Centos 8安装部署openstack Victoria版

华瑰冰雪龙宸 發表於 2021-2-28 22:28:00

<div class="toc"><div class="toc-container-header">目录</div><ul><li>OpenStack基础介绍</li><li>硬件最低要求<ul><li>安装环境</li><li>一、基础服务安装<ul><li>1、基本配置</li><li>2、基础服务</li><li>3、SQL数据库</li><li>4、消息队列</li><li>5、Memcached缓存</li><li>6、Etcd集群</li></ul></li><li>二、KeyStone服务安装<ul><li>1、创库授权</li><li>2、安装KeyStone相关软件包</li><li>3、配置Apache HTTP服务</li><li>4、创建域，项目，用户和角色</li></ul></li><li>三、Glance服务安装<ul><li>1、创库授权</li><li>2、创建glance用户并关联角色</li><li>3、创建glance服务并注册API</li><li>4、安装并配置glance</li></ul></li><li>四、Placement服务安装<ul><li>1、创库授权</li><li>2、配置用户和Endpoint</li><li>3、创建Placement服务并注册API</li><li>4、安装并配置Plancement</li></ul></li><li>五、Nova服务安装<ul><li>1、创库授权</li><li>2、配置用户和Endpoint</li><li>3、创建Nova服务并注册API</li><li>4、安装并配置Nova</li><li>1、安装并配置Nova</li></ul></li><li>六、Neutron服务安装<ul><li>1、创库授权</li><li>2、配置用户和Endpoint</li><li>3、创建Neutron服务并注册API</li><li>4、安装并配置Neutron<ul><li>控制节点公有网络</li><li>控制节点私有网络</li></ul></li><li>5、控制节点安装确认<ul><li>计算节点公有网络</li><li>计算节点私有网络</li></ul></li><li>6、计算节点安装确认</li></ul></li><li>七、Horizon服务安装<ul><li><ul><li>1. 安装软件包</li><li>2. 配置Horizon文件</li><li>3. 安装确认</li><li>4. 访问Dashboard</li></ul></li></ul></li></ul></li></ul></div>
<h3 id="openstack基础介绍">OpenStack基础介绍</h3>
请查看此博客
安装部署官方文档，点击此处查看
<h3 id="硬件最低要求">硬件最低要求</h3>
控制器节点：1个处理器，4 GB内存和5 GB存储
计算节点：1个处理器，2 GB内存和10 GB存储
在虚拟机中安装请调整内存、处理器和磁盘大小，以满足硬件最低要求，并勾选虚拟化
由于硬件条件有限，此此安装只有控制节点和计算节点
<h4 id="安装环境">安装环境</h4>
<ul>
<li>
工具：VMware Workstation 16 Pro
</li>
<li>
操作系统：CentOS 8.3
</li>
<li>
控制节点虚拟机配置，内存 8G、处理器 6C、磁盘 80G、虚拟化引擎
</li>
<li>
计算节点虚拟机配置，内存 4G、处理器 4C、磁盘 40G、虚拟化引擎
<img src="http://r.photo.store.qq.com/psc?/V54C2OLx3pQy8a0fgch71esxCP2J9hMe/TmEUgtj9EK6.7V8ajmQrEPx6YO7mmPAF9kFhmMPCTku7NnOhB0RcBg.vsFwW9D5*1P2PHVk090V09uXIe2UBPTNNyWU8zX1BebIvU7sKLJI!/r">
</li>
</ul>
<h4 id="一基础服务安装">一、基础服务安装</h4>
<h5 id="1基本配置">1、基本配置</h5>
配置节点：控制节点和计算节点
<ol>
<li>
修改主机名
<pre><code class="language-shell"># 修改控制节点
hostnamectl set-hostname controller
exec bash
# 修改计算节点
hostnamectl set-hostname compute
exec bash
</code></pre>
</li>
<li>
更换网络服务
在安装部署OpenStack时，OpenStack的网络服务会与NetworkManager服务产生冲突，二者无法一起正常工作，需要使用Network
<pre><code class="language-shell"># 安装Network服务
dnf install network-scripts -y
# 停用NetworkManager并禁止开机自启
systemctl stop NetworkManager && systemctl disable NetworkManager
# 启用 Network并设置开机自启
systemctl start network && systemctl enable network
</code></pre>
</li>
<li>
设置静态IP
编辑网络配置文件
<pre><code class="language-shell">vim /etc/sysconfig/network-scripts/ifcfg-ens33
</code></pre>
修改修改并添加以下内容
<pre><code class="language-shell"># 设为静态
BOOTPROTO=static
# 设为开机自动连接
ONBOOT=yes
# 添加IP、子网掩码及网关
IPADDR=192.166.66.10
NETMASK=255.255.255.0
GATEWAY=192.166.66.2
</code></pre>
<img src="http://r.photo.store.qq.com/psc?/V54C2OLx3pQy8a0fgch71esxCP2J9hMe/TmEUgtj9EK6.7V8ajmQrEPVmIQ0JkxyRnuy.AbFjEwL97RYXOFvzVEqk0q3mHqTlxSF1eaj5dxOFVxg0S6k6unkCdn05igdiXqm87FXop1I!/r">
重启Network网络服务
<pre><code class="language-shell"># 重启网络服务
systemctl restart network
# 测试是否可访问外网
ping -c 2 www.baidu.com
</code></pre>
<img src="http://r.photo.store.qq.com/psc?/V54C2OLx3pQy8a0fgch71esxCP2J9hMe/TmEUgtj9EK6.7V8ajmQrEIQs22NBznMqfZXdZezGn0Kn3zxaVCr.8f6vl*Cq6XcTN3T2yjXG*JAZdzqoSNwe0FoF8RgO2FxcvgqAoBN8TlQ!/r">
</li>
<li>
关闭所有节点防火墙并禁止开机自启
<pre><code class="language-shell">systemctl stop firewalld && systemctl disable firewalld
</code></pre>
</li>
<li>
配置host解析，在hosts文件中添加主机
使用echo命令修改，分别在两个节点执行以下命令
<pre><code class="language-shell">echo -e "192.166.66.10\tcontroller\n192.166.66.11\tcompute" >> /etc/hosts
</code></pre>
或者编辑hosts文件<code>vim /etc/hosts</code>添加如下信息
<pre><code class="language-shell">192.166.66.10 controller
192.166.66.11 compute
</code></pre>
配置后可通过命令<code>scp -rp /etc/hosts 192.166.66.11:/etc/hosts</code>直接覆盖另一节点hosts文件
然后测试控制节点与计算节点的连通性，以及两节点与外网的连通性，在各节点上分别执行如下命令
<pre><code class="language-shell"># 控制节点
ping -c 3 www.baidu.com
ping -c 3 compute
# 计算节点
ping -c 3 www.baidu.com
ping -c 3 controller
</code></pre>
</li>
</ol>
<h5 id="2基础服务">2、基础服务</h5>
配置节点：控制节点和计算节点
<ol>
<li>
时间同步，先执行命令<code>rpm -qa |grep chrony</code>查看系统是否安装chrony，若未安装则执行安装命令<code>dnf install chrony -y</code>，若已安装则编辑chrony配置文件<code>vim /etc/chrony.conf</code>修改以下两条信息，注意：在计算节点仅修改第一条，修改为<code>server controller iburst</code>，直接与控制节点同步
<pre><code class="language-shell"># Please consider joining the pool (http://www.pool.ntp.org/join.html).
server ntp6.aliyun.com iburst
# Allow NTP client access from local network.
allow 10.0.0.0/24
</code></pre>
</li>
<li>
重启chrony服务并开机自启
<pre><code class="language-shell">systemctl restart chronyd && systemctl enable chronyd
</code></pre>
</li>
<li>
安装openstack存储库
<pre><code class="language-shell">dnf config-manager --enable powertools
dnf install centos-release-openstack-victoria -y
</code></pre>
</li>
<li>
若网络太慢，可以修改为国内的yum源，修改方式请查看官方操作步骤，各源地址如下
<pre><code class="language-shell">华为 https://mirrors.huaweicloud.com/
清华 https://mirrors.tuna.tsinghua.edu.cn/
阿里云 https://mirrors.aliyun.com/
网易 https://mirrors.163.com/
中科大 https://mirrors.ustc.edu.cn/
</code></pre>
</li>
<li>
升级所有节点上的软件包
<pre><code class="language-shell">dnf upgrade -y
</code></pre>
</li>
<li>
安装openstack客户端和openstack-selinux
<pre><code class="language-shell">dnf install python3-openstackclient openstack-selinux -y
</code></pre>
</li>
</ol>
<h5 id="3sql数据库">3、SQL数据库</h5>
配置节点：仅控制节点
<ol>
<li>
安装Mariadb数据库，也可安装MySQL数据库
<pre><code class="language-shell">dnf install mariadb mariadb-server python3-PyMySQL -y
</code></pre>
</li>
<li>
创建和编辑<code>vim /etc/my.cnf.d/openstack.cnf</code>文件，添加如下信息
<pre><code class="language-shell">
bind-address = 192.166.66.10
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
</code></pre>
</li>
<li>
启动数据库并设置为开机自启
<pre><code class="language-shell">systemctl start mariadb && systemctl enable mariadb
</code></pre>
</li>
<li>
保护数据库服务
<pre><code class="language-shell">mysql_secure_installation

# 输入当前用户root密码，若为空直接回车
Enter current password for root (enter for none):
OK, successfully used password, moving on...
# 是否设置root密码
Set root password? y
# 输入新密码
New password:
# 再次输入新密码
Re-enter new password:
# 是否删除匿名用户
Remove anonymous users? y
# 是否禁用远程登录
Disallow root login remotely? n
# 是否删除数据库并访问它
Remove test database and access to it? y
# 是否重新加载权限表
Reload privilege tables now? y

# 以上步骤根据实际情况做配置即可，不一定要与此处保持一致
</code></pre>
</li>
</ol>
<h5 id="4消息队列">4、消息队列</h5>
配置节点：仅控制节点
<ol>
<li>
安装软件包
<pre><code class="language-shell">dnf install rabbitmq-server -y
</code></pre>
</li>
<li>
启动消息队列服务并设置为开机自启
<pre><code class="language-shell">systemctl start rabbitmq-server && systemctl enable rabbitmq-server
</code></pre>
</li>
<li>
添加openstack用户并设置密码
<pre><code class="language-shell">rabbitmqctl add_user openstack RABBIT_PASS
</code></pre>
</li>
<li>
给openstack用户可读可写可配置权限
<pre><code class="language-shell">rabbitmqctl set_permissions openstack ".*" ".*" ".*"
</code></pre>
</li>
<li>
为了方便监控，启用Web界面管理插件
<pre><code class="language-shell">rabbitmq-plugins enable rabbitmq_management
</code></pre>
安装成功后通过命令<code>netstat -lntup</code>查看多了一个15672的服务端口，通过浏览器访问可以成功登录RabbitMQ，默认管理员账号密码都是guest，登录成功页面如下图
<img src="http://r.photo.store.qq.com/psc?/V54C2OLx3pQy8a0fgch71esxCP2J9hMe/TmEUgtj9EK6.7V8ajmQrEOtXd7fP3xnR3PL*7vPW2voV8MwAsvXp9AqnaJ3f9MdGP9*lGqb9*dH2cZIqKZOF.rizWuc8TAesa41f5i2Yu.s!/r">
</li>
</ol>
<h5 id="5memcached缓存">5、Memcached缓存</h5>
配置节点：仅控制节点
<ol>
<li>
安装软件包
<pre><code class="language-shell">dnf install memcached python3-memcached -y
</code></pre>
</li>
<li>
编辑<code>vim /etc/sysconfig/memcached</code>文件，将OPTTONS行修改成如下信息
<pre><code class="language-shell">OPTIONS="-l 127.0.0.1,::1,controller"
</code></pre>
</li>
<li>
启动Memcached服务并设置开机自启
<pre><code class="language-shell">systemctl start memcached && systemctl enable memcached
</code></pre>
</li>
</ol>
<h5 id="6etcd集群">6、Etcd集群</h5>
配置节点：仅控制节点
<ol>
<li>
安装软件包
<pre><code class="language-shell">dnf install etcd -y
</code></pre>
</li>
<li>
编辑<code>vim /etc/etcd/etcd.conf</code>文件,修改如下信息
<pre><code class="language-shell">#
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://192.166.66.10:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.166.66.10:2379"
ETCD_NAME="controller"
#
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.166.66.10:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.166.66.10:2379"
ETCD_INITIAL_CLUSTER="controller=http://192.166.66.10:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"

</code></pre>
</li>
<li>
启动Etcd服务并设置开机自启
<pre><code class="language-shell">systemctl start etcd && systemctl enable etcd
</code></pre>
</li>
</ol>
<h4 id="二keystone服务安装">二、KeyStone服务安装</h4>
配置节点：仅控制节点
<h5 id="1创库授权">1、创库授权</h5>
<ol>
<li>
连接数据库
<pre><code class="language-mysql">mysql -u root -p
</code></pre>
</li>
<li>
创建keystone数据库
<pre><code class="language-mysql">CREATE DATABASE keystone;
</code></pre>
</li>
<li>
授予keystone数据库权限，然后退出
<pre><code class="language-mysql">GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
exit;
</code></pre>
</li>
</ol>
<h5 id="2安装keystone相关软件包">2、安装KeyStone相关软件包</h5>
<ol>
<li>
安装软件
<pre><code class="language-shell">dnf install openstack-keystone httpd python3-mod_wsgi -y
</code></pre>
</li>
<li>
修改/etc/keystone/keystone.conf文件，由于文件内容有2700行左右，备注内容过多，实际有效配置信息只有40行左右，所有为了方便修改文件，可以先备份该文件，然后去掉注释信息
<pre><code class="language-shell"># 备份
cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak
# 去掉备份文件keystone.conf.backup的空行、备注等信息覆盖掉keystone.conf文件
grep -Ev '^$|#' /etc/keystone/keystone.conf.bak >/etc/keystone/keystone.conf
</code></pre>
然后再手动修改文件内容，修改信息如下
<pre><code class="language-shell">
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone

provider = fernet
</code></pre>
手动方式和命令行方式二选一
为了提高修改文件效率，减少配置错误率，我们可以使用配置工具，通过命令修改文件，先安装软件
<pre><code class="language-shell">dnf install crudini -y
</code></pre>
<img src="http://r.photo.store.qq.com/psc?/V54C2OLx3pQy8a0fgch71esxCP2J9hMe/TmEUgtj9EK6.7V8ajmQrEDe6onV7uY*6vk512.eNzE8YfWC0q4.iiLA8wMrHOxOPa0xK5OI1bE3McA5Hz.i.Jfa2TTWhk.clBzZF.AMsmRw!/r">
执行命令修改文件内容
<pre><code class="language-shell">crudini --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
crudini --set /etc/keystone/keystone.conf token provider fernet
</code></pre>
</li>
<li>
初始化数据库
<pre><code class="language-shell">su -s /bin/sh -c "keystone-manage db_sync" keystone
</code></pre>
同步前后可以先看一下数据库信息，下图是操作前后数据库信息变化
<img src="http://r.photo.store.qq.com/psc?/V54C2OLx3pQy8a0fgch71esxCP2J9hMe/TmEUgtj9EK6.7V8ajmQrEDSZqKrKMjVoPW5XYtoLUnkS.jKArWc6Kae8SXM0V1DuGE7GSl19KaE8IF0RL4aZnlA2oA3l*KzqShrfwUjL5No!/r">
</li>
<li>
初始化Fernet，执行如下两条命令
<pre><code class="language-shell">keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
</code></pre>
</li>
<li>
引导身份认证服务
<pre><code class="language-shell">keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
</code></pre>
</li>
</ol>
<h5 id="3配置apache-http服务">3、配置Apache HTTP服务</h5>
<ol>
<li>
编辑<code>vim /etc/httpd/conf/httpd.conf</code>文件，添加如下信息
<pre><code class="language-shell">ServerName controller
</code></pre>
</li>
<li>
创建<code>/usr/share/keystone/wsgi-keystone.conf</code>文件链接
<pre><code class="language-shell">ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
</code></pre>
</li>
<li>
启动httpd服务并设置开机自启
<pre><code class="language-shell">systemctl start httpd && systemctl enable httpd
</code></pre>
</li>
<li>
创建环境变量脚本来配置管理员账号，执行命令<code>vim /admin-openrc.sh</code>，添加如下信息
<pre><code class="language-shell">export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
</code></pre>
然后初始化，脚本执行命令<code>source /admin-openrc.sh</code>或者<code>. /admin-openrc.sh</code>
</li>
</ol>
<h5 id="4创建域项目用户和角色">4、创建域，项目，用户和角色</h5>
<ol>
<li>
创建域，程序中已存在默认域，此命令只是一个创建域的例子，可以不执行
<pre><code class="language-shell">openstack domain create --description "An Example Domain" example
</code></pre>
</li>
<li>
创建service项目，也叫做租户
<pre><code class="language-shell">openstack project create --domain default --description "Service Project" service
</code></pre>
</li>
<li>
创建myproject测试项目
<pre><code class="language-shell">openstack project create --domain default --description "Demo Project" myproject
</code></pre>
</li>
<li>
创建myuser用户
<pre><code class="language-shell">openstack user create --domain default --password-prompt myuser
# 执行命令后需要设置用户密码，输入两次相同的密码
</code></pre>
</li>
<li>
创建myrole角色
<pre><code class="language-shell">openstack role create myrole
</code></pre>
</li>
<li>
将myrole角色添加到myproject项目和myuser用户
<pre><code class="language-shell">openstack role add --project myproject --user myuser myrole
</code></pre>
</li>
<li>
编辑环境变量脚本<code>vim /admin-openrc.sh</code>，修改脚本，把创建的项目用户信息添加到环境变量值
<pre><code class="language-shell">export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
</code></pre>
然后再次初始化脚本，执行命令<code>source /admin-openrc.sh</code>或者<code>. /admin-openrc.sh</code>
也可以根据自己创建的项目角色信息编写一个脚本，如：<code>vim /dyd-openrc.sh</code>
<pre><code class="language-shell">export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
</code></pre>
然后再次初始化脚本，执行命令<code>source /dyd-openrc.sh</code>或者<code>. /admin-openrc.sh</code>
</li>
<li>
验证token令牌
<pre><code class="language-shell"># 验证KeyStone服务是否正常
openstack token issue
</code></pre>
出现如下图信息就说明KeyStone配置完成啦！
<img src="http://r.photo.store.qq.com/psc?/V54C2OLx3pQy8a0fgch71esxCP2J9hMe/TmEUgtj9EK6.7V8ajmQrEGnrB4y8jOr13aoFRsg.sAAGiA2CQj*x3*zUgpz8bpXMBeUHEfV1rR1*5ZMvumd0m0nAhdgI9uZNImuRimYo79g!/r">
</li>
<li>
每次执行openstack命令之前都需要先执行脚本<code>source /admin-openrc.sh</code>或者<code>. /admin-openrc.sh</code>，所以也可以设置为开机自动加载环境变量，将命令添加到.bashrc中即可，如图
<img src="http://r.photo.store.qq.com/psc?/V54C2OLx3pQy8a0fgch71esxCP2J9hMe/TmEUgtj9EK6.7V8ajmQrEIJgCOztNO.I6T9QoUMUJFKglXbiiptK0qrgT8xD2GMAzX3UkScb1dVQCArWYBJHjdx8OIeSFS1BV*7MktwK.wE!/r">
</li>
</ol>
<h4 id="三glance服务安装">三、Glance服务安装</h4>
配置节点：仅控制节点
<h5 id="1创库授权-1">1、创库授权</h5>
<ol>
<li>
连接数据库
<pre><code class="language-mysql">mysql -u root -p
</code></pre>
</li>
<li>
创建glance数据库
<pre><code class="language-mysql">CREATE DATABASE glance;
</code></pre>
</li>
<li>
授予glance数据库权限，然后退出
<pre><code class="language-mysql">GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';
exit;
</code></pre>
</li>
</ol>
<h5 id="2创建glance用户并关联角色">2、创建glance用户并关联角色</h5>
 上文已设置自动加载环境变量，若未设置且未加载，请先加载环境变量脚本<code>. /admin-openrc.sh</code>
<ol>
<li>
创建glance用户并设置密码为GLANCE_PASS，此处与上面创建用户的不同之处是未使用交互式的方式，直接将密码放入了命令中
<pre><code class="language-shell">openstack user create --domain default --password GLANCE_PASS glance
</code></pre>
</li>
<li>
使用admin角色将Glance用户添加到服务项目中
<pre><code class="language-shell"># 在service的项目上给glance用户关联admin角色
openstack role add --project service --user glance admin
</code></pre>
</li>
</ol>
<h5 id="3创建glance服务并注册api">3、创建glance服务并注册API</h5>
<ol>
<li>
创建glance服务
<pre><code class="language-shell">openstack service create --name glance --description "OpenStack Image" image
</code></pre>
</li>
<li>
注册API，也就是创建镜像服务的API终端endpoints
<pre><code class="language-shell">openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
</code></pre>
</li>
</ol>
<h5 id="4安装并配置glance">4、安装并配置glance</h5>
<ol>
<li>
安装glance软件包，安装若出现依赖问题，请更换安装源
<pre><code class="language-shell">dnf install openstack-glance -y
</code></pre>
</li>
<li>
编辑<code>vim /etc/glance/glance-api.conf</code>文件，文件内容过多，进6000行，建议向上文一样使用命令配置，也可以手动配置
手动修改如下信息
<pre><code class="language-shell">
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance

www_authenticate_uri= http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS

flavor = keystone

stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
</code></pre>
命令行修改以上信息
<pre><code class="language-shell">crudini --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
crudini --set /etc/glance/glance-api.conf keystone_authtoken www_authenticate_uri http://controller:5000
crudini --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:5000
crudini --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211
crudini --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
crudini --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name Default
crudini --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name Default
crudini --set /etc/glance/glance-api.conf keystone_authtoken project_name service
crudini --set /etc/glance/glance-api.conf keystone_authtoken username glance
crudini --set /etc/glance/glance-api.conf keystone_authtoken password GLANCE_PASS
crudini --set /etc/glance/glance-api.conf paste_deploy flavor keystone
crudini --set /etc/glance/glance-api.conf glance_store stores file,http
crudini --set /etc/glance/glance-api.conf glance_store default_store file
crudini --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/
</code></pre>
</li>
<li>
同步数据库
<pre><code class="language-shell">su -s /bin/sh -c "glance-manage db_sync" glance
</code></pre>
</li>
<li>
启动glance服务并设置开机自启
<pre><code class="language-shell">systemctl start openstack-glance-api && systemctl enable openstack-glance-api
</code></pre>
</li>
<li>
下载一个测试镜像先上传到系统中，然后上传到glance服务中
<ul>
<li>
测试镜像cirros下载地址：点击此处进入下载页，由于网络限制，建议复制下载地址后使用迅雷等下载工具进行下载
</li>
<li>
使用命令上传到Glance服务中
<pre><code class="language-shell"># 将当前目录下的cirros-0.5.1-aarch64-disk.img镜像命名为“cirros”，镜像格式是qcow2，容器格式是bare，设为公有镜像
openstack image create "cirros" --file cirros-0.5.1-aarch64-disk.img --disk-format qcow2 --container-format bare --public
</code></pre>
出现如下图说明镜像上传成功，通过命令<code>openstack image list</code>可以看到上传的镜像
<img src="http://r.photo.store.qq.com/psc?/V54C2OLx3pQy8a0fgch71esxCP2J9hMe/TmEUgtj9EK6.7V8ajmQrEO*iq233dbFwoa90RBr*RKAW5kTIlN8hsYt5J0GqhfC4cjnwHnG9qxbgPK2B65fsAXdtAag.BdLLDFRO7TMwC70!/r">
镜像信息都是存在glance数据库中的，我们可以在glance库中的images表看到上传的镜像信息
<img src="http://r.photo.store.qq.com/psc?/V54C2OLx3pQy8a0fgch71esxCP2J9hMe/TmEUgtj9EK6.7V8ajmQrEFASdrvpethy3HeYTtNtITVV*D89L2QoCfd*7WNTjUFYgqkcY5OYo*5adBW2nHO4TMYwMRISAdl55q8*k4Xi0Ms!/r">
在/var/lib/glance/images/目录下可以看到镜像文件，如果要删除此镜像需要删除数据库信息，再删除镜像文件
</li>
</ul>
</li>
</ol>
<h4 id="四placement服务安装">四、Placement服务安装</h4>
配置节点：控制节点
Placement服务的作用是跟踪资源（如计算节点，存储资源池，网络资源池等）的使用情况，提供自定义资源的能力，为分配资源提供服务。Placement在openstack的Stein版本之前是属于Nova组件的一部分。在安装Nova之前需要先安装此组件
<h5 id="1创库授权-2">1、创库授权</h5>
<ol>
<li>
连接数据库
<pre><code class="language-mysql">mysql -u root -p
</code></pre>
</li>
<li>
创建Plancement数据库
<pre><code class="language-mysql">CREATE DATABASE placement;
</code></pre>
</li>
<li>
授予Plancement数据库权限，然后退出
<pre><code class="language-mysql">GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'PLACEMENT_DBPASS';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'PLACEMENT_DBPASS';
exit;
</code></pre>
</li>
</ol>
<h5 id="2配置用户和endpoint">2、配置用户和Endpoint</h5>
先加载环境变量<code>source /admin-openrc.sh</code>
<ol>
<li>
创建一个plancement用户并设置密码为PLACEMENT_PASS
<pre><code class="language-shell">openstack user create --domain default --password PLACEMENT_PASS placement
</code></pre>
</li>
<li>
使用admin角色将Placement用户添加到服务项目中
<pre><code class="language-shell"># 在service的项目上给placement用户关联admin角色
openstack role add --project service --user placement admin
</code></pre>
</li>
</ol>
<h5 id="3创建placement服务并注册api">3、创建Placement服务并注册API</h5>
<ol>
<li>
创建Plancement服务
<pre><code class="language-shell">openstack service create --name placement --description "Placement API" placement
</code></pre>
</li>
<li>
创建Plancement服务API端口
<pre><code class="language-shell">openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778
</code></pre>
</li>
</ol>
<h5 id="4安装并配置plancement">4、安装并配置Plancement</h5>
<ol>
<li>
安装Plancement软件包
<pre><code class="language-shell">dnf install openstack-placement-api -y
</code></pre>
</li>
<li>
编辑<code>vim /etc/placement/placement.conf</code>文件，文件700行左右，手动命令二选一
手动修改文件内容
<pre><code class="language-shell">
connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement

auth_strategy = keystone

auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = PLACEMENT_PASS
</code></pre>
命令行修改文件内容
<pre><code class="language-shell">crudini --set /etc/placement/placement.conf placement_database connection mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement
crudini --set /etc/placement/placement.conf api auth_strategy keystone
crudini --set /etc/placement/placement.conf keystone_authtoken auth_url http://controller:5000/v3
crudini --set /etc/placement/placement.conf keystone_authtoken memcached_servers controller:11211
crudini --set /etc/placement/placement.conf keystone_authtoken auth_type password
crudini --set /etc/placement/placement.conf keystone_authtoken project_domain_name Default
crudini --set /etc/placement/placement.conf keystone_authtoken user_domain_name Default
crudini --set /etc/placement/placement.conf keystone_authtoken project_name service
crudini --set /etc/placement/placement.conf keystone_authtoken username placement
crudini --set /etc/placement/placement.conf keystone_authtoken password PLACEMENT_PASS
</code></pre>
</li>
<li>
同步数据库
<pre><code class="language-shell">su -s /bin/sh -c "placement-manage db sync" placement
</code></pre>
</li>
<li>
重启httpd服务
<pre><code class="language-shell">systemctl restart httpd
</code></pre>
</li>
<li>
检查Placement服务状态
<pre><code class="language-shell">placement-status upgrade check
</code></pre>
出现如下图所示，说明安装配置成功
<img src="http://r.photo.store.qq.com/psc?/V54C2OLx3pQy8a0fgch71esxCP2J9hMe/TmEUgtj9EK6.7V8ajmQrEJLp4fOjOkKOgJo2D.5R4k576l7Rws6olPzDP24FOxixkKiwVhO2SsG0z347ldOiM6AZUcZKcKx5kIhi9.yeXoM!/r">
</li>
</ol>
<h4 id="五nova服务安装">五、Nova服务安装</h4>
配置节点：控制节点和计算节点
Nova是服务是openstack最核心的服务，由它来创建云主机，其它服务都是协助，同时Nova组件也是最多的，由于Nova组件较多，此处控制节点和计算节点分开写，再次提醒上文提到【配置节点：控制节点和计算节点】指的是相同的操作需要在控制节点和计算节点都执行一遍，这里是分开讲解安装步骤的，先从控制节点开始
控制节点
<h5 id="1创库授权-3">1、创库授权</h5>
<ol>
<li>
连接数据库
<pre><code class="language-mysql">mysql -u root -p
</code></pre>
</li>
<li>
创建nova_api，nova和nova_cell0数据库
<pre><code class="language-mysql">CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
</code></pre>
</li>
<li>
分别授予三个数据库权限，然后退出
<pre><code class="language-mysql"># 授权nova_api数据库
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
# 授权nova数据库
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
# 授权nova_cell0数据库
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
exit;
</code></pre>
</li>
</ol>
<h5 id="2配置用户和endpoint-1">2、配置用户和Endpoint</h5>
先加载环境变量<code>source /admin-openrc.sh</code>
<ol>
<li>
创建nova用户并设置密码为NOVA_PASS
<pre><code class="language-shell">openstack user create --domain default --password NOVA_PASS nova
</code></pre>
</li>
<li>
使用admin角色将nova用户添加到服务项目中
<pre><code class="language-shell"># 在service的项目上给nova用户关联admin角色
openstack role add --project service --user nova admin
</code></pre>
</li>
</ol>
<h5 id="3创建nova服务并注册api">3、创建Nova服务并注册API</h5>
<ol>
<li>
创建Nova服务
<pre><code class="language-shell">openstack service create --name nova --description "OpenStack Compute" compute
</code></pre>
</li>
<li>
创建Nova服务API端口
<pre><code class="language-shell">openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
</code></pre>
</li>
</ol>
<h5 id="4安装并配置nova">4、安装并配置Nova</h5>
<ol>
<li>
安装nova相关软件包
<pre><code class="language-shell">dnf install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler -y
</code></pre>
</li>
<li>
编辑<code>vim /etc/nova/nova.conf</code>文件，文件近6000行，依然手动命令二选一
手动修改如下信息
<pre><code class="language-shell">
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/
my_ip = 192.166.66.10

connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api

connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova

auth_strategy = keystone

www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASS

enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip

api_servers = http://controller:9292

lock_path = /var/lib/nova/tmp

region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = PLACEMENT_PASS
</code></pre>
命令行修改以上信息，命令不要一次性批量操作，由于命令过多，批量执行终端可能会出错，建议分批次执行
<pre><code class="language-shell">crudini --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
crudini --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@controller:5672/
crudini --set /etc/nova/nova.conf DEFAULT my_ip 192.166.66.10
crudini --set /etc/nova/nova.conf api_database connection mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
crudini --set /etc/nova/nova.conf database connection mysql+pymysql://nova:NOVA_DBPASS@controller/nova
crudini --set /etc/nova/nova.conf api auth_strategy keystone
crudini --set /etc/nova/nova.conf keystone_authtoken www_authenticate_uri http://controller:5000/
crudini --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:5000/
crudini --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211
crudini --set /etc/nova/nova.conf keystone_authtoken auth_type password
crudini --set /etc/nova/nova.conf keystone_authtoken project_domain_name Default
crudini --set /etc/nova/nova.conf keystone_authtoken user_domain_name Default
crudini --set /etc/nova/nova.conf keystone_authtoken project_name service
crudini --set /etc/nova/nova.conf keystone_authtoken username nova
crudini --set /etc/nova/nova.conf keystone_authtoken password NOVA_PASS
crudini --set /etc/nova/nova.conf vnc enabled true
crudini --set /etc/nova/nova.conf vnc server_listen '$my_ip'
crudini --set /etc/nova/nova.conf vnc server_proxyclient_address '$my_ip'
crudini --set /etc/nova/nova.conf glance api_servers http://controller:9292
crudini --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
crudini --set /etc/nova/nova.conf placement region_name RegionOne
crudini --set /etc/nova/nova.conf placement project_domain_name Default
crudini --set /etc/nova/nova.conf placement project_name service
crudini --set /etc/nova/nova.conf placement auth_type password
crudini --set /etc/nova/nova.conf placement user_domain_name Default
crudini --set /etc/nova/nova.conf placement auth_url http://controller:5000/v3
crudini --set /etc/nova/nova.conf placement username placement
crudini --set /etc/nova/nova.conf placement password PLACEMENT_PASS
</code></pre>
</li>
<li>
同步数据库
<pre><code class="language-shell"># 同步nova_api数据库
su -s /bin/sh -c "nova-manage api_db sync" nova
# 同步nova_cell0数据库
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
# 创建cell1
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
# 同步nova数据库
su -s /bin/sh -c "nova-manage db sync" nova
</code></pre>
验证nova_cell0和cell1是否添加成功
<pre><code class="language-shell">su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
</code></pre>
<img src="http://r.photo.store.qq.com/psc?/V54C2OLx3pQy8a0fgch71esxCP2J9hMe/TmEUgtj9EK6.7V8ajmQrELiChjvOuzs8yZj548FUNLfOo*3Tm*8itjy8JlabkYKWTyS9QuX8XX8BtcgdQdFdaBDmJdgOghi2k1p.11YnBec!/r">
</li>
<li>
启动服务并设为开机自启
<pre><code class="language-shell">systemctl start openstack-nova-api openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy &&
systemctl enable openstack-nova-api openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy
</code></pre>
</li>
<li>
验证服务是否成功启动，使用命令<code>nova service-list</code>，如下图
<img src="http://r.photo.store.qq.com/psc?/V54C2OLx3pQy8a0fgch71esxCP2J9hMe/TmEUgtj9EK6.7V8ajmQrEBuR3jof8dWQvibMikXsLIQ1EzZqAgaJUFZT4ETvEnWnajr4hY*rUwXLzwlWBGfUImkrLpvq6iJhxEHWqVk5Xt8!/r">
启动了4个服务，为什么只看到2个服务呢？
这是因为<code>nova service-list</code>这个命令是发给openstack-nova-api的，由openstack-nova-api服务返回响应结果，若nova-api服务关闭了，openstack-nova-scheduler和openstack-nova-conductor两个服务便无法启动，而查看openstack-nova-novncproxy服务是启动成功，是通过端口查看的，<code>netstat -lntup | grep 6080</code>，查看进程<code>ps -ef | grep 上条命令得到的进程号</code>，如下图
<img src="http://r.photo.store.qq.com/psc?/V54C2OLx3pQy8a0fgch71esxCP2J9hMe/TmEUgtj9EK6.7V8ajmQrEBCgGNMNUYV3rntIXyw*DOPGl3a.tkumq4v9r*fza8RJbDBri6hRVhh10eHHKnIZAVbh*wKsDG5whffljN*aKLk!/r">
可以通过Web访问noVNC页面，只是还没有连接云主机
<img src="http://r.photo.store.qq.com/psc?/V54C2OLx3pQy8a0fgch71esxCP2J9hMe/TmEUgtj9EK6.7V8ajmQrEF.m55ccbC3pEQCyv6kUXYI46wQTT9oanRMNXgeVH.We.MMu8pzwXgekTnMFUFmyt8O3Ua..NM9iEuZgvzVIuCs!/r">
</li>
</ol>
计算节点
<h5 id="1安装并配置nova">1、安装并配置Nova</h5>
<ol>
<li>
安装软件包
<pre><code class="language-shell">dnf install openstack-nova-compute -y
</code></pre>
</li>
<li>
编辑<code>vim /etc/nova/nova.conf</code>文件，文件5500行左右，手动命令二选一
手动修改文件以下内容
<pre><code class="language-shell">
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:RABBIT_PASS@controller
my_ip = 192.166.66.11

auth_strategy = keystone

www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASS

enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html

api_servers = http://controller:9292

lock_path = /var/lib/nova/tmp

region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = PLACEMENT_PASS
</code></pre>
命令修改以上内容，已更换节点，使用命令需要先执行安装软件包
<pre><code class="language-shell">dnf install crudini -y

crudini --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
crudini --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@controller
crudini --set /etc/nova/nova.conf DEFAULT my_ip 192.166.66.11
crudini --set /etc/nova/nova.conf api auth_strategy keystone
crudini --set /etc/nova/nova.conf keystone_authtoken www_authenticate_uri http://controller:5000/
crudini --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:5000/
crudini --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211
crudini --set /etc/nova/nova.conf keystone_authtoken auth_type password
crudini --set /etc/nova/nova.conf keystone_authtoken project_domain_name Default
crudini --set /etc/nova/nova.conf keystone_authtoken user_domain_name Default
crudini --set /etc/nova/nova.conf keystone_authtoken project_name service
crudini --set /etc/nova/nova.conf keystone_authtoken username nova
crudini --set /etc/nova/nova.conf keystone_authtoken password NOVA_PASS
crudini --set /etc/nova/nova.conf vnc enabled true
crudini --set /etc/nova/nova.conf vnc server_listen 0.0.0.0
crudini --set /etc/nova/nova.conf vnc server_proxyclient_address '$my_ip'
crudini --set /etc/nova/nova.conf vnc novncproxy_base_url http://controller:6080/vnc_auto.html
crudini --set /etc/nova/nova.conf glance api_servers http://controller:9292
crudini --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
crudini --set /etc/nova/nova.conf placement region_name RegionOne
crudini --set /etc/nova/nova.conf placement project_domain_name Default
crudini --set /etc/nova/nova.conf placement project_name service
crudini --set /etc/nova/nova.conf placement auth_type password
crudini --set /etc/nova/nova.conf placement user_domain_name Default
crudini --set /etc/nova/nova.conf placement auth_url http://controller:5000/v3
crudini --set /etc/nova/nova.conf placement username placement
crudini --set /etc/nova/nova.conf placement password PLACEMENT_PASS
</code></pre>
</li>
<li>
确认计算节点是否支持硬件加速
<pre><code class="language-shell">egrep -c '(vmx|svm)' /proc/cpuinfo
</code></pre>
执行命令后返回结果是数字说明支持硬件加速，否则需要编辑<code>vim /etc/nova/nova.conf</code>文件中的<code></code>部分，修改以下内容
<pre><code class="language-shell">
virt_type = qemu
</code></pre>
</li>
<li>
启动nova服务和后期管理虚机的libvirt服务并设为开机自启
<pre><code class="language-shell">systemctl start libvirtd openstack-nova-compute && systemctl enable libvirtd openstack-nova-compute
</code></pre>
</li>
</ol>
控制节点
计算节点安装配置完成后再回到控制节点操作
先加载环境变量脚本<code>source /admin-openrc.sh</code>
在控制节点查看nova-compute服务
<pre><code class="language-shell">openstack compute service list --service nova-compute
</code></pre>
同步计算节点
<pre><code class="language-shell">su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
</code></pre>
<img src="http://r.photo.store.qq.com/psc?/V54C2OLx3pQy8a0fgch71esxCP2J9hMe/TmEUgtj9EK6.7V8ajmQrED*9qRjC9Q7umASoosF6lBNsE4ccPrJXcwyrG5ZX70uljJEUWJsPyl6763wRc9BP8KSP8Oh2683fGqayq0OOMoc!/r">
设置发现间隔时间，编辑<code>vim /etc/nova/nova.conf</code>文件，修改文件
<pre><code class="language-shell"># 手动修改方式

discover_hosts_in_cells_interval = 300
# 命令修改方式
crudini --set /etc/nova/nova.conf scheduler discover_hosts_in_cells_interval 300
</code></pre>
此时再执行<code>nova service-list</code>命令，会多出一个compute服务
<img src="http://r.photo.store.qq.com/psc?/V54C2OLx3pQy8a0fgch71esxCP2J9hMe/TmEUgtj9EK6.7V8ajmQrEK0pxtcHmspa6XHfRcqE4CWq4Ot4arSwMQaiXWn4jj0dG7RHH8.XJQx8wfo9TNy06GxOdHp4St6*tzB.onh2r34!/r">
<h4 id="六neutron服务安装">六、Neutron服务安装</h4>
配置节点：控制节点和计算节点
控制节点
<h5 id="1创库授权-4">1、创库授权</h5>
<ol>
<li>
连接数据库
<pre><code class="language-mysql">mysql -u root -p
</code></pre>
</li>
<li>
创建neutron数据库
<pre><code class="language-mysql">CREATE DATABASE neutron;
</code></pre>
</li>
<li>
授予数据库权限，然后退出
<pre><code class="language-shell">GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
exit;
</code></pre>
</li>
</ol>
<h5 id="2配置用户和endpoint-2">2、配置用户和Endpoint</h5>
先加载环境变量<code>source /admin-openrc.sh</code>
<ol>
<li>
创建neutron用户并设置密码为NEUTRON_PASS
<pre><code class="language-shell">openstack user create --domain default --password NEUTRON_PASS neutron
</code></pre>
</li>
<li>
使用admin角色将neutron用户添加到服务项目中
<pre><code class="language-shell"># 在service的项目上给neutron用户关联admin角色
openstack role add --project service --user neutron admin
</code></pre>
</li>
</ol>
<h5 id="3创建neutron服务并注册api">3、创建Neutron服务并注册API</h5>
<ol>
<li>
创建Neutron服务
<pre><code class="language-shell">openstack service create --name neutron --description "OpenStack Networking" network
</code></pre>
</li>
<li>
创建Neutron服务API端口
<pre><code class="language-shell">openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
</code></pre>
</li>
</ol>
<h5 id="4安装并配置neutron">4、安装并配置Neutron</h5>
安装相关软件包
执行此命令安装软件包
<pre><code class="language-shell">dnf install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
</code></pre>
公有网络和私有网络配置任意选择一种即可
<h6 id="控制节点公有网络">控制节点公有网络</h6>
<ol>
<li>配置Neutron组件 
编辑<code>vim /etc/neutron/neutron.conf</code>文件</li>
</ol>
手动修改以下文件内容
<pre><code class="language-shell">
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron

core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true

www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS

auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS

lock_path = /var/lib/neutron/tmp
</code></pre>
命令修改以上文件内容
<pre><code class="language-shell">crudini --set /etc/neutron/neutron.conf database connection mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
crudini --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins
crudini --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@controller
crudini --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
crudini --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes true
crudini --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes true
crudini --set /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri http://controller:5000
crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:5000
crudini --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211
crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
crudini --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
crudini --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
crudini --set /etc/neutron/neutron.conf keystone_authtoken project_name service
crudini --set /etc/neutron/neutron.conf keystone_authtoken username neutron
crudini --set /etc/neutron/neutron.conf keystone_authtoken password NEUTRON_PASS
crudini --set /etc/neutron/neutron.conf nova auth_url http://controller:5000
crudini --set /etc/neutron/neutron.conf nova auth_type password
crudini --set /etc/neutron/neutron.conf nova project_domain_name default
crudini --set /etc/neutron/neutron.conf nova user_domain_name default
crudini --set /etc/neutron/neutron.conf nova region_name RegionOne
crudini --set /etc/neutron/neutron.conf nova project_name service
crudini --set /etc/neutron/neutron.conf nova username nova
crudini --set /etc/neutron/neutron.conf nova password NOVA_PASS
crudini --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
</code></pre>
<ol start="2">
<li>配置ML2组件</li>
</ol>
编辑<code>vim /etc/neutron/plugins/ml2/ml2_conf.ini</code>文件
手动修改以下文件内容
<pre><code class="language-shell">
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security

flat_networks = provider

enable_ipset = true
</code></pre>
命令修改以上文件内容
<pre><code class="language-shell">crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2tenant_network_types
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2mechanism_drivers linuxbridge
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2extension_drivers port_security
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks provider
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset true
</code></pre>
<ol start="3">
<li>配置LinuxBridge</li>
</ol>
编辑<code>vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini</code>文件
手动修改以下文件内容
<pre><code class="language-shell">
physical_interface_mappings = provider:ens33

enable_vxlan = false

enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
</code></pre>
命令修改以上文件内容
<pre><code class="language-shell">crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:ens33
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan false
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group true
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
</code></pre>
执行以下命令
<pre><code class="language-shell">modprobe br_netfilter
sysctl net.bridge.bridge-nf-call-iptables
sysctl net.bridge.bridge-nf-call-ip6tables
</code></pre>
<ol start="4">
<li>配置DHCP</li>
</ol>
编辑<code>vim /etc/neutron/dhcp_agent.ini</code>文件
手动修改文件以下内容
<pre><code class="language-shell">
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
</code></pre>
命令修改以上文件内容
<pre><code class="language-shell">crudini --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver linuxbridge
crudini --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
crudini --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata true
</code></pre>
<ol start="5">
<li>配置元数据代理</li>
</ol>
编辑<code>vim /etc/neutron/metadata_agent.ini</code>文件
手动修改以下文件内容
<pre><code class="language-shell">
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET
</code></pre>
命令修改以上文件内容
<pre><code class="language-shell">crudini --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_host controller
crudini --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret METADATA_SECRET
</code></pre>
<ol start="6">
<li>为Nova配置网络服务</li>
</ol>
编辑<code>vim /etc/nova/nova.conf</code>文件
手动修改以下文件内容
<pre><code class="language-shell">
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
</code></pre>
命令修改以上内容
<pre><code class="language-shell">crudini --set /etc/nova/nova.conf neutron auth_url http://controller:5000
crudini --set /etc/nova/nova.conf neutron auth_type password
crudini --set /etc/nova/nova.conf neutron project_domain_name default
crudini --set /etc/nova/nova.conf neutron user_domain_name default
crudini --set /etc/nova/nova.conf neutron region_name RegionOne
crudini --set /etc/nova/nova.conf neutron project_name service
crudini --set /etc/nova/nova.conf neutron username neutron
crudini --set /etc/nova/nova.conf neutron password NEUTRON_PASS
crudini --set /etc/nova/nova.conf neutron service_metadata_proxy true
crudini --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret METADATA_SECRET
</code></pre>
<h6 id="控制节点私有网络">控制节点私有网络</h6>
<ol>
<li>配置Neutron组件</li>
</ol>
编辑<code>vim /etc/neutron/neutron.conf</code>文件
手动修改以下文件内容
<pre><code class="language-shell">
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron

core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true

www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS

auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS

lock_path = /var/lib/neutron/tmp
</code></pre>
命令修改以上文件内容
<pre><code class="language-shell">crudini --set /etc/neutron/neutron.conf database connection mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
crudini --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins router
crudini --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips true
crudini --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@controller
crudini --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
crudini --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes true
crudini --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes true
crudini --set /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri http://controller:5000
crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:5000
crudini --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211
crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
crudini --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
crudini --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
crudini --set /etc/neutron/neutron.conf keystone_authtoken project_name service
crudini --set /etc/neutron/neutron.conf keystone_authtoken username neutron
crudini --set /etc/neutron/neutron.conf keystone_authtoken password NEUTRON_PASS
crudini --set /etc/neutron/neutron.conf nova auth_url http://controller:5000
crudini --set /etc/neutron/neutron.conf nova auth_type password
crudini --set /etc/neutron/neutron.conf nova project_domain_name default
crudini --set /etc/neutron/neutron.conf nova user_domain_name default
crudini --set /etc/neutron/neutron.conf nova region_name RegionOne
crudini --set /etc/neutron/neutron.conf nova project_name service
crudini --set /etc/neutron/neutron.conf nova username nova
crudini --set /etc/neutron/neutron.conf nova password NOVA_PASS
crudini --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
</code></pre>
<ol start="2">
<li>配置ML2组件</li>
</ol>
编辑<code>vim /etc/neutron/plugins/ml2/ml2_conf.ini</code>文件
手动修改以下文件内容
<pre><code class="language-shell">
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security

flat_networks = provider

vni_ranges = 1:1000

enable_ipset = true
</code></pre>
命令修改以上文件内容
<pre><code class="language-shell">crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan,vxlan
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2tenant_network_types vxlan
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2mechanism_drivers linuxbridge,l2population
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2extension_drivers port_security
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks provider
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset true
</code></pre>
<ol start="3">
<li>配置LinuxBridge</li>
</ol>
编辑<code>vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini</code>文件
手动修改以下文件内容
<pre><code class="language-shell">
physical_interface_mappings = provider:ens33

enable_vxlan = true
local_ip = 192.166.66.10
l2_population = true

enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
</code></pre>
命令修改以上文件内容
<pre><code class="language-shell">crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:ens33
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan true
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 192.166.66.10
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population true
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group true
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
</code></pre>
执行以下三条命令
<pre><code class="language-shell">modprobe br_netfilter
sysctl net.bridge.bridge-nf-call-iptables
sysctl net.bridge.bridge-nf-call-ip6tables
</code></pre>
<ol start="4">
<li>配置L3</li>
</ol>
编辑<code>vim /etc/neutron/l3_agent.ini</code>文件，手动修改以下内容
<pre><code class="language-shell">
interface_driver = linuxbridge
</code></pre>
命令修改以上内容
<pre><code class="language-shell">crudini --set /etc/neutron/l3_agent.ini DEFAULT interface_driver linuxbridge
</code></pre>
<ol start="5">
<li>配置DHCP</li>
</ol>
编辑<code>vim /etc/neutron/dhcp_agent.ini</code>文件
手动修改文件以下内容
<pre><code class="language-shell">
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
</code></pre>
命令修改以上文件内容
<pre><code class="language-shell">crudini --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver linuxbridge
crudini --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
crudini --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata true
</code></pre>
<ol start="6">
<li>配置元数据代理</li>
</ol>
编辑<code>vim /etc/neutron/metadata_agent.ini</code>文件
手动修改以下文件内容
<pre><code class="language-shell">
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET

memcache_servers = controller:11211
</code></pre>
命令修改以上文件内容
<pre><code class="language-shell">crudini --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_host controller
crudini --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret METADATA_SECRET
crudini --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211
</code></pre>
<ol start="7">
<li>为Nova配置网络服务</li>
</ol>
编辑<code>vim /etc/nova/nova.conf</code>文件
手动修改以下文件内容
<pre><code class="language-shell">
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
</code></pre>
命令修改以上内容
<pre><code class="language-shell">crudini --set /etc/nova/nova.conf neutron auth_url http://controller:5000
crudini --set /etc/nova/nova.conf neutron auth_type password
crudini --set /etc/nova/nova.conf neutron project_domain_name default
crudini --set /etc/nova/nova.conf neutron user_domain_name default
crudini --set /etc/nova/nova.conf neutron region_name RegionOne
crudini --set /etc/nova/nova.conf neutron project_name service
crudini --set /etc/nova/nova.conf neutron username neutron
crudini --set /etc/nova/nova.conf neutron password NEUTRON_PASS
crudini --set /etc/nova/nova.conf neutron service_metadata_proxy true
crudini --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret METADATA_SECRET
</code></pre>
<h5 id="5控制节点安装确认">5、控制节点安装确认</h5>
<ol>
<li>
添加sudoer权限
修改<code>vim /etc/neutron/neutron.conf</code>文件，修改以下内容
<pre><code class="language-shell">
user = neutron
helper_command = sudo privsep-helper
</code></pre>
修改<code>vim /etc/sudoers.d/neutron</code>文件，添加以下内容后强制保存退出
<pre><code class="language-shell">neutron ALL = (root) NOPASSWD: ALL
</code></pre>
</li>
<li>
网络服务初始化脚本需要一个软链接指向/etc/neutron/plugins/ml2/ml2_conf.ini文件，创建软链接
<pre><code class="language-shell">ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
</code></pre>
</li>
<li>
同步数据库
<pre><code class="language-shell">su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
</code></pre>
</li>
<li>
重启nova-api服务
<pre><code class="language-shell">systemctl restart openstack-nova-api
</code></pre>
</li>
<li>
启用网络服务并设为开机自启，两种网络都需要要执行以下两条命令
<pre><code class="language-shell">systemctl start neutron-server neutron-linuxbridge-agent neutron-dhcp-agent neutron-metadata-agent &&
systemctl enable neutron-server neutron-linuxbridge-agent neutron-dhcp-agent neutron-metadata-agent
</code></pre>
</li>
<li>
对于私有网络，还应该启动L3服务并设为开机自启
<pre><code class="language-shell">systemctl restart neutron-l3-agent && systemctl enable neutron-l3-agent
</code></pre>
</li>
<li>
查看网络代理
<pre><code class="language-shell">openstack network agent list
</code></pre>
控制节点成功配置公有网络后，应输出如下图
<img src="http://r.photo.store.qq.com/psc?/V54C2OLx3pQy8a0fgch71esxCP2J9hMe/TmEUgtj9EK6.7V8ajmQrEBIMnDXTwW2i9WqHZp*jBRsZ*1djbhFg5R4B23p3kzrWi4wk7DL4YrtiIZVkeY.R3wJl7.THwV7Yt8ZQN6DUmxU!/r">
控制节点成功配置私有网络后，应输出如下图
<img src="http://r.photo.store.qq.com/psc?/V54C2OLx3pQy8a0fgch71esxCP2J9hMe/TmEUgtj9EK6.7V8ajmQrEIACOWcDCwgKtEh1TNXZAQ*.wuiapKyRi2fHzrOoakwJMy83TSd*A7McECGPAcx7vMPVuVjQX2Qzn9K.vuiF*u0!/r">
</li>
</ol>
计算节点
<ol>
<li>
安装相关软件包
<pre><code class="language-shell">dnf install openstack-neutron-linuxbridge ebtables ipset -y
</code></pre>
</li>
</ol>
公有网络和私有网络配置任意选择一种即可，但要与控制节点保持一致
<ol start="2">
<li>
配置网络组件
编辑<code>vim /etc/neutron/neutron.conf</code>文件，手动修改以下文件内容
<pre><code class="language-shell">
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone

www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS

lock_path = /var/lib/neutron/tmp
</code></pre>
命令修改以上文件
<pre><code class="language-shell">crudini --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@controller
crudini --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
crudini --set /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri http://controller:5000
crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:5000
crudini --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211
crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
crudini --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
crudini --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
crudini --set /etc/neutron/neutron.conf keystone_authtoken project_name service
crudini --set /etc/neutron/neutron.conf keystone_authtoken username neutron
crudini --set /etc/neutron/neutron.conf keystone_authtoken password NEUTRON_PASS
crudini --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
</code></pre>
</li>
</ol>
<h6 id="计算节点公有网络">计算节点公有网络</h6>
<ol start="3">
<li>
配置LinuxBridge
编辑<code>vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini</code>文件，手动修改以下文件内容
<pre><code class="language-shell">
physical_interface_mappings = provider:ens33

enable_vxlan = false

enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
</code></pre>
命令修改以上文件内容
<pre><code class="language-shell">crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:ens33
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan false
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group true
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
</code></pre>
执行以下三条命令
<pre><code class="language-shell">modprobe br_netfilter
sysctl net.bridge.bridge-nf-call-iptables
sysctl net.bridge.bridge-nf-call-ip6tables
</code></pre>
</li>
</ol>
<h6 id="计算节点私有网络">计算节点私有网络</h6>
<ol>
<li>
配置LinuxBridge
编辑<code>vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini</code>文件，手动修改以下文件内容
<pre><code class="language-shell">
physical_interface_mappings = provider:ens33

enable_vxlan = true
local_ip = 192.166.66.11
l2_population = true

enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
</code></pre>
命令修改以上文件内容
<pre><code class="language-shell">crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:ens33
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan true
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 192.166.66.11
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population true
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group true
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
</code></pre>
执行以下三条命令
<pre><code class="language-shell">modprobe br_netfilter
sysctl net.bridge.bridge-nf-call-iptables
sysctl net.bridge.bridge-nf-call-ip6tables
</code></pre>
</li>
<li>
为Nova配置网络服务
编辑<code>vim /etc/nova/nova.conf</code>文件，手动修改以下内容
<pre><code class="language-shell">
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
</code></pre>
命令修改以上文件内容
<pre><code class="language-shell">crudini --set /etc/nova/nova.conf neutron auth_url http://controller:5000
crudini --set /etc/nova/nova.conf neutron auth_type password
crudini --set /etc/nova/nova.conf neutron project_domain_name default
crudini --set /etc/nova/nova.conf neutron user_domain_name default
crudini --set /etc/nova/nova.conf neutron region_name RegionOne
crudini --set /etc/nova/nova.conf neutron project_name service
crudini --set /etc/nova/nova.conf neutron username neutron
crudini --set /etc/nova/nova.conf neutron password NEUTRON_PASS
</code></pre>
</li>
</ol>
<h5 id="6计算节点安装确认">6、计算节点安装确认</h5>
<ol>
<li>
添加sudoer权限
修改<code>vim /etc/neutron/neutron.conf</code>文件，修改以下内容
<pre><code class="language-shell">
user = neutron
helper_command = sudo privsep-helper
</code></pre>
修改<code>vim /etc/sudoers.d/neutron</code>文件，添加以下内容后强制保存退出
<pre><code class="language-shell">neutron ALL = (root) NOPASSWD: ALL
</code></pre>
</li>
<li>
关闭Selinux
编辑<code>vim /etc/selinux/config</code>文件
<pre><code class="language-shell"># 修改SELINUX的值，保存退出
SELINUX=permissive

#执行以下命令，使配置立即生效
setenforce 0
</code></pre>
</li>
<li>
重启计算服务
<pre><code class="language-shell">systemctl restart openstack-nova-compute
</code></pre>
</li>
<li>
启动LinuxBridge代理并设为开机自启
<pre><code class="language-shell">systemctl start neutron-linuxbridge-agent && systemctl enable neutron-linuxbridge-agent
</code></pre>
</li>
<li>
回到控制节点再次执行查看网络代理命令
<pre><code class="language-shell">openstack network agent list
</code></pre>
计算节点配置公有网络后，应输出如下图，多出一个计算节点的网桥
<img src="http://r.photo.store.qq.com/psc?/V54C2OLx3pQy8a0fgch71esxCP2J9hMe/TmEUgtj9EK6.7V8ajmQrEItld56zc0kEgAQVntRLtukMOwUm3QcNbLb4KVj3DYfeRrLVVd6odWuAd3nf8qNrl0V*A790NF9F6nR974daxyQ!/r">
计算节点配置私有网络后，应输出如下图，同样也是多出一个计算节点的网桥
<img src="http://r.photo.store.qq.com/psc?/V54C2OLx3pQy8a0fgch71esxCP2J9hMe/TmEUgtj9EK6.7V8ajmQrEDqXROW9ciyt4LMK9Ppo2yUdsC.ssMfd*M2ryzs4I3PNMvfCjiLkboh*tnsoIc9X4E8ONpqQi5A5tX8dvy5NCn0!/r">
</li>
</ol>
<h4 id="七horizon服务安装">七、Horizon服务安装</h4>
配置节点：控制节点或者计算节点
此处以安装到计算节点为例，两节点中网络配置为私有网络
<h6 id="1-安装软件包">1. 安装软件包</h6>
<pre><code class="language-shell">dnf install openstack-dashboard -y
</code></pre>
<h6 id="2-配置horizon文件">2. 配置Horizon文件</h6>
编辑 <code>vim /etc/openstack-dashboard/local_settings</code> 文件，修改以下文件内容
<pre><code class="language-shell"># 配置仪表盘在controller节点上使用openstack服务
OPENSTACK_HOST = "controller"
# 配置运行访问仪表盘的主机，星号表示运行所有主机访问
ALLOWED_HOSTS = ['*']
# 配置memcached会话存储服务
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
# 启用身份API版本3
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
TIME_ZONE = "Asia/Shanghai"
# 上面几项修改即可，以下为新增信息
# 启用对域的支持
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
# 配置API版本
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 3,
}
# 配置默认域
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
# 配置默认角色
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
# 启用对第3层网络服务的支持，若是公有网络则需要禁用对第3层网络服务的支持，将True改为False
OPENSTACK_NEUTRON_NETWORK = {
'enable_router': True,
'enable_quotas': True,
'enable_distributed_router': True,
'enable_ha_router': True,
'enable_lb': True,
'enable_firewall': True,
'enable_vpn': True,
'enable_fip_topology_check': True,
}
</code></pre>
编辑<code>vim /etc/httpd/conf.d/openstack-dashboard.conf</code>文件，添加以下内容
<pre><code class="language-shell">WSGIApplicationGroup %{GLOBAL}
</code></pre>
重建apache的dashboard配置文件
<pre><code class="language-shell"># 执行以下两条命令
cd /usr/share/openstack-dashboard
python3 manage.py make_web_conf --apache > /etc/httpd/conf.d/openstack-dashboard.conf
</code></pre>
建立策略文件（policy.json）的软链接
<pre><code class="language-shell">ln -s /etc/openstack-dashboard /usr/share/openstack-dashboard/openstack_dashboard/conf
</code></pre>
<h6 id="3-安装确认">3. 安装确认</h6>
重启Web服务器和会话存储服务
<pre><code class="language-shell"># 计算节点执行，启动httpd服务并设为开机自启
systemctl start httpd && systemctl enable httpd
# 控制节点执行，重启memcached会话存储服务
systemctl restart memcached
</code></pre>
<h6 id="4-访问dashboard">4. 访问Dashboard</h6>
<pre><code class="language-http">http://192.166.66.11
</code></pre>
成功访问页面如下
<img src="http://r.photo.store.qq.com/psc?/V54C2OLx3pQy8a0fgch71esxCP2J9hMe/TmEUgtj9EK6.7V8ajmQrEI7hCWhMtJG*CjNgbsecnXN.4MCtz2GdrHdRFzRPy9uaA1g9jZ2Xo5hZdIsqF6bNflqkqIKjXQRZPeOrO1qw8mY!/r">
文件配置正确会自动填入域Default，否则可能配置有问题，手动输入也会登录失败，若不记得用户名密码可以查看环境变量脚本
<img src="http://r.photo.store.qq.com/psc?/V54C2OLx3pQy8a0fgch71esxCP2J9hMe/TmEUgtj9EK6.7V8ajmQrEG72D5q6SYdl7tQxbdClgIJZI1UjgawcOCx.YrpeN3.hO8rCcHrBB.A9EbfokreU7PBUa.qKG82DGYPewzJJ0ck!/r">
输入用户名密码就可以成功访问啦
<img src="http://r.photo.store.qq.com/psc?/V54C2OLx3pQy8a0fgch71esxCP2J9hMe/TmEUgtj9EK6.7V8ajmQrENhICiSv3P3TXYmB*GfJZ4lFLVmQSAYAUocE3jQf0.Co5AenHYxEmyVG3VboB.LkH*vQ2eidR9sbiX8JFVnH2hs!/r">
此次安装除SQL数据库外，其它全部使用默认密码！若自己设置密码一定要记清楚，密码太多容易搞错，安装过程一定要细心，用虚拟机安装要多使用快照功能
其它方式安装可以参考这三篇文章 
Centos 8使用devstack快速安装openstack最新版 
Centos 8中使用Packstack(RDO)快速安装openstack Victoria版 
Ubuntu 20使用devstack快速安装openstack最新版 
来源：https://www.cnblogs.com/dyd168/p/14460927.html

頁: [1]

琼殿技术论坛's Archiver

Centos 8安装部署openstack Victoria版