您好,登錄后才能下訂單哦!
接上篇
計算服務:
安裝配置控制節點:
yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler
此時,缺少一個包: python-pygments需要自己下載并安裝
1、獲得 admin 憑證來獲取只有管理員能執行的命令的訪問權限:
#. admin-openrc
2、要創建服務證書,完成這些步驟:
創建 nova 用戶:
openstack user create --domain default \
--password-prompt nova
給 nova 用戶添加 admin 角色:
openstack role add --project service --user nova admin
創建 nova 服務實體:
openstack service create --name nova \
--description "OpenStack Compute" compute
創建 Compute 服務 API 端點 :
# openstack endpoint create --region RegionOne \
> compute public http://172.25.33.10:8774/v2.1/%\(tenant_id\)s
# openstack endpoint create --region RegionOne compute internal http://172.25.33.10:8774/v2.1/%\(tenant_id\)s
+--------------+---------------------------------------------+
| Field | Value |
+--------------+---------------------------------------------+
| enabled | True |
| id | 44b3adb6ce2348908abbf4d3f9a52f2b |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | a394a2c40c144d6fb9db567a1105c44a |
| service_name | nova |
| service_type | compute |
| url | http://172.25.33.10:8774/v2.1/%(tenant_id)s |
+--------------+---------------------------------------------+
# openstack endpoint create --region RegionOne compute admin http://172.25.33.10:8774/v2.1/%\(tenant_id\)s
編輯``/etc/nova/nova.conf``文件并完成下面的操作:
1、在``[DEFAULT]``部分,只啟用計算和元數據API
[DEFAULT]
enabled_apis = osapi_compute,metadata
在``[api_database]``和``[database]``部分,配置數據庫的連接:
[api_database]
connection = mysql+pymysql://nova:nova@172.25.33.10/nova_api
[database]
connection = mysql+pymysql://nova:nova@172.25.33.10/nova
在 “[DEFAULT]” 和 “[oslo_messaging_rabbit]”部分,配置 “RabbitMQ” 消息隊列訪問:
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = rabbit
在 “[DEFAULT]” 和 “[keystone_authtoken]” 部分,配置認證服務訪問
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://172.25.33.10:5000
auth_url = http://172.25.33.10:35357
memcached_servers = 172.25.33.10:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
在 [DEFAULT 部分,配置``my_ip`` 來使用控制節點的管理接口的IP 地址。
[DEFAULT]
my_ip = 10.0.0.11
在 [DEFAULT] 部分,使能 Networking 服務:
[DEFAULT]
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
默認情況下,計算服務使用內置的防火墻服務。由于網絡服務包含了防火墻服務,你必須使用``nova.virt.firewall.NoopFirewallDriver``防火墻服務來禁用掉計算服務內置的防火墻服務
在``[vnc]``部分,配置VNC代理使用控制節點的管理接口IP地址
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
在 [glance] 區域,配置鏡像服務 API 的位置:
[glance]
api_servers = http://controller:9292
在 [oslo_concurrency] 部分,配置鎖路徑:
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
同步Compute 數據庫:
# su -s /bin/sh -c "nova-manage api_db sync" nova
# su -s /bin/sh -c "nova-manage db sync" nova
# systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
# systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
# grep ^[a-Z] /etc/nova/nova.conf
rpc_backend = rabbit
enabled_apis = osapi_compute,metadata
auth_strategy = keystone
my_ip = 172.25.33.10
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
debug=true
connection = mysql+pymysql://nova:nova@172.25.33.10/nova_api
connection = mysql+pymysql://nova:nova@172.25.33.10/nova
api_servers = http://172.25.33.10:9292
auth_uri = http://172.25.33.10:5000
auth_url = http://172.25.33.10:35357
memcached_servers = 172.25.33.10:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
lock_path = /var/lib/nova/tmp
rabbit_host = 172.25.33.10
rabbit_userid = openstack
rabbit_password = rabbit
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
安裝和配置計算節點:
minion2:172.25.33.11
安裝軟件包:
# yum install openstack-nova-compute
編輯``/etc/nova/nova.conf``文件并完成下面的操作
在``[DEFAULT]`` 和 [oslo_messaging_rabbit]部分,配置``RabbitMQ``消息隊列的連接:
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host =172.25.33.10
rabbit_userid = openstack
rabbit_password =rabbit
在 “[DEFAULT]” 和 “[keystone_authtoken]” 部分,配置認證服務訪問
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://172.25.33.10:5000
auth_url = http://172.25.33.10:35357
memcached_servers = 172.25.33.10:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
在 [DEFAULT] 部分,配置 my_ip 選項
[DEFAULT]
my_ip = MANAGEMENT_INTERFACE_IP_ADDRESS
將其中的 MANAGEMENT_INTERFACE_IP_ADDRESS 替換為計算節點上的管理網絡接口的IP 地址
my_ip =172.25.33.11
在 [DEFAULT] 部分,使能 Networking 服務:
[DEFAULT]
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
缺省情況下,Compute 使用內置的防火墻服務。由于 Networking 包含了防火墻服務,所以你必須通過使用 nova.virt.firewall.NoopFirewallDriver 來去除 Compute 內置的防火墻服務
在``[vnc]``部分,啟用并配置遠程控制臺訪問:
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://172.25.33.10:6080/vnc_auto.html
在 [glance] 區域,配置鏡像服務 API 的位置:
[glance]
api_servers = http://172.25.33.10:9292
在 [oslo_concurrency] 部分,配置鎖路徑:
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
官方文檔漏掉的配置:回報錯誤:oslo_service.service [-] Error starting thread.
或PlacementNotConfigured: This compute is not configured to talk to the placement service
[placement]
auth_uri = http://172.25.33.10:5000
auth_url = http://172.25.33.10:35357
memcached_servers = 172.25.33.10:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
os_region_name = RegionOne
完成安裝
1、確定您的計算節點是否支持虛擬機的硬件加速。
#egrep -c '(vmx|svm)' /proc/cpuinfo
如果這個命令返回了 one or greater 的值,那么你的計算節點支持硬件加速且不需要額外的配置。
如果這個命令返回了 zero 值,那么你的計算節點不支持硬件加速。你必須配置 libvirt 來使用 QEMU 去代替 KVM
# egrep -c '(vmx|svm)' /proc/cpuinfo
0
在 /etc/nova/nova.conf 文件的 [libvirt] 區域做出如下的編輯
[libvirt]
virt_type = qemu
2、啟動計算服務及其依賴,并將其配置為隨系統自動啟動:
# systemctl enable libvirtd.service openstack-nova-compute.service
# systemctl start libvirtd.service openstack-nova-compute.service
驗證操作:在控制節點172.25.33.10上進行
獲得 admin 憑證來獲取只有管理員能執行的命令的訪問權限:
#. admin-openrc
列出服務組件,以驗證是否成功啟動并注冊了每個進程:
# openstack compute service list
+----+------------------+------------------+----------+---------+-------+--------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+------------------+----------+---------+-------+--------------------+
| 1 | nova-conductor | server10.example | internal | enabled | up | 2017-04-04T14:07:4 |
| | | | | | | 9.000000 |
| 2 | nova-scheduler | server10.example | internal | enabled | up | 2017-04-04T14:07:5 |
| | | | | | | 1.000000 |
| 3 | nova-consoleauth | server10.example | internal | enabled | up | 2017-04-04T14:07:5 |
| | | | | | | 0.000000 |
| 6 | nova-compute | server11.example | nova | enabled | up | 2017-04-04T14:07:5 |
| | | .com | | | | 1.000000
網絡服務:
控制節點:
OpenStack網絡(neutron)管理OpenStack環境中所有虛擬網絡基礎設施(VNI),物理網絡基礎設施(PNI)的接入層。OpenStack網絡允許租戶創建包括像 firewall, :term:`load balancer`和 :term:`virtual private network (×××)`等這樣的高級虛擬網絡拓撲。
配置:
1、獲得 admin 憑證來獲取只有管理員能執行的命令的訪問權限:
. admin-openrc
2、要創建服務證書,完成這些步驟:
創建``neutron``用戶:
openstack user create --domain default --password-prompt neutron
添加``admin`` 角色到``neutron`` 用戶:
openstack role add --project service --user neutron admin
創建``neutron``服務實體:
# openstack service create --name neutron \
> --description "OpenStack Networking" network
創建網絡服務API端點
# openstack endpoint create --region RegionOne \
> network public http://172.25.33.10:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0092457b66b84d869d710e84c715219c |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | a33565b8fdfa4531963fdbb74245d960 |
| service_name | neutron |
| service_type | network |
| url | http://172.25.33.10:9696 |
+--------------+----------------------------------+
# openstack endpoint create --region RegionOne network internal http://172.25.33.10:9696
# openstack endpoint create --region RegionOne network admin http://172.25.33.10:9696
本網絡實例采用公共網絡:
選項1采用盡可能簡單的架構進行部署,只支持實例連接到公有網絡(外部網絡)。沒有私有網絡(個人網絡),路由器以及浮動IP地址。只有``admin``或者其他特權用戶才可以管理公有網絡
選項2在選項1的基礎上多了layer-3服務,支持實例連接到私有網絡。``demo``或者其他沒有特權的用戶可以管理自己的私有網絡,包含連接公網和私網的路由器。另外,浮動IP地址可以讓實例使用私有網絡連接到外部網絡,例如互聯網
yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables
配置服務組件
Networking 服務器組件的配置包括數據庫、認證機制、消息隊列、拓撲變化通知和插件。
編輯``/etc/neutron/neutron.conf`` 文件并完成如下操作:
在 [database] 部分,配置數據庫訪問
[database]
connection = mysql+pymysql://neutron:neutron@172.25.33.10/neutron
在``[DEFAULT]``部分,啟用Modular Layer 2 (ML2)插件,路由服務和重疊的IP地址:
[DEFAULT]
core_plugin = ml2
service_plugins =
在 “[DEFAULT]” 和 “[oslo_messaging_rabbit]”部分,配置 “RabbitMQ” 消息隊列的連接:
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = 172.25.33.10
rabbit_userid = openstack
rabbit_password =rabbit
在 “[DEFAULT]” 和 “[keystone_authtoken]” 部分,配置認證服務訪問:
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://172.25.33.10:5000
auth_url = http://172.25.33.10:35357
memcached_servers = 172.25.33.10:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
在``[DEFAULT]``和``[nova]``部分,配置網絡服務來通知計算節點的網絡拓撲變化:
[DEFAULT]
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
[nova]
auth_url = http://172.25.33.10:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
在 [oslo_concurrency] 部分,配置鎖路徑:
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
配置 Modular Layer 2 (ML2) 插件
ML2插件使用Linuxbridge機制來為實例創建layer-2虛擬網絡基礎設施
編輯``/etc/neutron/plugins/ml2/ml2_conf.ini``文件并完成以下操作:
在``[ml2]``部分,啟用flat和VLAN網絡以及VXLAN網絡::
[ml2]
type_drivers = flat,vlan
在``[ml2]``部分,禁用私有網絡:
[ml2]
tenant_network_types =
在``[ml2]``部分,啟用Linuxbridge機制:
[ml2]
mechanism_drivers = linuxbridge
在``[ml2]`` 部分,啟用端口安全擴展驅動:
[ml2]
extension_drivers = port_security
在``[ml2_type_flat]``部分,配置公共虛擬網絡為flat網絡
[ml2_type_flat]
flat_networks = provider
在 ``[securitygroup]``部分,啟用 ipset 增加安全組規則的高效性:
[securitygroup]
enable_ipset = True
配置Linuxbridge代理
Linuxbridge代理為實例建立layer-2虛擬網絡并且處理安全組規則。
編輯``/etc/neutron/plugins/ml2/linuxbridge_agent.ini``文件并且完成以下操作:
在``[linux_bridge]``部分,將公共虛擬網絡和公共物理網絡接口對應起來:
[linux_bridge]
physical_interface_mappings =public:eth0
將``PUBLIC_INTERFACE_NAME`` 替換為底層的物理公共網絡接口
在``[vxlan]``部分,禁用VXLAN覆蓋網絡
[vxlan]
enable_vxlan = False
在 ``[securitygroup]``部分,啟用安全組并配置 Linuxbridge iptables firewall driver:
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置DHCP代理
The DHCP agent provides DHCP services for virtual networks
編輯``/etc/neutron/dhcp_agent.ini``文件并完成下面的操作:
在``[DEFAULT]``部分,配置Linuxbridge驅動接口,DHCP驅動并啟用隔離元數據,這樣在公共網絡上的實例就可以通過網絡來訪問元數據
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
配置元數據代理
編輯``/etc/neutron/metadata_agent.ini``文件并完成以下操作:
在``[DEFAULT]`` 部分,配置元數據主機以及共享密碼:
[DEFAULT]
nova_metadata_ip = 172.25.33.10
metadata_proxy_shared_secret =redhat
為計算節點配置網絡服務
編輯``/etc/nova/nova.conf``文件并完成以下操作:
在``[neutron]``部分,配置訪問參數,啟用元數據代理并設置密碼:
[neutron]
url = http://172.25.33.10:9696
auth_url = http:/172.25.33.10:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = redhat
完成安裝
網絡服務初始化腳本需要一個超鏈接 /etc/neutron/plugin.ini``指向ML2插件配置文件/etc/neutron/plugins/ml2/ml2_conf.ini``。如果超鏈接不存在,使用下面的命令創建它:
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
同步數據庫:
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
最后顯示OK 即為成功
重啟計算API 服務
# systemctl restart openstack-nova-api.service
開機啟動
# systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
# systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
對于網絡選項2,同樣啟用layer-3服務并設置其隨系統自啟動
# systemctl enable neutron-l3-agent.service
# systemctl start neutron-l3-agent.service
計算節點:
# yum install openstack-neutron-linuxbridge ebtables ipset
Networking 通用組件的配置包括認證機制、消息隊列和插件
編輯``/etc/neutron/neutron.conf`` 文件并完成如下操作:
在``[database]`` 部分,注釋所有``connection`` 項,因為計算節點不直接訪問數據庫。
在“[DEFAULT]” 和 “[oslo_messaging_rabbit]”部分,配置 “RabbitMQ” 消息隊列的連接:
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = 172.25.33.10
rabbit_userid = openstack
rabbit_password = rabbit
在 “[DEFAULT]” 和 “[keystone_authtoken]” 部分,配置認證服務訪問:
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://172.25.33.10:5000
auth_url = http://172.25.33.10:35357
memcached_servers = 172.25.33.10:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neturon
在 [oslo_concurrency] 部分,配置鎖路徑:
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
選擇公有網絡:(可以將minion1上的配置考過來)
配置Linuxbridge代理
Linuxbridge代理為實例建立layer-2虛擬網絡并且處理安全組規則。
編輯``/etc/neutron/plugins/ml2/linuxbridge_agent.ini``文件并且完成以下操作:
在``[linux_bridge]``部分,將公共虛擬網絡和公共物理網絡接口對應起來:
[linux_bridge]
physical_interface_mappings =public:eth0
在``[vxlan]``部分,禁止VXLAN覆蓋網絡:
[vxlan]
enable_vxlan = False
在 ``[securitygroup]``部分,啟用安全組并配置 Linuxbridge iptables firewall driver:
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDr
編輯``/etc/nova/nova.conf``文件并完成下面的操作:
在``[neutron]`` 部分,配置訪問參數:
[neutron]
url = http://172.25.33.10:9696
auth_url = http://172.25.33.10:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
重啟計算服務:
# systemctl restart openstack-nova-compute.service
開機啟動:
# systemctl enable neutron-linuxbridge-agent.service
# systemctl start neutron-linuxbridge-agent.service
檢驗:
neutron ext-listneutron ext-list
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+---------------------------+--------------------------------------------------+
| alias | name |
+---------------------------+--------------------------------------------------+
| default-subnetpools | Default Subnetpools |
| availability_zone | Availability Zone |
| network_availability_zone | Network Availability Zone |
| binding | Port Binding |
| agent | agent |
| subnet_allocation | Subnet Allocation |
| dhcp_agent_scheduler | DHCP Agent Scheduler |
| tag | Tag support |
| external-net | Neutron external network |
| flavors | Neutron Service Flavors |
| net-mtu | Network MTU |
| network-ip-availability | Network IP Availability |
| quotas | Quota management support |
| provider | Provider Network |
| multi-provider | Multi Provider Network |
| address-scope | Address scope |
| subnet-service-types | Subnet service types |
| standard-attr-timestamp | Resource timestamps |
| service-type | Neutron Service Type Management |
| tag-ext | Tag support for resources: subnet, subnetpool, |
| | port, router |
| extra_dhcp_opt | Neutron Extra DHCP opts |
| standard-attr-revisions | Resource revision numbers |
| pagination | Pagination support |
| sorting | Sorting support |
| security-group | security-group |
| rbac-policies | RBAC Policies |
| standard-attr-description | standard-attr-description |
| port-security | Port Security |
| allowed-address-pairs | Allowed Address Pairs |
| project-id | project_id field enabled |
+---------------------------+--------------------------------------------------+
列出代理以驗證啟動 neutron 代理是否成功:
# neutron agent-list
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+----------+------------+----------+-------------------+-------+----------------+---------------+
| id | agent_type | host | availability_zone | alive | admin_state_up | binary |
+----------+------------+----------+-------------------+-------+----------------+---------------+
| 0d135b32 | DHCP agent | server10 | nova | :-) | True | neutron-dhcp- |
| -f115-4d | | .example | | | | agent |
| 2f-8296- | | | | | | |
| 27c6590c | | | | | | |
| a08c | | | | | | |
| 6c603475 | Metadata | server10 | | :-) | True | neutron- |
| -571a-4b | agent | .example | | | | metadata- |
| de-a414- | | | | | | agent |
| b6531938 | | | | | | |
| 8508 | | | | | | |
| b8667984 | Linux | server11 | | :-) | True | neutron- |
| -0d75 | bridge | .example | | | | linuxbridge- |
| -47bf- | agent | .com | | | | agent |
| 958b-c88 | | | | | | |
| 6244ff1f | | | | | | |
| 7 | | | | | | |
+----------+------------+----------+-------------------+-------+----------------+---------------+
配置文件一覽:
控制節點:
# cat /etc/neutron/neutron.conf
[DEFAULT]
rpc_backend = rabbit
core_plugin = ml2
service_plugins =
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
[database]
connection = mysql+pymysql://neutron:neutron@172.25.33.10/neutron
[oslo_messaging_rabbit]
rabbit_host = 172.25.33.10
rabbit_userid = openstack
rabbit_password = rabbit
[keystone_authtoken]
auth_uri = http://172.25.33.10:5000
auth_url = http://172.25.33.10:35357
memcached_servers = 172.25.33.10:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[nova]
auth_url = http://172.25.33.10:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
# grep ^[a-Z] /etc/nova/nova.conf
rpc_backend = rabbit
enabled_apis = osapi_compute,metadata
auth_strategy = keystone
my_ip = 172.25.33.10
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
connection = mysql+pymysql://nova:nova@172.25.33.10/nova_api
connection = mysql+pymysql://nova:nova@172.25.33.10/nova
api_servers = http://172.25.33.10:9292
auth_uri = http://172.25.33.10:5000
auth_url = http://172.25.33.10:35357
memcached_servers = 172.25.33.10:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
url = http://172.25.33.10:9696
auth_url = http:/172.25.33.10:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = redhat//Z這個密碼后邊要用
lock_path = /var/lib/nova/tmp
rabbit_host = 172.25.33.10
rabbit_userid = openstack
rabbit_password = rabbit
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[root@server10 ~]# grep ^[a-Z] /etc/neutron/plugins/ml2/ml2_conf.ini
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
flat_networks = provider
enable_ipset = True
[root@server10 ~]# grep ^[a-Z] /etc/neutron/plugins/ml2/linuxbridge_agent.ini
physical_interface_mappings = public:eth0
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewal
enable_vxlan = False
# grep ^[a-Z] /etc/neutron/plugins/ml2/linuxbridge_agent.ini
physical_interface_mappings = public:eth0
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewal
enable_vxlan = False
[root@server10 ~]# grep ^[a-Z] //etc/neutron/dhcp_agent.ini
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
# grep ^[a-Z] //etc/neutron/dhcp_agent.ini
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
[root@server10 ~]# grep ^[a-Z] /etc/neutron/metadata_agent.ini
nova_metadata_ip = 172.25.33.10
metadata_proxy_shared_secret = redhat//用的是上邊的元數據區密碼
計算節點:
# grep ^[a-Z] /etc/neutron/neutron.conf
rpc_backend = rabbit
auth_strategy = keystone
rabbit_host = 172.25.33.10
rabbit_userid = openstack
rabbit_password = rabbit
auth_uri = http://172.25.33.10:5000
auth_url = http://172.25.33.10:35357
memcached_servers = 172.25.33.10:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
lock_path = /var/lib/neutron/tmp
# grep ^[a-Z] /etc/neutron/plugins/ml2/linuxbridge_agent.ini
physical_interface_mappings = public:eth0
enable_vxlan = False
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
# grep ^[a-Z] /etc/nova/nova.conf
rpc_backend = rabbit
enabled_apis = osapi_compute,metadata
auth_strategy = keystone
my_ip = 172.25.33.10
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
connection = mysql+pymysql://nova:nova@172.25.33.10/nova_api
connection = mysql+pymysql://nova:nova@172.25.33.10/nova
api_servers = http://172.25.33.10:9292
auth_uri = http://172.25.33.10:5000
auth_url = http://172.25.33.10:35357
memcached_servers = 172.25.33.10:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
virt_type = qemu
url = http://172.25.33.10:9696
auth_url = http://172.25.33.10:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
lock_path = /var/lib/nova/tmp
rabbit_host = 172.25.33.10
rabbit_userid = openstack
rabbit_password = rabbit
auth_uri = http://172.25.33.10:5000
auth_url = http://172.25.33.10:35357
memcached_servers = 172.25.33.10:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
os_region_name = RegionOne
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = 172.25.33.11
ovncproxy_base_url = http://172.25.33.10:6080/vnc_auto.html
注意:所有密碼和服務名稱相同
172.25.33.10為控制節點
172.25.33.11為計算節點
至此,基礎服務已經完成,可以創建實例:
----------
創建虛擬網絡
---------
公共網絡:
創建公共網絡:
1、在控制節點上,加載 admin 憑證來獲取管理員能執行的命令訪問權限:
source admin-openrc
2、創建網絡:
# neutron net-create --shared --provider:physical_network provider \
> --provider:network_type flat public
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2017-04-09T11:35:39Z |
| description | |
| id | 876887d3-2cf3-4253-9804-346f180b6077 |
| ipv4_address_scope | |
| ipv6_address_scope | |
| mtu | 1500 |
| name | public |
| port_security_enabled | True |
| project_id | 7f1f3eae73dc439da7f53c15c634c4e7 |
| provider:network_type | flat |
| provider:physical_network | provider |
| provider:segmentation_id | |
| revision_number | 3 |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | 7f1f3eae73dc439da7f53c15c634c4e7 |
| updated_at | 2017-04-09T11:35:39Z |
+---------------------------+--------------------------------------+
``–shared``選項允許所有項目使用虛擬網絡
查看網絡CIDR # neutron net-list
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+----------------------+--------+----------------------+-----------------------+
| id | name | tenant_id | subnets |
+----------------------+--------+----------------------+-----------------------+
| 876887d3-2cf3-4253-9 | public | 7f1f3eae73dc439da7f5 | 6428d4dd-e15d-48b0 |
| 804-346f180b6077 | | 3c15c634c4e7 | -995e-45df957f4735 |
| | | | 172.25.33.0/24 |
+----------------------+--------+----------------------+-----------------------+
3、在網絡上創建一個子網:
# neutron subnet-create --name provider --allocation-pool start=172.25.33.100,end=172.25.33.200 --dns-nameserver 114.114.114.114 --gateway 172.25.33.250 public 172.25.33.0/24
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Created a new subnet:
+-------------------+----------------------------------------------------+
| Field | Value |
+-------------------+----------------------------------------------------+
| allocation_pools | {"start": "172.25.33.100", "end": "172.25.33.200"} |
| cidr | 172.25.33.0/24 |
| created_at | 2017-04-09T11:40:38Z |
| description | |
| dns_nameservers | 114.114.114.114 |
| enable_dhcp | True |
| gateway_ip | 172.25.33.250 |
| host_routes | |
| id | 6428d4dd-e15d-48b0-995e-45df957f4735 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | provider |
| network_id | 876887d3-2cf3-4253-9804-346f180b6077 |
| project_id | 7f1f3eae73dc439da7f53c15c634c4e7 |
| revision_number | 2 |
| service_types | |
| subnetpool_id | |
| tags | |
| tenant_id | 7f1f3eae73dc439da7f53c15c634c4e7 |
| updated_at | 2017-04-09T11:40:38Z |
+-------------------+----------------------------------------------------+
使用提供者物理網絡的子網CIDR標記替換``PROVIDER_NETWORK_CIDR``。即上文列出的子網
將 DNS_RESOLVER 替換為DNS解析服務的IP地址。在大多數情況下,你可以從主機``/etc/resolv.conf`` 文件選擇一個使用。
將``PUBLIC_NETWORK_GATEWAY`` 替換為公共網絡的網關,一般的網關IP地址以 ”.1” 結尾。 也可以使用宿主機的IP。
創建m1.nano規格的主機
默認的最小規格的主機需要512 MB內存。對于環境中計算節點內存不足4 GB的,我們推薦創建只需要64 MB的``m1.nano``規格的主機。若單純為了測試的目的,請使用``m1.nano``規格的主機來加載CirrOS鏡像
# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
+----------------------------+---------+
| Field | Value |
+----------------------------+---------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 1 |
| id | 0 |
| name | m1.nano |
| os-flavor-access:is_public | True |
| properties | |
| ram | 64 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+---------+
生成一個鍵值對
大部分云鏡像支持公共密鑰認證而不是傳統的密碼認證。在啟動實例前,你必須添加一個公共密鑰到計算服務。
導入租戶``demo``的憑證
$ . demo-openrc
生成和添加秘鑰對:
$ ssh-keygen -q -N ""
$ openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | 7f:a9:fd:62:e4:2b:87:84:27:f1:ce:d4:c1:89:f3:b8 |
| name | mykey |
| user_id | 251ad20a4d754dc4a104a3f5b8159142 |
+-------------+-------------------------------------------------+
驗證公鑰的添加:
# openstack keypair list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | 7f:a9:fd:62:e4:2b:87:84:27:f1:ce:d4:c1:89:f3:b8 |
+-------+-------------------------------------------------+
增加安全組規則
默認情況下, ``default``安全組適用于所有實例并且包括拒絕遠程訪問實例的防火墻規則。對諸如CirrOS這樣的Linux鏡像,我們推薦至少允許ICMP (ping) 和安全shell(SSH)規則。
添加規則到 default 安全組。
允許 ICMP (ping):
# openstack security group rule create --proto icmp default
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2017-04-09T11:46:06Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 5a168a4b-7e2a-40ee-8302-d19fbb7dda6d |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | 45a1b89bc5de479e8d3e04eae314ee88 |
| protocol | icmp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 1 |
| security_group_id | eb93c9e4-c2fd-45fc-806c-d1640ac3bf2e |
| updated_at | 2017-04-09T11:46:06Z |
+-------------------+--------------------------------------+
允許安全 shell (SSH) 的訪問:
[root@server10 ~]# openstack security group rule create --proto tcp --dst-port 22 default
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2017-04-09T11:46:34Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 26a91aee-5cd7-4c4d-acc6-104b7be0bc59 |
| name | None |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | 45a1b89bc5de479e8d3e04eae314ee88 |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 1 |
| security_group_id | eb93c9e4-c2fd-45fc-806c-d1640ac3bf2e |
| updated_at | 2017-04-09T11:46:34Z |
+-------------------+--------------------------------------+
在公有網絡上創建實例
一個實例指定了虛擬機資源的大致分配,包括處理器、內存和存儲。
列出可用類型:
# openstack flavor list
+----+---------+-----+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+---------+-----+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
+----+---------+-----+------+-----------+-------+-----------+
這里由于給虛擬機的內存過小發生了一個cannot allocate memory的報錯
列出可用鏡像:
# openstack p_w_picpath list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 2ed41322-bbd2-45b0-8560-35af76041798 | cirros | active |
+--------------------------------------+--------+--------+
列出可用網絡:
# openstack network list
+----------------------------------+--------+----------------------------------+
| ID | Name | Subnets |
+----------------------------------+--------+----------------------------------+
| 876887d3-2cf3-4253-9804-346f180b | public | 6428d4dd-e15d-48b0-995e- |
| 6077 | | 45df957f4735 |
+----------------------------------+--------+----------------------------------+
這個實例使用 ``provider``公有網絡。 你必須使用ID而不是名稱才可以使用這個網絡
列出可用的安全組:
# openstack security group list
+----------------------------+---------+------------------------+---------+
| ID | Name | Description | Project |
+----------------------------+---------+------------------------+---------+
| eb93c9e4-c2fd-45fc-806c- | default | Default security group | |
| d1640ac3bf2e | | | |
+----------------------------+---------+------------------------+---------+
創建實例
啟動實例:
使用``public``公有網絡的ID替換``PUBLIC_NET_ID``
# openstack server create --flavor m1.nano --p_w_picpath cirros --nic net-id=876887d3-2cf3-4253-9804-346f180b6077 --security-group default --key-name mykey public-instance
+-----------------------------+-----------------------------------------------+
| Field | Value |
+-----------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | nJ5gwMuEG4vN |
| config_drive | |
| created | 2017-04-09T12:11:15Z |
| flavor | m1.nano (0) |
| hostId | |
| id | 9ddc6c6b-4847-47ae-91de-8cd7a607c212 |
| p_w_picpath | cirros (2ed41322-bbd2-45b0-8560-35af76041798) |
| key_name | mykey |
| name | public-instance |
| progress | 0 |
| project_id | 45a1b89bc5de479e8d3e04eae314ee88 |
| properties | |
| security_groups | name='default' |
| status | BUILD |
| updated | 2017-04-09T12:11:16Z |
| user_id | 251ad20a4d754dc4a104a3f5b8159142 |
| volumes_attached | |
+-----------------------------+-----------------------------------------------+
檢查實例的狀態
# openstack server list
+----------------------+-----------------+--------+----------+------------+
| ID | Name | Status | Networks | Image Name |
+----------------------+-----------------+--------+----------+------------+
| 9ddc6c6b-4847-47ae- | public-instance | BUILD | | cirros |
| 91de-8cd7a607c212 | | | | |
+----------------------+-----------------+--------+----------+------------+
當構建過程完全成功后,狀態會從 BUILD``變為``ACTIVE
使用虛擬控制臺訪問實例
獲取你實例的 Virtual Network Computing (VNC) 會話URL并從web瀏覽器訪問它:
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。