部署环境

主机名IP系统部署模块
controller192.168.31.11CentOS 7 x86_64MySQL-server RabbitMQ-server memcached
etcd keystone glance nova-api placement neutron horizon
node2192.168.31.12CentOS 7 x86_64nova-compute neutron-linuxbridge
node3192.168.31.13CentOS 7 x86_64nova-compute neutron-linuxbridge

环境准备

关闭防火墙

[root@controller ~]# systemctl disable firewalld
[root@controller ~]# systemctl stop firewalld

关闭 SELinux

[root@controller ~]# sed -i 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
[root@controller ~]# setenforce 0

时间同步

[root@controller ~]# yum install -y chrony
[root@controller ~]# systemctl enable chronyd
[root@controller ~]# systemctl start chronyd

Host 解析

192.168.31.11    controller
192.168.31.12    node2
192.168.31.13    node3

更新系统

[root@controller ~]# yum upgrade -y

安装 OpenStack 基础软件包

安装 openstack yum 源

[root@controller ~]# yum install -y centos-release-openstack-rocky

安装 openstack 客户端

[root@controller ~]# yum install -y python-openstackclient

安装 openstack-selinux 包实现对 OpenStack 服务的安全策略进行自动管理

[root@controller ~]# yum install -y openstack-selinux

安装数据库服务

安装 MySQL Server

[root@controller ~]# yum install -y mariadb mariadb-server python2-PyMySQL

MySQL配置文件

[root@controller ~]# cat > /etc/my.cnf.d/openstack.cnf << EOF
[mysqld]
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
EOF

启动MySQL

[root@controller ~]# systemctl enable mariadb
[root@controller ~]# systemctl start mariadb

MySQL安全初始化

[root@controller ~]# mysql_secure_installation

mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB

  SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] Y <== 输入Y
New password: <== 设置MySQL root密码
Re-enter new password: <== 重复密码
Password updated successfully!
Reloading privilege tables..
... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y <== 输入Y
... Success!

Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y <== 输入Y
... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y <== 输入Y

  • Dropping test database...
    ... Success!
  • Removing privileges on test database...
    ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y <== 输入Y
... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

安装配置消息队列服务

安装RabbitMQ

[root@controller ~]# yum install -y rabbitmq-server

启动RabbitMQ

[root@controller ~]# systemctl enable rabbitmq-server
[root@controller ~]# systemctl enable rabbitmq-server

配置RabbitMQ访问权限

[root@controller ~]# rabbitmqctl add_user openstack RABBIT_PASS
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"

安装配置缓存服务

安装memcached

[root@controller ~]# yum install -y memcached python-memcached

编辑memcached配置文件/etc/sysconfig/memcached,修改以下参数

OPTIONS="-l 127.0.0.1,::1,controller"

启动 memcached

[root@controller ~]# systemctl enable memcached
[root@controller ~]# systemctl start memcached

安装配置 etcd

[root@controller ~]# yum install -y etcd

修改 etcd 配置文件 /etc/etcd/etcd.conf

#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://192.168.31.11:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.31.11:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.31.11:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.31.11:2379"
ETCD_INITIAL_CLUSTER="controller=http://192.168.31.11:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"

启动 etcd

[root@controller ~]# systemctl enable etcd
[root@controller ~]# systemctl start etcd

安装配置 Keystone

MySQL建库和授权访问

[root@controller ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
MariaDB [(none)]> exit

验证 MySQL

[root@controller ~]# mysql -ukeystone -pKEYSTONE_DBPASS -hcontroller -e "show databases;"
# 结果能看到 keystone 库即表示OK
+--------------------+
| Database           |
+--------------------+
| information_schema |
| keystone           |
+--------------------+

安装 keystone 及其相关软件包

[root@controller ~]# yum install -y openstack-keystone httpd mod_wsgi

编辑 keystone 配置文件 /etc/keystone/keystone.conf

[database]
# ...
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone

[token]
# ...
provider = fernet

初始化 keystone 数据库

[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone

验证

[root@controller ~]# mysql -ukeystone -pKEYSTONE_DBPASS -hcontroller -e "use keystone; show tables;"
# 输出以下结果即表示初始化成功
+-----------------------------+
| Tables_in_keystone          |
+-----------------------------+
| access_token                |
| application_credential      |
| application_credential_role |
              ……
              ……
| user_option                 |
| whitelisted_config          |
+-----------------------------+

初始化密钥信息

[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone \
  --keystone-group keystone
[root@controller ~]# keystone-manage credential_setup --keystone-user keystone \
  --keystone-group keystone

初始化 keystone

[root@controller ~]# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
  --bootstrap-admin-url http://controller:5000/v3/ \
  --bootstrap-internal-url http://controller:5000/v3/ \
  --bootstrap-public-url http://controller:5000/v3/ \
  --bootstrap-region-id RegionOne

配置 Apache HTTP Server

编辑 /etc/httpd/conf/httpd.conf

ServerName controller

keystone 的配置文件软链接至 /etc/httpd/conf.d/

[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

启动 httpd 服务

[root@controller ~]# systemctl enable httpd
[root@controller ~]# systemctl start httpd

配置环境变量

[root@controller ~]# export OS_USERNAME=admin
[root@controller ~]# export OS_PASSWORD=ADMIN_PASS
[root@controller ~]# export OS_PROJECT_NAME=admin
[root@controller ~]# export OS_USER_DOMAIN_NAME=Default
[root@controller ~]# export OS_PROJECT_DOMAIN_NAME=Default
[root@controller ~]# export OS_AUTH_URL=http://controller:5000/v3
[root@controller ~]# export OS_IDENTITY_API_VERSION=3

创建域、项目、用户和角色

  • 创建 default 域

    [root@controller ~]# openstack domain create --description "An Example Domain" example
    
    +-------------+----------------------------------+
    | Field       | Value                            |
    +-------------+----------------------------------+
    | description | An Example Domain                |
    | enabled     | True                             |
    | id          | 8b4e4a51be8a4547b7fd8b37e6681df2 |
    | name        | example                          |
    | tags        | []                               |
    +-------------+----------------------------------+
  • 创建 service 项目

    [root@controller ~]# openstack project create --domain default \
      --description "Service Project" service
    
    +-------------+----------------------------------+
    | Field       | Value                            |
    +-------------+----------------------------------+
    | description | Service Project                  |
    | domain_id   | default                          |
    | enabled     | True                             |
    | id          | a0e0875bf35b4165830461c932ba22a8 |
    | is_domain   | False                            |
    | name        | service                          |
    | parent_id   | default                          |
    | tags        | []                               |
    +-------------+----------------------------------+
  • 创建 myproject 项目

    [root@controller ~]# openstack project create --domain default \
      --description "Demo Project" myproject
    
    +-------------+----------------------------------+
    | Field       | Value                            |
    +-------------+----------------------------------+
    | description | Demo Project                     |
    | domain_id   | default                          |
    | enabled     | True                             |
    | id          | 935738b309f9478a80c644924b7785b9 |
    | is_domain   | False                            |
    | name        | myproject                        |
    | parent_id   | default                          |
    | tags        | []                               |
    +-------------+----------------------------------+
  • 创建 myuser 用户

    [root@controller ~]# openstack user create --domain default \
      --password-prompt myuser
    
    User Password: <== 输入用户据密码,我这里输入的是MYUSER_PASS
    Repeat User Password: <== 重复密码
    +---------------------+----------------------------------+
    | Field               | Value                            |
    +---------------------+----------------------------------+
    | domain_id           | default                          |
    | enabled             | True                             |
    | id                  | 3b5af6b5404146a29eb678da9daf7a44 |
    | name                | myuser                           |
    | options             | {}                               |
    | password_expires_at | None                             |
    +---------------------+----------------------------------+
  • 创建 myrole 角色

    [root@controller ~]# openstack role create myrole
    
    +-----------+----------------------------------+
    | Field     | Value                            |
    +-----------+----------------------------------+
    | domain_id | None                             |
    | id        | 09e8b89c49d743a7ab8c50ba21213374 |
    | name      | myrole                           |
    +-----------+----------------------------------+
  • 添加 myuser 至 myproject 项目和 myrole 角色

    [root@controller ~]# openstack role add --project myproject --user myuser myrole

验证

  • 删除环境变量

    [root@controller ~]# unset OS_USERNAME OS_PASSWORD OS_PROJECT_NAME OS_USER_DOMAIN_NAME OS_PROJECT_DOMAIN_NAME OS_AUTH_URL OS_IDENTITY_API_VERSION
  • 验证 admin 用户登陆

    [root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \
    --os-project-domain-name Default --os-user-domain-name Default \
    --os-project-name admin --os-username admin \
    --os-identity-api-version 3 token issue
    
    Password: <== 输入admin密码,我这里是ADMIN_PASS
    +------------+-----------------------------------------------------------------+
    | Field      | Value                                                           |
    +------------+-----------------------------------------------------------------+
    | expires    | 2019-03-03T01:37:40+0000                                        |
    | id         | VT2Kc1nYpU7F6F38rpqXrSH0xLmYzXwAWpSVTutiNuHGIgyYKv6IY4PUBd8zMPa |
    |            | qH3NUGziCslxejMTdfhPQkzLjWuDsSpSPwpixyULcP8R-GNMPGGJGkWCP1loBOm |
    |            | ZvGQv4_CPzsjyev5ms                                              |
    | project_id | 3a0c69d746954f9fa7997a81a86b4a15                                |
    | user_id    | 62f0110e73924344855caf604e8bffd9                                |
    +------------+-----------------------------------------------------------------+
  • 验证 myuser 用户登陆

    [root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \
      --os-project-domain-name Default --os-user-domain-name Default \
      --os-project-name myproject --os-username myuser \
      --os-identity-api-version 3 token issue
    
    Password: <== 输入myuser密码,我这里是MYUSER_PASS
    +------------+-----------------------------------------------------------------+
    | Field      | Value                                                           |
    +------------+-----------------------------------------------------------------+
    | expires    | 2019-03-03T01:38:03+0000                                        |
    | id         | gAAAAABceyHrFRdjErDQ50EySfeHqTCLHonzoo-hCnKlq2QJXrYLgPJkPbDE29d |
    |            | Q82myu0J7ngYsLUF0623wIu3MRnpzFEIEg0VdKXXEGz-ancir1Jp2_o8mzYcid- |
    |            | 5Uo2hvGMP3wZrWLhvgZM1yKbc3cTi_xrnMwJhHs4MPNSz8Nt197oJ7XUE       |
    | project_id | 935738b309f9478a80c644924b7785b9                                |
    | user_id    | 3b5af6b5404146a29eb678da9daf7a44                                |
    +------------+-----------------------------------------------------------------+

创建 OpenStack 客户端环境变量

[root@controller ~]# cat > openstack-admin.rc << EOF
export PS1='[\u@\h \W (openstack-admin)]\\$ '
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF

[root@controller ~]# cat > openstack-myuser.rc << EOF
export PS1='[\u@\h \W (openstack-myuser)]\\$ '
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=MYUSER_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF

验证

  • 验证 admin 用户

    [root@controller ~]# . openstack-admin.rc
    [root@controller ~ (openstack-admin)]# openstack token issue
    
    +------------+-----------------------------------------------------------------+
    | Field      | Value                                                           |
    +------------+-----------------------------------------------------------------+
    | expires    | 2019-03-03T01:37:40+0000                                        |
    | id         | gAAAAABceyLwXgRSVgEwwcTzRoLdC1Ph3hv0Wi55JbCF9RiKccu0e936IJiIybO |
    |            | ZXkJa-Qcv2b1RipiRe9Nt1N5MGXXBzvdQh84m7ssMh-Mte6wR_p2L_qgODm7ZUD |
    |            | 92R1Efj-6yoBlS5WsiJBoxcrjoPR3eeQK3IZHg2W24wh6m5CoKIHbABQs       |
    | project_id | 3a0c69d746954f9fa7997a81a86b4a15                                |
    | user_id    | 62f0110e73924344855caf604e8bffd9                                |
    +------------+-----------------------------------------------------------------+
  • 验证 myuser 用户

    [root@controller ~]# . openstack-myuser.rc
    [root@controller ~ (openstack-myuser)]# openstack token issue
    
    +------------+-----------------------------------------------------------------+
    | Field      | Value                                                           |
    +------------+-----------------------------------------------------------------+
    | expires    | 2019-03-03T01:38:03+0000                                        |
    | id         | gAAAAABceyL4nMC92KnYH8rcPmjTie4Avgh-nYbE5QMh8W3Xk9lCAZpRCnFDNAH |
    |            | UwCF4eo9TqSCqxn70qK-Nv6HR8-KwNiDJAvHQ63s4vC6-kSjU9BuN7hOY1UMKuF |
    |            | 3OW7We4sVJO_TV6YihcmOVyfnU0xqogq8fejBrqyq9MUQ9X2k7XIDI3L8       |
    | project_id | 935738b309f9478a80c644924b7785b9                                |
    | user_id    | 3b5af6b5404146a29eb678da9daf7a44                                |
    +------------+-----------------------------------------------------------------+

安装配置 Glance

MySQL建库和授权访问

[root@controller ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE glance;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
  IDENTIFIED BY 'GLANCE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
  IDENTIFIED BY 'GLANCE_DBPASS';
MariaDB [(none)]> exit

验证 MySQL

[root@controller ~]# mysql -uglance -pGLANCE_DBPASS -hcontroller -e "show databases;"
# 结果能看到 glance 库即表示OK
+--------------------+
| Database           |
+--------------------+
| information_schema |
| glance             |
+--------------------+

创建 glance 用户

[root@controller ~ (openstack-admin)]# openstack user create --domain default \
  --password-prompt glance

User Password: <== 输入密码,我这里输入GLANCE_PASS
Repeat User Password: <== 重复密码
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 3bf8b12db5fd477b8969601a7899e680 |
| name                | glance                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

添加 glance 用户到 service 项目和 admin 角色

[root@controller ~ (openstack-admin)]# openstack role add --project service \
  --user glance admin

创建 glance 服务

[root@controller ~ (openstack-admin)]# openstack service create --name glance \
  --description "OpenStack Image" image

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Image                  |
| enabled     | True                             |
| id          | 5bc062b5e61d4a10b538407d369010a3 |
| name        | glance                           |
| type        | image                            |
+-------------+----------------------------------+

创建镜像服务 API 后端

[root@controller ~ (openstack-admin)]# openstack endpoint create --region RegionOne \
  image public http://controller:9292

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 3628922e6a3848489b153f310ee465f0 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 5bc062b5e61d4a10b538407d369010a3 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+

[rcontrollerster ~ (openstack-admin)]# openstack endpoint create --region RegionOne \
  image internal http://controller:9292

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 02db6b35469a4db18132c00deaf1a11d |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 5bc062b5e61d4a10b538407d369010a3 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+

controllert@controller ~ (openstack-admin)]# openstack endpoint create \
  --region RegionOne image admin http://controller:9292

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 75cbc02829fc40858c48fbc48f1be303 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 5bc062b5e61d4a10b538407d369010a3 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+

安装 glance 相关软件包

[root@controller ~]# yum install -y openstack-glance

编辑 glance api 配置文件 /etc/glance/glance-api.conf

[database]
# ...
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance

[keystone_authtoken]
# ...
www_authenticate_uri  = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS

[paste_deploy]
# ...
flavor = keystone

[glance_store]
# ...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

编辑 glance registry 配置文件 /etc/glance/glance-registry.conf

[database]
# ...
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance

[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS

[paste_deploy]
# ...
flavor = keystone

初始化 glance 数据库

[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance

启动 glance 服务

[root@controller ~]# systemctl enable openstack-glance-api openstack-glance-registry
[rcontrollerster ~]# systemctl start openstack-glance-api openstack-glance-registry

安装配置计算节点控制器

MySQL建库和授权访问

[root@controller ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
MariaDB [(none)]> CREATE DATABASE placement;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
  IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
  IDENTIFIED BY 'NOVA_DBPASS';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
  IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
  IDENTIFIED BY 'NOVA_DBPASS';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
  IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
  IDENTIFIED BY 'NOVA_DBPASS';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \
  IDENTIFIED BY 'PLACEMENT_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \
  IDENTIFIED BY 'PLACEMENT_DBPASS';
MariaDB [(none)]> exit

验证 MySQL

[root@controller ~]# mysql -unova -pNOVA_DBPASS -hcontroller -e "show databases;"
# 结果能看到 nova 库即表示OK
+--------------------+
| Database           |
+--------------------+
| information_schema |
| nova               |
| nova_api           |
| nova_cell0         |
+--------------------+

创建 nova 用户

[root@controller ~ (openstack-admin)]# openstack user create --domain default \
  --password-prompt nova

User Password: <== 设置nova用户的密码,我这里设置为NOVA_PASS
Repeat User Password: <== 重复密码
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 77a12bc2febf461aa403c4fea5ac2381 |
| name                | nova                             |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

添加 nova 用户到 service 项目和 admin 角色

[root@controller ~ (openstack-admin)]# openstack role add --project service \
  --user nova admin

创建 nova 服务

[root@controller ~ (openstack-admin)]# openstack service create --name nova \
  --description "OpenStack Compute" compute

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Compute                |
| enabled     | True                             |
| id          | 6124e4f36ca84aa8873477a88c6990ce |
| name        | nova                             |
| type        | compute                          |
+-------------+----------------------------------+

创建 nova 服务后端

[root@controller ~ (openstack-admin)]# openstack endpoint create --region RegionOne \
  compute public http://controller:8774/v2.1

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | f96f15e2fb3140b68312479509c480a9 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 6124e4f36ca84aa8873477a88c6990ce |
| service_name | nova                             |
| service_type | compute                          |
| url          | http://controller:8774/v2.1      |
+--------------+----------------------------------+

[root@controller ~ (openstack-admin)]# openstack endpoint create --region RegionOne \
  compute internal http://controller:8774/v2.1

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 0f6cc0d392d9466b9e442100d20eb93a |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 6124e4f36ca84aa8873477a88c6990ce |
| service_name | nova                             |
| service_type | compute                          |
| url          | http://controller:8774/v2.1      |
+--------------+----------------------------------+

[root@controller ~ (openstack-admin)]# openstack endpoint create --region RegionOne \
  compute admin http://controller:8774/v2.1

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | a1e6532aa6304055bc02bbd303bfdf60 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 6124e4f36ca84aa8873477a88c6990ce |
| service_name | nova                             |
| service_type | compute                          |
| url          | http://controller:8774/v2.1      |
+--------------+----------------------------------+

创建 placement 用户

[root@controller ~ (openstack-admin)]# openstack user create --domain default \
  --password-prompt placement

User Password: <== 设置 placement 用户密码,我这里设置为PLACEMENT_PASS
Repeat User Password: <== 重复密码
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | e0114fd10807498399ba0f5190365314 |
| name                | placement                        |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

添加 placement 用户到 service 项目和 admin 角色

[root@controller ~ (openstack-admin)]# openstack role add --project service \
  --user placement admin

创建 placement API 服务

[root@controller ~ (openstack-admin)]# openstack service create --name placement \
  --description "Placement API" placement

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Placement API                    |
| enabled     | True                             |
| id          | 267bb7d52dce454b8b62d167de528afc |
| name        | placement                        |
| type        | placement                        |
+-------------+----------------------------------+

创建 placement API 后端服务

[root@controller ~ (openstack-admin)]# openstack endpoint create --region RegionOne \
  placement public http://controller:8778

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 7585653fe4ae44258190ece7effa0a14 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 267bb7d52dce454b8b62d167de528afc |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://controller:8778           |
+--------------+----------------------------------+

[root@controller ~ (openstack-admin)]# openstack endpoint create --region RegionOne \
  placement internal http://controller:8778

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 7c40b1c14af64cb09ac40ced2fd60e87 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 267bb7d52dce454b8b62d167de528afc |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://controller:8778           |
+--------------+----------------------------------+

[root@controller ~ (openstack-admin)]# openstack endpoint create --region RegionOne \
  placement admin http://controller:8778

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 3edc0888182e4d47aa7e38f81cbf84a7 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 267bb7d52dce454b8b62d167de528afc |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://controller:8778           |
+--------------+----------------------------------+

安装 nova 控制节点相关软件包

[root@controller ~]# yum install -y openstack-nova-api openstack-nova-conductor \
  openstack-nova-console openstack-nova-novncproxy \
  openstack-nova-scheduler openstack-nova-placement-api

编辑 nova 配置文件 /etc/nova/nova.conf

[DEFAULT]
# ...
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:RABBIT_PASS@controller
my_ip = 192.168.31.11
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[api_database]
# ...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api

[database]
# ...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova

[placement_database]
# ...
connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement

[api]
# ...
auth_strategy = keystone

[keystone_authtoken]
# ...
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS

[vnc]
enabled = true
# ...
server_listen = $my_ip
server_proxyclient_address = $my_ip

[glance]
# ...
api_servers = http://controller:9292

[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp

[placement]
# ...
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = PLACEMENT_PASS

配置 httpd

编辑 /etc/httpd/conf.d/00-nova-placement-api.conf

<Directory /usr/bin>
   <IfVersion >= 2.4>
      Require all granted
   </IfVersion>
   <IfVersion < 2.4>
      Order allow,deny
      Allow from all
   </IfVersion>
</Directory>

重启 httpd

[root@controller ~]# systemctl restart httpd

初始化数据库

[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 \
  --verbose" nova
af54a768-7733-4104-9b88-98ff8428ddd5
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova

验证

[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova

+-------+--------------------------------------+
|  Name |                 UUID                 |
+-------+--------------------------------------+
| cell0 | 00000000-0000-0000-0000-000000000000 |
| cell1 | af54a768-7733-4104-9b88-98ff8428ddd5 |
+-------+--------------------------------------+

启动服务

[root@controller ~]# systemctl enable openstack-nova-api \
  openstack-nova-consoleauth openstack-nova-scheduler \
  openstack-nova-conductor openstack-nova-novncproxy
[root@controller ~]# systemctl start openstack-nova-api \
  openstack-nova-consoleauth openstack-nova-scheduler \
  openstack-nova-conductor openstack-nova-novncproxy

安装配置 Neutron

MySQL建库和授权访问

[root@controller ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
  IDENTIFIED BY 'NEUTRON_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
  IDENTIFIED BY 'NEUTRON_DBPASS';
MariaDB [(none)]> exit

验证 MySQL

[root@controller ~]# mysql -uneutron -pNEUTRON_DBPASS -hcontroller -e "show databases;"
# 结果能看到 neutron 库即表示OK
+--------------------+
| Database           |
+--------------------+
| information_schema |
| neutron            |
+--------------------+

创建 neutron 用户

[root@controller ~ (openstack-admin)]# openstack user create --domain default \
  --password-prompt neutron

User Password: <== 设置 neutron 密码,我这里设为 NEUTRON_PASS
Repeat User Password: <== 重复密码
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 2ee326948c354c0f9dfb86a0c912eae4 |
| name                | neutron                          |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

添加 neutron 用户到 service 项目和 admin 角色

[root@controller ~ (openstack-admin)]# openstack role add --project service \
  --user neutron admin

创建 neutron 服务

[root@controller ~ (openstack-admin)]# openstack service create --name neutron \
  --description "OpenStack Networking" network

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Networking             |
| enabled     | True                             |
| id          | 09d1a9a8b4584e72b803b5e65d0a398e |
| name        | neutron                          |
| type        | network                          |
+-------------+----------------------------------+

添加 neutron 服务后端

[root@controller ~ (openstack-admin)]# openstack endpoint create --region RegionOne \
  network public http://controller:9696

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 2fe7b6dc5fd74eeba7c3bc9ed5ebb3aa |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 09d1a9a8b4584e72b803b5e65d0a398e |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+

[root@controller ~ (openstack-admin)]# openstack endpoint create --region RegionOne \
  network internal http://controller:9696

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 1871c27a05514626baddc2f5493d8781 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 09d1a9a8b4584e72b803b5e65d0a398e |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+

[root@controller ~ (openstack-admin)]# openstack endpoint create --region RegionOne \
  network admin http://controller:9696

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 36c1fd97431a4ae78d57e480c10b3dbd |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 09d1a9a8b4584e72b803b5e65d0a398e |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+

安装 neutron 相关软件包

[root@controller ~]# yum install -y openstack-neutron openstack-neutron-ml2 \
  openstack-neutron-linuxbridge ebtables

因为 openstack-neutron-linuxbridge 包提供了一个配置文件 /usr/lib/sysctl.d/99-neutron-linuxbridge-agent.conf 修改了内核参数 net.bridge.bridge-nf-call-iptablesnet.bridge.bridge-nf-call-ip6tables,因此需要执行 sysctl 命令使配置生效

[root@controller ~]# sysctl --system
网络选项一:提供者网络

安装相关软件包

[root@controller ~]# yum install -y openstack-neutron openstack-neutron-ml2 \
  openstack-neutron-linuxbridge ebtables

配置 neutron

编辑 neutron 配置文件 /etc/neutron/neutron.conf

[database]
# ...
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron

[DEFAULT]
# ...
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true

[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS

[nova]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS

[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp

配置网络插件

编辑网络插件配置文件 /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
# ...
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = 
extension_drivers = port_security

[ml2_type_flat]
# ...
flat_networks = provider

[securitygroup]
# ...
enable_ipset = true

配置文件软链接至 /etc/neutron/

[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

配置 linux bridge agent

编辑 linux bridge 配置文件 /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:eth0

[vxlan]
enable_vxlan = false

[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

配置 DHCP 服务

编辑 /etc/neutron/dhcp_agent.ini

[DEFAULT]
# ...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

配置 metadata

编辑 /etc/neutron/metadata_agent.ini

[DEFAULT]
# ...
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET

配置 nova

编辑 /etc/nova/nova.conf

[neutron]
# ...
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET

初始化数据库

[root@controller ~]# su -s /bin/sh -c "neutron-db-manage \
  --config-file /etc/neutron/neutron.conf \
  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

重启 nova api 服务

systemctl restart openstack-nova-api

启动 neutron 服务

[root@controller ~]# systemctl enable neutron-server \
  neutron-linuxbridge-agent neutron-dhcp-agent \
  neutron-metadata-agent
[root@controller ~]# systemctl start neutron-server \
  neutron-linuxbridge-agent neutron-dhcp-agent \
  neutron-metadata-agent

创建网络

[root@controller ~ (openstack-admin)]# openstack network create  --share --external \
  --provider-physical-network provider \
  --provider-network-type flat provider

+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | UP                                   |
| availability_zone_hints   |                                      |
| availability_zones        |                                      |
| created_at                | 2019-03-04T02:31:22Z                 |
| description               |                                      |
| dns_domain                | None                                 |
| id                        | 3b584700-d1f6-4126-b623-f88f6a7a78a4 |
| ipv4_address_scope        | None                                 |
| ipv6_address_scope        | None                                 |
| is_default                | None                                 |
| is_vlan_transparent       | None                                 |
| mtu                       | 1500                                 |
| name                      | provider                             |
| port_security_enabled     | True                                 |
| project_id                | 3a0c69d746954f9fa7997a81a86b4a15     |
| provider:network_type     | flat                                 |
| provider:physical_network | provider                             |
| provider:segmentation_id  | None                                 |
| qos_policy_id             | None                                 |
| revision_number           | 0                                    |
| router:external           | External                             |
| segments                  | None                                 |
| shared                    | True                                 |
| status                    | ACTIVE                               |
| subnets                   |                                      |
| tags                      |                                      |
| updated_at                | 2019-03-04T02:31:22Z                 |
+---------------------------+--------------------------------------+

创建子网

[root@controller ~ (openstack-admin)]# openstack subnet create --network provider \
  --allocation-pool start=192.168.31.50,end=192.168.31.99 \
  --dns-nameserver 192.168.31.1 --gateway 192.168.31.1 \
  --subnet-range 192.168.31.0/24 provider

+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| allocation_pools  | 192.168.31.50-192.168.31.99          |
| cidr              | 192.168.31.0/24                      |
| created_at        | 2019-03-04T02:33:43Z                 |
| description       |                                      |
| dns_nameservers   | 192.168.31.1                         |
| enable_dhcp       | True                                 |
| gateway_ip        | 192.168.31.1                         |
| host_routes       |                                      |
| id                | 0e8d193b-2718-4556-9b0b-db9ff4e402ae |
| ip_version        | 4                                    |
| ipv6_address_mode | None                                 |
| ipv6_ra_mode      | None                                 |
| name              | provider                             |
| network_id        | 3b584700-d1f6-4126-b623-f88f6a7a78a4 |
| project_id        | 3a0c69d746954f9fa7997a81a86b4a15     |
| revision_number   | 0                                    |
| segment_id        | None                                 |
| service_types     |                                      |
| subnetpool_id     | None                                 |
| tags              |                                      |
| updated_at        | 2019-03-04T02:33:43Z                 |
+-------------------+--------------------------------------+
网络选项二:自服务网络

安装相关软件包

[root@controller ~]# yum install -y openstack-neutron openstack-neutron-ml2 \
  openstack-neutron-linuxbridge ebtables

配置 neutron

编辑 neutron 配置文件 /etc/neutron/neutron.conf

[database]
# ...
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron

[DEFAULT]
# ...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true

[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS

[nova]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS

[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp

配置网络插件

编辑网络插件配置文件 /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
# ...
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security

[ml2_type_flat]
# ...
flat_networks = provider

[ml2_type_vxlan]
# ...
vni_ranges = 1:1000

[securitygroup]
# ...
enable_ipset = true

将配置文件软链接至 /etc/neutron/

[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

配置 linuxbridge agent

编辑 linux bridge 配置文件 /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:eth0

[vxlan]
enable_vxlan = true
local_ip = 192.168.31.11
l2_population = true

[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

配置 Layer-3 (L3)

编辑 /etc/neutron/l3_agent.ini

[DEFAULT]
# ...
interface_driver = linuxbridge

配置 DHCP 服务

编辑 /etc/neutron/dhcp_agent.ini

[DEFAULT]
# ...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

配置 metadata

编辑 /etc/neutron/metadata_agent.ini

[DEFAULT]
# ...
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET

配置 nova

编辑 /etc/nova/nova.conf

[neutron]
# ...
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET

初始化数据库

[root@controller ~]# su -s /bin/sh -c "neutron-db-manage \
  --config-file /etc/neutron/neutron.conf \
  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

重启 nova api 服务

systemctl restart openstack-nova-api

启动 neutron 服务

[root@controller ~]# systemctl enable neutron-server \
  neutron-linuxbridge-agent neutron-dhcp-agent \
  neutron-metadata-agent
[root@controller ~]# systemctl start neutron-server \
  neutron-linuxbridge-agent neutron-dhcp-agent \
  neutron-metadata-agent
[root@controller ~]# systemctl enable neutron-l3-agent.service
[root@controller ~]# systemctl start neutron-l3-agent.service

自服务网络依赖于提供者网络,也就是我们要先创建提供者网络再创建自服务网络

创建提供者网络

[root@controller ~ (openstack-admin)]# openstack network create  --share --external \
  --provider-physical-network provider \
  --provider-network-type flat provider

+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | UP                                   |
| availability_zone_hints   |                                      |
| availability_zones        |                                      |
| created_at                | 2019-03-04T02:31:22Z                 |
| description               |                                      |
| dns_domain                | None                                 |
| id                        | 3b584700-d1f6-4126-b623-f88f6a7a78a4 |
| ipv4_address_scope        | None                                 |
| ipv6_address_scope        | None                                 |
| is_default                | None                                 |
| is_vlan_transparent       | None                                 |
| mtu                       | 1500                                 |
| name                      | provider                             |
| port_security_enabled     | True                                 |
| project_id                | 3a0c69d746954f9fa7997a81a86b4a15     |
| provider:network_type     | flat                                 |
| provider:physical_network | provider                             |
| provider:segmentation_id  | None                                 |
| qos_policy_id             | None                                 |
| revision_number           | 0                                    |
| router:external           | External                             |
| segments                  | None                                 |
| shared                    | True                                 |
| status                    | ACTIVE                               |
| subnets                   |                                      |
| tags                      |                                      |
| updated_at                | 2019-03-04T02:31:22Z                 |
+---------------------------+--------------------------------------+

创建提供者网络子网

[root@controller ~ (openstack-admin)]# openstack subnet create --network provider \
  --allocation-pool start=192.168.31.50,end=192.168.31.99 \
  --dns-nameserver 192.168.31.1 --gateway 192.168.31.1 \
  --subnet-range 192.168.31.0/24 provider

+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| allocation_pools  | 192.168.31.50-192.168.31.99          |
| cidr              | 192.168.31.0/24                      |
| created_at        | 2019-03-04T02:33:43Z                 |
| description       |                                      |
| dns_nameservers   | 192.168.31.1                         |
| enable_dhcp       | True                                 |
| gateway_ip        | 192.168.31.1                         |
| host_routes       |                                      |
| id                | 0e8d193b-2718-4556-9b0b-db9ff4e402ae |
| ip_version        | 4                                    |
| ipv6_address_mode | None                                 |
| ipv6_ra_mode      | None                                 |
| name              | provider                             |
| network_id        | 3b584700-d1f6-4126-b623-f88f6a7a78a4 |
| project_id        | 3a0c69d746954f9fa7997a81a86b4a15     |
| revision_number   | 0                                    |
| segment_id        | None                                 |
| service_types     |                                      |
| subnetpool_id     | None                                 |
| tags              |                                      |
| updated_at        | 2019-03-04T02:33:43Z                 |
+-------------------+--------------------------------------+

创建自服务网络

openstack network create selfservice

Created a new network:
+-------------------------+--------------------------------------+
| Field                   | Value                                |
+-------------------------+--------------------------------------+
| admin_state_up          | UP                                   |
| availability_zone_hints |                                      |
| availability_zones      |                                      |
| created_at              | 2016-11-04T18:20:59Z                 |
| description             |                                      |
| headers                 |                                      |
| id                      | 7c6f9b37-76b4-463e-98d8-27e5686ed083 |
| ipv4_address_scope      | None                                 |
| ipv6_address_scope      | None                                 |
| mtu                     | 1450                                 |
| name                    | selfservice                          |
| port_security_enabled   | True                                 |
| project_id              | 3828e7c22c5546e585f27b9eb5453788     |
| project_id              | 3828e7c22c5546e585f27b9eb5453788     |
| revision_number         | 3                                    |
| router:external         | Internal                             |
| shared                  | False                                |
| status                  | ACTIVE                               |
| subnets                 |                                      |
| tags                    | []                                   |
| updated_at              | 2016-11-04T18:20:59Z                 |
+-------------------------+--------------------------------------+

创建自服务网络子网

[root@controller ~ (openstack-admin)]# openstack subnet create --network selfservice \
  --dns-nameserver 8.8.4.4 --gateway 172.16.1.1 \
  --subnet-range 172.16.1.0/24 selfservice

Created a new subnet:
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| allocation_pools  | 172.16.1.2-172.16.1.254              |
| cidr              | 172.16.1.0/24                        |
| created_at        | 2016-11-04T18:30:54Z                 |
| description       |                                      |
| dns_nameservers   | 8.8.4.4                              |
| enable_dhcp       | True                                 |
| gateway_ip        | 172.16.1.1                           |
| headers           |                                      |
| host_routes       |                                      |
| id                | 5c37348e-e7da-439b-8c23-2af47d93aee5 |
| ip_version        | 4                                    |
| ipv6_address_mode | None                                 |
| ipv6_ra_mode      | None                                 |
| name              | selfservice                          |
| network_id        | b9273876-5946-4f02-a4da-838224a144e7 |
| project_id        | 3828e7c22c5546e585f27b9eb5453788     |
| project_id        | 3828e7c22c5546e585f27b9eb5453788     |
| revision_number   | 2                                    |
| service_types     | []                                   |
| subnetpool_id     | None                                 |
| updated_at        | 2016-11-04T18:30:54Z                 |
+-------------------+--------------------------------------+

创建路由器

[root@controller ~ (openstack-admin)]# openstack router create router

Created a new router:
+-------------------------+--------------------------------------+
| Field                   | Value                                |
+-------------------------+--------------------------------------+
| admin_state_up          | UP                                   |
| availability_zone_hints |                                      |
| availability_zones      |                                      |
| created_at              | 2016-11-04T18:32:56Z                 |
| description             |                                      |
| external_gateway_info   | null                                 |
| flavor_id               | None                                 |
| headers                 |                                      |
| id                      | 67324374-396a-4db6-9443-c70be167a42b |
| name                    | router                               |
| project_id              | 3828e7c22c5546e585f27b9eb5453788     |
| project_id              | 3828e7c22c5546e585f27b9eb5453788     |
| revision_number         | 2                                    |
| routes                  |                                      |
| status                  | ACTIVE                               |
| updated_at              | 2016-11-04T18:32:56Z                 |
+-------------------------+--------------------------------------+

给路由器添加一个私网子网的接口

[root@controller ~ (openstack-admin)]# openstack router add subnet router selfservice

给路由器设置公有网络的网关

[root@controller ~ (openstack-admin)]# openstack router set router --external-gateway provider

安装 Horizon

# yum install openstack-dashboard

编辑 /etc/openstack-dashboard/local_settings

OPENSTACK_HOST = "controller"

ALLOWED_HOSTS = ['*', ]

SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'controller:11211',
    }
}

OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

标签: OpenStack

添加新评论