Ubuntu-16.04 部署 OpenStack Ocata<上>

Ubuntu 前端之家
前端之家收集整理的这篇文章主要介绍了Ubuntu-16.04 部署 OpenStack Ocata<上>前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

注:本文参照openstack官方文档部署,地址https://docs.openstack.org/。明明才10万字符,硬说超过20万,没办法,分篇。

建议:配置时仔细核对,经多次实验,很多错误都是配置失误造成的。


一、搭建基础环境

192.168.30.145 controller【2vcpu、4G内存、40G存储、双网卡】

192.168.30.146 compute【2vcpu、4G内存、40G存储、双网卡】


1.安装ssh并配置root密码

$sudoaptinstallssh
$sudopasswdroot
EnternewUNIXpassword:
RetypenewUNIXpassword:
passwd:passwordupdatedsuccessfully


2.获取临时认证令牌

#opensslrand-hex10
bdb5cad50653d4e85b7d


3.添加阿里云镜像

#cp/etc/apt/sources.list/etc/apt/sources.list.bak
#vim/etc/apt/sources.list
deb-srchttp://archive.ubuntu.com/ubuntuxenialmainrestricted
debhttp://mirrors.aliyun.com/ubuntu/xenialmainrestricted
deb-srchttp://mirrors.aliyun.com/ubuntu/xenialmainrestrictedmultiverseuniverse
debhttp://mirrors.aliyun.com/ubuntu/xenial-updatesmainrestricted
deb-srchttp://mirrors.aliyun.com/ubuntu/xenial-updatesmainrestrictedmultiverseuniverse
debhttp://mirrors.aliyun.com/ubuntu/xenialuniverse
debhttp://mirrors.aliyun.com/ubuntu/xenial-updatesuniverse
debhttp://mirrors.aliyun.com/ubuntu/xenialmultiverse
debhttp://mirrors.aliyun.com/ubuntu/xenial-updatesmultiverse
debhttp://mirrors.aliyun.com/ubuntu/xenial-backportsmainrestricteduniversemultiverse
deb-srchttp://mirrors.aliyun.com/ubuntu/xenial-backportsmainrestricteduniversemultiverse
debhttp://archive.canonical.com/ubuntuxenialpartner
deb-srchttp://archive.canonical.com/ubuntuxenialpartner
debhttp://mirrors.aliyun.com/ubuntu/xenial-securitymainrestricted
deb-srchttp://mirrors.aliyun.com/ubuntu/xenial-securitymainrestrictedmultiverseuniverse
debhttp://mirrors.aliyun.com/ubuntu/xenial-securityuniverse
debhttp://mirrors.aliyun.com/ubuntu/xenial-securitymultiverse


4.配置网络接口IP

#ipaddr
#vim/etc/network/interfaces
autoens33
ifaceens33inetstatic
address192.168.30.145
netmask255.255.255.0
gateway192.168.30.2
dns-nameserver114.114.114.114
#Theprovidernetworkinterface(配置第二个接口为提供者接口)
autoens34
ifaceens34inetmanual
upiplinksetdev$IFACEup
downiplinksetdev$IFACEdown


5.配置host

#vim/etc/hosts
192.168.30.145controller
192.168.30.146compute


6.配置NTP时间协议

#dpkg-reconfiguretzdata##修改时区
Currentdefaulttimezone:'Asia/Chongqing'
Localtimeisnow:TueMar2820:54:33CST2017.
UniversalTimeisnow:TueMar2812:54:33UTC2017.
#apt-yinstallchrony##安装chrony时间同步软件


ControllerNode

#vim/etc/chrony/chrony.conf
allow192.168.30.0/24##设置允许该网段与自己同步时间
#servicechronyrestart


Compute Node

#vim/etc/chrony/chrony.conf
#pool2.debian.pool.ntp.orgofflineiburst
server192.168.30.145iburst##设置时间同步服务器地址
#servicechronyrestart
#chronycsources
210Numberofsources=1
MSName/IPaddressStratumPollReachLastRxLastsample
===============================================================================
^*controller3637733-375us[-422us]+/-66ms


7.在所有节点启用openstack库、安装openstack客户端

#apt-yinstallsoftware-properties-common
#add-apt-repositorycloud-archive:ocata
#apt-yupdate&&apt-ydist-upgrade
#apt-yinstallpython-openstackclient


8.安装并配置数据库服务(ControllerNode)

#apt-yinstallmariadb-serverpython-pyMysqL
#vim/etc/MysqL/mariadb.conf.d/99-openstack.cnf
[MysqLd]
bind-address=192.168.30.145
default-storage-engine=innodb
innodb_file_per_table=on
max_connections=4096
collation-server=utf8_general_ci
character-set-server=utf8
#serviceMysqLrestart
#MysqL_secure_installation
##运行该脚本来保证数据库安全,为root账户设置一个合适的密码


9.安装并配置Rabbitmq消息队列服务(ControllerNode)

#apt-yinstallrabbitmq-server
#rabbitmqctladd_useropenstackopenstack##添加OpenStack用户并配置密码
Creatinguser"openstack"...
##允许openstack用户的配置、写、读权限
#rabbitmqctlset_permissionsopenstack".*"".*"".*"
Settingpermissionsforuser"openstack"invhost"/"...
#rabbitmqctllist_users##列出用户
Listingusers...
guest[administrator]
openstack[]
#rabbitmqctllist_user_permissionsopenstack##列出该用户权限
Listingpermissionsforuser"openstack"...
/.*.*.*
#rabbitmqctlstatus##查看RabbitMQ相关信息
#rabbitmq-pluginslist##查看RabbitMQ相关插件
Configured:E=explicitlyenabled;e=implicitlyenabled
|Status:*=runningonrabbit@openstack1
|/
......
#rabbitmq-pluginsenablerabbitmq_management##启用该插件
Thefollowingpluginshavebeenenabled:
mochiweb
webmachine
rabbitmq_web_dispatch
amqp_client
rabbitmq_management_agent
rabbitmq_management
Applyingpluginconfigurationtorabbit@openstack1...started6plugins.

浏览器输入http://localhost:15672,默认用户名密码都是guest。


10.安装并配置Memcached缓存服务【对认证服务进行缓存】(ControllerNode)

#apt-yinstallmemcachedpython-memcache
#vim/etc/memcached.conf
#-l127.0.0.1
-l192.168.30.145
#servicememcachedrestart


二、配置 Keystone 认证服务(ControllerNode)

1.创建keystone 数据库

#MysqL
MariaDB[(none)]>CREATEDATABASEkeystone;##创建keystone数据库
##对keystone数据库授权[用户名@控制节点...BY密码]
MariaDB[(none)]>GRANTALLPRIVILEGESONkeystone.*TO'keystone'@'192.168.30.145'\
IDENTIFIEDBY'keystone';
MariaDB[(none)]>GRANTALLPRIVILEGESONkeystone.*TO'keystone'@'%'\
IDENTIFIEDBY'keystone';
MariaDB[(none)]>flushprivileges;


2.安装并配置 Keystone

#apt-yinstallkeystone
#vim/etc/keystone/keystone.conf
[database]---配置数据库访问[用户名:密码@控制节点]
connection=MysqL+pyMysqL://keystone:keystone@192.168.30.145/keystone
[token]---配置FernetUUID令牌的提供者
provider=fernet
#grep^[a-z]/etc/keystone/keystone.conf
connection=MysqL+pyMysqL://keystone:keystone@192.168.30.145/keystone
provider=fernet


3.初始化身份认证服务数据库

#su-s/bin/sh-c"keystone-managedb_sync"keystone


4.初始化Fernet keys

#keystone-managefernet_setup--keystone-userkeystone--keystone-groupkeystone
#keystone-managecredential_setup--keystone-userkeystone--keystone-groupkeystone


5.配置引导标识服务

#keystone-managebootstrap--bootstrap-passwordqaz123\
--bootstrap-admin-urlhttp://192.168.30.145:35357/v3/\
--bootstrap-internal-urlhttp://192.168.30.145:5000/v3/\
--bootstrap-public-urlhttp://192.168.30.145:5000/v3/\
--bootstrap-region-idRegionOne


6.配置 HTTP 服务器

#vim/etc/apache2/apache2.conf
ServerNamecontroller
#serviceapache2restart##重启Apache服务
#serviceapache2status
#rm-f/var/lib/keystone/keystone.db##删除默认的sqlite数据库


7.配置管理账户

#exportOS_USERNAME=admin
#exportOS_PASSWORD=qaz123
#exportOS_PROJECT_NAME=admin
#exportOS_USER_DOMAIN_NAME=Default
#exportOS_PROJECT_DOMAIN_NAME=Default
#exportOS_AUTH_URL=http://192.168.30.145:35357/v3
#exportOS_IDENTITY_API_VERSION=3


8.创建 service 项目

#openstackprojectcreate--domaindefault\
--description"ServiceProject"service
+-------------+----------------------------------+
|Field|Value|
+-------------+----------------------------------+
|description|ServiceProject|
|domain_id|default|
|enabled|True|
|id|945e37831e74484f8911fb742c925926|
|is_domain|False|
|name|service|
|parent_id|default|
+-------------+----------------------------------+


9.配置普通(非管理)任务项目和用户权限


a.创建 demo 项目

#openstackprojectcreate--domaindefault\
--description"DemoProject"demo
+-------------+----------------------------------+
|Field|Value|
+-------------+----------------------------------+
|description|DemoProject|
|domain_id|default|
|enabled|True|
|id|2ef20ce389eb499696f2d7497c6009b0|
|is_domain|False|
|name|demo|
|parent_id|default|
+-------------+----------------------------------+


b.创建 demo 用户

#openstackusercreate--domaindefault\
--password-promptdemo
UserPassword:
RepeatUserPassword:
+---------------------+----------------------------------+
|Field|Value|
+---------------------+----------------------------------+
|domain_id|default|
|enabled|True|
|id|7cfc508fd5d44b468aac218bd4029bae|
|name|demo|
|options|{}|
|password_expires_at|None|
+---------------------+----------------------------------+


c.创建 user 角色

#openstackrolecreateuser
+-----------+----------------------------------+
|Field|Value|
+-----------+----------------------------------+
|domain_id|None|
|id|83b6ab2af4414ad387b2fc9daf575b3a|
|name|user|
+-----------+----------------------------------+


d.添加 user 角色到 demo 项目和用户

#openstackroleadd--projectdemo--userdemouser


10.禁用临时身份验证令牌机制

#vim/etc/keystone/keystone-paste.ini
[pipeline:public_api]
#pipeline=admin_token_auth
[pipeline:admin_api]
#pipeline=admin_token_auth
[pipeline:api_v3]
#pipeline=admin_token_auth


11.重置 OS_AUTH_URL 和 OS_PASSWORD 环境变量

#unsetOS_AUTH_URLOS_PASSWORD


12.使用 admin 用户,请求认证令牌(密码为admin用户密码)

#openstack--os-auth-urlhttp://192.168.30.145:35357/v3\
--os-project-domain-namedefault--os-user-domain-namedefault\
--os-project-nameadmin--os-usernameadmintokenissue
Password:
+------------+-----------------------------------------------------------+
|Field|Value|
+------------+-----------------------------------------------------------+
|expires|2017-03-28T15:11:50+0000|
|id|gAAAAABY2m8mE9pMATPuFW9YpgoBMTg9mCI6GcmFeQAudwbhGiVblXZP|
||kmSmHc5aFwTZSIdjLzPJaMd1k16UZghj59v45Gvzdh5CLhSFGWPsT8rL|
||fRJD4eE1D_eRz2Jjjk5rDmwAHm5mmffuszJLSe4B2KJyBXkdmmznXL-A|
|project_id|2461396f6a344c21a2360a612d4f6abe|
|user_id|63ca263543fb4b02bb34410e3dc8a801|
+------------+-----------------------------------------------------------+


13.使用 demo 用户,请求认证令牌(密码为demo用户密码)

#openstack--os-auth-urlhttp://192.168.30.145:5000/v3\
--os-project-domain-namedefault--os-user-domain-namedefault\
--os-project-namedemo--os-usernamedemotokenissue
Password:
+------------+-----------------------------------------------------------+
|Field|Value|
+------------+-----------------------------------------------------------+
|expires|2017-03-28T15:13:50+0000|
|id|gAAAAABY2m-eSIWmQg1SyZFaiGcP2kjHf742ktr8YcVH3Q4aHKTflDJ|
||RLAfgmeoDW2z1sbdHQmKQNSb--F-1Pn_hTFHYqgyMlIxYpEQxGhJ-rg|
||b0EuxUT9opwl0m5onaA5Cv_MBX6awxeity8Gh1dc50NUeYela5Yl4uSG|
|project_id|2ef20ce389eb499696f2d7497c6009b0|
|user_id|7cfc508fd5d44b468aac218bd4029bae|
+------------+-----------------------------------------------------------+


14.创建脚本


a.创建并编辑文件 admin-openrc 并添加如下内容:

#vimadmin-openrc
exportOS_PROJECT_DOMAIN_NAME=Default
exportOS_USER_DOMAIN_NAME=Default
exportOS_PROJECT_NAME=admin
exportOS_USERNAME=admin
exportOS_PASSWORD=qaz123
exportOS_AUTH_URL=http://192.168.30.145:35357/v3
exportOS_IDENTITY_API_VERSION=3
exportOS_IMAGE_API_VERSION=2


b.创建并编辑文件 demo-openrc 并添加如下内容:

#vimdemo-openrc
exportOS_PROJECT_DOMAIN_NAME=Default
exportOS_USER_DOMAIN_NAME=Default
exportOS_PROJECT_NAME=demo
exportOS_USERNAME=demo
exportOS_PASSWORD=demo
exportOS_AUTH_URL=http://192.168.30.145:5000/v3
exportOS_IDENTITY_API_VERSION=3
exportOS_IMAGE_API_VERSION=2

15.使用脚本


a.加载脚本

#.admin-openrc


b.请求身份认证令牌

#openstacktokenissue
+------------+----------------------------------------------------------+
|Field|Value|
+------------+----------------------------------------------------------+
|expires|2017-03-28T15:22:55+0000|
|id|gAAAAABY2nG_diuPBMl66vJye3mV3S7CWZKesIiSnbicq5XddujfHhc3x|
||PHni3iHWPcTQAjHoIEMTvSH6yKOQ6Z74QL6hVbshqP1dJrRJ6xEa9WvIk|
||F7H5j7lPmM7ncfVvr9k96gLJ6Uhz38R5qRnHBWkxrlNsgw1jdnAjxf5e|
|project_id|2461396f6a344c21a2360a612d4f6abe|
|user_id|63ca263543fb4b02bb34410e3dc8a801|
+------------+----------------------------------------------------------+


三、配置 Glance 镜像服务(ControllerNode)


1.创建 glance 数据库

#MysqL
MariaDB[(none)]>CREATEDATABASEglance;##创建glance数据库
##对glance数据库授权[用户名@控制节点...BY密码]
MariaDB[(none)]>GRANTALLPRIVILEGESONglance.*TO'glance'@'192.168.30.145'\
IDENTIFIEDBY'glance';
MariaDB[(none)]>GRANTALLPRIVILEGESONglance.*TO'glance'@'%'\
IDENTIFIEDBY'glance';
MariaDB[(none)]>flushprivileges;


2.获取管理员访问权限

#.admin-openrc


3.创建服务证书


a.创建glance用户:

#openstackusercreate--domaindefault--password-promptglance
UserPassword:
RepeatUserPassword:
+---------------------+----------------------------------+
|Field|Value|
+---------------------+----------------------------------+
|domain_id|default|
|enabled|True|
|id|3edeaaae87e14811ac2c6767ab657d6b|
|name|glance|
|options|{}|
|password_expires_at|None|
+---------------------+----------------------------------+


b.添加 admin 角色到 glance 用户和 service 项目上:

#openstackroleadd--projectservice--userglanceadmin


c.创建“glance”服务实体:

#openstackservicecreate--nameglance\
--description"OpenStackImage"image
+-------------+----------------------------------+
|Field|Value|
+-------------+----------------------------------+
|description|OpenStackImage|
|enabled|True|
|id|22a0875ba92c4512989666f116ae1585|
|name|glance|
|type|image|
+-------------+----------------------------------+


d.创建镜像服务的 API 端点:

#openstackendpointcreate--regionRegionOne\
imagepublichttp://192.168.30.145:9292
+--------------+----------------------------------+
|Field|Value|
+--------------+----------------------------------+
|enabled|True|
|id|ff6d9ed365cf4e7f8cc53d47e57cd46b|
|interface|public|
|region|RegionOne|
|region_id|RegionOne|
|service_id|22a0875ba92c4512989666f116ae1585|
|service_name|glance|
|service_type|image|
|url|http://192.168.30.145:9292|
+--------------+----------------------------------+
#openstackendpointcreate--regionRegionOne\
imageinternalhttp://192.168.30.145:9292
+--------------+----------------------------------+
|Field|Value|
+--------------+----------------------------------+
|enabled|True|
|id|7408dd72bc1745758cdf23e136ef7392|
|interface|internal|
|region|RegionOne|
|region_id|RegionOne|
|service_id|22a0875ba92c4512989666f116ae1585|
|service_name|glance|
|service_type|image|
|url|http://192.168.30.145:9292|
+--------------+----------------------------------+
#openstackendpointcreate--regionRegionOne\
imageadminhttp://192.168.30.145:9292
--------------+----------------------------------+
|Field|Value|
+--------------+----------------------------------+
|enabled|True|
|id|8ed4e7e1a5834177b4ce1896c21e6cb9|
|interface|admin|
|region|RegionOne|
|region_id|RegionOne|
|service_id|22a0875ba92c4512989666f116ae1585|
|service_name|glance|
|service_type|image|
|url|http://192.168.30.145:9292|
+--------------+----------------------------------+

4.安装并配置 Glance 组件


a.配置镜像API

#apt-yinstallglance
#vim/etc/glance/glance-api.conf
[database]---配置数据库访问[用户名:密码@控制节点]
connection=MysqL+pyMysqL://glance:glance@192.168.30.145/glance
[keystone_authtoken]---配置身份服务访问
auth_uri=http://192.168.30.145:5000
auth_url=http://192.168.30.145:35357
memcached_servers=192.168.30.145:11211
auth_type=password
project_domain_name=default
user_domain_name=default
project_name=service
username=glance
password=glance
[paste_deploy]
flavor=keystone
[glance_store]---配置本地文件系统存储和图像文件位置
stores=file,http
default_store=file
filesystem_store_datadir=/var/lib/glance/images/
#grep^[a-z]/etc/glance/glance-api.conf
sqlite_db=/var/lib/glance/glance.sqlite
backend=sqlalchemy
connection=MysqL+pyMysqL://glance:glance@192.168.30.145/glance
stores=file,http
default_store=file
filesystem_store_datadir=/var/lib/glance/images
disk_formats=ami,ari,aki,vhd,vhdx,vmdk,raw,qcow2,vdi,iso,ploop.root-tar
auth_uri=http://192.168.30.145:5000
auth_url=http://192.168.30.145:35357
memcached_servers=192.168.30.145:11211
auth_type=password
project_domain_name=default
user_domain_name=default
project_name=service
username=glance
password=glance
flavor=keystone


b.配置镜像注册服务

#vim/etc/glance/glance-registry.conf
[database]---配置数据库访问[用户名:密码@控制节点]
connection=MysqL+pyMysqL://glance:glance@192.168.30.145/glance
[keystone_authtoken]---配置身份服务访问
auth_uri=http://192.168.30.145:5000
auth_url=http://192.168.30.145:35357
memcached_servers=192.168.30.145:11211
auth_type=password
project_domain_name=default
user_domain_name=default
project_name=service
username=glance
password=glance
[paste_deploy]
flavor=keystone
#grep^[a-z]/etc/glance/glance-registry.conf
sqlite_db=/var/lib/glance/glance.sqlite
backend=sqlalchemy
connection=MysqL+pyMysqL://glance:glance@192.168.30.145/glance
auth_uri=http://192.168.30.145:5000
auth_url=http://192.168.30.145:35357
memcached_servers=192.168.30.145:11211
auth_type=password
project_domain_name=default
user_domain_name=default
project_name=service
username=glance
password=glance
flavor=keystone


5.同步镜像服务数据库

#su-s/bin/sh-c"glance-managedb_sync"glance


6.重启服务

#serviceglance-registryrestart
#serviceglance-apirestart
#serviceglance-registrystatus
#serviceglance-apistatus


7.验证操作

使用 CirrOS 对镜像服务进行验证

CirrOS是一个小型的Linux镜像,可以用来进行 OpenStack部署测试。


a.获取管理员权限

#.admin-openrc


b.下载源镜像

#wgethttp://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img


c.使用 QCOW2 磁盘格式, bare 容器格式上传镜像到镜像服务并设置公共可见

#openstackimagecreate"cirros"\
--filecirros-0.3.5-x86_64-disk.img\
--disk-formatqcow2--container-formatbare\
--public
+------------------+------------------------------------------------------+
|Field|Value|
+------------------+------------------------------------------------------+
|checksum|f8ab98ff5e73ebab884d80c9dc9c7290|
|container_format|bare|
|created_at|2017-03-29T05:57:56Z|
|disk_format|qcow2|
|file|/v2/images/4b6ebd57-80ab-4b79-8ecc-53a026f3e898/file|
|id|4b6ebd57-80ab-4b79-8ecc-53a026f3e898|
|min_disk|0|
|min_ram|0|
|name|cirros|
|owner|2461396f6a344c21a2360a612d4f6abe|
|protected|False|
|schema|/v2/schemas/image|
|size|13267968|
|status|active|
|tags||
|updated_at|2017-03-29T05:57:56Z|
|virtual_size|None|
|visibility|public|
+------------------+------------------------------------------------------+


d.确认镜像的上传并验证属性

#openstackimagelist
+--------------------------------------+--------+--------+
|ID|Name|Status|
+--------------------------------------+--------+--------+
|4b6ebd57-80ab-4b79-8ecc-53a026f3e898|cirros|active|
+--------------------------------------+--------+--------+


五、配置Neutron 网络服务【各节点皆要配置】


1.创建 neutron 数据库

#MysqL
MariaDB[(none)]CREATEDATABASEneutron;##创建neutron数据库
##对neutron数据库授权[用户名@控制节点...BY密码]
MariaDB[(none)]>GRANTALLPRIVILEGESONneutron.*TO'neutron'@'192.168.30.145'\\
IDENTIFIEDBY'neutron';
MariaDB[(none)]>GRANTALLPRIVILEGESONneutron.*TO'neutron'@'%'\\
IDENTIFIEDBY'neutron';
MariaDB[(none)]>flushprivileges;


2.获取管理员访问权限

#.admin-openrc


3.创建服务证书


a.创建 neutron 用户

#openstackusercreate--domaindefault--password-promptneutron
UserPassword:
RepeatUserPassword:
+---------------------+----------------------------------+
|Field|Value|
+---------------------+----------------------------------+
|domain_id|default|
|enabled|True|
|id|54cd9e72295c411090ea9f641cb02135|
|name|neutron|
|options|{}|
|password_expires_at|None|
+---------------------+----------------------------------+


b.添加 admin 角色到 neutron 用户

#openstackroleadd--projectservice--userneutronadmin


c.创建 neutron 服务实体

#openstackservicecreate--nameneutron\\
--description"OpenStackNetworking"network
+-------------+----------------------------------+
|Field|Value|
+-------------+----------------------------------+
|description|OpenStackNetworking|
|enabled|True|
|id|720687745d354718862255a56d7aea46|
|name|neutron|
|type|network|
+-------------+----------------------------------+


d.创建 neutron 服务API端点

#openstackendpointcreate--regionRegionOne\\
networkpublichttp://192.168.30.145:9696
+--------------+----------------------------------+
|Field|Value|
+--------------+----------------------------------+
|enabled|True|
|id|a9b1b5b8fbb842a8b14a9cecca7a58a8|
|interface|public|
|region|RegionOne|
|region_id|RegionOne|
|service_id|720687745d354718862255a56d7aea46|
|service_name|neutron|
|service_type|network|
|url|http://192.168.30.145:9696|
+--------------+----------------------------------+

#openstackendpointcreate--regionRegionOne\\
networkinternalhttp://192.168.30.145:9696
+--------------+----------------------------------+
|Field|Value|
+--------------+----------------------------------+
|enabled|True|
|id|61e2c14b0c8f4003a7099012e9a6331f|
|interface|internal|
|region|RegionOne|
|region_id|RegionOne|
|service_id|720687745d354718862255a56d7aea46|
|service_name|neutron|
|service_type|network|
|url|http://192.168.30.145:9696|
+--------------+----------------------------------+
#openstackendpointcreate--regionRegionOne\\
networkadminhttp://192.168.30.145:9696
+--------------+----------------------------------+
|Field|Value|
+--------------+----------------------------------+
|enabled|True|
|id|6719539759c34487bd519c0dffb5509d|
|interface|admin|
|region|RegionOne|
|region_id|RegionOne|
|service_id|720687745d354718862255a56d7aea46|
|service_name|neutron|
|service_type|network|
|url|http://192.168.30.145:9696|
+--------------+----------------------------------+


4.配置网络类型2:私有网络


a.安装组件

#apt-yinstallneutron-serverneutron-plugin-ml2\\
neutron-linuxbridge-agentneutron-l3-agentneutron-dhcp-agent\\
neutron-Metadata-agent


b.配置 Neutron组件

#vim/etc/neutron/neutron.conf
[database]----配置数据库访问[用户名:密码@控制节点]
#connection=sqlite:////var/lib/neutron/neutron.sqlite
connection=MysqL+pyMysqL://neutron:neutron@192.168.30.145/neutron
[DEFAULT]----启用ML2插件、路由器服务和overlappingIPaddresses
core_plugin=ml2
service_plugins=router
allow_overlapping_ips=true

[DEFAULT]----配置RabbitMQ消息队列访问[用户名:密码@控制节点]
transport_url=rabbit://openstack:openstack@192.168.30.145
[DEFAULT]----配置认证服务访问
auth_strategy=keystone
[keystone_authtoken]----配置认证服务访问
auth_uri=http://192.168.30.145:5000
auth_url=http://192.168.30.145:35357
memcached_servers=192.168.30.145:11211
auth_type=password
project_domain_name=default
user_domain_name=default
project_name=service
username=neutron
password=neutron

[DEFAULT]----配置网络服务来通知计算节点的网络拓扑变化
notify_nova_on_port_status_changes=true
notify_nova_on_port_data_changes=true
[nova]----配置网络服务来通知计算节点的网络拓扑变化
auth_url=http://192.168.30.145:35357
auth_type=password
project_domain_name=default
user_domain_name=default
region_name=RegionOne
project_name=service
username=nova
password=nova
#grep^[a-z]/etc/neutron/neutron.conf
auth_strategy=keystone
core_plugin=ml2
service_plugins=router
allow_overlapping_ips=true
notify_nova_on_port_status_changes=true
notify_nova_on_port_data_changes=true
transport_url=rabbit://openstack:openstack@192.168.30.145
root_helper=sudo/usr/bin/neutron-rootwrap/etc/neutron/rootwrap.conf
connection=MysqL+pyMysqL://neutron:neutron@192.168.30.145/neutron
auth_uri=http://192.168.30.145:5000
auth_url=http://192.168.30.145:35357
memcached_servers=192.168.30.145:11211
auth_type=password
project_domain_name=default
user_domain_name=default
project_name=service
username=neutron
password=neutron
region_name=RegionOne
auth_url=http://192.168.30.145:35357
auth_type=password
password=nova
project_domain_name=default
project_name=service
user_domain_name=default
username=nova



c.配置 Modular Layer 2 (ML2) 插件

ML2插件使用Linuxbridge机制来为实例创建layer-2虚拟网络基础设施

#vim/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]----启用flat,VLAN以及VXLAN网络
type_drivers=flat,vlan,vxlan
[ml2]----启用VXLAN私有网络
tenant_network_types=vxlan
[ml2]----启用Linuxbridge和layer-2机制
mechanism_drivers=linuxbridge,l2population
[ml2]----启用端口安全扩展驱动
extension_drivers=port_security
[ml2_type_flat]----配置公共虚拟网络为flat网络
flat_networks=provider
[ml2_type_vxlan]----为私有网络配置VXLAN网络识别的网络范围
vni_ranges=1:1000
[securitygroup]----启用ipset增加安全组规则的高效性
enable_ipset=true

#grep^[a-z]/etc/neutron/plugins/ml2/ml2_conf.ini
type_drivers=flat,vxlan
tenant_network_types=vxlan
mechanism_drivers=linuxbridge,l2population
extension_drivers=port_security
flat_networks=provider
vni_ranges=1:1000
enable_ipset=true

注:Linuxbridge代理只支持VXLAN覆盖网络


d.配置Linuxbridge代理

Linuxbridge代理为实例建立layer-2虚拟网络并且处理安全组规则

#vim/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]----对应公共虚拟网络和公共物理网络接口
physical_interface_mappings=provider:ens33
[vxlan]----启用VXLAN覆盖网络,配置覆盖网络的物理网络接口的IP地址,并启用layer-2population
enable_vxlan=true
local_ip=192.168.30.145
l2_population=true
[securitygroup]----启用安全组并配置防火墙服务
enable_security_group=true
firewall_driver=neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

#grep^[a-z]/etc/neutron/plugins/ml2/linuxbridge_agent.ini
physical_interface_mappings=provider:ens33
firewall_driver=neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
enable_security_group=true
enable_vxlan=true
local_ip=192.168.30.145
l2_population=true


e.配置layer-3代理

Layer-3代理为私有虚拟网络提供路由和NAT服务

#vim/etc/neutron/l3_agent.ini
[DEFAULT]----配置Linuxbridge接口驱动和外部网络网桥
interface_driver=linuxbridge

#grep^[a-z]/etc/neutron/l3_agent.ini
interface_driver=linuxbridge


f.配置DHCP代理

DHCP代理为虚拟网络提供DHCP服务

#vim/etc/neutron/dhcp_agent.ini
[DEFAULT]----配置Linuxbridge驱动接口,DHCP驱动并启用隔离元数据
interface_driver=linuxbridge
dhcp_driver=neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_Metadata=true

#grep^[a-z]/etc/neutron/dhcp_agent.ini
interface_driver=linuxbridge
dhcp_driver=neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_Metadata=true


g.配置元数据代理----负责提供配置信息

#vim/etc/neutron/Metadata_agent.ini
[DEFAULT]----配置元数据主机以及共享密码
nova_Metadata_ip=192.168.30.145
Metadata_proxy_shared_secret=qaz123

#grep^[a-z]/etc/neutron/Metadata_agent.ini
nova_Metadata_ip=192.168.30.145
Metadata_proxy_shared_secret=qaz123


5.在控制节点上为计算节点配置网络服务

#vim/etc/nova/nova.conf
[neutron]----配置访问参数,启用元数据代理并设置密码
url=http://192.168.30.145:9696
auth_url=http://192.168.30.145:35357
auth_type=password
project_domain_name=default
user_domain_name=default
region_name=RegionOne
project_name=service
username=neutron
password=neutron
service_Metadata_proxy=true
Metadata_proxy_shared_secret=qaz123
#grep^[a-z]/etc/nova/nova.conf


6.完成安装


a.同步数据库

#su-s/bin/sh-c"neutron-db-manage--config-file/etc/neutron/neutron.conf\\
--config-file/etc/neutron/plugins/ml2/ml2_conf.iniupgradehead"neutron
......
OK

注:数据库的同步发生在 Networking 之后,因为脚本需要完成服务器和插件配置文件


b.重启计算 API 服务

#servicenova-apirestart


c.重启 Networking 服务

对于两种网络类型:

#serviceneutron-serverrestart
#serviceneutron-linuxbridge-agentrestart
#serviceneutron-dhcp-agentrestart
#serviceneutron-Metadata-agentrestart


对于网络类型 2 ,还需重启 L3 服务:

#serviceneutron-l3-agentrestart


d.确认启动与否

#servicenova-apistatus
#serviceneutron-serverstatus
#serviceneutron-linuxbridge-agentstatus
#serviceneutron-dhcp-agentstatus
#serviceneutron-Metadata-agentstatus
#serviceneutron-l3-agentstatus


7.配置 Compute Node 的Neutron 网络服务

#apt-yinstallneutron-linuxbridge-agent
#vim/etc/neutron/neutron.conf
[database]----计算节点不直接访问数据库
#connection=sqlite:////var/lib/neutron/neutron.sqlite
[DEFAULT]----配置RabbitMQ消息队列访问[用户名:密码@控制节点]
transport_url=rabbit://openstack:openstack@192.168.30.145
[DEFAULT]----配置认证服务访问
auth_strategy=keystone
[keystone_authtoken]----配置认证服务访问
auth_uri=http://192.168.30.145:5000
auth_url=http://192.168.30.145:35357
memcached_servers=192.168.30.145:11211
auth_type=password
project_domain_name=default
user_domain_name=default
project_name=service
username=neutron
password=neutron

#grep^[a-z]/etc/neutron/neutron.conf
auth_strategy=keystone
core_plugin=ml2
transport_url=rabbit://openstack:openstack@192.168.30.145
root_helper=sudo/usr/bin/neutron-rootwrap/etc/neutron/rootwrap.conf
auth_uri=http://192.168.30.145:5000
auth_url=http://192.168.30.145:35357
memcached_servers=192.168.30.145:11211
auth_type=password
project_domain_name=default
user_domain_name=default
project_name=service
username=neutron
password=neutron


8.为计算节点配置网络服务

#vim/etc/nova/nova.conf
[neutron]----配置访问参数
url=http://192.168.30.145:9696
auth_url=http://192.168.30.145:35357
auth_type=password
project_domain_name=default
user_domain_name=default
region_name=RegionOne
project_name=service
username=neutron
password=neutron
#grep^[a-z]/etc/nova/nova.conf


9.完成安装


a.重启计算服务:

#servicenova-computerestart
#servicenova-computestatus


b.重启Linuxbridge代理:

#serviceneutron-linuxbridge-agentrestart
#serviceneutron-linuxbridge-agentstatus


10.在计算节点上配置网络类型2

配置Linuxbridge代理----为实例建立layer-2虚拟网络并且处理安全组规则

#vim/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]----对应公共虚拟网络和公共物理网络接口
physical_interface_mappings=provider:ens33
[vxlan]----启用VXLAN覆盖网络,配置覆盖网络的物理网络接口的IP地址,启用layer-2population
enable_vxlan=true
local_ip=192.168.30.146
l2_population=true
[securitygroup]----启用安全组并配置firewall_driver
enable_security_group=true
firewall_driver=neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

#grep^[a-z]/etc/neutron/plugins/ml2/linuxbridge_agent.ini
physical_interface_mappings=provider:ens33
firewall_driver=neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
enable_security_group=true
enable_vxlan=true
local_ip=192.168.30.146
l2_population=true


11.在控制节点上验证操作


a.获取管理员权限

#.admin-openrc


b.列出加载的扩展来验证 neutron-server 进程是否正常启动

#openstackextensionlist--network
+----------------------+----------------------+--------------------------+
|Name|Alias|Description|
+----------------------+----------------------+--------------------------+
|DefaultSubnetpools|default-subnetpools|Providesabilitytomark|
|||anduseasubnetpoolas|
|||thedefault|
|NetworkIP|network-ip-|ProvidesIPavailability|
|Availability|availability|dataforeachnetwork|
|||andsubnet.|
|NetworkAvailability|network_availability_z|Availabilityzone|
|Zone|one|supportfornetwork.|
|AutoAllocated|auto-allocated-|AutoAllocatedTopology|
|TopologyServices|topology|Services.|
|NeutronL3|ext-gw-mode|Extensionoftherouter|
|Configurableexternal||abstractionfor|
|gatewaymode||specifyingwhetherSNAT|
|||shouldoccuronthe|
|||externalgateway|
|PortBinding|binding|Exposeportbindingsof|
|||avirtualportto|
|||externalapplication|
|agent|agent|Theagentmanagement|
|||extension.|
|SubnetAllocation|subnet_allocation|Enablesallocationof|
|||subnetsfromasubnet|
|||pool|
|L3AgentScheduler|l3_agent_scheduler|Scheduleroutersamong|
|||l3agents|
|Tagsupport|tag|Enablestosettagon|
|||resources.|
|Neutronexternal|external-net|Addsexternalnetwork|
|network||attributetonetwork|
|||resource.|
|NeutronService|flavors|Flavorspecificationfor|
|Flavors||Neutronadvanced|
|||services|
|NetworkMTU|net-mtu|ProvidesMTUattribute|
|||foranetworkresource.|
|AvailabilityZone|availability_zone|Theavailabilityzone|
|||extension.|
|Quotamanagement|quotas|Exposefunctionsfor|
|support||quotasmanagementper|
|||tenant|
|HARouterextension|l3-ha|AddHAcapabilityto|
|||routers.|
|ProviderNetwork|provider|Exposemappingof|
|||virtualnetworksto|
|||physicalnetworks|
|MultiProviderNetwork|multi-provider|Exposemappingof|
|||virtualnetworksto|
|||multiplephysical|
|||networks|
|Addressscope|address-scope|Addressscopes|
|||extension.|
|NeutronExtraRoute|extraroute|Extraroutes|
|||configurationforL3|
|||router|
|Subnetservicetypes|subnet-service-types|Providesabilitytoset|
|||thesubnetservice_types|
|||field|
|Resourcetimestamps|standard-attr-|Addscreated_atand|
||timestamp|updated_atfieldstoall|
|||Neutronresourcesthat|
|||haveNeutronstandard|
|||attributes.|
|NeutronServiceType|service-type|APIforretrieving|
|Management||serviceprovidersfor|
|||Neutronadvanced|
|||services|
|RouterFlavor|l3-flavors|Flavorsupportfor|
|Extension||routers.|
|PortSecurity|port-security|Providesportsecurity|
|NeutronExtraDHCP|extra_dhcp_opt|Extraoptions|
|opts||configurationforDHCP.|
|||ForexamplePXEboot|
|||optionstoDHCPclients|
|||canbespecified(e.g.|
|||tftp-server,server-ip-|
|||address,bootfile-name)|
|Resourcerevision|standard-attr-|Thisextensionwill|
|numbers|revisions|displaytherevision|
|||numberofneutron|
|||resources.|
|Paginationsupport|pagination|Extensionthatindicates|
|||thatpaginationis|
|||enabled.|
|Sortingsupport|sorting|Extensionthatindicates|
|||thatsortingisenabled.|
|security-group|security-group|Thesecuritygroups|
|||extension.|
|DHCPAgentScheduler|dhcp_agent_scheduler|Schedulenetworksamong|
|||dhcpagents|
|RouterAvailability|router_availability_zo|Availabilityzone|
|Zone|ne|supportforrouter.|
|RBACPolicies|rbac-policies|Allowscreationand|
|||modificationofpolicies|
|||thatcontroltenant|
|||accesstoresources.|
|Tagsupportfor|tag-ext|Extendstagsupportto|
|resources:subnet,||moreL2andL3|
|subnetpool,port,||resources.|
|router|||
|standard-attr-|standard-attr-|Extensiontoadd|
|description|description|descriptionstostandard|
|||attributes|
|NeutronL3Router|router|Routerabstractionfor|
|||basicL3forwarding|
|||betweenL2Neutron|
|||networksandaccessto|
|||externalnetworksviaa|
|||NATgateway.|
|AllowedAddressPairs|allowed-address-pairs|Providesallowedaddress|
|||pairs|
|project_idfield|project-id|Extensionthatindicates|
|enabled||thatproject_idfieldis|
|||enabled.|
|DistributedVirtual|dvr|Enablesconfigurationof|
|Router||DistributedVirtual|
|||Routers.|
+----------------------+----------------------+--------------------------+


c.启动 neutron 代理验证是否成功

#neutronagent-list
+--------------------------------------+--------------------+------------+
|id|agent_type|host|
+--------------------------------------+--------------------+------------+
|23601054-312a-497c-b728-4b791ce76e64|L3agent|controller|
|9a7546d9-73ec-47e0-ab23-ca2a5366660f|Linuxbridgeagent|controller|
|acd42d89-1af4-413f-be77-3172d38a805d|Metadataagent|controller|
|b438ae93-aaf3-41f0-a7b7-d1502a1986c9|DHCPagent|controller|
|e1d32b6b-07c6-468b-965d-ce9dfd09b338|Linuxbridgeagent|compute|
+--------------------------------------+--------------------+------------+
+-------------------+-------+----------------+---------------------------+
|availability_zone|alive|admin_state_up|binary|
+-------------------+-------+----------------+---------------------------+
|nova|:-)|True|neutron-l3-agent|
||:-)|True|neutron-linuxbridge-agent|
||:-)|True|neutron-Metadata-agent|
|nova|:-)|True|neutron-dhcp-agent|
||:-)|True|neutron-linuxbridge-agent|
+-------------------+-------+----------------+---------------------------+
原文链接:https://www.f2er.com/ubuntu/353685.html

猜你在找的Ubuntu相关文章

学linux,从Ubuntu开始
1.安装过程出现0x00000000指令引用的0x00000000内存该内存不能为written 如果你安装的是in...
ubuntu16.04获取root权限并用root用户登录
写在全面:如果根据以下教程涉及到只读文件需要更改文件权限才能需修改文件内容,参考我的...
ubuntu18.04获取root权限并用root用户登录
写在前面:以下步骤中需要在终端输入命令,电脑端查看博客的朋友可以直接复制粘贴到终端,...
ubuntu16.04和18.04更换国内源
ubuntu16.04和18.04更换国内源 写在前面:安装好ubuntu双系统后,默认的软件更新源是国外的...
ubuntu双系统启动时卡死解决办法
ubuntu双系统启动时卡死解决办法(在ubuntu16.04和18.04测试无误) 问题描述: 在安装完ub...
Ubuntu安装ssh
Ubuntu报“xxx is not in the sudoers file.This incident will be reported” 错误解决方法
ubuntu-make | Ubuntu Linux一键安装开发环境
-- 作者 谢恩铭 转载请注明出处 内容简介 什么是ubuntu-make 安装最新版ubuntu-make 用ubu...
Ubuntu 17.04(Zesty Zapus)正式发布,可以下载使用了
今天,2017 年 4 月 13 日,Canonical 官方发布了 Ubuntu 17.04(Zesty Zapus)的最终版。...
Ubuntu 为钱而放弃 Unity ? Linux 社区的反应
(点击上方公众号,可快速关注) 编译:伯乐在线/黄小非 如有好文章投稿,请点击 → 这里...
LinuxWindowsCentOSUbuntuNginxWebServiceScalaMemcacheApacheRedisDockerBashAzureTomcatLNMPShell数据结构服务器运维网络安全
xebugnodemondocker-copydcoselasticsearcwindows-contdocker-windodocker-awsamazon-cloudenvoyproxyhashicorp-vaswisscomdevkafka-pythonzscalerphoton-osdocker-swarmkamongoogle-cloudconcoursewso2-ampersistent-vapi-managerprocess-manamanjarojenkins-workhypriotremoteapikeystonejsbitcoindbitcoin-test