注：controller節(jié)點(diǎn)是 192.168.0.201，compute節(jié)點(diǎn)是 192.168.0.202

0. 關(guān)防火墻（所有節(jié)點(diǎn)）

0. 固定ip(所有節(jié)點(diǎn))

1. 配置hosts和hostname(controller 和 compute節(jié)點(diǎn))

1. vi /etc/hostname(controller 節(jié)點(diǎn))

controller

2. vi /etc/hostname(compute 節(jié)點(diǎn))

compute

3. vi /etc/hosts（controller 和 compute節(jié)點(diǎn)）

192.168.0.201 controller
192.168.0.202 compute

2. 配置 NTP(controller 和 compute節(jié)點(diǎn))

• 在controller節(jié)點(diǎn)配置

1. 下載：yum install chrony
2. 配置：vi /etc/chrony.conf

allow 192.168.0.0/24
server ntp1.aliyun.com iburst

3. 啟動(dòng)
   systemctl enable chronyd.service
systemctl start chronyd.service
4. 驗(yàn)證
   chronyc sources
   
   image.png

• 在 compute節(jié)點(diǎn)配置

1. 下載：yum install chrony
2. 配置：vi /etc/chrony.conf(刪除所有內(nèi)容)

server controller iburst

3. 啟動(dòng)
   systemctl enable chronyd.service
systemctl start chronyd.service
4. 驗(yàn)證
   chronyc sources
   
   image.png

3. 換阿里源(所有節(jié)點(diǎn))注：本操作跳過(guò)

1. 備份
   mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo_bak
2. 獲取阿里源文件
   wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
3. 更新cache
yum makecache
4. 更新
   yum -y update

4. 安裝 openstack 包(所有節(jié)點(diǎn))

注：如果無(wú)法 yum 沒(méi)有找到包,那么可以換源

1. 下載 pike
yum install centos-release-openstack-pike
2. 下載 queens
yum install centos-release-openstack-queens
3. 更新
   yum upgrade
4. 下載 openstackclient
yum install python-openstackclient
5. 下載 selinux
yum install openstack-selinux

4. 安裝 sql (僅controller節(jié)點(diǎn))

1. 下載mariadb
yum install mariadb mariadb-server python2-PyMySQL
2. 創(chuàng)建 openstack.cnf
vi /etc/my.cnf.d/openstack.cnf

[mysqld]
bind-address = 192.168.0.201
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

3. 啟動(dòng)
   systemctl enable mariadb.service
systemctl start mariadb.service
4. 修改密碼
   登錄：mysql -u root mysql
   修改密碼：UPDATE user SET PASSWORD=PASSWORD('123456') where USER='root';
   立即刷新：FLUSH PRIVILEGES;
   退出:quit

5. 安裝rabbitmq(僅controller節(jié)點(diǎn))

1. 下載
   yum install rabbitmq-server
2. 啟動(dòng)

systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service

3. 添加 openstack 用戶
   rabbitmqctl add_user openstack 123456
4. 添加權(quán)限
   rabbitmqctl set_permissions openstack ".*" ".*" ".*"

5. 安裝memcached(僅controller節(jié)點(diǎn))

1. 下載
   yum install memcached python-memcached
2. 配置
   vi /etc/sysconfig/memcached

OPTIONS="-l 127.0.0.1,::1,controller"

2. 啟動(dòng)
   systemctl enable memcached.service
systemctl start memcached.service

6. 安裝Etcd(僅controller節(jié)點(diǎn)) 這是一個(gè)分布式的可靠鍵值存儲(chǔ)，用于分布式密鑰鎖定、存儲(chǔ)配置、跟蹤服務(wù)的實(shí)時(shí)狀態(tài)和其他場(chǎng)景

1. 下載

yum install etcd

2. 配置
   vi /etc/etcd/etcd.conf

#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://192.168.0.201:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.0.201:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.0.201:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.0.201:2379"
ETCD_INITIAL_CLUSTER="controller=http://192.168.0.201:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"

2. 啟動(dòng)
   systemctl enable etcd
systemctl start etcd

7. 身份服務(wù)（僅controller節(jié)點(diǎn)）

• 數(shù)據(jù)庫(kù)

1. 登錄 mysql -uroot -p123456

注：如果顯示 1045報(bào)錯(cuò),那么執(zhí)行以下操作
停服務(wù)：systemctl stop mariadb.service
啟動(dòng)服務(wù)：mysqld_safe --user=mysql --skip-grant-tables --skip-networking &
登錄：mysql -u root mysql
改密碼：UPDATE user SET PASSWORD=PASSWORD('123456') where USER='root';
FLUSH PRIVILEGES;
退出：quit

2. 創(chuàng)建數(shù)據(jù)庫(kù) keystone
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'controller' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123456';

• 下載和配置

1. 下載
   yum install openstack-keystone httpd mod_wsgi
2. 配置
   vi /etc/keystone/keystone.conf

[database]
...
connection = mysql+pymysql://keystone:123456@controller/keystone

[token]
...
provider = fernet

3. 創(chuàng)建數(shù)據(jù)庫(kù)
   su -s /bin/sh -c "keystone-manage db_sync" keystone
4. 初始化Fernet密鑰存儲(chǔ)庫(kù):
   keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
5. 初始化身份服務(wù)
   keystone-manage bootstrap --bootstrap-password 123456 --bootstrap-admin-url http://controller:35357/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne
6. 配置 httpd
   配置：vi /etc/httpd/conf/httpd.conf

ServerName controller

創(chuàng)建link：ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

7. 啟動(dòng)服務(wù)
   systemctl enable httpd.service
systemctl start httpd.service
8. 登錄
   export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3

• 創(chuàng)建 domain, projects, users, and roles

1. 創(chuàng)建 service project
   openstack project create --domain default --description "Service Project" service
   
   image.png
2. 創(chuàng)建 demo project
   openstack project create --domain default --description "Demo Project" demo
   
   image.png
3. 創(chuàng)建 demo user:
   openstack user create --domain default --password-prompt demo
   
   image.png
4. 創(chuàng)建 user role:
   openstack role create user
   
   image.png
5. 關(guān)聯(lián)
   openstack role add --project demo --user demo user

• 驗(yàn)證

1. 登出
   unset OS_AUTH_URL OS_PASSWORD
2. 驗(yàn)證admin
openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
   
   image.png
3. 驗(yàn)證demo
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name demo --os-username demo token issue
   
   image.png

• 創(chuàng)建登錄腳本(在root的~ 目錄下)
  注： 通過(guò) readlink -f ./ 獲取當(dāng)前目錄的絕對(duì)路徑

1. 創(chuàng)建 admin-openrc
vi admin-openrc

export OS_PROJECT_DOMAIN_NAME=Default 
export OS_USER_DOMAIN_NAME=Default 
export OS_PROJECT_NAME=admin 
export OS_USERNAME=admin 
export OS_PASSWORD=123456 
export OS_AUTH_URL=http://controller:35357/v3 
export OS_IDENTITY_API_VERSION=3 
export OS_IMAGE_API_VERSION=2 

2. 創(chuàng)建 demo-openrc
vi demo-openrc

export OS_PROJECT_DOMAIN_NAME=Default 
export OS_USER_DOMAIN_NAME=Default 
export OS_PROJECT_NAME=demo 
export OS_USERNAME=demo 
export OS_PASSWORD=123456 
export OS_AUTH_URL=http://controller:5000/v3 
export OS_IDENTITY_API_VERSION=3 
export OS_IMAGE_API_VERSION=2 

3. 驗(yàn)證 admin
   登錄：. admin-openrc
   注：登錄也可以用source admin-openrc，注意上面是. admin-openrc，不是./admin-openrc
   驗(yàn)證：openstack token issue
   
   image.png
4. 查看環(huán)境變量
   echo $OS_PROJECT_DOMAIN_NAME $OS_USER_DOMAIN_NAME $OS_PROJECT_NAME $OS_USERNAME $OS_PASSWORD $OS_AUTH_URL $OS_IDENTITY_API_VERSION $OS_IMAGE_API_VERSION
5. 登出
   unset OS_PROJECT_DOMAIN_NAME OS_USER_DOMAIN_NAME OS_PROJECT_NAME OS_USERNAME OS_PASSWORD OS_AUTH_URL OS_IDENTITY_API_VERSION OS_IMAGE_API_VERSION

8. 鏡像服務(wù)(僅controller節(jié)點(diǎn))

• 數(shù)據(jù)庫(kù)

1. 登錄
   mysql -uroot -p123456
2. 創(chuàng)建數(shù)據(jù)庫(kù)glance
CREATE DATABASE glance;
3. 登錄操作權(quán)限
   GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'controller' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123456';
4. 退出 exit

• 創(chuàng)建 glance

1. 登錄 . admin-openrc
2. 創(chuàng)建glance user：
   openstack user create --domain default --password-prompt glance
   
   image.png
3. 關(guān)聯(lián)
   openstack role add --project service --user glance admin
4. 創(chuàng)建glance service：
   openstack service create --name glance --description "OpenStack Image" image
   
   image.png
5. 創(chuàng)建API
openstack endpoint create --region RegionOne image public http://controller:9292
   
   image.png
   
   openstack endpoint create --region RegionOne image internal http://controller:9292
   
   image.png
   
   openstack endpoint create --region RegionOne image admin http://controller:9292
   
   image.png

• 下載和配置

1. 下載
   yum install openstack-glance
2. 配置
   vi /etc/glance/glance-api.conf

[database]
...
connection = mysql+pymysql://glance:123456@controller/glance

[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123456

[paste_deploy]
...
flavor = keystone

[glance_store]
...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

3. 配置
   vi /etc/glance/glance-registry.conf

[database]
...
connection = mysql+pymysql://glance:123456@controller/glance

[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123456

[paste_deploy]
...
flavor = keystone

4. 填充數(shù)據(jù)庫(kù)
   su -s /bin/sh -c "glance-manage db_sync" glance
5. 啟動(dòng)
   systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service

• 驗(yàn)證

1. 登錄：. admin-openrc
2. 下載：wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
3. 上傳： openstack image create "cirros" --file cirros-0.3.5-x86_64-disk.img --disk-format qcow2 --container-format bare --public
   
   image.png
4. 查看列表
   openstack image list
   
   image.png

9. 計(jì)算服務(wù)(controller節(jié)點(diǎn))

• 數(shù)據(jù)庫(kù)

1. 登錄：mysql -uroot -p123456
2. 創(chuàng)建數(shù)據(jù)庫(kù)：
   CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
3. 權(quán)限
   GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'controller' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'controller' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'controller' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY '123456';
4. 退出exit

• 創(chuàng)建 nova

1. 登錄. admin-openrc
2. 創(chuàng)建nova user:
   openstack user create --domain default --password-prompt nova
   
   image.png
3. 關(guān)聯(lián)
   openstack role add --project service --user nova admin
4. 創(chuàng)建 nova service
   openstack service create --name nova --description "OpenStack Compute" compute
   
   image.png
5. 創(chuàng)建 API
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
   
   image.png
   
   openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
   
   image.png
   
   openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
   
   image.png

• 創(chuàng)建 placement

1. 登錄. admin-openrc
2. 創(chuàng)建 placement user
   openstack user create --domain default --password-prompt placement
   
   image.png
3. 關(guān)聯(lián)
   openstack role add --project service --user placement admin
4. 創(chuàng)建API
openstack service create --name placement --description "Placement API" placement
   
   image.png
   
   openstack endpoint create --region RegionOne placement public http://controller:8778
   
   image.png
   
   openstack endpoint create --region RegionOne placement internal http://controller:8778
   
   image.png
   
   openstack endpoint create --region RegionOne placement admin http://controller:8778
   
   image.png

• 下載和配置

1. 下載：
   yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api
2. 配置
   vi /etc/nova/nova.conf

[DEFAULT]
...
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:123456@controller
my_ip = 192.168.0.201
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[api_database]
...
connection = mysql+pymysql://nova:123456@controller/nova_api

[database]
...
connection = mysql+pymysql://nova:123456@controller/nova

[api]
...
auth_strategy = keystone

[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 123456

[vnc]
enabled = true
...
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip

[glance]
...
api_servers = http://controller:9292

[oslo_concurrency]
...
lock_path = /var/lib/nova/tmp

[placement]
...
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = 123456

注：刪掉 [placement] [keystone_authtoken]的其他項(xiàng)

3. 配置
   vi /etc/httpd/conf.d/00-nova-placement-api.conf

...
<Directory /usr/bin>
  <IfVersion >= 2.4>
     Require all granted
  </IfVersion>
  <IfVersion < 2.4>
     Order allow,deny
     Allow from all
  </IfVersion>
</Directory>

4. 重啟 httpd
systemctl restart httpd
5. 填充數(shù)據(jù)庫(kù)
   su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
   
   image.png
   
   su -s /bin/sh -c "nova-manage db sync" nova
6. 驗(yàn)證 cell0 cell1
nova-manage cell_v2 list_cells
   
   image.png
7. 啟動(dòng)
   systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service

systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service

10. 計(jì)算服務(wù)(compute節(jié)點(diǎn))

• 下載和配置

1. 下載
   yum install openstack-nova-compute
2. 配置
   vi /etc/nova/nova.conf

[DEFAULT]
...
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:123456@controller
my_ip = 192.168.0.202
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[api]
...
auth_strategy = keystone

[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 123456

[vnc]
...
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html

[glance]
...
api_servers = http://controller:9292

[oslo_concurrency]
...
lock_path = /var/lib/nova/tmp

[placement]
...
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = 123456

3. 啟動(dòng)
   systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service

11. 計(jì)算服務(wù)(controller節(jié)點(diǎn))

• 添加compute節(jié)點(diǎn)到 cell數(shù)據(jù)庫(kù)

1. 登陸：. admin-openrc
2. 查看：openstack compute service list --service nova-compute
   
   image.png
3. 手動(dòng)注冊(cè) compute 節(jié)點(diǎn)到 cell數(shù)據(jù)庫(kù) （每次添加新compute節(jié)點(diǎn)都需要這個(gè)操作）
   su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
   
   image.png
4. 自動(dòng)注冊(cè) compute 節(jié)點(diǎn)到 cell數(shù)據(jù)庫(kù)（只需要操作一次）
   vi /etc/nova/nova.conf

[scheduler]
discover_hosts_in_cells_interval = 300

注：3 4 操作任選其一

• 驗(yàn)證

1. 登陸：. admin-openrc
2. 查看計(jì)算服務(wù)列表：openstack compute service list
   
   image.png
3. 查看 api：openstack catalog list
   
   image.png
4. 查看鏡像列表：openstack image list
   
   image.png
5. 檢查 cells 和placement API 是否正常工作
   nova-status upgrade check
   
   image.png

12. 網(wǎng)絡(luò)服務(wù)(controller節(jié)點(diǎn))

• 數(shù)據(jù)庫(kù)

1. 登陸：mysql -uroot -p123456
2. 創(chuàng)建neutron
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'controller' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '123456';
3. 登出：exit

• 創(chuàng)建 neutron 用戶

1. 登陸：
   . admin-openrc
2. 創(chuàng)建 neutron 用戶：
   openstack user create --domain default --password-prompt neutron
   
   image.png
3. 關(guān)聯(lián)：
   openstack role add --project service --user neutron admin
4. 創(chuàng)建 neutron service：
   openstack service create --name neutron --description "OpenStack Networking" network
   
   image.png
5. 創(chuàng)建 API：
   openstack endpoint create --region RegionOne network public http://controller:9696
   
   image.png
   
   openstack endpoint create --region RegionOne network internal http://controller:9696
   
   image.png
   
   openstack endpoint create --region RegionOne network admin http://controller:9696
   
   image.png

• 安裝和配置(基于Provider networks)

1. 安裝：
   yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
2. 配置：
   vi /etc/neutron/neutron.conf

[DEFAULT]
...
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true

[database]
...
connection = mysql+pymysql://neutron:123456@controller/neutron

[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123456

[nova]
...
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 123456

[oslo_concurrency]
...
lock_path = /var/lib/neutron/tmp

3. 配置
   vi /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
...
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security

[ml2_type_flat]
...
flat_networks = provider

[securitygroup]
...
enable_ipset = true

4. 配置
   vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:enp3s0

[vxlan]
enable_vxlan = false

[securitygroup]
...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

5. 配置
   vi /etc/neutron/dhcp_agent.ini

[DEFAULT]
...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

• 配置和啟動(dòng)

1. 配置
   vi /etc/neutron/metadata_agent.ini

[DEFAULT]
...
nova_metadata_host = controller
metadata_proxy_shared_secret = 123456

2. 配置
   vi /etc/nova/nova.conf

[neutron]
...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123456
service_metadata_proxy = true
metadata_proxy_shared_secret = 123456

3. link
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
4. 填充數(shù)據(jù)庫(kù)
   su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
5. 重啟 API service
   systemctl restart openstack-nova-api.service
6. 啟動(dòng)

systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

13. 網(wǎng)絡(luò)服務(wù)(compute節(jié)點(diǎn))

• 安裝和配置

1. 下載
   yum install openstack-neutron-linuxbridge ebtables ipset
2. 配置
   vi /etc/neutron/neutron.conf

[DEFAULT]
...
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone

[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123456

[oslo_concurrency]
...
lock_path = /var/lib/neutron/tmp

• 配置(基于 Provider networks)

1. 配置
   vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:enp3s0

[vxlan]
enable_vxlan = false

[securitygroup]
...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

• 配置和啟動(dòng)

1. 配置
   vi /etc/nova/nova.conf

[neutron]
...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123456

2. 啟動(dòng)
   systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service

• 驗(yàn)證（Controller 節(jié)點(diǎn)）

1. 登錄：. admin-openrc
2. 查看列表：openstack network agent list
   
   image.png

14. 儀表盤dashboard(controller節(jié)點(diǎn))

1. 下載
   yum install openstack-dashboard
2. 配置
   vi /etc/openstack-dashboard/local_settings

OPENSTACK_HOST = "controller"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
   'default': {
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
        'LOCATION': 'controller:11211',
   }
}

OPENSTACK_API_VERSIONS = {
   "identity": 3,
   "image": 2,
   "volume": 2,
}

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"

ALLOWED_HOSTS = ['*']

OPENSTACK_NEUTRON_NETWORK = {
   ...
   'enable_router': False,
   'enable_quotas': False,
   'enable_distributed_router': False,
   'enable_ha_router': False,
   'enable_lb': False,
   'enable_firewall': False,
   'enable_vpn': False,
   'enable_fip_topology_check': False,
}

TIME_ZONE = "UTC"

3. 配置
   vi /etc/httpd/conf.d/openstack-dashboard.conf

...
WSGIApplicationGroup %{GLOBAL}

image.png

4. 重啟
   systemctl restart httpd.service memcached.service
5. 測(cè)試
   http://192.168.0.201/dashboard

15.啟動(dòng)一個(gè)實(shí)例

• 創(chuàng)建虛擬網(wǎng)絡(luò)（基于 provider networks）

1. 登錄. admin-openrc
2. 創(chuàng)建 network
openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider
   
   image.png
3. 創(chuàng)建子網(wǎng)

openstack subnet create --network provider --allocation-pool start=192.168.0.220,end=192.168.0.229 --dns-nameserver 192.168.0.1 --gateway 192.168.0.1 --subnet-range 192.168.0.0/24 provider

image.png

• 創(chuàng)建 flavor

1. 登錄. admin-openrc
2. 創(chuàng)建：
   openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano

• 創(chuàng)建 key pair

1. 登錄：. demo-openrc
2. 創(chuàng)建：
   ssh-keygen -q -N ""
   回車
   openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
3. 查看
   openstack keypair list

• 配置安全組

1. 登錄：. demo-openrc
2. ICMP
openstack security group rule create --proto icmp default
3. SSH
openstack security group rule create --proto tcp --dst-port 22 default

• 創(chuàng)建一個(gè) instance

image.png