一.基本环境描述
操作系统采用ubutun16.04,系统最少8G内存,80G硬盘,控制节点和网络节点部署在同一个host,计算和控制节点采用双网卡。参考install.guide手册的 第二种网络模型。Block storage和object storage不做部署。拓扑图中的地址要根据实际的环境进行相应的替换。
provider网络部分本安装手册不涉及,实现的是vxlan的overlay的网络的部分。采用的都是linux bridge。
拓扑如下:
二.配置及服务安装
2.1控制节点
2.1.1 hostname及resolve配置
1. 设置hostname为controller
修改/etc/hostname 修改名称为controller
2. 修改/etc/hosts文件,选择一个网卡作为虚拟网络内部通信的地址,如选网卡eth1作为管理网络,根据其地址,则将hosts文件修改如下:
# controller
10.0.0.2 controller
# compute1
10.0.0.3 compute1
2.1.2 NTP安装
1. Install packages:
# apt install chrony
2. 配置文件修改,/etc/chrony/chrony.conf,控制节点不需要修改server
添加一行:allow 10.0.0.0/24
3. 重启ntp服务
# service chrony restart
4. 验证修改
root@ubuntu:/home/pw# chronyc sources
210 Number of sources = 4
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^+ undefined.hostname.localh 2 6 77 89 +11ms[ +11ms] +/- 105ms
^* 119.28.183.184 2 6 177 24 -8018us[-7885us] +/- 53ms
^- sv1.ggsrv.de 2 6 177 22 -45ms[ -45ms] +/- 145ms
^+ time.cloudflare.com 3 6 77 87 +1015us[+1152us] +/- 118ms
root@ubuntu:/home/pw#
2.1.3 Openstack包 repository配置
1. root@ubuntu:/home/pw# apt install software-properties-common
2. root@ubuntu:/home/pw# add-apt-repository cloud-archive:queens
3. 更新源
apt update && apt dist-upgrade
4. Openstack client 安装
apt install python-openstackclient
2.1.4 SQL 安装
1. 安装软件包
apt install mariadb-server python-pymysql
2. 数据库配置
创建并编辑/etc/mysql/mariadb.conf.d/99-openstack.cnf 文件
[mysqld]
bind-address = 10.0.0.2 //该地址配置为controller节点的管理通道接口地址
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
3. 重启数据库服务
service mysql restart
mysql_secure_installation
安装提示密码时需要自己选定设置一个mysql登录密码。
2.1.5 Message queue安装
1. 安装软件包
apt install rabbitmq-server
2. 添加openstack user
rabbitmqctl add_user openstack RABBIT_PASS
RABBIT_PASS替换为自己设定的密码
3. 权限添加
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
2.1.6 Memcached 安装
1. 安装软件包
apt install memcached python-memcache
2.修改/etc/memcached.conf
-l 10.0.0.2
- 3. 服务重启
service memcached restart
2.1.7 Etcd安装
1. 安装软件包
apt install etcd
2.配置修改
编辑文件/etc/default/etcd
ETCD_NAME="controller"
ETCD_DATA_DIR="/var/lib/etcd"
ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER="controller=http://10.0.0.2:2380"
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.0.0.2:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://10.0.0.2:2379"
ETCD_LISTEN_PEER_URLS="http://0.0.0.0:2380"
ETCD_LISTEN_CLIENT_URLS="http://10.0.0.2:2379
3.服务重启
systemctl enable etcd
systemctl restart etcd
2.1.8 控制节点的service
本次安装采用的是最小化服务安装,安装的服务包含以下内容:
(1)Keystone
(2)Glance
(3)Compute
(4)Neutron
(5)Horizon
1. Keystone安装
Keystone的作用是为各服务提供验证授权。
1.1 以root身份连接数据库
root@ubuntu:/var/log# mysql
1.2 创建keystone db
MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.00 sec)
1.3 授权db的访问权限
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
-> IDENTIFIED BY 'sonic';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
-> IDENTIFIED BY 'sonic';
sonic为秘钥,自行修改,完成安装后退出数据库。
1.4 软件包安装
apt install keystone apache2 libapache2-mod-wsgi
1.5 Keystone配置
修改/etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:sonic@controller/keystone
sonic为密码,自行修改。
[token]
provider = fernet
1.6 Identity服务写数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
1.7 初始化fernet秘钥存储
root@ubuntu:/var/log# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
root@ubuntu:/var/log# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
1.8 启动identity服务
root@ubuntu:/var/log# keystone-manage bootstrap --bootstrap-password sonic \
> --bootstrap-admin-url http://controller:5000/v3/ \
> --bootstrap-internal-url http://controller:5000/v3/ \
> --bootstrap-public-url http://controller:5000/v3/ \
> --bootstrap-region-id RegionOne
Sonic为密钥,根据配置修改。
1.9 Apache http server配置
修改/etc/apache2/apache2.conf,添加ServerName
ServerName controller
1.10 服务重启
# service apache2 restart
1.11 配置管理账户
$ export OS_USERNAME=admin
$ export OS_PASSWORD=sonic
$ export OS_PROJECT_NAME=admin
$ export OS_USER_DOMAIN_NAME=Default
$ export OS_PROJECT_DOMAIN_NAME=Default
$ export OS_AUTH_URL=http://controller:5000/v3
$ export OS_IDENTITY_API_VERSION=3
1.12 验证配置
创建domain,projects,users,roles
root@ubuntu:/var/log# openstack domain create --description "An Example Domain" example
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | An Example Domain |
| enabled | True |
| id | 53ab854bfe784495bbb87273d8217ff3 |
| name | example |
| tags | [] |
+-------------+----------------------------------+
root@ubuntu:/var/log#
创建service project
# openstack project create --domain default \
> --description "Service Project" service
创建 user role
# openstack role create user
1.13 创建环境变量脚本
创建admin-openrc文件
添加如下内容:
export OS_USERNAME=admin
export OS_PASSWORD=sonic
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
2. Image service安装
- 数据库创建及配置
Root登录数据库
root@ubuntu:/var/log# mysql -u root -p
- 创建glance数据库
MariaDB [(none)]> CREATE DATABASE glance;
Query OK, 1 row affected (0.00 sec)
- 授权配置
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'sonic';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY 'sonic';
- 创建glance用户
# . admin-openrc
# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 94a136f36aff471aa7946dd78f12ecfa |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
给用户添加admin 角色
# openstack role add --project service --user glance admin
- 创建glance服务实体
# openstack service create --name glance \
> --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 4d667ddc65f848969438442690591fc1 |
| name | glance |
| type | image |
+-------------+----------------------------------+
- 创建image 服务endpoint
root@ubuntu:/home/pw# openstack endpoint create --region RegionOne \
> image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 809ea4dacaf446b2939f0b7ec7df2bf8 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 4d667ddc65f848969438442690591fc1 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
# openstack endpoint create --region RegionOne \
> image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 99425f7e5ad04107ab5780a6162251c6 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 4d667ddc65f848969438442690591fc1 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
# openstack endpoint create --region RegionOne \
> image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f3167c0c43984d559a622e46018da844 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 4d667ddc65f848969438442690591fc1 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
- Glance软件安装
# apt install glance
- Glance配置修改
编辑/etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:sonic@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = sonic
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
编辑/etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:sonic@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = sonic
[paste_deploy]
flavor = keystone
- 写入image service databse
su -s /bin/sh -c "glance-manage db_sync" glance
- 服务启动
# service glance-registry restart
# service glance-api restart
- 镜像下载与上传
# wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
# openstack image create "cirros" \
> --file cirros-0.4.0-x86_64-disk.img \
> --disk-format qcow2 --container-format bare \
> --public
# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 29f4bcbf-96e6-469f-90c7-4537a6bf32ce | cirros | active |
+--------------------------------------+--------+--------+
root@sonic:/home/sonic#
本镜像是个验证的简单linux,可以制作自己的镜像文件直接上传。
3. Compute服务安装
- 数据库创建及配置
1.1 # mysql
1.2 创建nova 数据库
MariaDB [(none)]> CREATE DATABASE nova_api;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE nova;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE nova_cell0;
Query OK, 1 row affected (0.00 sec)
1.3 DB授权配置
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY 'sonic';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY 'sonic';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY 'sonic';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY 'sonic';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
IDENTIFIED BY 'sonic';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
IDENTIFIED BY 'sonic';
Sonic为密码 根据配置自己修改。
- Compute服务 credentials
# . admin-openrc
# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 6a3775088d6a40c1affec4af704d9ae0 |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
添加role
# openstack role add --project service --user nova admin
root@ubuntu:/home/pw# openstack service create --name nova \
> --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | ba995b8109364e01b92abc609a0895a7 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
- Compute API service endpoint创建
# openstack endpoint create --region RegionOne \
> compute public http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 6a3cdeb628334af0a9779217d30a38fa |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ba995b8109364e01b92abc609a0895a7 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
# openstack endpoint create --region RegionOne \
> compute internal http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | de870367ac774520a67a3b6388578c5b |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ba995b8109364e01b92abc609a0895a7 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
# openstack endpoint create --region RegionOne \
> compute admin http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | e2f0dd556fee473c95dc6a74be48d8b2 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ba995b8109364e01b92abc609a0895a7 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
- Placement创建
# openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 2b9396b1603847a4b0da4baba5a377cd |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
添加role
# openstack role add --project service --user placement admin
- Placement endpoint创建
# openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | 6e0dcf5a876144df8412db5ff455a39f |
| name | placement |
| type | placement |
+-------------+----------------------------------+
- Placement api entry创建
# openstack endpoint create --region RegionOne placement public http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | cb6e3b41b5a7498989521e7bedaf1d82 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6e0dcf5a876144df8412db5ff455a39f |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
# openstack endpoint create --region RegionOne placement internal http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | d10ab38970a2418f842b0a94cb5f522a |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6e0dcf5a876144df8412db5ff455a39f |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
# openstack endpoint create --region RegionOne placement admin http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 90af8821aa054d9898d3fb799a3948b4 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6e0dcf5a876144df8412db5ff455a39f |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
- Nova软件包安装
apt install nova-api nova-conductor nova-consoleauth \
nova-novncproxy nova-scheduler nova-placement-api
- Nova配置文件修改
编辑/etc/nova/nova.conf 添加如下:
[api_database]
connection = mysql+pymysql://nova:sonic@controller/nova_api
[database]
connection = mysql+pymysql://nova:sonic@controller/nova
[DEFAULT]
...
#log_dir = /var/log/nova 该配置要注释掉,有已知bug
transport_url = rabbit://openstack:sonic@controller
my_ip = 10.0.0.2
user_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
...
auth_strategy = keystone
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = sonic
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = sonic #passwd
- 配置nova-api写库
# su -s /bin/sh -c "nova-manage api_db sync" nova
- Cell0配置
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
- Cell1配置
# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
8d0d26b9-7f18-41ca-a418-5ac6be31b850
- Novadb 同步写入
# su -s /bin/sh -c "nova-manage db sync" nova
- Nova cell验证
# nova-manage cell_v2 list_cells
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+
| Name | UUID | Transport URL | Database Connection |
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@controller/nova_cell0 |
| cell1 | 8d0d26b9-7f18-41ca-a418-5ac6be31b850 | rabbit://openstack:****@controller | mysql+pymysql://nova:****@controller/nova |
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+
- 服务重启
# service nova-api restart
# service nova-consoleauth restart
# service nova-scheduler restart
# service nova-conductor restart
# service nova-novncproxy restart
##vnc 代理实现 参考https://www.cnblogs.com/popsuper1982/p/3800227.html
4. Neutron 网络服务安装
- 数据库相关配置
Root用户登录创建:
# mysql -u root -p
创建neutron db:
MariaDB [(none)]> CREATE DATABASE neutron;
Query OK, 1 row affected (0.00 sec)
授权配置:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'sonic';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'sonic';
- Service credentials配置
# . admin-openrc
创建user
# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | e4000e0b3bc546698e0f7dea68225861 |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
Role添加
# openstack role add --project service --user neutron admin
Service创建
# openstack service create --name neutron \
> --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 71a0116a6f93494eb5cc3f17e443da8c |
| name | neutron |
| type | network |
+-------------+----------------------------------+
- Network service api endpoint配置
root@ubuntu:/home/pw# openstack endpoint create --region RegionOne \
> network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 64a16e16c67041b2980ce7f3684336bc |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 71a0116a6f93494eb5cc3f17e443da8c |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
root@ubuntu:/home/pw# openstack endpoint create --region RegionOne \
> network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 7b206569c7bd4c0bbcff16a8a03d4f77 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 71a0116a6f93494eb5cc3f17e443da8c |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
root@ubuntu:/home/pw# openstack endpoint create --region RegionOne \
> network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | c1abda10d729478e9d922a8b24dce1fc |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 71a0116a6f93494eb5cc3f17e443da8c |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
- self-service network配置,支持三层vxlan类型网络的服务
安装手册提供了两种网络,本次配置选择option2 支持租户vxlan网络创建
4.1 neutron的软件安装
# apt install neutron-server neutron-plugin-ml2 \
neutron-linuxbridge-agent neutron-l3-agent neutron-dhcp-agent \
neutron-metadata-agent
4.2 配置文件修改
/etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:sonic@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[database]
connection = mysql+pymysql://neutron:sonic@controller/neutron
[keystone_authtoken]
#
# From keystonemiddleware.auth_token
#
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = sonic
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = sonic
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp
4.3 Plugin配置
修改配置 /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan]
# ...
vni_ranges = 1:1000
[securitygroup]
# ...
enable_ipset = true
4.4 Plugin agent配置
[linux_bridge]
physical_interface_mappings = provider:ens39 #provider网络连接接口
[vxlan]
enable_vxlan = true
local_ip = 10.0.0.2
l2_population = true
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置linxu kernal支持network filter
修改/etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
# sysctl -p
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
4.5 L3 agent配置
修改/etc/neutron/l3_agent.ini
[DEFAULT]
# ...
interface_driver = linuxbridge
4.6 Dhcp agent配置
[DEFAULT]
/etc/neutron/dhcp_agent.ini
# ...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
4.7 metadata 配置
修改/etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = sonic
4.8 修改nova的配置
/etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = sonic
service_metadata_proxy = true
metadata_proxy_shared_secret = sonic
密码部分都替换为sonic,可以自行替换
- 配置同步写库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
- 服务启动
service nova-api restart
service neutron-server restart
service neutron-linuxbridge-agent restart
service neutron-dhcp-agent restart
service neutron-metadata-agent restart
service neutron-l3-agent restart
5. Dashboard 安装
1. 软件包安装
# apt install openstack-dashboard
2. 配置文件修改
修改/etc/openstack-dashboard/local_settings.py
OPENSTACK_HOST = "controller"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
},
}
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default'
OPENSTACK_API_VERSIONS = {
# "data-processing": 1.1,
"identity": 3,
"image": 2,
"volume": 2,
# "compute": 2,
}
此处在虚拟机安装时候遇到bug,dashborad登录不了,报验证错误,把/etc/openstack-dashboard/local_settings 中
SESSION_ENGINE = 'django.contrib.sessions.backends.cache' 应改为
SESSION_ENGINE = 'django.contrib.sessions.backends.file'
3. 服务重启
# service apache2 reload
4. 登录dashboard
登录时将controller实际部署dashbard的host的管理ip
2.2计算节点
2.2.1 计算节点的host配置
1. 设置hostname为compute1
修改/etc/hostname 修改名称为compute1
2. 修改/etc/hosts文件,选择一个网卡作为虚拟网络内部通信的地址,如选网卡eth1作为管理网络,根据其地址,则将hosts文件修改如下:
# controller
10.0.0.2 controller
# compute1
10.0.0.3 compute1
3.修改验证
ping controller 看是否管理网络通。
2.2.2 NTP配置
1. ntp包安装
# apt install chrony
2. NTP配置文件修改
/etc/chrony/chrony.conf 修改如下:
server controller iburst
删原有的pool 2.debian.pool.ntp.org offline iburst
3. NTP服务重启
# service chrony restart
4. 验证NTP安装
# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* controller 3 6 377 6 -34us[ +103us] +/- 18ms
2.2.3 openstack 安装包配置
1. root@ubuntu:/home/pw# apt install software-properties-common
2. root@ubuntu:/home/pw# add-apt-repository cloud-archive:queens
3. 更新源
apt update && apt dist-upgrade
4. Openstack client 安装
apt install python-openstackclient
2.2.4 计算节点service安装
1. 计算服务安装
(1) 软件包安装
#apt install nova-compute
(2)配置文件修改
修改/etc/nova/nova/conf
[DEFAULT]
lock_path = /var/lock/nova
state_path = /var/lib/nova
transport_url = rabbit://openstack:sonic@controller
my_ip = 10.0.0.3 //改地址为管理网络的接口地址
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
#Due to a packaging bug, remove the log_dir option from the [DEFAULT] section.删除log_dir
[api]
# ...
auth_strategy = keystone
[keystone_authtoken]
#
# From keystonemiddleware.auth_token
#
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = sonic
[vnc]
#
# Virtual Network Computer (VNC) can be used to provide remote desktop
# console access to instances for tenants and/or administrators.
enabled = True
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://10.0.0.2:6080/vnc_auto.html //地址为controller节点
[glance]
# Configuration options for the Image service
#
# From nova.conf
#
api_servers = http://controller:9292
[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp
[placement]
#os_region_name = openstack
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = sonic
(3)服务重启
egrep -c '(vmx|svm)' /proc/cpuinfo 执行命令结果为0 则需要修改/etc/nova/nova-computer.conf,如果结果非0 则无需修改
[libvirt]
virt_type = qemu
重启服务
# service nova-compute restart
(4)添加计算节点到cell database
控制节点执行:
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
Controller节点执行
# openstack compute service list --service nova-compute
+----+--------------+----------------------+------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+--------------+----------------------+------+---------+-------+----------------------------+
| 12 | nova-compute | sonic | nova | enabled | up | 2020-07-15T07:46:32.000000 |
| 13 | nova-compute | sonic-PowerEdge-R740 | nova | enabled | up | 2020-07-15T07:46:36.000000 |
+----+--------------+----------------------+------+---------+-------+----------------------------+
root@sonic:/etc/neutron/plugins/ml2#
2. 网络服务安装
1. 软件包安装
# apt install neutron-linuxbridge-agent
本次安装采用的是linux bridge
2. 修改/etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
transport_url = rabbit://openstack:sonic@controller
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = sonic
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp
3. Plugin配置
修改/etc/neutron/plugins/ml2/linuxbridge_agent.ini
本次配置的为vxlan类型的网络
[vxlan]
#
# From neutron.ml2.linuxbridge.agent
#
enable_vxlan = true
local_ip = 10.0.0.3
l2_population = true
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置linxu kernal支持network filter
修改/etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
4. 服务重启
计算服务重启
# service nova-compute restart
Linux agent服务重启
#service neutron-linuxbridge-agent restart
三.Openstack 添加openvswitch
前文所述步骤为采用linux bridge作为网桥实现虚拟网络连接,修改为支持openvswitch作为基础网桥进行虚拟网络连接。
3.1 控制节点安装
(1)软件安装
apt-get install neutron-openvswitch-agent
(2)配置修改 /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:sonic@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
修改 ml2_conf.ini
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security
(3)Agent配置修改
修改/etc/neutron/plugins/ml2/openvswitch_agent.ini
[ovs]
tunnel_type = vxlan
integration_bridge = br-int
bridge_mappings = provider:br-provider
local_ip = 10.0.0.2
# Tunnel bridge to use. (string value)
tunnel_bridge = br-tun
[securitygroup]
firewall_driver = iptables_hybrid
[agent]
tunnel_types = vxlan
l2_population = True
修改 l3_agent.ini
[DEFAULT]
interface_driver = openvswitch
external_network_bridge =
修改dhcp_agent.ini
[DEFAULT]
interface_driver = openvswitch
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
3.2 计算节点安装
(1)软件安装
#apt-get install neutron-openvswitch-agent
(2)openvswitch_agent.ini修改
[ovs]
local_ip = 10.0.0.3
[agent]
tunnel_types = vxlan
l2_population = True
[securitygroup]
firewall_driver = iptables_hybrid
控制节点和计算节点安装及配置修改后重启openvswitch agent服务
#service neutron-openvswitch-agent restart
# openstack network agent list
+--------------------------------------+--------------------+----------------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+----------------------+-------------------+-------+-------+---------------------------+
| 1c97b148-804a-46d3-8263-4ff2ee813cbc | L3 agent | sonic | nova | :-) | UP | neutron-l3-agent |
| 545b9c96-6b1a-4710-880d-410e3a58eace | Linux bridge agent | sonic | None | :-) | UP | neutron-linuxbridge-agent |
| 666fbd44-383b-40c3-82c4-f822d68ec55f | Metadata agent | sonic | None | :-) | UP | neutron-metadata-agent |
| 7605e887-9993-4840-b7b7-8800d0b0efe5 | Open vSwitch agent | sonic | None | :-) | UP | neutron-openvswitch-agent |
| 811ea9c6-de01-495c-bea5-dfaa0fbb91aa | Open vSwitch agent | sonic-PowerEdge-R740 | None | :-) | UP | neutron-openvswitch-agent |
| 92f872cd-a825-4069-b11f-243509c54af6 | Linux bridge agent | sonic-PowerEdge-R740 | None | :-) | UP | neutron-linuxbridge-agent |
| b1d1d85a-8a47-4023-8fbd-16faff532c76 | DHCP agent | sonic | nova | :-) | UP | neutron-dhcp-agent |
+--------------------------------------+--------------------+----------------------+-------------------+-------+-------+---------------------------+