Ubuntu-16.04 部署 OpenStack Ocata<上>

前端之家收集整理的这篇文章主要介绍了Ubuntu-16.04 部署 OpenStack Ocata<上>前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

注:本文参照openstack官方文档部署,地址https://docs.openstack.org/。明明才10万字符,硬说超过20万,没办法,分篇。

建议:配置时仔细核对,经多次实验,很多错误都是配置失误造成的。


一、搭建基础环境

192.168.30.145 controller【2vcpu、4G内存、40G存储、双网卡】

192.168.30.146 compute【2vcpu、4G内存、40G存储、双网卡】


1.安装ssh并配置root密码

$sudoaptinstallssh
$sudopasswdroot
EnternewUNIXpassword:
RetypenewUNIXpassword:
passwd:passwordupdatedsuccessfully


2.获取临时认证令牌

#opensslrand-hex10
bdb5cad50653d4e85b7d


3.添加阿里云镜像

#cp/etc/apt/sources.list/etc/apt/sources.list.bak
#vim/etc/apt/sources.list
deb-srchttp://archive.ubuntu.com/ubuntuxenialmainrestricted
debhttp://mirrors.aliyun.com/ubuntu/xenialmainrestricted
deb-srchttp://mirrors.aliyun.com/ubuntu/xenialmainrestrictedmultiverseuniverse
debhttp://mirrors.aliyun.com/ubuntu/xenial-updatesmainrestricted
deb-srchttp://mirrors.aliyun.com/ubuntu/xenial-updatesmainrestrictedmultiverseuniverse
debhttp://mirrors.aliyun.com/ubuntu/xenialuniverse
debhttp://mirrors.aliyun.com/ubuntu/xenial-updatesuniverse
debhttp://mirrors.aliyun.com/ubuntu/xenialmultiverse
debhttp://mirrors.aliyun.com/ubuntu/xenial-updatesmultiverse
debhttp://mirrors.aliyun.com/ubuntu/xenial-backportsmainrestricteduniversemultiverse
deb-srchttp://mirrors.aliyun.com/ubuntu/xenial-backportsmainrestricteduniversemultiverse
debhttp://archive.canonical.com/ubuntuxenialpartner
deb-srchttp://archive.canonical.com/ubuntuxenialpartner
debhttp://mirrors.aliyun.com/ubuntu/xenial-securitymainrestricted
deb-srchttp://mirrors.aliyun.com/ubuntu/xenial-securitymainrestrictedmultiverseuniverse
debhttp://mirrors.aliyun.com/ubuntu/xenial-securityuniverse
debhttp://mirrors.aliyun.com/ubuntu/xenial-securitymultiverse


4.配置网络接口IP

#ipaddr
#vim/etc/network/interfaces
autoens33
ifaceens33inetstatic
address192.168.30.145
netmask255.255.255.0
gateway192.168.30.2
dns-nameserver114.114.114.114
#Theprovidernetworkinterface(配置第二个接口为提供者接口)
autoens34
ifaceens34inetmanual
upiplinksetdev$IFACEup
downiplinksetdev$IFACEdown


5.配置host

#vim/etc/hosts
192.168.30.145controller
192.168.30.146compute


6.配置NTP时间协议

#dpkg-reconfiguretzdata##修改时区
Currentdefaulttimezone:'Asia/Chongqing'
Localtimeisnow:TueMar2820:54:33CST2017.
UniversalTimeisnow:TueMar2812:54:33UTC2017.
#apt-yinstallchrony##安装chrony时间同步软件


ControllerNode

#vim/etc/chrony/chrony.conf
allow192.168.30.0/24##设置允许该网段与自己同步时间
#servicechronyrestart


Compute Node

#vim/etc/chrony/chrony.conf
#pool2.debian.pool.ntp.orgofflineiburst
server192.168.30.145iburst##设置时间同步服务器地址
#servicechronyrestart
#chronycsources
210Numberofsources=1
MSName/IPaddressStratumPollReachLastRxLastsample
===============================================================================
^*controller3637733-375us[-422us]+/-66ms


7.在所有节点启用openstack库、安装openstack客户端

#apt-yinstallsoftware-properties-common
#add-apt-repositorycloud-archive:ocata
#apt-yupdate&&apt-ydist-upgrade
#apt-yinstallpython-openstackclient


8.安装并配置数据库服务(ControllerNode)

#apt-yinstallmariadb-serverpython-pyMysqL
#vim/etc/MysqL/mariadb.conf.d/99-openstack.cnf
[MysqLd]
bind-address=192.168.30.145
default-storage-engine=innodb
innodb_file_per_table=on
max_connections=4096
collation-server=utf8_general_ci
character-set-server=utf8
#serviceMysqLrestart
#MysqL_secure_installation
##运行该脚本来保证数据库安全,为root账户设置一个合适的密码


9.安装并配置Rabbitmq消息队列服务(ControllerNode)

#apt-yinstallrabbitmq-server
#rabbitmqctladd_useropenstackopenstack##添加OpenStack用户并配置密码
Creatinguser"openstack"...
##允许openstack用户的配置、写、读权限
#rabbitmqctlset_permissionsopenstack".*"".*"".*"
Settingpermissionsforuser"openstack"invhost"/"...
#rabbitmqctllist_users##列出用户
Listingusers...
guest[administrator]
openstack[]
#rabbitmqctllist_user_permissionsopenstack##列出该用户权限
Listingpermissionsforuser"openstack"...
/.*.*.*
#rabbitmqctlstatus##查看RabbitMQ相关信息
#rabbitmq-pluginslist##查看RabbitMQ相关插件
Configured:E=explicitlyenabled;e=implicitlyenabled
|Status:*=runningonrabbit@openstack1
|/
......
#rabbitmq-pluginsenablerabbitmq_management##启用该插件
Thefollowingpluginshavebeenenabled:
mochiweb
webmachine
rabbitmq_web_dispatch
amqp_client
rabbitmq_management_agent
rabbitmq_management
Applyingpluginconfigurationtorabbit@openstack1...started6plugins.

浏览器输入http://localhost:15672,默认用户名密码都是guest。


10.安装并配置Memcached缓存服务【对认证服务进行缓存】(ControllerNode)

#apt-yinstallmemcachedpython-memcache
#vim/etc/memcached.conf
#-l127.0.0.1
-l192.168.30.145
#servicememcachedrestart


二、配置 Keystone 认证服务(ControllerNode)

1.创建keystone 数据库

#MysqL
MariaDB[(none)]>CREATEDATABASEkeystone;##创建keystone数据库
##对keystone数据库授权[用户名@控制节点...BY密码]
MariaDB[(none)]>GRANTALLPRIVILEGESONkeystone.*TO'keystone'@'192.168.30.145'\
IDENTIFIEDBY'keystone';
MariaDB[(none)]>GRANTALLPRIVILEGESONkeystone.*TO'keystone'@'%'\
IDENTIFIEDBY'keystone';
MariaDB[(none)]>flushprivileges;


2.安装并配置 Keystone

#apt-yinstallkeystone
#vim/etc/keystone/keystone.conf
[database]---配置数据库访问[用户名:密码@控制节点]
connection=MysqL+pyMysqL://keystone:keystone@192.168.30.145/keystone
[token]---配置FernetUUID令牌的提供者
provider=fernet
#grep^[a-z]/etc/keystone/keystone.conf
connection=MysqL+pyMysqL://keystone:keystone@192.168.30.145/keystone
provider=fernet


3.初始化身份认证服务数据库

#su-s/bin/sh-c"keystone-managedb_sync"keystone


4.初始化Fernet keys

#keystone-managefernet_setup--keystone-userkeystone--keystone-groupkeystone
#keystone-managecredential_setup--keystone-userkeystone--keystone-groupkeystone


5.配置引导标识服务

#keystone-managebootstrap--bootstrap-passwordqaz123\
--bootstrap-admin-urlhttp://192.168.30.145:35357/v3/\
--bootstrap-internal-urlhttp://192.168.30.145:5000/v3/\
--bootstrap-public-urlhttp://192.168.30.145:5000/v3/\
--bootstrap-region-idRegionOne


6.配置 HTTP 服务器

#vim/etc/apache2/apache2.conf
ServerNamecontroller
#serviceapache2restart##重启Apache服务
#serviceapache2status
#rm-f/var/lib/keystone/keystone.db##删除默认的sqlite数据库


7.配置管理账户

#exportOS_USERNAME=admin
#exportOS_PASSWORD=qaz123
#exportOS_PROJECT_NAME=admin
#exportOS_USER_DOMAIN_NAME=Default
#exportOS_PROJECT_DOMAIN_NAME=Default
#exportOS_AUTH_URL=http://192.168.30.145:35357/v3
#exportOS_IDENTITY_API_VERSION=3


8.创建 service 项目

#openstackprojectcreate--domaindefault\
--description"ServiceProject"service
+-------------+----------------------------------+
|Field|Value|
+-------------+----------------------------------+
|description|ServiceProject|
|domain_id|default|
|enabled|True|
|id|945e37831e74484f8911fb742c925926|
|is_domain|False|
|name|service|
|parent_id|default|
+-------------+----------------------------------+


9.配置普通(非管理)任务项目和用户权限


a.创建 demo 项目

#openstackprojectcreate--domaindefault\
--description"DemoProject"demo
+-------------+----------------------------------+
|Field|Value|
+-------------+----------------------------------+
|description|DemoProject|
|domain_id|default|
|enabled|True|
|id|2ef20ce389eb499696f2d7497c6009b0|
|is_domain|False|
|name|demo|
|parent_id|default|
+-------------+----------------------------------+


b.创建 demo 用户

#openstackusercreate--domaindefault\
--password-promptdemo
UserPassword:
RepeatUserPassword:
+---------------------+----------------------------------+
|Field|Value|
+---------------------+----------------------------------+
|domain_id|default|
|enabled|True|
|id|7cfc508fd5d44b468aac218bd4029bae|
|name|demo|
|options|{}|
|password_expires_at|None|
+---------------------+----------------------------------+


c.创建 user 角色

#openstackrolecreateuser
+-----------+----------------------------------+
|Field|Value|
+-----------+----------------------------------+
|domain_id|None|
|id|83b6ab2af4414ad387b2fc9daf575b3a|
|name|user|
+-----------+----------------------------------+


d.添加 user 角色到 demo 项目和用户

#openstackroleadd--projectdemo--userdemouser


10.禁用临时身份验证令牌机制

#vim/etc/keystone/keystone-paste.ini
[pipeline:public_api]
#pipeline=admin_token_auth
[pipeline:admin_api]
#pipeline=admin_token_auth
[pipeline:api_v3]
#pipeline=admin_token_auth


11.重置 OS_AUTH_URL 和 OS_PASSWORD 环境变量

#unsetOS_AUTH_URLOS_PASSWORD


12.使用 admin 用户,请求认证令牌(密码为admin用户密码)

#openstack--os-auth-urlhttp://192.168.30.145:35357/v3\
--os-project-domain-namedefault--os-user-domain-namedefault\
--os-project-nameadmin--os-usernameadmintokenissue
Password:
+------------+-----------------------------------------------------------+
|Field|Value|
+------------+-----------------------------------------------------------+
|expires|2017-03-28T15:11:50+0000|
|id|gAAAAABY2m8mE9pMATPuFW9YpgoBMTg9mCI6GcmFeQAudwbhGiVblXZP|
||kmSmHc5aFwTZSIdjLzPJaMd1k16UZghj59v45Gvzdh5CLhSFGWPsT8rL|
||fRJD4eE1D_eRz2Jjjk5rDmwAHm5mmffuszJLSe4B2KJyBXkdmmznXL-A|
|project_id|2461396f6a344c21a2360a612d4f6abe|
|user_id|63ca263543fb4b02bb34410e3dc8a801|
+------------+-----------------------------------------------------------+


13.使用 demo 用户,请求认证令牌(密码为demo用户密码)

#openstack--os-auth-urlhttp://192.168.30.145:5000/v3\
--os-project-domain-namedefault--os-user-domain-namedefault\
--os-project-namedemo--os-usernamedemotokenissue
Password:
+------------+-----------------------------------------------------------+
|Field|Value|
+------------+-----------------------------------------------------------+
|expires|2017-03-28T15:13:50+0000|
|id|gAAAAABY2m-eSIWmQg1SyZFaiGcP2kjHf742ktr8YcVH3Q4aHKTflDJ|
||RLAfgmeoDW2z1sbdHQmKQNSb--F-1Pn_hTFHYqgyMlIxYpEQxGhJ-rg|
||b0EuxUT9opwl0m5onaA5Cv_MBX6awxeity8Gh1dc50NUeYela5Yl4uSG|
|project_id|2ef20ce389eb499696f2d7497c6009b0|
|user_id|7cfc508fd5d44b468aac218bd4029bae|
+------------+-----------------------------------------------------------+


14.创建脚本


a.创建并编辑文件 admin-openrc 并添加如下内容:

#vimadmin-openrc
exportOS_PROJECT_DOMAIN_NAME=Default
exportOS_USER_DOMAIN_NAME=Default
exportOS_PROJECT_NAME=admin
exportOS_USERNAME=admin
exportOS_PASSWORD=qaz123
exportOS_AUTH_URL=http://192.168.30.145:35357/v3
exportOS_IDENTITY_API_VERSION=3
exportOS_IMAGE_API_VERSION=2


b.创建并编辑文件 demo-openrc 并添加如下内容:

#vimdemo-openrc
exportOS_PROJECT_DOMAIN_NAME=Default
exportOS_USER_DOMAIN_NAME=Default
exportOS_PROJECT_NAME=demo
exportOS_USERNAME=demo
exportOS_PASSWORD=demo
exportOS_AUTH_URL=http://192.168.30.145:5000/v3
exportOS_IDENTITY_API_VERSION=3
exportOS_IMAGE_API_VERSION=2

15.使用脚本


a.加载脚本

#.admin-openrc


b.请求身份认证令牌

#openstacktokenissue
+------------+----------------------------------------------------------+
|Field|Value|
+------------+----------------------------------------------------------+
|expires|2017-03-28T15:22:55+0000|
|id|gAAAAABY2nG_diuPBMl66vJye3mV3S7CWZKesIiSnbicq5XddujfHhc3x|
||PHni3iHWPcTQAjHoIEMTvSH6yKOQ6Z74QL6hVbshqP1dJrRJ6xEa9WvIk|
||F7H5j7lPmM7ncfVvr9k96gLJ6Uhz38R5qRnHBWkxrlNsgw1jdnAjxf5e|
|project_id|2461396f6a344c21a2360a612d4f6abe|
|user_id|63ca263543fb4b02bb34410e3dc8a801|
+------------+----------------------------------------------------------+


三、配置 Glance 镜像服务(ControllerNode)


1.创建 glance 数据库

#MysqL
MariaDB[(none)]>CREATEDATABASEglance;##创建glance数据库
##对glance数据库授权[用户名@控制节点...BY密码]
MariaDB[(none)]>GRANTALLPRIVILEGESONglance.*TO'glance'@'192.168.30.145'\
IDENTIFIEDBY'glance';
MariaDB[(none)]>GRANTALLPRIVILEGESONglance.*TO'glance'@'%'\
IDENTIFIEDBY'glance';
MariaDB[(none)]>flushprivileges;


2.获取管理员访问权限

#.admin-openrc


3.创建服务证书


a.创建glance用户:

#openstackusercreate--domaindefault--password-promptglance
UserPassword:
RepeatUserPassword:
+---------------------+----------------------------------+
|Field|Value|
+---------------------+----------------------------------+
|domain_id|default|
|enabled|True|
|id|3edeaaae87e14811ac2c6767ab657d6b|
|name|glance|
|options|{}|
|password_expires_at|None|
+---------------------+----------------------------------+


b.添加 admin 角色到 glance 用户和 service 项目上:

#openstackroleadd--projectservice--userglanceadmin


c.创建“glance”服务实体:

#openstackservicecreate--nameglance\
--description"OpenStackImage"image
+-------------+----------------------------------+
|Field|Value|
+-------------+----------------------------------+
|description|OpenStackImage|
|enabled|True|
|id|22a0875ba92c4512989666f116ae1585|
|name|glance|
|type|image|
+-------------+----------------------------------+


d.创建镜像服务的 API 端点:

#openstackendpointcreate--regionRegionOne\
imagepublichttp://192.168.30.145:9292
+--------------+----------------------------------+
|Field|Value|
+--------------+----------------------------------+
|enabled|True|
|id|ff6d9ed365cf4e7f8cc53d47e57cd46b|
|interface|public|
|region|RegionOne|
|region_id|RegionOne|
|service_id|22a0875ba92c4512989666f116ae1585|
|service_name|glance|
|service_type|image|
|url|http://192.168.30.145:9292|
+--------------+----------------------------------+
#openstackendpointcreate--regionRegionOne\
imageinternalhttp://192.168.30.145:9292
+--------------+----------------------------------+
|Field|Value|
+--------------+----------------------------------+
|enabled|True|
|id|7408dd72bc1745758cdf23e136ef7392|
|interface|internal|
|region|RegionOne|
|region_id|RegionOne|
|service_id|22a0875ba92c4512989666f116ae1585|
|service_name|glance|
|service_type|image|
|url|http://192.168.30.145:9292|
+--------------+----------------------------------+
#openstackendpointcreate--regionRegionOne\
imageadminhttp://192.168.30.145:9292
--------------+----------------------------------+
|Field|Value|
+--------------+----------------------------------+
|enabled|True|
|id|8ed4e7e1a5834177b4ce1896c21e6cb9|
|interface|admin|
|region|RegionOne|
|region_id|RegionOne|
|service_id|22a0875ba92c4512989666f116ae1585|
|service_name|glance|
|service_type|image|
|url|http://192.168.30.145:9292|
+--------------+----------------------------------+

4.安装并配置 Glance 组件


a.配置镜像API

#apt-yinstallglance
#vim/etc/glance/glance-api.conf
[database]---配置数据库访问[用户名:密码@控制节点]
connection=MysqL+pyMysqL://glance:glance@192.168.30.145/glance
[keystone_authtoken]---配置身份服务访问
auth_uri=http://192.168.30.145:5000
auth_url=http://192.168.30.145:35357
memcached_servers=192.168.30.145:11211
auth_type=password
project_domain_name=default
user_domain_name=default
project_name=service
username=glance
password=glance
[paste_deploy]
flavor=keystone
[glance_store]---配置本地文件系统存储和图像文件位置
stores=file,http
default_store=file
filesystem_store_datadir=/var/lib/glance/images/
#grep^[a-z]/etc/glance/glance-api.conf
sqlite_db=/var/lib/glance/glance.sqlite
backend=sqlalchemy
connection=MysqL+pyMysqL://glance:glance@192.168.30.145/glance
stores=file,http
default_store=file
filesystem_store_datadir=/var/lib/glance/images
disk_formats=ami,ari,aki,vhd,vhdx,vmdk,raw,qcow2,vdi,iso,ploop.root-tar
auth_uri=http://192.168.30.145:5000
auth_url=http://192.168.30.145:35357
memcached_servers=192.168.30.145:11211
auth_type=password
project_domain_name=default
user_domain_name=default
project_name=service
username=glance
password=glance
flavor=keystone


b.配置镜像注册服务

#vim/etc/glance/glance-registry.conf
[database]---配置数据库访问[用户名:密码@控制节点]
connection=MysqL+pyMysqL://glance:glance@192.168.30.145/glance
[keystone_authtoken]---配置身份服务访问
auth_uri=http://192.168.30.145:5000
auth_url=http://192.168.30.145:35357
memcached_servers=192.168.30.145:11211
auth_type=password
project_domain_name=default
user_domain_name=default
project_name=service
username=glance
password=glance
[paste_deploy]
flavor=keystone
#grep^[a-z]/etc/glance/glance-registry.conf
sqlite_db=/var/lib/glance/glance.sqlite
backend=sqlalchemy
connection=MysqL+pyMysqL://glance:glance@192.168.30.145/glance
auth_uri=http://192.168.30.145:5000
auth_url=http://192.168.30.145:35357
memcached_servers=192.168.30.145:11211
auth_type=password
project_domain_name=default
user_domain_name=default
project_name=service
username=glance
password=glance
flavor=keystone


5.同步镜像服务数据库

#su-s/bin/sh-c"glance-managedb_sync"glance


6.重启服务

#serviceglance-registryrestart
#serviceglance-apirestart
#serviceglance-registrystatus
#serviceglance-apistatus


7.验证操作

使用 CirrOS 对镜像服务进行验证

CirrOS是一个小型的Linux镜像,可以用来进行 OpenStack部署测试。


a.获取管理员权限

#.admin-openrc


b.下载源镜像

#wgethttp://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img


c.使用 QCOW2 磁盘格式, bare 容器格式上传镜像到镜像服务并设置公共可见

#openstackimagecreate"cirros"\
--filecirros-0.3.5-x86_64-disk.img\
--disk-formatqcow2--container-formatbare\
--public
+------------------+------------------------------------------------------+
|Field|Value|
+------------------+------------------------------------------------------+
|checksum|f8ab98ff5e73ebab884d80c9dc9c7290|
|container_format|bare|
|created_at|2017-03-29T05:57:56Z|
|disk_format|qcow2|
|file|/v2/images/4b6ebd57-80ab-4b79-8ecc-53a026f3e898/file|
|id|4b6ebd57-80ab-4b79-8ecc-53a026f3e898|
|min_disk|0|
|min_ram|0|
|name|cirros|
|owner|2461396f6a344c21a2360a612d4f6abe|
|protected|False|
|schema|/v2/schemas/image|
|size|13267968|
|status|active|
|tags||
|updated_at|2017-03-29T05:57:56Z|
|virtual_size|None|
|visibility|public|
+------------------+------------------------------------------------------+


d.确认镜像的上传并验证属性

#openstackimagelist
+--------------------------------------+--------+--------+
|ID|Name|Status|
+--------------------------------------+--------+--------+
|4b6ebd57-80ab-4b79-8ecc-53a026f3e898|cirros|active|
+--------------------------------------+--------+--------+


五、配置Neutron 网络服务【各节点皆要配置】


1.创建 neutron 数据库

#MysqL
MariaDB[(none)]CREATEDATABASEneutron;##创建neutron数据库
##对neutron数据库授权[用户名@控制节点...BY密码]
MariaDB[(none)]>GRANTALLPRIVILEGESONneutron.*TO'neutron'@'192.168.30.145'\\
IDENTIFIEDBY'neutron';
MariaDB[(none)]>GRANTALLPRIVILEGESONneutron.*TO'neutron'@'%'\\
IDENTIFIEDBY'neutron';
MariaDB[(none)]>flushprivileges;


2.获取管理员访问权限

#.admin-openrc


3.创建服务证书


a.创建 neutron 用户

#openstackusercreate--domaindefault--password-promptneutron
UserPassword:
RepeatUserPassword:
+---------------------+----------------------------------+
|Field|Value|
+---------------------+----------------------------------+
|domain_id|default|
|enabled|True|
|id|54cd9e72295c411090ea9f641cb02135|
|name|neutron|
|options|{}|
|password_expires_at|None|
+---------------------+----------------------------------+


b.添加 admin 角色到 neutron 用户

#openstackroleadd--projectservice--userneutronadmin


c.创建 neutron 服务实体

#openstackservicecreate--nameneutron\\
--description"OpenStackNetworking"network
+-------------+----------------------------------+
|Field|Value|
+-------------+----------------------------------+
|description|OpenStackNetworking|
|enabled|True|
|id|720687745d354718862255a56d7aea46|
|name|neutron|
|type|network|
+-------------+----------------------------------+


d.创建 neutron 服务API端点

#openstackendpointcreate--regionRegionOne\\
networkpublichttp://192.168.30.145:9696
+--------------+----------------------------------+
|Field|Value|
+--------------+----------------------------------+
|enabled|True|
|id|a9b1b5b8fbb842a8b14a9cecca7a58a8|
|interface|public|
|region|RegionOne|
|region_id|RegionOne|
|service_id|720687745d354718862255a56d7aea46|
|service_name|neutron|
|service_type|network|
|url|http://192.168.30.145:9696|
+--------------+----------------------------------+

#openstackendpointcreate--regionRegionOne\\
networkinternalhttp://192.168.30.145:9696
+--------------+----------------------------------+
|Field|Value|
+--------------+----------------------------------+
|enabled|True|
|id|61e2c14b0c8f4003a7099012e9a6331f|
|interface|internal|
|region|RegionOne|
|region_id|RegionOne|
|service_id|720687745d354718862255a56d7aea46|
|service_name|neutron|
|service_type|network|
|url|http://192.168.30.145:9696|
+--------------+----------------------------------+
#openstackendpointcreate--regionRegionOne\\
networkadminhttp://192.168.30.145:9696
+--------------+----------------------------------+
|Field|Value|
+--------------+----------------------------------+
|enabled|True|
|id|6719539759c34487bd519c0dffb5509d|
|interface|admin|
|region|RegionOne|
|region_id|RegionOne|
|service_id|720687745d354718862255a56d7aea46|
|service_name|neutron|
|service_type|network|
|url|http://192.168.30.145:9696|
+--------------+----------------------------------+


4.配置网络类型2:私有网络


a.安装组件

#apt-yinstallneutron-serverneutron-plugin-ml2\\
neutron-linuxbridge-agentneutron-l3-agentneutron-dhcp-agent\\
neutron-Metadata-agent


b.配置 Neutron组件

#vim/etc/neutron/neutron.conf
[database]----配置数据库访问[用户名:密码@控制节点]
#connection=sqlite:////var/lib/neutron/neutron.sqlite
connection=MysqL+pyMysqL://neutron:neutron@192.168.30.145/neutron
[DEFAULT]----启用ML2插件、路由器服务和overlappingIPaddresses
core_plugin=ml2
service_plugins=router
allow_overlapping_ips=true

[DEFAULT]----配置RabbitMQ消息队列访问[用户名:密码@控制节点]
transport_url=rabbit://openstack:openstack@192.168.30.145
[DEFAULT]----配置认证服务访问
auth_strategy=keystone
[keystone_authtoken]----配置认证服务访问
auth_uri=http://192.168.30.145:5000
auth_url=http://192.168.30.145:35357
memcached_servers=192.168.30.145:11211
auth_type=password
project_domain_name=default
user_domain_name=default
project_name=service
username=neutron
password=neutron

[DEFAULT]----配置网络服务来通知计算节点的网络拓扑变化
notify_nova_on_port_status_changes=true
notify_nova_on_port_data_changes=true
[nova]----配置网络服务来通知计算节点的网络拓扑变化
auth_url=http://192.168.30.145:35357
auth_type=password
project_domain_name=default
user_domain_name=default
region_name=RegionOne
project_name=service
username=nova
password=nova
#grep^[a-z]/etc/neutron/neutron.conf
auth_strategy=keystone
core_plugin=ml2
service_plugins=router
allow_overlapping_ips=true
notify_nova_on_port_status_changes=true
notify_nova_on_port_data_changes=true
transport_url=rabbit://openstack:openstack@192.168.30.145
root_helper=sudo/usr/bin/neutron-rootwrap/etc/neutron/rootwrap.conf
connection=MysqL+pyMysqL://neutron:neutron@192.168.30.145/neutron
auth_uri=http://192.168.30.145:5000
auth_url=http://192.168.30.145:35357
memcached_servers=192.168.30.145:11211
auth_type=password
project_domain_name=default
user_domain_name=default
project_name=service
username=neutron
password=neutron
region_name=RegionOne
auth_url=http://192.168.30.145:35357
auth_type=password
password=nova
project_domain_name=default
project_name=service
user_domain_name=default
username=nova



c.配置 Modular Layer 2 (ML2) 插件

ML2插件使用Linuxbridge机制来为实例创建layer-2虚拟网络基础设施

#vim/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]----启用flat,VLAN以及VXLAN网络
type_drivers=flat,vlan,vxlan
[ml2]----启用VXLAN私有网络
tenant_network_types=vxlan
[ml2]----启用Linuxbridge和layer-2机制
mechanism_drivers=linuxbridge,l2population
[ml2]----启用端口安全扩展驱动
extension_drivers=port_security
[ml2_type_flat]----配置公共虚拟网络为flat网络
flat_networks=provider
[ml2_type_vxlan]----为私有网络配置VXLAN网络识别的网络范围
vni_ranges=1:1000
[securitygroup]----启用ipset增加安全组规则的高效性
enable_ipset=true

#grep^[a-z]/etc/neutron/plugins/ml2/ml2_conf.ini
type_drivers=flat,vxlan
tenant_network_types=vxlan
mechanism_drivers=linuxbridge,l2population
extension_drivers=port_security
flat_networks=provider
vni_ranges=1:1000
enable_ipset=true

注:Linuxbridge代理只支持VXLAN覆盖网络


d.配置Linuxbridge代理

Linuxbridge代理为实例建立layer-2虚拟网络并且处理安全组规则

#vim/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]----对应公共虚拟网络和公共物理网络接口
physical_interface_mappings=provider:ens33
[vxlan]----启用VXLAN覆盖网络,配置覆盖网络的物理网络接口的IP地址,并启用layer-2population
enable_vxlan=true
local_ip=192.168.30.145
l2_population=true
[securitygroup]----启用安全组并配置防火墙服务
enable_security_group=true
firewall_driver=neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

#grep^[a-z]/etc/neutron/plugins/ml2/linuxbridge_agent.ini
physical_interface_mappings=provider:ens33
firewall_driver=neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
enable_security_group=true
enable_vxlan=true
local_ip=192.168.30.145
l2_population=true


e.配置layer-3代理

Layer-3代理为私有虚拟网络提供路由和NAT服务

#vim/etc/neutron/l3_agent.ini
[DEFAULT]----配置Linuxbridge接口驱动和外部网络网桥
interface_driver=linuxbridge

#grep^[a-z]/etc/neutron/l3_agent.ini
interface_driver=linuxbridge


f.配置DHCP代理

DHCP代理为虚拟网络提供DHCP服务

#vim/etc/neutron/dhcp_agent.ini
[DEFAULT]----配置Linuxbridge驱动接口,DHCP驱动并启用隔离元数据
interface_driver=linuxbridge
dhcp_driver=neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_Metadata=true

#grep^[a-z]/etc/neutron/dhcp_agent.ini
interface_driver=linuxbridge
dhcp_driver=neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_Metadata=true


g.配置元数据代理----负责提供配置信息

#vim/etc/neutron/Metadata_agent.ini
[DEFAULT]----配置元数据主机以及共享密码
nova_Metadata_ip=192.168.30.145
Metadata_proxy_shared_secret=qaz123

#grep^[a-z]/etc/neutron/Metadata_agent.ini
nova_Metadata_ip=192.168.30.145
Metadata_proxy_shared_secret=qaz123


5.在控制节点上为计算节点配置网络服务

#vim/etc/nova/nova.conf
[neutron]----配置访问参数,启用元数据代理并设置密码
url=http://192.168.30.145:9696
auth_url=http://192.168.30.145:35357
auth_type=password
project_domain_name=default
user_domain_name=default
region_name=RegionOne
project_name=service
username=neutron
password=neutron
service_Metadata_proxy=true
Metadata_proxy_shared_secret=qaz123
#grep^[a-z]/etc/nova/nova.conf


6.完成安装


a.同步数据库

#su-s/bin/sh-c"neutron-db-manage--config-file/etc/neutron/neutron.conf\\
--config-file/etc/neutron/plugins/ml2/ml2_conf.iniupgradehead"neutron
......
OK

注:数据库的同步发生在 Networking 之后,因为脚本需要完成服务器和插件配置文件


b.重启计算 API 服务

#servicenova-apirestart


c.重启 Networking 服务

对于两种网络类型:

#serviceneutron-serverrestart
#serviceneutron-linuxbridge-agentrestart
#serviceneutron-dhcp-agentrestart
#serviceneutron-Metadata-agentrestart


对于网络类型 2 ,还需重启 L3 服务:

#serviceneutron-l3-agentrestart


d.确认启动与否

#servicenova-apistatus
#serviceneutron-serverstatus
#serviceneutron-linuxbridge-agentstatus
#serviceneutron-dhcp-agentstatus
#serviceneutron-Metadata-agentstatus
#serviceneutron-l3-agentstatus


7.配置 Compute Node 的Neutron 网络服务

#apt-yinstallneutron-linuxbridge-agent
#vim/etc/neutron/neutron.conf
[database]----计算节点不直接访问数据库
#connection=sqlite:////var/lib/neutron/neutron.sqlite
[DEFAULT]----配置RabbitMQ消息队列访问[用户名:密码@控制节点]
transport_url=rabbit://openstack:openstack@192.168.30.145
[DEFAULT]----配置认证服务访问
auth_strategy=keystone
[keystone_authtoken]----配置认证服务访问
auth_uri=http://192.168.30.145:5000
auth_url=http://192.168.30.145:35357
memcached_servers=192.168.30.145:11211
auth_type=password
project_domain_name=default
user_domain_name=default
project_name=service
username=neutron
password=neutron

#grep^[a-z]/etc/neutron/neutron.conf
auth_strategy=keystone
core_plugin=ml2
transport_url=rabbit://openstack:openstack@192.168.30.145
root_helper=sudo/usr/bin/neutron-rootwrap/etc/neutron/rootwrap.conf
auth_uri=http://192.168.30.145:5000
auth_url=http://192.168.30.145:35357
memcached_servers=192.168.30.145:11211
auth_type=password
project_domain_name=default
user_domain_name=default
project_name=service
username=neutron
password=neutron


8.为计算节点配置网络服务

#vim/etc/nova/nova.conf
[neutron]----配置访问参数
url=http://192.168.30.145:9696
auth_url=http://192.168.30.145:35357
auth_type=password
project_domain_name=default
user_domain_name=default
region_name=RegionOne
project_name=service
username=neutron
password=neutron
#grep^[a-z]/etc/nova/nova.conf


9.完成安装


a.重启计算服务:

#servicenova-computerestart
#servicenova-computestatus


b.重启Linuxbridge代理:

#serviceneutron-linuxbridge-agentrestart
#serviceneutron-linuxbridge-agentstatus


10.在计算节点上配置网络类型2

配置Linuxbridge代理----为实例建立layer-2虚拟网络并且处理安全组规则

#vim/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]----对应公共虚拟网络和公共物理网络接口
physical_interface_mappings=provider:ens33
[vxlan]----启用VXLAN覆盖网络,配置覆盖网络的物理网络接口的IP地址,启用layer-2population
enable_vxlan=true
local_ip=192.168.30.146
l2_population=true
[securitygroup]----启用安全组并配置firewall_driver
enable_security_group=true
firewall_driver=neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

#grep^[a-z]/etc/neutron/plugins/ml2/linuxbridge_agent.ini
physical_interface_mappings=provider:ens33
firewall_driver=neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
enable_security_group=true
enable_vxlan=true
local_ip=192.168.30.146
l2_population=true


11.在控制节点上验证操作


a.获取管理员权限

#.admin-openrc


b.列出加载的扩展来验证 neutron-server 进程是否正常启动

#openstackextensionlist--network
+----------------------+----------------------+--------------------------+
|Name|Alias|Description|
+----------------------+----------------------+--------------------------+
|DefaultSubnetpools|default-subnetpools|Providesabilitytomark|
|||anduseasubnetpoolas|
|||thedefault|
|NetworkIP|network-ip-|ProvidesIPavailability|
|Availability|availability|dataforeachnetwork|
|||andsubnet.|
|NetworkAvailability|network_availability_z|Availabilityzone|
|Zone|one|supportfornetwork.|
|AutoAllocated|auto-allocated-|AutoAllocatedTopology|
|TopologyServices|topology|Services.|
|NeutronL3|ext-gw-mode|Extensionoftherouter|
|Configurableexternal||abstractionfor|
|gatewaymode||specifyingwhetherSNAT|
|||shouldoccuronthe|
|||externalgateway|
|PortBinding|binding|Exposeportbindingsof|
|||avirtualportto|
|||externalapplication|
|agent|agent|Theagentmanagement|
|||extension.|
|SubnetAllocation|subnet_allocation|Enablesallocationof|
|||subnetsfromasubnet|
|||pool|
|L3AgentScheduler|l3_agent_scheduler|Scheduleroutersamong|
|||l3agents|
|Tagsupport|tag|Enablestosettagon|
|||resources.|
|Neutronexternal|external-net|Addsexternalnetwork|
|network||attributetonetwork|
|||resource.|
|NeutronService|flavors|Flavorspecificationfor|
|Flavors||Neutronadvanced|
|||services|
|NetworkMTU|net-mtu|ProvidesMTUattribute|
|||foranetworkresource.|
|AvailabilityZone|availability_zone|Theavailabilityzone|
|||extension.|
|Quotamanagement|quotas|Exposefunctionsfor|
|support||quotasmanagementper|
|||tenant|
|HARouterextension|l3-ha|AddHAcapabilityto|
|||routers.|
|ProviderNetwork|provider|Exposemappingof|
|||virtualnetworksto|
|||physicalnetworks|
|MultiProviderNetwork|multi-provider|Exposemappingof|
|||virtualnetworksto|
|||multiplephysical|
|||networks|
|Addressscope|address-scope|Addressscopes|
|||extension.|
|NeutronExtraRoute|extraroute|Extraroutes|
|||configurationforL3|
|||router|
|Subnetservicetypes|subnet-service-types|Providesabilitytoset|
|||thesubnetservice_types|
|||field|
|Resourcetimestamps|standard-attr-|Addscreated_atand|
||timestamp|updated_atfieldstoall|
|||Neutronresourcesthat|
|||haveNeutronstandard|
|||attributes.|
|NeutronServiceType|service-type|APIforretrieving|
|Management||serviceprovidersfor|
|||Neutronadvanced|
|||services|
|RouterFlavor|l3-flavors|Flavorsupportfor|
|Extension||routers.|
|PortSecurity|port-security|Providesportsecurity|
|NeutronExtraDHCP|extra_dhcp_opt|Extraoptions|
|opts||configurationforDHCP.|
|||ForexamplePXEboot|
|||optionstoDHCPclients|
|||canbespecified(e.g.|
|||tftp-server,server-ip-|
|||address,bootfile-name)|
|Resourcerevision|standard-attr-|Thisextensionwill|
|numbers|revisions|displaytherevision|
|||numberofneutron|
|||resources.|
|Paginationsupport|pagination|Extensionthatindicates|
|||thatpaginationis|
|||enabled.|
|Sortingsupport|sorting|Extensionthatindicates|
|||thatsortingisenabled.|
|security-group|security-group|Thesecuritygroups|
|||extension.|
|DHCPAgentScheduler|dhcp_agent_scheduler|Schedulenetworksamong|
|||dhcpagents|
|RouterAvailability|router_availability_zo|Availabilityzone|
|Zone|ne|supportforrouter.|
|RBACPolicies|rbac-policies|Allowscreationand|
|||modificationofpolicies|
|||thatcontroltenant|
|||accesstoresources.|
|Tagsupportfor|tag-ext|Extendstagsupportto|
|resources:subnet,||moreL2andL3|
|subnetpool,port,||resources.|
|router|||
|standard-attr-|standard-attr-|Extensiontoadd|
|description|description|descriptionstostandard|
|||attributes|
|NeutronL3Router|router|Routerabstractionfor|
|||basicL3forwarding|
|||betweenL2Neutron|
|||networksandaccessto|
|||externalnetworksviaa|
|||NATgateway.|
|AllowedAddressPairs|allowed-address-pairs|Providesallowedaddress|
|||pairs|
|project_idfield|project-id|Extensionthatindicates|
|enabled||thatproject_idfieldis|
|||enabled.|
|DistributedVirtual|dvr|Enablesconfigurationof|
|Router||DistributedVirtual|
|||Routers.|
+----------------------+----------------------+--------------------------+


c.启动 neutron 代理验证是否成功

#neutronagent-list
+--------------------------------------+--------------------+------------+
|id|agent_type|host|
+--------------------------------------+--------------------+------------+
|23601054-312a-497c-b728-4b791ce76e64|L3agent|controller|
|9a7546d9-73ec-47e0-ab23-ca2a5366660f|Linuxbridgeagent|controller|
|acd42d89-1af4-413f-be77-3172d38a805d|Metadataagent|controller|
|b438ae93-aaf3-41f0-a7b7-d1502a1986c9|DHCPagent|controller|
|e1d32b6b-07c6-468b-965d-ce9dfd09b338|Linuxbridgeagent|compute|
+--------------------------------------+--------------------+------------+
+-------------------+-------+----------------+---------------------------+
|availability_zone|alive|admin_state_up|binary|
+-------------------+-------+----------------+---------------------------+
|nova|:-)|True|neutron-l3-agent|
||:-)|True|neutron-linuxbridge-agent|
||:-)|True|neutron-Metadata-agent|
|nova|:-)|True|neutron-dhcp-agent|
||:-)|True|neutron-linuxbridge-agent|
+-------------------+-------+----------------+---------------------------+
原文链接:https://www.f2er.com/ubuntu/353685.html

猜你在找的Ubuntu相关文章