /etc/chrony.conf) c: x" E# K$ N! ^- U4 {
allow 192.168.254.0/271 Z* K- g" Q4 C; C2 W: m
启动chrony服务: [root@openstack-server ~]# systemctl enable chronyd.service6 Q4 ]. m( ]" g* h* d% o; U Y e
[root@openstack-server ~]# systemctl start chronyd.service) F, @9 M3 [3 [
设置时区:. x u) B( R- H, z+ u6 K
[root@openstack-server ~]# timedatectl set-timezone Asia/Shanghai 4.安装阿里的OpenStack源: [root@openstack-server ~]# vim /etc/yum.repos.d/OpenStack-Rocky.repo# N+ @) J7 J! J( D) Z6 e" H8 W
[openstack-rocky]( b: f3 i8 d0 N! p+ k
name=openstack-rocky- }) Z3 ^' a; j
baseurl=https://mirrors.aliyun.com/centos/7.5.1804/cloud/x86_64/openstack-rocky/
: Z- a1 P# ~. {6 q+ K& cgpgcheck=0
: M% K K" z7 m9 W7 r- x3 Y/ ]gpgkey=https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-78 n7 W+ z& \) ~
repo_gpgcheck=0
" Y( q. a4 L8 L! Nenabled=1' s: T' r1 e) f4 Y# q
[root@openstack-server ~]# yum clean all
5 L: L; V, z; P4 `, c/ d, A7 _[root@openstack-server ~]# yum makecache2 w: {" J9 } {% g1 J: A
还可以使用官方yum源方式: [root@openstack-server ~]# yum install centos-release-openstack-rocky2 N- y5 `' {1 D6 d: l
[root@openstack-server ~]# yum install https://rdoproject.org/repos/rdo-release.rpm
+ G4 y0 S& Y: ]8 _' i! d* n5 ?升级软件包:, Q8 k4 i: d5 }$ w# P2 r( y
[root@openstack-server ~]# yum -y upgrade 安装OpenStack client:+ J+ f* N; G! b3 k/ R" y
[root@openstack-server ~]# yum -y install python-openstackclient 安装openstack-selinux:
" Q: |4 {' r% L# x[root@openstack-server ~]# yum -y install openstack-selinux 5.安装Mariadb:
9 I$ {6 A; U0 Y3 [# [[root@openstack-server ~]# yum -y install mariadb mariadb-server python2-PyMySQL 修改Mariadb配置文件: [root@openstack-server ~]# mv /etc/my.cnf /etc/my.cnf.bak% j% w* ~& k, W
[root@openstack-server ~]# cp /usr/share/mariadb/my-large.cnf /etc/my.cnf, t7 J# Y7 W+ e5 `
[root@openstack-server ~]# vim /etc/my.cnf
0 ~+ k! h1 K: K# B) v! j[mysqld]
( ?% k4 T1 x2 sbind-address = 192.168.254.10: `: P' K) L, Q7 Q! f
default-storage-engine = innodb$ s3 [; }% w# m* J+ f1 O& }
innodb_file_per_table = on
" D6 P9 E5 o: j* Z' \! \) A8 Bmax_connections = 4096( i) k: d$ R/ A8 x8 z) O
collation-server = utf8_general_ci
! [7 b, [, L' E8 c2 \ Fcharacter-set-server = utf8% z1 b% m! ? @* ]0 d- t
启动Mariadb服务: [root@openstack-server ~]# systemctl enable mariadb.service" g* a5 B9 g% e# D E
[root@openstack-server ~]# systemctl start mariadb.service
- d) u( q/ O( k7 s/ v2 v: U" X& D7 k初始化Mariadb:( x# W4 `- p/ C- d" w \5 R3 g
[root@openstack-server ~]# mysql_secure_installation(按提示操作设置root密码) 6.安装rabbitmq-server:
+ ~6 T, ], j& w* h[root@openstack-server ~]# yum -y install rabbitmq-server 启动rabbitmq-server服务: [root@openstack-server ~]# systemctl enable rabbitmq-server.service
* E' d# N& J$ Z7 I: q- j# o- k[root@openstack-server ~]# systemctl start rabbitmq-server.service0 e; R" E2 L, t v0 a& E3 B8 A
添加openstack用户: [root@openstack-server ~]# rabbitmqctl add_user openstack openstack3 M5 Z9 H. S6 q, r( o L1 ?
[root@openstack-server ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"& a, A2 k" P( z3 d0 F
开启web管理插件:
+ T5 t+ y; _' n4 T; \& s. W5 G1 O[root@openstack-server ~]# rabbitmq-plugins enable rabbitmq_management 使用web访问rabbitmq-server(默认账号guest,密码guest): ( u( O! K& \0 R& p
 设置openstack用户Tags为administrator(点击Admin -- openstack): 5 Z" _ L& b8 c
 点击Update this user:
8 H0 |6 k) b/ N* H# S$ L$ Y 查看设置:
5 Y3 b4 x4 Z" b8 X; J# i& a 7.安装memcached:; q7 d5 H# k N/ W
[root@openstack-server ~]# yum -y install memcached python-memcached 修改memcached服务配置: [root@openstack-server ~]# vim /etc/sysconfig/memcached6 ^& M* m8 j- O- ~' n
PORT="11211"
7 i c$ j. T C( xUSER="memcached"! |, A i2 ^ ?2 H/ G1 e5 F
MAXCONN="1024"
: N) F/ n2 E3 Q: d7 sCACHESIZE="64"
W3 c# l2 y' \" @OPTIONS="-l 0.0.0.0,::1"
# t( L$ A( R6 N A# @启动memcached服务: [root@openstack-server ~]# systemctl enable memcached.service
5 o4 L% @8 ?- q! Q[root@openstack-server ~]# systemctl start memcached.service
! z% F/ D& K7 l. z Q8.安装etcd服务:# w* T! h1 |% ]8 p T! ~3 m6 H
[root@openstack-server ~]# yum -y install etcd 修改etcd服务配置: [root@openstack-server ~]# vim /etc/etcd/etcd.conf
8 [: E; D" F4 d$ Z4 }4 g#[Member]
! p- H, h$ M0 p0 [8 D3 l& FETCD_DATA_DIR="/var/lib/etcd/default.etcd"( `0 f- K! a! k1 W4 f
ETCD_LISTEN_PEER_URLS="http://192.168.254.10:2380"; i* y0 N- l# j d, x
ETCD_LISTEN_CLIENT_URLS="http://192.168.254.10:2379"5 g. G9 X& l3 ?( A
ETCD_NAME="openstack-server"
: L9 F3 |/ ^: P' {5 r2 L#[Clustering]3 @; ^* z4 W5 t+ T
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.254.10:2380"
! u& y* w2 x) M( I+ A, V2 Z9 i5 VETCD_ADVERTISE_CLIENT_URLS="http://192.168.254.10:2379", P* V7 Z) i8 c9 @! c5 z& c6 z+ L1 e+ u% w
ETCD_INITIAL_CLUSTER="openstack-server=http://192.168.254.10:2380"- \0 k4 ~9 Q, O3 [: F* h
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"3 G; w, k! j5 @; S- l6 b7 I" q8 Q
ETCD_INITIAL_CLUSTER_STATE="new"2 O7 r. e' ?" l" R' q
启动etcd服务: [root@openstack-server ~]# systemctl enable etcd( u4 ?; M- r' p1 \
[root@openstack-server ~]# systemctl start etcd
; n/ t6 d) N+ T( c) s8 U" c9 S9.安装keystone:
* g2 \$ h% m4 ~1 u在Mariadb创建keystone库和用户: [root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE keystone;"
( V+ N) H. q2 c5 E0 @( R: O) B. l[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';": P* F. X& ]0 n3 J5 ?* B
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';". g. H7 }$ n2 w4 z& S2 J
安装keystone:6 E( ]/ W3 i- N G
[root@openstack-server ~]# yum -y install openstack-keystone httpd mod_wsgi 修改keystone服务配置: [root@openstack-server ~]# vim /etc/keystone/keystone.conf/ o9 k! E: \) A% ?: o6 M- `
[database]
" W6 b4 Y3 h$ l% J4 H Q$ W+ lconnection = mysql+pymysql://keystone:keystone@openstack-server/keystone! Q* Y% d; x: I
[token]provider = fernet
, Q- A, k$ @7 v, z同步数据库:! R2 h! g0 c7 j
[root@openstack-server ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone 初始化Fernet key仓库: [root@openstack-server ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
9 N" v$ n% H3 O* h3 x[root@openstack-server ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
3 b. Y& W0 G& W引导身份服务: [root@openstack-server ~]# keystone-manage bootstrap --bootstrap-password admin --bootstrap-admin-url http://openstack-server:5000/v3/ --bootstrap-internal-url http://openstack-server:5000/v3/ --bootstrap-public-url http://openstack-server:5000/v3/ --bootstrap-region-id RegionOne修改httpd服务配置: [root@openstack-server ~]# vim /etc/httpd/conf/httpd.conf& U2 c: W3 `. j$ d
ServerName openstack-server
# V/ O: } }6 g( A6 C创建wsgi-keysone配置文件链接:
$ f" b- p9 ]# H' z$ s[root@openstack-server ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ 启动httpd服务: [root@openstack-server ~]# systemctl enable httpd.service
0 f+ A2 W" k% u[root@openstack-server ~]# systemctl start httpd.service) T9 Y( b; X4 x' z5 W6 Y# s
[root@openstack-server ~]# vim admin-openrc.sh; j% l) I* P3 O6 W6 u& M
export OS_USERNAME=admin1 |# B- n' x: R5 V
export OS_PASSWORD=admin
/ n, b$ j5 x5 x0 `8 Yexport OS_PROJECT_NAME=admin
]" O6 u: O8 D, t! \export OS_USER_DOMAIN_NAME=Default3 l% @4 D/ _ a. S; {+ e
export OS_PROJECT_DOMAIN_NAME=Default& n& H) C9 O# q! x" J. m. x
export OS_AUTH_URL=http://openstack-server:5000/v33 g9 b* x, |* c; ^' C
export OS_IDENTITY_API_VERSION=38 M* ^/ u! m: _, B
2 C( L4 X" s/ U! L. l
4 h# u1 E0 f5 W& ^1 \; ]
创建域,项目,用户,角色: [root@openstack-server ~]# . admin-openrc.sh% U s5 U% J: H( k: M' M6 T
[root@openstack-server ~]# openstack domain create --description "An Example Domain" example
; }8 h1 O4 {% m. h2 O[root@openstack-server ~]# openstack project create --domain default --description "Service Project" service
8 u/ y! ` B+ y* s F$ L& f* E% `! P" h[root@openstack-server ~]# openstack project create --domain default --description "Demo Project" myproject
6 P9 l1 r8 E* ?& U; n. p[root@openstack-server ~]# openstack user create --domain default --password-prompt myuser
( v3 u9 X7 ^# f0 a3 I[root@openstack-server ~]# openstack role create myrole
- w" G2 y* R$ ~: O6 S! O9 ^# E, m: v[root@openstack-server ~]# openstack role add --project myproject --user myuser myrole
% ]" G4 H" }9 |8 b3 p验证keystone是否安装成功: [root@openstack-server ~]# unset OS_AUTH_URL OS_PASSWORD
: B; q9 r1 r. } Q; F[root@openstack-server ~]# openstack --os-auth-url http://openstack-server:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue- T2 K# g2 `% a4 t G/ Q
创建myuser环境变量: [root@openstack-server ~]# vim myuser-openrc.sh
' R1 X h/ N- K* U/ H$ r: @export OS_USERNAME=myuser2 K* @; @1 y6 q9 `
export OS_PASSWORD=myuser$ p0 Z" b' L9 q/ n+ z6 j& \: }( z
export OS_PROJECT_NAME=myproject
& k* v9 v# C+ Y- x) Yexport OS_USER_DOMAIN_NAME=Default
; I& e' B! u) w0 F. {* T& s+ Texport OS_PROJECT_DOMAIN_NAME=Default4 G/ I: g h, J% R4 R/ J8 G0 h, O$ L
export OS_AUTH_URL=http://openstack-server:5000/v34 G, r% u# Y: |) b+ W3 ]+ ` I# v+ O
export OS_IDENTITY_API_VERSION=3
' c6 P" f& @" C
% |2 t; E A. T; N: h. Z+ b. K使用myuser用户进行测试: [root@openstack-server ~]# . myuser-openrc.sh) v7 J+ r/ B$ ^' N
[root@openstack-server ~]# openstack --os-auth-url http://openstack-server:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue
$ s( N# O' H; ^1 d) D/ @修改用户环境变量脚本: [root@openstack-server ~]# vim admin-openrc.sh( v; z; f4 V+ y7 f
export OS_USERNAME=admin
( f+ E$ c u9 B7 {export OS_PASSWORD=admin7 }/ ^) d7 U7 C4 Z
export OS_PROJECT_NAME=admin5 Y+ K, K' o3 [' ~9 @7 @1 d* z
export OS_USER_DOMAIN_NAME=Default
- A+ w* b+ A2 @( c4 v. qexport OS_PROJECT_DOMAIN_NAME=Default( s% c, J0 I' M, J/ Z- k$ U- S
export OS_AUTH_URL=http://openstack-server:5000/v3 G" P% U( ]$ \2 q6 |, c+ P- D
export OS_IDENTITY_API_VERSION=32 `& M8 G& o. _7 r
export OS_IMAGE_API_VERSION=2( P7 S; `8 t) B6 x
[root@openstack-server ~]# vim myuser-openrc.sh
: H- _5 s: t1 y$ iexport OS_USERNAME=myuser. ?/ a2 z, F+ P; O' w, }2 n9 w
export OS_PASSWORD=myuser) K& U P( c9 p' ?
export OS_PROJECT_NAME=myproject
% s* ]' p2 d0 v) W6 n" Z! Cexport OS_USER_DOMAIN_NAME=Default0 d, T( B- Y5 z6 S4 K3 f! {
export OS_PROJECT_DOMAIN_NAME=Default4 l6 c/ n+ q1 V1 l
export OS_AUTH_URL=http://openstack-server:5000/v3
9 A% b" X8 ]! W+ H& uexport OS_IDENTITY_API_VERSION=38 c2 T$ V/ U8 ?( [* z) s+ ~- n# w2 w
export OS_IMAGE_API_VERSION=2
) ?$ ]5 x% X6 D( W* I5 j使用脚本测试: [root@openstack-server ~]# . admin-openrc.sh1 m, R& b4 [6 t) z
[root@openstack-server ~]# openstack token issue: d2 I8 r" X1 q( p# x" a
10.安装glance:% s/ Y! X- W1 C" y
在Mariadb创建glance库和用户: [root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE glance;"
' T8 h6 O5 v- \* ~+ a3 H[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';"
- j& m. H$ u1 f* S6 E( E[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';"
6 u6 i/ U2 \5 i9 B- h% B8 M创建glance用户,服务,端点: [root@openstack-server ~]# . admin-openrc.sh; t I2 m) e1 _
[root@openstack-server ~]# openstack user create --domain default --password-prompt glance
6 q6 H" y W2 d1 A6 A. \[root@openstack-server ~]# openstack role add --project service --user glance admin$ }2 Y1 {1 Z* Q0 I& v
[root@openstack-server ~]# openstack service create --name glance --description "OpenStack Image" image
% a' }" @9 [0 Q[root@openstack-server ~]# openstack endpoint create --region RegionOne image public http://openstack-server:9292( t! ?4 O* h. ]) U) J8 N
[root@openstack-server ~]# openstack endpoint create --region RegionOne image internal http://openstack-server:9292
1 ^, O! n/ e% |. J[root@openstack-server ~]# openstack endpoint create --region RegionOne image admin http://openstack-server:92923 s3 e* q! @0 [6 t$ F
安装glance:4 J2 Q8 ~+ T: q! k6 _7 }2 T0 D
[root@openstack-server ~]# yum -y install openstack-glance 修改glance-api和glance-registry服务配置: [root@openstack-server ~]# vim /etc/glance/glance-api.conf
# m2 @- X8 s! O% B; V; ~: W9 u[database]
- W* O6 u+ B8 O1 ?connection = mysql+pymysql://glance:glance@openstack-server/glance" h7 l5 q# @. `) X- O, C
[keystone_authtoken]8 D% ^2 H: W+ V2 d
www_authenticate_uri = http://openstack-server:5000; Y# Z* f7 T4 \0 A0 y+ N) H
auth_url = http://openstack-server:5000% d5 {- @. N! x* d: f+ h
memcached_servers = openstack-server:11211
5 A! i& k2 g" a( _% k4 A- g* Zauth_type = password
7 P+ [7 {$ A6 I6 w9 Z" jproject_domain_name = Default/ S9 _* s' r" \& y
user_domain_name = Default
_/ T" J8 ]/ Z. k: W* N2 Cproject_name = service8 R% S5 ~2 F/ O4 J7 W
username = glance/ s# c& A' I3 l7 B
password = glance
7 w; i) |' ~* O/ k- Z1 D. q- f[paste_deploy]
0 F8 u" I' ?# H. X6 r- \flavor = keystone
3 f+ O6 Q6 N, r6 g0 U[glance_store]
6 r% k+ x0 B( X9 X5 \2 P" F Nstores = file,http
, l! X, I" \% K+ t2 Rdefault_store = file
1 }. U `& b8 Q* k$ Hfilesystem_store_datadir = /var/lib/glance/images8 l D3 {' q& w4 e: V, l* |% P
[root@openstack-server ~]# vim /etc/glance/glance-registry.conf9 k4 f% M7 A4 f( p$ g1 V
[database]5 Y8 h' n+ e! I& w8 Z" H% [) a3 ?
connection = mysql+pymysql://glance:glance@openstack-server/glance
9 X: _1 z1 z$ }" M0 H. G[keystone_authtoken]! L" L6 |7 g; z( x6 l
www_authenticate_uri = [url=http://openstack-server:http://openstack-server:5000
4 T" x }. x) @: f5 r' f; u$ [auth_url = [url=http://openstack-server:http://openstack-server:5000: D# c3 o/ W' w) k; R) V* i
memcached_servers = openstack-server:11211
% V' i2 Y" O6 ?4 ]: e3 |auth_type = passwordp
$ |/ d/ v7 _- {+ E5 T2 V( froject_domain_name = Defaultu
+ {+ `, l& X# Q& Oser_domain_name = Default( W" r1 R: D6 R. a6 m, K) s
project_name = serviceusername = glance9 v0 i F4 T+ S4 [3 w
password = glance, f# \) d! t9 r# J
[paste_deploy]
. e* E- J7 Z7 J) R# a5 R9 |- G9 Bflavor = keystone
0 m$ F% W8 F- i同步glance数据库:
- \3 Z( g2 f/ J6 P0 L" P, O, m5 b[root@openstack-server ~]# su -s /bin/sh -c "glance-manage db_sync" glance 启动glance-api和glance-registry服务: [root@openstack-server ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service0 }! @4 ]5 z0 c9 R6 Z( A& h
[root@openstack-server ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service
% R; Z% _( i) z5 Z, Y+ n7 ?使用sdb1创建lvm用于存储镜像: [root@openstack-server ~]# fdisk -l /dev/sdb
% [, W9 z) j& W3 V# h8 s, Z磁盘 /dev/sdb:250.1 GB, 250059350016 字节,488397168 个扇区Units = 扇区 of 1 * 512 = 512 bytes* J: F8 n, D' m. r' }
扇区大小(逻辑/物理):512 字节 / 512 字节I/O 大小(最小/最佳):512 字节 / 512
% [5 C! ~' Z% e3 i字节磁盘标签类型:dos磁盘标识符:0x441e1e17 : C7 S$ t9 z/ r# P/ x# l9 Y1 m% Y
设备 Boot Start End Blocks Id System/dev/sdb1 2048 104859647 52428800 8 e Linux LVM
) @! N+ n4 s. \8 r/ _& a[root@openstack-server ~]# pvcreate /dev/sdb11 z* ^ W! q" }$ r: k
[root@openstack-server ~]# vgcreate glance-vg /dev/sdb1
; C; H8 R+ [! F! t) O+ g' e[root@openstack-server ~]# lvcreate -L 50G -n glance-lv glance-vg3 l2 A: N* l* |% z7 s' j% u. F
[root@openstack-server ~]# mkfs.xfs /dev/glance-vg/glance-lv {) g1 u5 V6 y. U, o/ j4 L
[root@openstack-server ~]# blkid /dev/glance-vg/glance-lv
# I: P2 B9 ^. X$ U/dev/glance-vg/glance-lv: UUID="072c4d36-7502-484b-b857-357a870dcc87" TYPE="xfs"
4 {% |+ P) @7 I- s G2 h
. ]. ]$ G5 R' s4 |[root@openstack-server ~]# vim /etc/fstab* f8 Z. B, S. r" G2 i
UUID=072c4d36-7502-484b-b857-357a870dcc87 /var/lib/glance/images/ xfs defaults 0 0; o' V% \2 _; K5 A. ~$ i1 P/ n
[root@openstack-server ~]# mount -a
4 v* B I( ^& x3 O x, n, |: r[root@openstack-server ~]# chown -R glance:glance /var/lib/glance/
0 J2 a" l, H# S2 i: B/ P+ |: z& ~; r4 ]0 j
验证操作: [root@openstack-server ~]# . admin-openrc.sh7 x W" n; u- A) \
[root@openstack-server ~]# wget http://download.cirros-cloud.net ... 4.0-x86_64-disk.img
# ]# ], o, d( g: w1 q[root@openstack-server ~]# openstack image create "cirros" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --public' p$ D! v' W+ \2 ? |! e
[root@openstack-server ~]# openstack image list
; J I; W( q2 t+ K; l+--------------------------------------+--------+--------+0 t/ d* U1 L) c) H& n8 F
| ID | Name | Status |' B; |) y( B; g
+--------------------------------------+--------+--------+( z s: R, A, G. z/ A
| 99b186e3-b29f-4366-ab5c-ebf5e53ef262 | cirros | active |/ }! R$ E; { z% }6 R
+--------------------------------------+--------+--------+& W5 Y5 A6 v5 O2 a O6 N" _6 k
11.安装nova:6 J* G, c1 l _% w" y7 A0 x
在Mariadb创建nova相关库和用户(控制节点): [root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE nova_api;" M4 [' O1 {& ~3 V
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE nova;"4 p3 c6 W4 G8 |0 C1 ?! V$ G
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE nova_cell0;"" M9 ]2 A, K2 w9 H
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE placement;"
' `2 @, Z8 M1 |* R) f* Y, Q1 V[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';"* j! E7 t2 J9 t' V0 A
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova''%' IDENTIFIED BY 'nova';"/ u/ B1 F3 a5 C; Z# L' M$ R
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@‘localhost' IDENTIFIED BY 'nova';"
2 G# x7 w; [, Q& c4 B[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';"& U7 {+ o4 y$ {7 ~1 Q- @
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';"
2 O( a! y7 ?. F$ y3 J1 z% b[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova';"
9 ], [: I4 ?$ O[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'placement';"
8 ?2 u# |" m) ]/ j( |$ O+ P[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'placement';"
5 O+ W" s4 `* o# e$ l. z9 l8 _% \( D创建nova用户,服务,端点; [root@openstack-server ~]# . admin-openrc.sh
9 B' S/ T7 C% U5 U- p( c! C, Y1 S$ c[root@openstack-server ~]# openstack user create --domain default --password-prompt nova
6 K- v, G+ k9 }, X/ @1 S[root@openstack-server ~]# openstack role add --project service --user nova admin" P8 y6 y. f- g4 A' a8 z7 T& A$ X7 O
[root@openstack-server ~]# openstack service create --name nova --description "OpenStack Compute" compute
2 G0 V; |8 E* I[root@openstack-server ~]# openstack endpoint create --region RegionOne compute public http:/openstack-server:8774/v2.1
3 A+ Q P- M( l5 ]( [, p[root@openstack-server ~]# openstack endpoint create --region RegionOne compute internal http://openstack-server:8774/v2.1
; ~- M8 ]% R9 X7 R. p' f7 S[root@openstack-server ~]# openstack endpoint create --region RegionOne compute admin http://openstack-server:8774/v2.10 B# D! A* s3 \% v; F: F" o% @
创建placement用户,服务,端点: [root@openstack-server ~]# openstack user create --domain default --password-prompt placement
0 g0 d* T2 ^, @1 K2 R z' `[root@openstack-server ~]# openstack role add --project service --user placement admin
# F, i/ ?5 Z' R0 p/ L" X& I1 v4 F[root@openstack-server ~]# openstack service create --name placement --description "Placement API" placement* ^+ z0 I3 M' C3 d
[root@openstack-server ~]# openstack endpoint create --region RegionOne placement public http://openstack-server:8778
J! z- }! c% X[root@openstack-server ~]# openstack endpoint create --region RegionOne placement internal http://openstack-server:8778
( _9 N+ T1 G, c% G3 u( n' B( y9 [[root@openstack-server ~]# openstack endpoint create --region RegionOne placement admin http://openstack-server:8778
' o0 Z' n( ?! h& n安装nove-api、nova-conductor、nova-console、nova-novncproxy、nova-schedule、nova-placement-api服务(控制节点): [root@openstack-server ~]# yum -y install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api修改nova服务配置: [root@openstack-server ~]# vim /etc/nova/nova.conf
* [2 D- b/ n8 D" o# ^; g[DEFAULT]# m1 E" u; G3 R6 |9 f& {6 G
enabled_apis=osapi_compute,metadata- q9 Q4 W" ^: |3 H2 @/ ]
transport_url=rabbit://openstack:openstack@openstack-server
; m- `1 {7 t# L$ M2 F6 \, C. u, fmy_ip=192.168.254.105 I+ i2 v$ n$ j7 F
use_neutron=true' G$ O$ N' H7 z9 H- a
firewall_driver=nova.virt.firewall.NoopFirewallDriver8 I& i9 ?$ q1 v- I" y5 k; ~6 v" I
[api_database]
) v4 T' A& I# Z0 \- f! }% [- A$ Y% rconnection=mysql+pymysql://nova:nova@openstack-server/nova_api$ E& Z& ^5 z" Y k) r( R
[database]
' t( N: s1 Z6 j8 pconnection=mysql+pymysql://nova:nova@openstack-server/nova3 }# ?1 e: x8 L& `# D0 A" @
[placement_database]% H' v* m6 S% }
connection=mysql+pymysql://placement:placement@openstack-server/placement# e) D$ y% N% J v& j8 }
[api], l8 m, S+ w( }1 i
auth_strategy=keystone. N1 F& j7 q2 n2 T! |$ m. b
[keystone_authtoken]4 A) ]: ]5 j5 z) k( l4 h4 E
auth_url=http://openstack-server:5000/v3
( I5 | ~% M, k; P! ^memcached_servers=openstack-server:11211: R* q/ Z9 m0 s4 u0 s0 n3 B/ _
auth_type=password
$ r/ S1 E2 }8 w+ P: ]# O* A! fproject_domain_name = default4 Y/ q: U& R) x: u
user_domain_name = default' t' S4 h2 D6 m$ j
project_name = service- Y! G7 ^/ s4 T/ X* k2 T B
username = nova
3 o, t$ v0 R9 I8 u, M4 Opassword = nova( H" s: C5 }/ O: `1 V. `; u. d
[vnc]
( k% {3 ]% k) W0 d+ {" Venabled=true
5 P3 Q3 `6 J# R6 Wserver_listen=0.0.0.0
8 _+ O/ N3 j8 u. U: P( h8 mserver_proxyclient_address=$my_ip3 \. w8 G) a$ k. m/ x8 f% O
[glance]) L! R& `- c' u7 X0 K
api_servers=http://openstack-server:92924 i, G5 Q4 R: d v6 e m7 ]
[oslo_concurrency]
) C, g. w3 `* J; F5 W/ h& }8 ylock_path=/var/lib/nova/tmp$ E$ {) ~% J2 p" E
[placement]
# U+ H1 Z( D( }/ ^- tregion_name=RegionOne4 p1 a% U: `2 I; T
project_domain_name = Default
; A; r2 n7 S) S0 b2 `: Hproject_name = service
* o0 V# `4 \# I; V+ m$ ~/ Lauth_type = password) E3 U! Y4 I) [6 b0 E7 l/ P2 U
user_domain_name = Default Q: a& Q/ T, Y6 v: A O3 |# y
auth_url = http://openstack-server:5000/v3
+ e2 E+ W7 y8 \4 }, f) ]username = placement) x; l ?( w3 Y$ q5 ]; b
password = placement) y, q, A' v# t( [+ v z) z: }
5 h U6 O4 |7 v8 |- q J( R
官网文档提示包bug问题,需要修改 /etc/httpd/conf.d/00-nova-placement-api.conf,添加/usr/bin相关内容到文件尾部; [root@openstack-server ~]# vim /etc/httpd/conf.d/00-nova-placement-api.conf
. s$ C; [) g `1 _<Directory /usr/bin> w* C+ }1 l% V2 {/ f
<IfVersion >= 2.4> Require all granted </IfVersion> ; k' W" @" Y* @2 P/ `
<IfVersion < 2.4> Order allow,deny Allow from all </IfVersion>
+ P! Q) F+ B5 C, n$ z</Directory>
9 [3 c& I2 r3 E/ F重启httpd服务:. x" f" K6 F6 B, F; g) U8 k
[root@openstack-server ~]# systemctl restart httpd 同步nova数据库: [root@openstack-server ~]# su -s /bin/sh -c "nova-manage api_db sync" nova u1 X% e4 |1 z1 m O
[root@openstack-server ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
* S, J9 J5 {6 _+ Y+ S( x8 V( P: _[root@openstack-server ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova28087259-877a-4ff7-b2a3-a4367a1fbd8d* [) ]0 r9 s6 C( Q: j
[root@openstack-server ~]# su -s /bin/sh -c "nova-manage db sync" nova
& x6 j3 ^6 n' X- S" U; P- J8 T[root@openstack-server ~]# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
" h+ x* f' v% m1 W* E( B3 n启动nova-api、nova-scheduler、nova-conductor、nova-novncproxy服务: [root@openstack-server ~]# systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
* I. D7 t4 A5 O6 Q[root@openstack-server ~]# systemctl start openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
, o2 X: S$ ^% ~- o/ x% s0 G
3 U: o/ o$ N2 g' ^! a安装nova-compute(计算节点):
! E9 h5 V$ G% r6 w8 w( d[root@openstack-server ~]# yum install openstack-nova-compute 修改nova配置文件: [root@openstack-server ~]# vim /etc/nova/nova.conf( B) O+ n* z, e" k/ D5 }
[DEFAULT]8 Y1 T, M2 }) b# o# _
enabled_apis=osapi_compute,metadata9 I( e8 i N) B- a7 h
transport_url=rabbit://openstack:openstack@openstack-server
; D, j, {4 ?5 l! ~$ y* l! p- [my_ip=192.168.254.100 Q6 E- G& Y3 X
use_neutron=true( a! Z( K* {( T$ x4 |
firewall_driver=nova.virt.firewall.NoopFirewallDriver
# Z' J8 O5 W! w4 d; e) f[api]
9 g5 p4 }4 y7 b, t; y; Gauth_strategy=keystone
! t" f9 v9 n% I' i8 V0 h[keystone_authtoken]
- x; z/ y- A4 [$ b2 P" Lauth_url = http://openstack-server:5000/v3/ s7 [$ j9 N- S% J& ]1 M4 }$ V
memcached_servers=openstack-server:11211# y" @ l7 C0 N$ V
auth_type=password
) A( ]( H" G, {% @# [* vproject_domain_name = default
K4 q3 d, D0 tuser_domain_name = default9 a( ]" V5 @* d3 A5 ], z
project_name = service
8 g4 f0 ?, H9 ^username = nova$ ]9 ?0 a4 ~3 n$ M, w2 X
password = nova
: a6 d0 `: m# U& C! } j[vnc]. \# P0 A) O: R* J# k
enabled=true
y. o5 p7 X B+ q# Lserver_listen=0.0.0.0
1 {4 d* f' c. ^3 I! b# k/ \( w( t+ Mserver_proxyclient_address=$my_ip- q2 _9 k( Z/ b' f" m
novncproxy_base_url = http://openstack-server:6080/vnc_auto.html! k+ P* q4 E% g; j6 I b9 w' j& E
[glance]api_servers=http://openstack-server:9292$ M$ W7 S) n( z: t( o& _
[oslo_concurrency]
3 T) F9 H5 e2 t1 @* tlock_path=/var/lib/nova/tmp
9 `! J$ C# c) b! i0 n[placement]7 a6 I3 U! v' W4 t0 V% E7 n
region_name=RegionOne$ a& e1 `) z. |6 I" k
project_domain_name = Default
' J3 }; k: w; D- S2 eproject_name = service) O: M, t, x3 Z" V% B
auth_type = password5 R7 C' Q8 o* E# v `) d
user_domain_name = Default
5 C/ b8 i( a# s, [ gauth_url = http://openstack-server:5000/v3
. E9 I# i$ F- R0 q# W; r" husername = placementpassword = placement- [5 b0 {' B2 D+ k+ O7 A
查看cpu是否支持虚拟化(0代表不支持): [root@openstack-server ~]# egrep -c '(vmx|svm)' /proc/cpuinfo4修改虚拟化类型,如果不支持cpu虚拟化使用qemu,如果支持使用kvm: [root@openstack-server ~]# vim /etc/nova/nova.conf
8 S* O8 Q. K* G$ ?[libvirt]
" N. Z8 j; D4 w5 b# Z; J! Q. Nvirt_type=kvm
) C7 d) ? i7 ^1 g) x启动nova-compute和libvirtd服务: [root@openstack-server ~]# systemctl enable libvirtd.service openstack-nova-compute.service8 h+ F' \4 T" D0 `
[root@openstack-server ~]# systemctl start libvirtd.service openstack-nova-compute.service6 P0 y$ j F: ~& Z: P# Q
将计算节点cell数据库: [root@openstack-server ~]# . admin-openrc.sh) c2 C* H/ B, }% z2 I6 q/ ^) o
[root@openstack-server ~]# openstack compute service list --service nova-compute, Y, U$ C/ j$ g" g' k' I
[root@openstack-server ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova* o+ F& [ q0 T/ a: ~) R
编辑nova服务配置: [root@openstack-server ~]# vim /etc/nova/nova.conf
$ Q @& m, e* M7 {2 R, F* c; d[scheduler]! E8 a* e1 d6 p5 n/ i% F
discover_hosts_in_cells_interval=300
A. t5 c. q6 `% @验证操作:
( g c- A5 i, \, X* O% \; C[root@openstack-server ~]# . admin-openrc.sh [root@openstack-server ~]# openstack compute service list" N) t3 w; J% W5 m% P
+----+----------------+------------------+----------+---------+-------+----------------------------+
$ ?2 D: r7 g' ?3 ^) j| ID | Binary | Host | Zone | Status | State | Updated At |
8 k; }" K; |- ]$ f* a8 ~3 L+----+----------------+------------------+----------+---------+-------+----------------------------+
, w6 v/ |& C. x. {# s# L" T| 1 | nova-conductor | openstack-server | internal | enabled | up | 2018-10-23T13:45:26.000000 |
7 a1 B$ x# x/ E9 U6 w/ ]/ o| 3 | nova-scheduler | openstack-server | internal | enabled | up | 2018-10-23T13:45:26.000000 |8 ^0 N( j, O6 ]
| 10 | nova-compute | openstack-server | nova | enabled | up | 2018-10-23T13:45:27.000000 |& U' b) L9 \5 W& |# R6 Q
+----+----------------+------------------+----------+---------+-------+----------------------------+4 X8 I+ m1 v, k( D
[root@openstack-server ~]# openstack catalog list! M" r( [& [8 O! | R; D2 N
+-----------+-----------+-----------------------------------------------+
( W4 n* p' k) j. p+ t8 }| Name | Type | Endpoints |: M3 z, Q' X5 `# f- k& b+ j
+-----------+-----------+-----------------------------------------------+2 L7 p# m! N+ c" |7 d$ a% Z
| glance | image | RegionOne |" E1 o% u% m& g5 \ f9 w; |
| | | internal: http://openstack-server:9292 |
' ]( s2 \7 j0 \9 v2 y: D+ p2 m| | | RegionOne |
% y; ^% f7 ~4 P' d$ l| | | public: http://openstack-server:9292 |
" K: u8 b3 X* j% n& s7 _9 f. L| | | RegionOne |
( G4 L9 h, i, B6 ^- K| | | admin: http://openstack-server:9292 |, g9 ~6 W: y1 @) p
| | | |- S K. `' @ Z( f3 \/ _
| keystone | identity | RegionOne |5 ~+ I2 j* s' r) ~7 d
| | | admin: http://openstack-server:5000/v3/ |' z/ m, S# `* l& h c7 P4 e
| | | RegionOne |% ]' Q' W! b; M/ _9 P1 D
| | | internal: http://openstack-server:5000/v3/ |
) k$ d9 b4 M+ s+ g| | | RegionOne |2 ^9 e, R$ N7 d" b5 l
| | | public: http://openstack-server:5000/v3/ |
3 d; k, |0 i' ^" W3 Q: v# f6 z, m| | | |
5 e9 q# N9 m; N/ s( ?' m| placement | placement | RegionOne |
( m; l. c: O6 Q a| | | public: http://openstack-server:8778 |5 j. n$ v' O C& V4 a' E/ |6 E% [
| | | RegionOne |
- k n: K v9 b& ~ k9 c| | | admin: http://openstack-server:8778 |
! H' M- ?" u: @7 ?( W( p( `) O/ @| | | RegionOne |
+ ^1 p& V# h7 N+ G8 Q# q6 e& b| | | internal: http://openstack-server:8778 |
7 p/ X0 g0 g, L% z" j. X; ^* v| | | |" i& R6 W( F+ |" F r/ s, }
| nova | compute | RegionOne |
- U0 B- U0 Q1 t3 V| | | public: http://openstack-server:8774/v2.1 |( u* Z A2 i0 l5 @
| | | RegionOne |
: s7 r u. } d# \, p| | | admin: http://openstack-server:8774/v2.1 | Q3 B. ]" p2 z! i1 v1 l
| | | RegionOne |
* ?& D- S8 E- f5 D+ C| | | internal: http://openstack-server:8774/v2.1 |
! c4 n6 ~( Q) U% C7 z: e6 A9 q$ e| | | |
( z3 X# R4 P( i W5 y4 x+-----------+-----------+-----------------------------------------------+
( V1 }. L5 U. b( r. \: Q3 N4 [) ]2 W! @' r- O
T4 }/ D( R. P [$ u {5 U7 |
[root@openstack-server ~]# openstack image list
" l, m. U5 X" m. ]% g+--------------------------------------+--------+--------+
7 j4 a0 I ~3 X4 u| ID | Name | Status |5 i+ o. s/ P' W! k, T
+--------------------------------------+--------+--------+ x3 o+ B: s& v1 Q m5 T
| 99b186e3-b29f-4366-ab5c-ebf5e53ef262 | cirros | active |1 x. v" d+ F* d* J4 i
+--------------------------------------+--------+--------+
9 E& |- _ p2 z/ y5 A' K1 G[root@openstack-server ~]# nova-status upgrade check F: N, Z7 n$ J* N+ R
+-------------------------------+
. k/ Y. Z9 W2 || 升级检查结果 |
; ]4 H' L o6 @$ u. y6 E! r1 y' S+-------------------------------+( e+ `, c9 y# x- }! t4 C
| 检查: Cells v2 |
4 o8 R1 A) g/ j9 q4 }/ \" k| 结果: 成功 |5 n, O1 F5 h3 f) V
| 详情: None |8 b A. e) }) I: e
+-------------------------------+* I% e' v6 I. }' p
| 检查: Placement API |, M4 K- t) p- c% H0 A9 M6 m2 I4 @
| 结果: 成功 |" n) x( n1 Q+ a2 e V
| 详情: None |
& |( X! Q" m# r4 D, j. R" |+-------------------------------+
5 A) o) d$ r' i8 C; z1 Q| 检查: Resource Providers |. [5 U, ~( v' S3 T3 q' x
| 结果: 成功 |
! \7 F$ b1 N) Q! O! \) l/ A4 B| 详情: None |$ o% l$ F, _+ h$ M n% }
+-------------------------------+
6 h8 Z/ C- q% [# V; s| 检查: Ironic Flavor Migration |
}5 J2 `0 |, W* A' V1 g8 ~" z| 结果: 成功 |
: [& [3 X) r0 @/ s: m, R| 详情: None |* N$ t2 ^$ L5 E) C5 ?. g
+-------------------------------+9 ]9 t3 o) I5 `% d% D0 V) ^7 Z6 M
| 检查: API Service Version |' I- M. j/ D }/ ?" u) z9 q
| 结果: 成功 |
! l# \6 X r0 N| 详情: None |
/ ~# `" h# t9 s; B) l4 b+-------------------------------+
0 K6 h, Y& c; }, h& n| 检查: Request Spec Migration |
$ }! f0 H# ^8 W. ]| 结果: 成功 |
: z& i' Q* r0 w| 详情: None |
4 l2 L. v. o% o Z' g3 X8 N) Z+-------------------------------+
" c% v; i, b2 e9 }, j: R! R+ \) H) t" V, D! h4 b8 ?- [
! P, g% ?" P! _3 O' D$ S12.安装neutron:
/ T' X( M1 i5 ]; s8 V在Mariadb创建neutron相关库和用户(控制节点): [root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE neutron;", P3 `4 X! f' J+ Z
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';"
; t5 v3 F5 `) s, N1 c( p' b/ ~[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';"0 B% p5 u! O' i* |, c2 C
创建neutron用户、服务、端点; [root@openstack-server ~]# . admin-openrc.sh
: D! P/ O5 W1 a1 { U( `* Q& O' h+ f[root@openstack-server ~]# openstack user create --domain default --password-prompt neutron; h) R& Z' F! E0 {2 L
[root@openstack-server ~]# openstack role add --project service --user neutron admin4 n5 B* d' u' k/ F! y
[root@openstack-server ~]# openstack service create --name neutron --description "OpenStack Networking" network
( K2 F8 z2 D' }: j- s0 M[root@openstack-server ~]# openstack endpoint create --region RegionOne network public http://openstack-server:96961 t4 [2 b1 S$ w: G5 x
[root@openstack-server ~]# openstack endpoint create --region RegionOne network internal http://openstack-server:96966 v2 |( ?8 D3 q$ Q: i5 K7 R' S( p8 t/ }
[root@openstack-server ~]# openstack endpoint create --region RegionOne network admin http://openstack-server:9696
, a/ q) J$ V1 C r: uNetworking Option 1: Provider networks:
1 y% ~+ j; P/ N. B安装neutron、neutron-ml2、neutron-linuxbridge、ebtables: [root@openstack-server ~]# yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables修改neutron服务配置: [root@openstack-server ~]# vim /etc/neutron/neutron.conf) K& w5 Y0 ?4 S3 [6 {* S
[database]
$ z, X. a% r, T% v# j! y& z, f! Kconnection = mysql+pymysql://neutron:neutron@openstack-server/neutron
7 x G5 S5 d7 `[DEFAULT]6 v+ a' Q* m7 S$ f3 ~
core_plugin = ml2
3 E9 k3 M+ Z0 htransport_url = rabbit://openstack:openstack@openstack-server# ]8 p% H( V* T" Q9 F0 @
auth_strategy = keystone
9 u7 p$ f3 ~3 [# x" anotify_nova_on_port_status_changes = true
+ Z! a) e! E1 L1 L% p% Enotify_nova_on_port_data_changes = true; |$ w5 S0 |- ^, e* [, L8 s* t% U
[keystone_authtoken]. j: d/ U8 L, W- d( X
www_authenticate_uri = http://openstack-server:5000
% K: |% H8 O. X+ _/ b- n0 W; nauth_url = http://openstack-server:5000
8 f) E. F" K. b8 u; r. bmemcached_servers = openstack-server:11211
& S7 e, M4 U/ B' h" d$ q+ |auth_type = password5 z+ D2 E2 x/ I: Z
project_domain_name = default
/ K: M. T# t* X, ?user_domain_name = default; U7 D+ w: s" Q: m
project_name = service/ g6 f3 P/ v9 z" B0 ]8 |# M6 z
username = neutron/ s. H8 K9 z2 [ q% A
password = neutron
6 [8 u/ S% M( p9 Q2 } c[nova]
4 L8 [2 { k6 }; r( `auth_url = http://openstack-server:5000
* X5 e& Z" W" ^, Hauth_type = password
0 j# x" g1 D! e2 O0 @6 |project_domain_name = default
( C( x! v" K2 wuser_domain_name = default/ [2 u( \8 k& E1 } D
region_name = RegionOne
$ V1 a) [# T4 q0 d! _: E+ s5 V2 Vproject_name = service
3 c7 J2 B) `7 v, Jusername = nova' ?( T# S8 e0 P. D" r; G8 n
password = nova
$ B7 N+ t* e2 e! |* f[oslo_concurrency]1 |, A) F9 v8 y7 r/ |( `
lock_path = /var/lib/neutron/tmp
, Z( g( C0 r7 f+ c1 p" i修改ml2配置文件: [root@openstack-server ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
0 S0 D/ G* _# k0 q[ml2]
- L. O2 T: T) y" k: I* Utype_drivers = flat,vlan
3 p0 d( ?- n/ {9 W8 H2 ^( c0 ptenant_network_types = flat+ O/ U' Y: e7 o2 h0 b& j% i
mechanism_drivers = linuxbridge. h3 @3 d7 z, D! p- v$ r+ h4 N7 T& j: \ d
extension_drivers = port_security
% z- J* [) _; `" q: x' a- z6 R[ml2_type_flat]' `: d; U# \) b' V8 ?
flat_networks = provider
! I2 z9 F! ~' f( `, V[securitygroup]
" [4 q* u$ f. W0 N6 }enable_ipset = true3 C6 C+ L- W5 s3 Q6 n, q
修改linuxbridge_agent配置文件: [root@openstack-server ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini! I. u. C7 ~' S, R8 ]' h
[linux_bridge]
9 R% v2 K9 g F/ Mphysical_interface_mappings = provider:enp4s0
9 n6 u( ~; {$ {0 b( Z' a, ^[vxlan]& N( n7 ]' W2 N
enable_vxlan = false- T; M4 J$ D7 _& y( \
[securitygroup]
# X$ _' L$ d2 {: q" Cenable_security_group = true& M% x1 |8 ^ F }
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver _2 ]* O5 n$ ?# \: u$ I. v
开启系统内核支持网络桥防火墙: [root@openstack-server ~]# modprobe bridge
2 i( X/ j P) O1 [; q[root@openstack-server ~]# modprobe br_netfilter
0 I8 G& T/ [( I; |; y[root@openstack-server ~]# vim /etc/sysctl.conf
5 w# _! w* n; G$ _) enet.bridge.bridge-nf-call-iptables = 1
7 }" z$ v! }/ J' W( k( Vnet.bridge.bridge-nf-call-ip6tables = 1
/ O) f9 S; E# F; [& E[root@openstack-server ~]# sysctl -p /etc/sysctl.conf. J! U7 h! p+ m' G6 G5 x6 S
修改dhcp_agent配置文件: [root@openstack-server ~]# vim /etc/neutron/dhcp_agent.ini
! X7 A) `% n ~; ]8 j: M[DEFAULT]
, {! ]" T H3 o. ^) ]interface_driver = linuxbridge/ V2 W9 r& [: ^% f
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
. D! x! w8 r& T' t6 P3 Senable_isolated_metadata = true
! a r" J6 P+ @% yNetworking Option 2: Self-service networks:
. Z/ b: i' i7 u3 q7 M, W( L- D安装openstack-neutron、openstack-neutron-ml2、openstack-neutron-linuxbridge、ebtables服务; [root@openstack-server ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables修改neutron服务配置: [root@openstack-server ~]# vim /etc/neutron/neutron.conf
- _7 x7 ?, B @4 [[database]& [3 K( K4 l* [# F$ P+ G3 Y+ a" _/ \* i
connection = mysql+pymysql://neutron:neutron@openstack-server/neutron
, A$ R# a: M: ^' y5 C[DEFAULT]
! j" J( R5 q! R9 o) bcore_plugin = ml2
: N' p' C. [; L3 s2 Jservice_plugins = router
! V) @9 P, r4 T# V! p( z. `transport_url = rabbit://openstack:openstack@openstack-server
9 \+ L; Z4 s9 T0 |+ D( M1 t$ \auth_strategy = keystone
# D) S- I+ K6 vnotify_nova_on_port_status_changes = true5 F0 C3 s+ G( k4 I' c
notify_nova_on_port_data_changes = true3 A- ^9 E: ?; O5 Q+ w2 p+ ?! Q
[keystone_authtoken]" @% I! x2 x3 `# {# m) E# Q
www_authenticate_uri = http://openstack-server:5000
9 v' [4 D4 R8 O7 ^; Kauth_url = http://openstack-server:5000
1 I4 [3 W+ {8 |8 lmemcached_servers = openstack-server:112110 q6 m5 Y8 I+ H* X! ^' Q5 o
auth_type = password: i2 s6 t I4 A* `% v( e) _, [/ t
project_domain_name = default
4 `( q% y2 `1 ~) R Ouser_domain_name = default
# _7 w+ m* u0 ~. Qproject_name = service
9 X4 H5 u$ J+ x# ?) eusername = neutron
( i: j9 s+ G* {/ [3 x8 Xpassword = neutron6 Z! k5 f/ a4 v7 T
[nova]1 \4 f/ U, P. D0 o; g
auth_url = http://openstack-server:5000
2 {* k$ v: B: t# ~( A9 K7 y3 `6 Uauth_type = password5 h4 `: m/ e4 J+ i% ^7 X9 p+ |
project_domain_name = default/ \5 ~6 X* `2 }5 E
user_domain_name = default
% v4 J9 j( J5 p1 \ H. C) dregion_name = RegionOne+ K, S* A* ?# P# r% E1 ?
project_name = service
; k g3 q) d$ C4 K2 Lusername = nova
" Q' G! Q- Z, ?# p9 g/ M+ l, Q0 ipassword = nova
8 m* G. w2 c0 P( d[oslo_concurrency]
) `3 y% I: W* T4 tlock_path = /var/lib/neutron/tmp
0 X' p! f: a8 K( V5 v: R( o
$ B/ B; Y/ [9 X$ p( J
+ i: v4 M2 q# x9 K修改ml2配置文件: [root@openstack-server ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
5 R3 C7 ]% I) W k* |[ml2]
. M- g" q: i# P: f. l* b9 Y2 x. xtype_drivers = flat,vlan,vxlan
6 g" P, D7 ~( s" d* C/ U0 ytenant_network_types = vxlan. q# d' ]( X+ W5 n
mechanism_drivers = linuxbridge,l2population
; K. ~6 u- w5 W0 D0 ^' F! sextension_drivers = port_security! Y- s7 `' {2 P5 R# P4 \
[ml2_type_flat] Z4 u+ u; A' o
flat_networks = provider3 b1 h1 Y1 ?; K4 Q. @( `- G
[ml2_type_vxlan]
, D9 {$ |8 s5 Y& l1 O, A' Vvni_ranges = 1:1000
& ~5 ]& `2 k9 Q$ J* p) s[securitygroup]
: q& ]0 E' f/ P Lenable_ipset = true' ?9 F9 }% I5 F: k
修改linuxbridge_agent配置文件: [root@openstack-server ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
& g; ^ d3 P: A6 `: {[linux_bridge]
2 q- Z% D' T/ y3 i7 O, I' iphysical_interface_mappings = provider:enp4s0" n5 O0 \; S9 o7 M0 c. F
[vxlan]1 I; X1 k; |) z: K
enable_vxlan = true
. q, i% A: B* D2 m' S. s5 jlocal_ip = 192.168.254.10+ E1 p4 Y7 l: E; v
l2_population = true, C6 v0 d& K) R/ M' T
[securitygroup]. E2 t8 a) O5 ?* n5 r* v
enable_security_group = true
( \1 h+ u! F/ M- {firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver" |- q3 q' }& f$ x
开启系统内核支持网络桥防火墙: [root@openstack-server ~]# modprobe bridge {' z3 v( b8 G# Q ~1 ?9 S
[root@openstack-server ~]# modprobe br_netfilter% \1 j( d3 l! k& g$ e
[root@openstack-server ~]# vim /etc/sysctl.conf [* `$ `( }3 F+ w3 Q8 y) x) c0 E. y
net.bridge.bridge-nf-call-iptables = 1
" ~* M4 Q% Q% f& m. Tnet.bridge.bridge-nf-call-ip6tables = 1* ]% E3 h3 T; i, D0 o
[root@openstack-server ~]# sysctl -p /etc/sysctl.conf
+ d& s7 _6 G. Z/ }! ?+ M4 |; ]修改layer-3_agent配置文件: [root@openstack-server ~]# vim /etc/neutron/l3_agent.ini
* F& i% ~5 ?5 |2 q/ n& ]" y[DEFAULT]) H; @$ `1 |: j0 a. n+ V% e
interface_driver = linuxbridge s" a' t, \6 s
修改dhcp_agent配置文件: [root@openstack-server ~]# vim /etc/neutron/dhcp_agent.ini3 |# x" f5 G5 O3 h h3 \
[DEFAULT]
* E' `; O6 H6 l9 K# Finterface_driver = linuxbridge5 y e0 U$ Y! B+ x' M- V, o; A
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
- U) I5 f( R* r7 z6 s' Cenable_isolated_metadata = true
2 q8 }8 y# y3 Z1 @' u, [修改metadata_agent配置文件: [root@openstack-server ~]# vim /etc/neutroNetworking Option 2: Self-service networks:n/metadata_agent.ini' a/ q, X& f" ]! `9 }
[DEFAULT], P' f2 b4 ^+ L" Q: o
nova_metadata_host = openstack-server7 ?' ?1 w$ f, w4 K. s& ?5 m% Q8 A
metadata_proxy_shared_secret = neutron(neutron和nova通信共享秘钥); N4 @& I. s1 j1 i) o
修改nova服务配置: [root@openstack-server ~]# vim /etc/nova/nova.conf
! I% Q) M5 o: @! y) \[neutron]
. C5 w! Y4 y4 Hurl = http://openstack-server:9696+ L) `3 `* P- B5 }, |- y
auth_url = http://openstack-server:5000
* ^; l3 ?! K7 Y( d9 w" U) T0 X+ Aauth_type = password) B! k3 e1 w& U) k6 E
project_domain_name = default3 R; ?8 V' ~: x V1 z9 T
user_domain_name = default
( O, V' g& ^, i. F/ R. w9 U! sregion_name = RegionOne4 T5 ]+ `) Q" m1 m( D
project_name = service2 r7 _& B' h/ N7 A/ R
username = neutron7 o- d% l1 P. {0 U/ d
password = neutron' ^/ E: `/ k: V" O
service_metadata_proxy = true
2 P4 y2 e: C. i5 Z! y8 W+ {5 @4 {2 smetadata_proxy_shared_secret = neutron(nova和neutron通信共享秘钥)' ^9 t/ h& }+ @7 x0 [1 A
创建网络服务初始化脚本软连接:
! C# d, c/ K5 f+ |[root@openstack-server ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini 同步neutron数据库: [root@openstack-server ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron重启nova-api服务:/ c" {' v1 a9 y1 N4 H7 Q# }
[root@openstack-server ~]# systemctl restart openstack-nova-api.service 启动neutron-server、 neutron-linuxbridge-agent、neutron-dhcp-agent、neutron-metadata-agent服务: [root@openstack-server ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service1 a! L3 A, B5 }* I i
[root@openstack-server ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service8 B* E! x' l3 _$ @- O
如果使用Networking Option 2: Self-service networks还需要启动neutron-l3-agent服务: [root@openstack-server ~]# systemctl enable neutron-l3-agent.service5 c! m) N1 K2 d; j$ k& u6 O; \
[root@openstack-server ~]# systemctl start neutron-l3-agent.service2 U7 N9 [5 F: T( E( s$ Q
安装openstack-neutron-linuxbridge、ebtables、ipset(计算节点):& q% l7 i; [$ ?) O9 d
[root@openstack-server ~]# yum install openstack-neutron-linuxbridge ebtables ipset 修改neutron服务配置: [root@openstack-server ~]# vim /etc/neutron/neutron.conf
8 b, k8 P. [" p! T. Q$ N8 [[DEFAULT]+ N7 X7 w/ f: |& Y' a! w
transport_url = rabbit://openstack:openstack@openstack-server1 D4 Y8 g2 h0 h/ v' w
auth_strategy = keystone% P$ h8 _+ D% y* B- a( C1 T
[keystone_authtoken]% P1 j; e4 U7 Z) v* T6 g
www_authenticate_uri = http://openstack-server:5000
' C9 F0 b; v9 w4 Z' i6 }9 n4 Zauth_url = http://openstack-server:5000
' O& f9 v6 U1 f F1 D' fmemcached_servers = openstack-server:11211
$ G+ K+ U; m: K* ]8 vauth_type = passwordp3 H) Z* \+ N2 _; L# W- ~/ G
roject_domain_name = defaultu
% o' i8 R) ^# w2 n, d; Bser_domain_name = default2 H2 h w1 X+ y$ _! W# Z% C
project_name = service o3 T' y4 q1 }3 K6 E/ t! W- o
username = neutron' ~2 a- A& M) A5 |- x; r+ k
password = neutron
' w9 j0 P1 b( ^[oslo_concurrency]
7 m' z/ i$ x; m7 jlock_path = /var/lib/neutron/tmp( D5 M3 T$ i, D$ T- |- A* ~$ n
7 c1 z- v5 c2 q r. o
! V% E; T! c1 _Networking Option 1: Provider networks:+ c9 p; @& i0 K7 i
修改linuxbridge_agent配置文件: [root@openstack-server ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini5 J& r- D( h. {- G
[linux_bridge]physical_interface_mappings = provider:enp4s0. ^( K- \4 P) p6 u/ }% s& k4 q
[vxlan]enable_vxlan = false6 [3 f+ `& I: I [+ S2 ^1 H
[securitygroup]2 a( M4 R# k, s) a, r' U8 Q2 ^2 L
enable_security_group = true: y3 Q% i" `% c
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver+ ^6 e7 S3 r6 N, R* M1 l$ ~
开启系统内核支持网络桥防火墙: [root@openstack-server ~]# modprobe bridge
3 s1 D( r/ U& A4 H5 K[root@openstack-server ~]# modprobe br_netfilter
, L" D2 o( X t! E* g6 W[root@openstack-server ~]# cat >> /etc/sysctl.conf << EOF
. n) Y8 A# {& O8 s; p8 p; i> net.bridge.bridge-nf-call-iptables = 1
. D1 x9 ^( M2 m& T3 t5 {> net.bridge.bridge-nf-call-ip6tables = 1) d) v: g' o4 D
> EOF
3 w# j+ L+ k. }1 X( e1 L; X[root@openstack-server ~]# sysctl -p /etc/sysctl.conf
( Y: ~! P- I; ?6 s9 C9 PNetworking Option 2: Self-service networks:
+ `! `) N# n( y# N+ U修改linuxbridge_agent配置文件: [root@openstack-server ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
& _9 P) d$ [8 B) C4 Z[linux_bridge]
I$ z$ V- L7 w* C& ?( jphysical_interface_mappings = provider:enp4s0
( f+ l0 P8 a9 C+ v: G8 r: ]6 h* G[vxlan]
! ]/ K7 q4 y" ^- ~0 C9 ?enable_vxlan = true
7 h( `. D7 U& d, u. flocal_ip = 192.168.254.10
+ @$ ^8 ]. J& al2_population = true6 H$ O$ ?8 G+ {0 `
[securitygroup]7 a& d6 r3 E0 P+ `8 q
enable_security_group = true2 e/ I( n. [1 I* T
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver% R6 p9 l( G S9 i1 _
开启系统内核支持网络桥防火墙: [root@openstack-server ~]# modprobe bridge. b* t9 i8 }, {# C$ o" @
[root@openstack-server ~]# modprobe br_netfilter3 a/ _$ P( L9 o0 V! y) b6 B; T2 E
[root@openstack-server ~]# cat >> /etc/sysctl.conf << EOF
9 k' v! v5 N }7 H# ~$ V) [> net.bridge.bridge-nf-call-iptables = 11 l9 r: W5 k9 N0 g* v
> net.bridge.bridge-nf-call-ip6tables = 1$ Z4 }, A" v& F9 v5 `$ R, s( p
> EOF* G. n- Z0 j3 Z) K$ \3 o
3 |0 Y C+ ]) `$ Q( C6 G
[root@openstack-server ~]# sysctl -p /etc/sysctl.conf
0 R4 e+ k# z! i9 I1 ^- o6 V1 T# Z修改nova服务配置: [root@openstack-server ~]# vim /etc/nova/nova.conf
0 s0 g- N, r, l' t0 W% G[neutron]
" P2 J; F$ o% |5 v+ T: k7 H5 Rurl = http://openstack-server:9696
. P- i: C: V0 a Lauth_url = http://openstack-server:5000
. z) C, R( L; } X3 e. qauth_type = password
! _& A* i$ T: k& Y0 k# vproject_domain_name = default
2 V E6 y; @. ~" I3 ouser_domain_name = default
7 b/ P. T* N( Dregion_name = RegionOnep4 G, J$ L5 Y' U) P: C. c7 K
roject_name = service
! r6 p# ?9 i9 e- Q4 Busername = neutron' Q3 S1 [2 J+ |- Q% q
password = neutron" }' R! y; f3 r: N
重启nova-compute服务(控制节点):
- x1 {, r! h& F) y[root@openstack-server ~]# systemctl restart openstack-nova-compute.service 启动neutron-linuxbridge-agent服务: [root@openstack-server ~]# systemctl enable neutron-linuxbridge-agent.service
& e* S2 L# Y6 L, u! e! u: ~[root@openstack-server ~]# systemctl start neutron-linuxbridge-agent.service
' X# I/ W% ?! \# ]& F/ o7 ~验证操作:
. n! R% V" Y4 ?2 j; u. z' J1 Z[root@openstack-server ~]# . admin-openrc.sh [root@openstack-server ~]# openstack extension list --network
4 |* W/ A2 H& k2 @8 @( R1 [6 X3 V* K+-----------------------------------------------------------------------------------------------------------------------------------------+--------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
6 a6 t% d1 n$ }' ]| Name | Alias | Description |4 ~: c3 R* S) a; Y. |0 w- [
+-----------------------------------------------------------------------------------------------------------------------------------------+--------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
9 A, J0 E1 F5 M* m' T- D| Default Subnetpools | default-subnetpools | Provides ability to mark and use a subnetpool as the default. |& `/ r, [3 v$ k: o2 h$ j( ]) j( V
| Network IP Availability | network-ip-availability | Provides IP availability data for each network and subnet. |* _6 d5 c z" T' I5 ^3 R
| Network Availability Zone | network_availability_zone | Availability zone support for network. |. m" T- s: w/ q! H3 \6 ~1 K8 n. {* |
| Network MTU (writable) | net-mtu-writable | Provides a writable MTU attribute for a network resource. |0 l) B& a7 g5 }' O. ^0 v4 m
| Port Binding | binding | Expose port bindings of a virtual port to external application |5 \, I/ o _. g0 g$ m% |
| agent | agent | The agent management extension. |4 M! e" f% y. Y4 B
| Subnet Allocation | subnet_allocation | Enables allocation of subnets from a subnet pool |6 z4 L, n! c! Z) Y+ T
| DHCP Agent Scheduler | dhcp_agent_scheduler | Schedule networks among dhcp agents |
5 ~! X5 P9 @1 W" w/ `- j' u| Neutron external network | external-net | Adds external network attribute to network resource. |
; [1 V& g u9 b9 V| Neutron Service Flavors | flavors | Flavor specification for Neutron advanced services. |: j% y/ u8 H4 n3 P, }. M$ I
| Network MTU | net-mtu | Provides MTU attribute for a network resource. |
5 s6 n0 N. f8 u7 m| Availability Zone | availability_zone | The availability zone extension. |
1 l& `+ r. ]" l2 ^4 X| Quota management support | quotas | Expose functions for quotas management per tenant |
4 ]$ ?3 j1 W- f5 u0 F# X| Tag support for resources with standard attribute: subnet, trunk, router, network, policy, subnetpool, port, security_group, floatingip | standard-attr-tag | Enables to set tag on resources with standard attribute. |
2 P$ m* M9 p- t- ]. N| Availability Zone Filter Extension | availability_zone_filter | Add filter parameters to AvailabilityZone resource |
) g9 w- s& x2 ^' P| If-Match constraints based on revision_number | revision-if-match | Extension indicating that If-Match based on revision_number is supported. |7 |; F3 V6 N+ N4 u4 [, }
| Filter parameters validation | filter-validation | Provides validation on filter parameters. |
% l4 e( s }8 m| Multi Provider Network | multi-provider | Expose mapping of virtual networks to multiple physical networks |2 o" P3 H: R8 m8 y5 r) ^
| Quota details management support | quota_details | Expose functions for quotas usage statistics per project |
0 w% V* y2 Q) ]| Address scope | address-scope | Address scopes extension. |8 J6 d1 B+ v; N- \( \1 c5 v
| Empty String Filtering Extension | empty-string-filtering | Allow filtering by attributes with empty string value |* N3 P" \+ q9 R! G
| Subnet service types | subnet-service-types | Provides ability to set the subnet service_types field |2 X# c- {0 X& Q
| Neutron Port MAC address regenerate | port-mac-address-regenerate | Network port MAC address regenerate |
) _5 V d* d- S5 l& T| Resource timestamps | standard-attr-timestamp | Adds created_at and updated_at fields to all Neutron resources that have Neutron standard attributes. |
# h" y2 e3 r/ t1 n1 ] v# A| Provider Network | provider | Expose mapping of virtual networks to physical networks |
3 G, w6 {5 y0 u; I& W- d| Neutron Service Type Management | service-type | API for retrieving service providers for Neutron advanced services |
' I5 A) v+ e. a2 Q: f| Neutron Extra DHCP options | extra_dhcp_opt | Extra options configuration for DHCP. For example PXE boot options to DHCP clients can be specified (e.g. tftp-server, server-ip-address, bootfile-name) |+ d4 j# c Y3 ~' a
| Port filtering on security groups | port-security-groups-filtering | Provides security groups filtering when listing ports |5 q# s( i6 ? k7 s; Y
|Resource revision numbers | standard-attr-revisions | This extension will display the revision number of neutron resources. |% b2 r3 e* T9 @6 P
| Pagination support | pagination | Extension that indicates that pagination is enabled. |
8 b. B6 q3 y& ]0 b) M7 L1 N7 }! A4 d| Sorting support | sorting | Extension that indicates that sorting is enabled. |% I+ _7 ~9 S7 p2 \, ]' D
| security-group | security-group | The security groups extension. |4 E" e0 b. `6 T; m) b1 W
| RBAC Policies | rbac-policies | Allows creation and modification of policies that control tenant access to resources. |% z( W% h" O6 L- V
| standard-attr-description | standard-attr-description | Extension to add descriptions to standard attributes |
( f" \1 s$ {* W+ h' p| IP address substring filtering | ip-substring-filtering | Provides IP address substring filtering when listing ports |
/ ~; ^$ L- S3 D v| Port Security | port-security | Provides port security |. Q2 b0 N6 V1 M0 X5 W6 W
| Allowed Address Pairs | allowed-address-pairs | Provides allowed address pairs |
" |/ t" ]; [& X Q! E| project_id field enabled | project-id | Extension that indicates that project_id field is enabled. |
0 t4 I5 q- N W7 b| Port Bindings Extended | binding-extended | Expose port bindings of a virtual port to external application |
j. j; \- S. W1 P% c$ V, _; `+-----------------------------------------------------------------------------------------------------------------------------------------+--------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+' S! t3 y1 {0 L5 P5 B: T8 [
[root@openstack-server ~]# openstack network agent list
: U3 T1 n/ ^- m% k1 |+--------------------------------------+--------------------+------------------+-------------------+-------+-------+---------------------------+
: Z/ f H8 M) \4 W+ d+ \' S| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |2 q$ p" P# I+ C3 M* h
+--------------------------------------+--------------------+------------------+-------------------+-------+-------+---------------------------+3 X5 o! H! a, Y; f
| 12d016a1-f747-49cc-b6be-0d793877d394 | Linux bridge agent | openstack-server | None | :-) | UP | neutron-linuxbridge-agent |( Z: m' |7 H: ~- {% n. Q. h
| 9639fcea-da54-4bad-b3a6-16ffb96f3243 | Metadata agent | openstack-server | None | :-) | UP | neutron-metadata-agent |
( z9 G2 v: I# O# l7 u6 d| dc6d79c5-62e0-48fb-8a19-556b68bc7063 | DHCP agent | openstack-server | nova | :-) | UP | neutron-dhcp-agent |
3 w, x' [% Y& _+--------------------------------------+--------------------+------------------+-------------------+-------+-------+---------------------------+
% h: b& c, Q6 ^- ?13.安装Dashboard:
9 c1 x' ^; U6 y( T4 V安装openstack-dashboard(控制节点):
4 u- ], f0 f5 O3 N, I[root@openstack-server ~]# yum -y install openstack-dashboard 修改dashboard配置文件: [root@openstack-server ~]# vim /etc/openstack-dashboard/local_settings
3 ^* G' u* ~" t) w1 F; \OPENSTACK_HOST = "openstack-server"( q: f7 l4 E/ c) _+ Q) r: M% X
ALLOWED_HOSTS = ['openstack-server', 'localhost']% q1 |' w, P; l9 a# S2 @; q
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'/ n! m. {" w/ r n( { h& Y
CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'openstack-server:11211', }}4 t. U) H# G2 E% r$ G) J
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST6 n2 e" L" n( L) N: K3 z. j+ h
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
1 Q% v0 `& a) L1 w/ MOPENSTACK_API_VERSIONS = { "identity": 3, "image": 2, "volume": 2,}
7 } V, k3 m+ E% s* X. Z7 l; M1 Z; iOPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default'% o6 F9 {, D+ Z1 L* n& ]2 T
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
; v9 g N/ s5 u+ t4 t X4 COPENSTACK_NEUTRON_NETWORK = { 'enable_router': False, 'enable_quotas': False, 'enable_distributed_router': False, 'enable_ha_router': False, 'enable_lb': False, 'enable_firewall': False, 'enable_***': False, 'enable_fip_topology_check': False,}
. a( h7 Q8 ~6 G# A! ]TIME_ZONE = "Asia/Shanghai"& C) @6 {% S% [& m. K9 C4 k
修改openstack-dashboard服务配置: [root@openstack-server ~]# vim /etc/httpd/conf.d/openstack-dashboard.conf
: a% |$ ]3 Z+ ^: N }2 yWSGIApplicationGroup %{GLOBAL}: f( T0 N' T3 K `7 B
重启httpd服务:
+ r# a8 ?/ a: b1 J' z, U% t[root@openstack-server ~]# systemctl restart httpd.service memcached.service 验证操作: 7 f4 k' a8 _' g* \" S5 l% q% {2 ?
通过浏览器访问http://openstack-server/dashboard 输入域default,账号myuser,密码myuser;
/ q$ {' J% J$ |) Z( J9 S! ~ 14.安装cinder:* S; q. h- D2 B/ P
在Mariadb创建cinder相关库和用户(控制节点): [root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE cinder;"8 s9 m3 @$ ?9 \8 M
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';"
- j! w2 @' f5 n, c+ E[root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';"
4 Z! n( W1 d, m& p创建cinder用户、服务、端点; [root@openstack-server ~]# . admin-openrc.sh
( s5 p0 c2 w0 W7 O[root@openstack-server ~]# openstack user create --domain default --password-prompt cinder; m' J$ X R" }5 d9 P! L
[root@openstack-server ~]# openstack role add --project service --user cinder admin
5 z. |* S7 Y3 c[root@openstack-server ~]# openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
3 U5 N6 z3 c+ t( ^) l[root@openstack-server ~]# openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev39 F- y" D7 h1 v0 v @3 a# s
[root@openstack-server ~]# openstack endpoint create --region RegionOne volumev2 public http://openstack-server:8776/v2/%\(project_id\)s
8 `* u' R. H. w) d \[root@openstack-server ~]# openstack endpoint create --region RegionOne volumev2 internal http://openstack-server:8776/v2/%\(project_id\)s
$ R6 D, T& G/ ^3 l2 j0 }" e( o% _ r[root@openstack-server ~]# openstack endpoint create --region RegionOne volumev2 admin http://openstack-server:8776/v2/%\(project_id\)s) u1 ]# s/ I9 Y3 Y
[root@openstack-server ~]# openstack endpoint create --region RegionOne volumev3 public http://openstack-server:8776/v3/%\(project_id\)s- M/ Q+ y3 o) U) v# X2 c& p
[root@openstack-server ~]# openstack endpoint create --region RegionOne volumev3 internal http://openstack-server:8776/v3/%\(project_id\)s7 u& y* |* o. V. L* w5 u2 U* ~
[root@openstack-server ~]# openstack endpoint create --region RegionOne volumev3 admin http://openstack-server:8776/v3/%\(project_id\)s" _' r% p9 R3 I( S4 Y
安装openstack-cinder:
0 d" P6 q% n. p# ^( U- E8 u[root@openstack-server ~]# yum -y install openstack-cinder 修改cinder服务配置:
8 j5 r! T, M) Z7 y" \[root@openstack-server ~]# vim /etc/cinder/cinder.conf [database]
+ p" u/ y8 s. R1 ~) X* uconnection = mysql+pymysql://cinder:cinder@openstack-server/cinder
5 ~ E! g) v& h9 n. X" M[DEFAULT]; ]4 V; V4 b4 T2 N: ~+ P' w
transport_url = rabbit://openstack:openstack@openstack-server6 M+ J9 }2 N. ]+ S7 I- E0 T
auth_strategy = keystone0 R+ G$ \% [$ a% e, \
my_ip = 192.168.254.10
5 H, [! O- C) z& J1 c[keystone_authtoken]0 |8 ]. s& m# K9 F6 x* k
auth_uri = http://openstack-server:5000
' U) @3 n, _/ `. uauth_url = http://openstack-server:5000. b" O3 ~3 ~! {/ c0 A. ]/ _, C' Q
memcached_servers = openstack-server:11211
/ b V* e( j' k/ K$ V7 sauth_type = password# u1 K" l7 ~1 L! B5 t6 ?( L
project_domain_id = default
$ g4 ^1 `1 g0 B0 A9 C; `# K" T$ @. C& auser_domain_id = default# N% X8 K \7 h) n
project_name = serviceu
- Z0 c! T$ x. j% C* Lsername = cinder5 k# ^. E9 [- a0 f& N4 o1 N
password = cinder
6 t7 J W( H5 b[oslo_concurrency]
7 f1 N& c P, h1 {! clock_path = /var/lib/cinder/tmp
1 e; C5 B' {$ \9 K7 o$ j同步cinder数据库:
) A& F A! o2 S0 D/ f[root@openstack-server ~]# su -s /bin/sh -c "cinder-manage db sync" cinder 修改nova服务配置: [root@openstack-server ~]# vim /etc/nova/nova.conf
5 v7 W) G; B" h% Y[cinder]
5 a+ F+ s8 q. S. ]os_region_name = RegionOne
% Q U- l( G" u( ~$ K h9 l重启nova-api服务:9 Z: |5 P0 B9 j5 s7 x
[root@openstack-server ~]# systemctl restart openstack-nova-api.service 启动cinder-api、cinder-scheduler服务: [root@openstack-server ~]# systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
/ o5 n( K: v: @7 F5 S/ U: V) f[root@openstack-server ~]# systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
7 h# ~; |9 V$ l! H安装lvm2、device-mapper-persistent-data(计算节点):
% z/ I. ^& |2 c& E/ ]( H$ a5 t4 h[root@openstack-server ~]# yum -y install lvm2 device-mapper-persistent-data 启动lvm2-lvmetad服务: [root@openstack-server ~]# systemctl enable lvm2-lvmetad.service
9 N! f# b5 y" V[root@openstack-server ~]# systemctl start lvm2-lvmetad.service/ Y: ]: t' v @7 b# v) p: k
将/dev/sdb2作为vlm块存储设备: [root@openstack-server ~]# fdisk -l /dev/sdb
# _. H- }" w4 D磁盘 /dev/sdb:250.1 GB, 250059350016 字节,488397168 个扇区Units = 扇区 of 1 * 512 = 512 bytes扇区大小(逻辑/物理):512 字节 / 512 字节I/O 大小(最小/最佳):512 字节 / 512 字节磁盘标签类型:dos磁盘标识符:0x441e1e17
6 A7 w; ^3 A3 G$ x# i设备 Boot Start End Blocks Id System/dev/sdb1 2048 106956799 53477376 8e Linux LVM/dev/sdb2 106956800 276826111 84934656 8e Linux LVM7 R. `; @% Z( Q
[root@openstack-server ~]# pvcreate /dev/sdb29 Z6 h4 u8 f6 ?7 `9 E
[root@openstack-server ~]# vgcreate cinder-volumes /dev/sdb2" D; i5 [1 T. H7 y3 E# X* W
修改lvm配置文件: [root@openstack-server ~]# vim /etc/lvm/lvm.conf
o* {# K6 \2 I# B, P8 ?: ~devices {...filter = [ "a/sdb2/","r/.*/"]...}
0 W: H) i: G9 B# g1 Z安装openstack-cinder、targetcli python-keystone服务:
) W2 G2 \7 u) ]4 D3 `[root@openstack-server ~]# yum -y install openstack-cinder targetcli python-keystone 修改cinder服务配置: [root@openstack-server ~]# vim /etc/cinder/cinder.conf
9 t" @, m: l5 w; \[database]* w1 [" y7 o, L2 a
connection = mysql+pymysql://cinder:cinder@openstack-server/cinder8 r; \: Q& s* v8 d: y
[DEFAULT]" K. y3 Y7 D/ n$ z, h+ N
transport_url = rabbit://openstack:openstack@openstack-server# q! a. f6 q4 r3 K% @2 U# ]
auth_strategy = keystone5 T! ^) E# {8 ?% y6 k
my_ip = 192.168.254.10e
8 e/ e p2 R: j3 v$ ~# ^+ ?nabled_backends = lvm
h- [/ p" ^5 `" K& C' rglance_api_servers = http://openstack-server:9292* S" A; }! ?- T' h) m! b
[keystone_authtoken]# |# q. q8 @( Y5 w, q+ [6 ^3 K
www_authenticate_uri = http://openstack-server:5000
3 I3 b$ i4 J+ F4 \; f" qauth_url = http://openstack-server:5000+ `0 Y" d p* }9 G7 m
memcached_servers = openstack-server:11211
) m8 V8 C) r( x, y: zauth_type = password
# J9 }9 ?$ S% P hproject_domain_id = default) O% w6 Q% z! z6 V" @5 ^ j3 P
user_domain_id = default2 w& k7 }2 ^- b; M+ Y' j9 a) z5 o
project_name = service6 _+ C. u: m3 z
username = cinder* K4 Q8 D$ D; s/ y$ y
password = cinder
O. l9 }4 r' H9 t[lvm]: a* g6 s- a' C& H, ?
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver8 s( | r6 Q) u7 s! x
volume_group = cinder-volumes
) T6 a. J D7 P6 q5 R7 A9 Xiscsi_protocol = iscsi' [6 ~7 b5 [5 P/ ^* t; Y. H* u
iscsi_helper = lioadm
7 R7 ?. B5 `* W$ t9 k[oslo_concurrency]
! l e5 s$ x( plock_path = /var/lib/cinder/tmp
, u7 X1 B6 u, z启动cinder-volume、target服务: [root@openstack-server ~]# systemctl enable openstack-cinder-volume.service target.service
* R! s% P5 C2 ~' u5 h p[root@openstack-server ~]# systemctl start openstack-cinder-volume.service target.service4 |) n) Z4 I) H7 x$ q- g3 ~
验证操作: [root@openstack-server ~]# openstack volume service list" s! u6 i% I6 ]; u. ]# T7 u
+------------------+----------------------+------+---------+-------+----------------------------+4 Z, o! u' O* s" z
| Binary | Host | Zone | Status | State | Updated At |
0 U8 K: s* W4 M0 w1 N. P+ |. Z( g; ^. y+------------------+----------------------+------+---------+-------+----------------------------+; y( o8 d' j5 ?1 e
| cinder-scheduler | openstack-server | nova | enabled | up | 2018-10-25T14:07:19.000000 |# P) t6 c* w9 G: D0 z" W+ [
| cinder-volume | openstack-server@lvm | nova | enabled | up | 2018-10-25T14:07:24.000000 |# n0 Y, b' P# V( h, m! O% m+ W
+------------------+----------------------+------+---------+-------+----------------------------+
% @$ m- h$ _$ ]5 f# W' a6 Z, B15.启动虚拟机实例:. Y/ ?3 a, y9 Q1 Y+ Y$ D, D
创建Provider network网络: [root@openstack-server ~]# . myuser-openrc.sh
5 B& w3 L9 y2 _' t1 J: v/ g[root@openstack-server ~]# openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider0 S @: X9 b- r- o
[root@openstack-server ~]# openstack subnet create --network provider --allocation-pool start=192.168.254.11,end=192.168.254.15 --dns-nameserver 114.114.114.114 --gateway 192.168.254.1 --subnet-range 192.168.254.0/27 provider# D5 v/ v* p2 e. ~0 Y+ S: x( ^
[root@openstack-server ~]# openstack network list
3 R P) c6 Q% O2 {, d7 K9 n+--------------------------------------+----------+--------------------------------------+
2 l1 I3 {8 j- d9 y1 x| ID | Name | Subnets |
7 |, ]; u2 N }: Z$ U$ W$ B# a+--------------------------------------+----------+--------------------------------------+# N6 x+ G+ S# P2 }5 i) @* ^& ]
| 9979b724-3868-42b9-9e0b-61b42fd794a0 | provider | 12dbf504-9f38-40d1-b273-e1409bc712b2 |
; [0 m# s$ i e+ i+--------------------------------------+----------+--------------------------------------+9 i6 t5 S2 T: B( {3 e
创建Self-service network网络: [root@openstack-server ~]# . myuser-openrc.sh$ ~: U B0 Z- Z9 T1 K, P
[root@openstack-server ~]# openstack network create selfservice
# p! |+ ^- P6 v Q[root@openstack-server ~]# openstack subnet create --network selfservice --dns-nameserver 114.114.114.114 --gateway 172.16.1.1 --subnet-range 172.16.1.0/24 selfservice
" L: t$ {& v! ?+ L5 L* a; @[root@openstack-server ~]# openstack router create router" O' s( u8 j3 T0 ~$ a% u
[root@openstack-server ~]# openstack router add subnet router selfservice
" a8 j, p! B0 G, _/ a* x[root@openstack-server ~]# openstack router set router --external-gateway provider {$ C3 m- C0 Y7 }7 H, b1 {! j2 q
验证操作: [root@openstack-server ~]# . admin-openrc.sh
6 k: d, j/ `1 d2 }# L: [[root@openstack-server ~]# ip netns
& p$ u z% R8 ~) V7 G. o( x# v) K9 q+ ?qrouter-0251f464-87d3-466e-9889-5b58eaeeb19b (id: 2)
" s) l3 y7 p5 h. g& gqdhcp-ad37ab93-04df-4b47-99d3-10dc0b2e630e (id: 1)
$ J' C2 @3 h. x8 N2 ^! @qdhcp-cd105ed5-cb4d-4fd9-a4f3-3ab1642d7cb4 (id: 0)
/ e. H( T$ u* d1 v[root@openstack-server ~]# openstack port list --router router
* ~, c6 Y# [. p6 q u+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------+--------+
$ y% k; O/ p3 Z( ?% ~- m1 E| ID | Name | MAC Address | Fixed IP Addresses | Status |
9 b/ Y: q4 h# i; C" L5 \+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------+--------+; }( ~" ?7 C; k: Q2 f4 z
| 6390935b-7ab1-4608-a386-8f8d068a2ee0 | | fa:16:3e:4a:74:9e | ip_address='192.168.254.14', subnet_id='9e8f1c21-fc37-4dd7-b111-b4e25160b731' | ACTIVE |
) ~ A! [! [% o+ j; G8 F+ `| d44e3892-fb37-4c8e-b962-f1035f164409 | | fa:16:3e:c1:1c:72 | ip_address='172.16.1.1', subnet_id='f5ae3b68-4397-4caf-be61-63ef193e024c' | ACTIVE |
" @! r% `) \1 t/ m- a+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------+--------+2 @7 c" Z V. W& { G7 S( U
创建flavor模板: 8 F) S5 X/ t1 Z: o3 X
[root@openstack-server ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano 创建秘钥链: [root@openstack-server ~]# . myuser-openrc.sh
6 D' s- R8 o2 e[root@openstack-server ~]# ssh-keygen -q -N ""7 ]4 E# \6 y, ^& `: r. Y
[root@openstack-server ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
1 s6 ?, e& N/ ^验证操作: [root@openstack-server ~]# openstack keypair list" Y3 S* f7 u4 m; W4 e, ^- |
+-------+-------------------------------------------------+# s% C5 n( O* U+ Y" z
| Name | Fingerprint |* ^" r/ k& z8 U( s7 N0 v
+-------+-------------------------------------------------+
' C$ p/ K% l/ d6 d( W| mykey | f3:95:1d:7f:24:e0:ba:a2:7f:9a:e8:98:7a:79:f7:f6 |
; O9 a6 d5 j i, x z+-------+-------------------------------------------------+
! k/ X& I4 J" @5 [4 [添加安全组: [root@openstack-server ~]# openstack security group rule create --proto icmp default
( U: p# N( S, h1 T+ J5 |/ @; W[root@openstack-server ~]# openstack security group rule create --proto tcp --dst-port 22 default
" }5 @' m8 I0 R. ^4 w+ p[root@openstack-server ~]# openstack security group list( O4 U$ h% w# C: S! A
+--------------------------------------+---------+-------------+----------------------------------+------+6 k" W: o2 u& b" V: l; _' u& U
| ID | Name | Description | Project | Tags |
6 b; d3 e f( y8 q+--------------------------------------+---------+-------------+----------------------------------+------+0 S% {' X; v/ ~( j( U; L, S
| 5c642955-4c0d-4913-83ac-ecd7fdc95846 | default | 缺省安全组 | f9d82471a2d84cdca15994649ad3ce17 | [] |- d0 S* Q. [, [ f4 S; c: c
+--------------------------------------+---------+-------------+----------------------------------+------+( i# o* b2 n/ i; ^
Launch an instance on the provider network(在provider网络运行实例): [root@openstack-server ~]# . demo-openrc9 o+ m3 c6 F1 b3 M
[root@openstack-server ~]# openstack flavor list. |6 P1 g) e. I
+----+---------+-----+------+-----------+-------+-----------++ [# j3 o8 ?- a' T) N- W2 R
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |" ~3 C. T2 O0 L+ b
+----+---------+-----+------+-----------+-------+-----------+
' h: c) @, z- ~4 A| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
, `& H& H+ R: M u D; m% t+----+---------+-----+------+-----------+-------+-----------+9 y! q9 c5 C2 U9 q# v8 o4 n
[root@openstack-server ~]# openstack image list! k8 U. P: a, S% L
+--------------------------------------+--------+--------+' S- p5 b) _( H- p* M$ i! @+ I
| ID | Name | Status |
3 Q: u* o0 J( o5 M7 T2 ^* ]+--------------------------------------+--------+--------+5 z" }0 B5 a# D2 R) I
| 68cc1d9d-3018-4c42-a20c-70d0e4215a24 | cirros | active |7 {! u* F% W( d
+--------------------------------------+--------+--------+
/ d b9 H& W+ U$ s# |[root@openstack-server ~]# openstack network list
+ Q! C' ~; H% P- e4 _1 P" W6 w- h+--------------------------------------+-------------+--------------------------------------+& y; z1 Z) G7 Z/ z
| ID | Name | Subnets |0 |) t; c- y x& K2 N
+--------------------------------------+-------------+--------------------------------------+1 C1 o+ Z9 A2 N, N2 ~( K5 \, J
| ad37ab93-04df-4b47-99d3-10dc0b2e630e | selfservice | f5ae3b68-4397-4caf-be61-63ef193e024c |; H5 B+ F, E; w# h
| cd105ed5-cb4d-4fd9-a4f3-3ab1642d7cb4 | provider | 9e8f1c21-fc37-4dd7-b111-b4e25160b731 |
: a6 w+ `# |5 g% R& k4 e' p+--------------------------------------+-------------+--------------------------------------+
0 ?$ C' }3 x/ r8 d[root@openstack-server ~]# openstack security group list
. j. t+ _+ Z, z! R+--------------------------------------+---------+-------------+----------------------------------+------+
! K2 ^/ x8 {% s| ID | Name | Description | Project | Tags |( f6 k P9 ^* [" b1 M0 w: \
+--------------------------------------+---------+-------------+----------------------------------+------+# q$ d6 P" D. P. \' P( M: y
| 48512492-a516-4219-9a94-c81ac593963d | default | 缺省安全组 | c6b624a854694b4bb6dacd361bd7589d | [] |) x- w# P$ {6 A I7 Z; O5 j
+--------------------------------------+---------+-------------+----------------------------------+------+
& i7 b$ h3 F) n8 `+ G6 i& N4 `[root@openstack-server ~]# openstack server create --flavor m1.nano --image cirros --nic net-id=9979b724-3868-42b9-9e0b-61b42fd794a0 --security-group default --key-name mykey provider-instance
5 M% Z. l! o4 V[root@openstack-server ~]# openstack console url show selfservice-instance(获取vnc url) Launch an instance on the self-service network(在self-service网络运行实例): [root@openstack-server ~]# . myuser-openrc.sh( L* ^8 m3 T. }1 s5 S/ r
[root@openstack-server ~]# openstack flavor list2 _) O, X3 z: i$ @
+----+---------+-----+------+-----------+-------+-----------+! k& e7 Y, E! m# V
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
; r9 v& q1 S+ J* D+----+---------+-----+------+-----------+-------+-----------+2 w9 O1 ~: O7 P7 L8 \/ w
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |/ h" e. Z" _3 v+ b4 l, i! h- K
+----+---------+-----+------+-----------+-------+-----------+" d0 j: E3 b* ^
[root@openstack-server ~]# openstack image list# ]( \7 h) M5 j- b0 d
+--------------------------------------+--------+--------+' Q: v! J3 W! n4 w8 X
| ID | Name | Status |+--------------------------------------+--------+--------+$ L6 c1 t4 o8 Q# U# q; g
| 68cc1d9d-3018-4c42-a20c-70d0e4215a24 | cirros | active |
6 A: t) j) l3 j* Q6 ? w+--------------------------------------+--------+--------+
* Q; P2 A9 w5 A[root@openstack-server ~]# openstack network list- z$ ?) e) O- ?
+--------------------------------------+-------------+--------------------------------------+
" |4 r/ ~( `: J2 F! S, L* j% u9 O| ID | Name | Subnets |
! g+ X. Z9 i6 h6 L+ ^# w8 u- H+--------------------------------------+-------------+--------------------------------------+* t0 W$ J4 p0 D; I; K" H
|ad37ab93-04df-4b47-99d3-10dc0b2e630e | selfservice | f5ae3b68-4397-4caf-be61-63ef193e024c |
3 l; ~; K+ Z. R4 H! I0 a# e$ {| cd105ed5-cb4d-4fd9-a4f3-3ab1642d7cb4 | provider | 9e8f1c21-fc37-4dd7-b111-b4e25160b731 |" Y) d( J" l5 i
+--------------------------------------+-------------+--------------------------------------+4 Y. C& h) S. ^0 R8 |
[root@openstack-server ~]# openstack security group list
; B# f# @" d! ~% b4 ~! F/ F3 L6 X+--------------------------------------+---------+-------------+----------------------------------+------+
/ |% W( {! g( j' _! }+ R| ID | Name | Description | Project | Tags |5 J2 }; x2 w7 i. D q
+--------------------------------------+---------+-------------+----------------------------------+------+
7 Z* @6 G6 M5 t7 N' O| 48512492-a516-4219-9a94-c81ac593963d | default | 缺省安全组 | c6b624a854694b4bb6dacd361bd7589d | [] |4 i2 p) A5 V9 N- P% p
+--------------------------------------+---------+-------------+----------------------------------+------+* F" a: [: u- z R
[root@openstack-server ~]# openstack server create --flavor m1.nano --image cirros --nic net-id=ad37ab93-04df-4b47-99d3-10dc0b2e630e --security-group default --key-name mykey selfservice-instance. {. U: J2 I3 }' [5 s. s: @# F
[root@openstack-server ~]# openstack server list! F2 J% z1 u5 h- x4 @0 w
+--------------------------------------+----------------------+--------+-------------------------+--------+---------+
; B1 b1 k/ \ e! ?0 G( r; o, S4 w| ID | Name | Status | Networks | Image | Flavor |
7 a! L1 `' T" R! t9 N# g; U$ n+--------------------------------------+----------------------+--------+-------------------------+--------+---------+
1 l+ \, P& X+ `| 105e9757-7ba5-4a3f-81b7-cecdff2fa167 | selfservice-instance | ACTIVE | selfservice=172.16.1.10 | cirros | m1.nano |
, S. e i/ X( ]9 d+--------------------------------------+----------------------+--------+-------------------------+--------+---------+
2 M$ `0 B+ Q6 c J* e4 L m[root@openstack-server ~]# openstack console url show selfservice-instance(获取vnc url) 创建卷: [root@openstack-server ~]# . myuser-openrc.sh
- e- V3 [) X( X8 i[root@openstack-server ~]# openstack volume create --size 1 volume1
5 v% V! ]5 b X+ z# Z' ]1 J3 y( u" a+---------------------+--------------------------------------+: ^3 _* S8 f" z
| Field | Value |1 k' A8 l# h2 u! ]" e. x
+---------------------+--------------------------------------+6 [& z- O2 Y) V8 b
| attachments | [] |
& X7 i; ~1 ]& _ ^3 H" X3 d8 Q| availability_zone | nova |7 t; D8 X/ [' h2 N2 C$ ?* W
| bootable | false |: z( b3 s4 v0 n- Y: u9 u
| consistencygroup_id | None |
. F; Z( x( X( ?9 \| created_at | 2018-11-04T14:38:32.000000 |" N8 L9 m7 v: P+ a* B
| description | None |
H- i- l7 U Z| encrypted | False |
% u1 X0 N: Z' Z# g/ L| id | 2a67c881-b7d6-47fb-9da4-c37dcb0ccf72 |
9 i- ]# ?! ^" q' o( i| multiattach | False |
Y2 r6 w. u0 J& B1 k" E Q( L X) z| name | volume1 |
/ T0 O6 J: w4 m- t$ ?/ n| properties | |. N, Q9 h4 s! s! ]5 E4 s" \
| replication_status | None |
8 g$ x: t( h8 j% ~| size | 1 |
" e% ^2 y, F1 A8 b8 y P# C) P z| snapshot_id | None |
B9 ?# c6 }/ g8 j4 e5 x# a7 c7 C| source_volid | None ||7 k4 A% F# R+ i0 i) j
status | creating |. E6 t: F; w8 B! K; Q
| type | None |& A1 Y9 y- e8 e
| updated_at | None |
! O' o+ M2 M F3 v) V( c4 ^| user_id | 2a2e5a1a1a464efaabaca83b439999e4 |
( Q+ b, m; W; U7 u/ y" C+---------------------+--------------------------------------+
" p8 q+ `# \' j- s4 @$ s3 l' @3 R[root@openstack-server ~]# openstack volume list
0 h- n8 R; E1 u2 d ~% q+--------------------------------------+---------+-----------+------+----------------------------------+
9 M+ w) l+ h3 m% p" m& p| ID | Name | Status | Size | Attached to |
; u/ C! `5 l5 W6 X+--------------------------------------+---------+-----------+------+----------------------------------+
2 ]+ C7 Q7 |% M5 q6 q, ?| 2a67c881-b7d6-47fb-9da4-c37dcb0ccf72 | volume1 | available | 1 | |- g2 o& V5 `( b) {0 d* } b
| a63a0afe-3be8-45aa-b7be-820d88874fc4 | | in-use | 20 | Attached to centos6 on /dev/vda |. q" p9 s9 \0 r7 b% }; ~( L
+--------------------------------------+---------+-----------+------+----------------------------------+
( H9 Z1 A Q1 G' u, m7 D |
发表于 2019-1-8 09:32:12