1. 部署环境

  • 控制节点:172.20.10.120 controller
  • 计算节点:172.20.10.121 compute01
  • 计算节点:172.20.10.122 compute02
  • ODL节点:172.20.20.131 ODL
  • 系统:ubuntu-18.04.2
  • CPU:4核
  • 内存:32G
  • 硬盘:100G

2. 准备工作【所有节点】

(1) 安装ubuntu-18.04.2

(2) 配置网卡

  1. vim /etc/netplan/50-cloud-init.yaml
  1. network:
  2.     ethernets:
  3.         ens160:
  4.             addresses:
  5.               - 172.20.10.120/16
  6.             gateway4: 172.20.0.1
  7.             nameservers:
  8.                 addresses: [114.114.114.114, 8.8.8.8]
  9.         ens192:
  10.             addresses:
  11.               - 172.16.10.120/24
  12.             nameservers: {}
  13.         ens224:
  14.             dhcp4: false
  15.     version: 2
  1. #### 使配置文件生效
  2. netplan apply
  4. #### 查看当前网络配置
  5. ip addr


(3) 修改主机名**

  1. #### 打开配置文件
  2. vim /etc/cloud/cloud.cfg
  4. #### 设置为 true
  5. preserve_hostname: true
  7. #### :wq 保存退出,并打开hostname文件
  8. vim /etc/hostname
  10. #### 使修改马上生效
  11. hostnamectl set-hostname <hostname>
  1. #### 打开hosts配置
  2. vim /etc/hosts
  4. #### 添加集群主机
  5. 172.20.10.120 controller
  6. 172.20.10.121 compute01
  7. 172.20.10.122 compute01

(4) 修改时区

  1. tzselect
  2. sudo ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

(5) 替换阿里安装源

  1. #### 备份原镜像
  2. mv /etc/apt/sources.list /etc/apt/sources.list.bak
  4. #### 打开apt镜像源文件
  5. vim /etc/apt/sources.list
  7. #### 修改镜像源
  8. deb http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
  9. deb-src http://mirrors.aliyun.com/ubuntu/ bionic main restricted universe multiverse
  10. deb http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
  11. deb-src http://mirrors.aliyun.com/ubuntu/ bionic-security main restricted universe multiverse
  12. deb http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
  13. deb-src http://mirrors.aliyun.com/ubuntu/ bionic-updates main restricted universe multiverse
  14. deb http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
  15. deb-src http://mirrors.aliyun.com/ubuntu/ bionic-backports main restricted universe multiverse
  16. deb http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse
  17. deb-src http://mirrors.aliyun.com/ubuntu/ bionic-proposed main restricted universe multiverse

3. OpenStack 安装【所有节点】

  1. #### 添加rocky安装源
  2. add-apt-repository cloud-archive:rocky
  4. #### 更新安装源列表及更新软件包
  5. apt update && apt dist-upgrade
  7. #### 安装
  8. apt install python-openstackclient

4. 基础服务安装【控制节点】

4.1 安装 MySQL

(1) 安装

  1. apt install mariadb-server python-pymysql

(2) 配置mysql监听地址

  1. ##### 打开配置文件
  2. vim /etc/mysql/mariadb.conf.d/99-openstack.cnf
  4. ##### 添加配置项
  5. [mysqld]
  6. bind-address = 172.20.10.120
  7. default-storage-engine = innodb
  8. innodb_file_per_table = on
  9. max_connections = 4096
  10. collation-server = utf8_general_ci
  11. character-set-server = utf8

(3) 重启服务

  1. service mysql restart


(4) 配置数据库管理员密码**

  1. mysql_secure_installation

4.2 安装 RabbitMQ

  1. #### 包安装
  2. apt install rabbitmq-server
  4. #### 添加 openstack 用户和密码
  5. rabbitmqctl add_user openstack openstack
  7. #### 设置该用户权限
  8. rabbitmqctl set_permissions openstack "." "." ".*"

4.3 安装 Memcache

  1. #### 包安装
  2. apt install memcached python-memcache
  4. #### 配置监听地址:vim /etc/memcached.conf
  5. -l 172.20.10.120
  7. #### 重启服务
  8. service memcached restart

4.4 安装 Etcd

  1. #### 包安装
  2. apt install etcd
  4. #### 配置etcd:vim /etc/default/etcd
  5. #### 请根据自己的IP进行修改
  6. ETCD_NAME="controller"
  7. ETCD_DATA_DIR="/var/lib/etcd"
  8. ETCD_INITIAL_CLUSTER_STATE="new"
  9. ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
  10. ETCD_INITIAL_CLUSTER="controller=http://172.20.10.120:2380"
  11. ETCD_INITIAL_ADVERTISE_PEER_URLS="http://172.20.10.120:2380"
  12. ETCD_ADVERTISE_CLIENT_URLS="http://172.20.10.120:2379"
  13. ETCD_LISTEN_PEER_URLS="http://0.0.0.0:2380"
  14. ETCD_LISTEN_CLIENT_URLS="http://172.20.10.120:2379"
  16. #### 开机自启动使能并启动该服务
  17. systemctl enable etcd
  18. systemctl start etcd

5. 集群服务安装

5.1 Keystone 安装【控制节点】

(1) 添加 Keystone 数据库

  1. #### 进入数据库
  2. mysql -u root
  4. #### 添加库和用户并设置权限
  5. CREATE DATABASE keystone;
  6. GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'controller' IDENTIFIED BY 'keystone';
  7. GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
  9. #### ctrl+D 退出


(2) 安装并配置** apache2

  1. #### 相关包安装
  2. apt install apache2 libapache2-mod-wsgi
  4. #### 配置apache服务:vim /etc/apache2/apache2.conf
  5. ServerName controller
  7. #### 重启apache服务
  8. service apache2 restart


(3) 安装并配置 keystone**

  1. #### 相关包安装
  2. apt install keystone apache2 libapache2-mod-wsgi
  4. #### 使用crudini进行配置(也可以打开文件进行手动配置)
  5. crudini --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:keystone@controller/keystone
  6. crudini --set /etc/keystone/keystone.conf token provider fernet
  1. ------------------------------------------------------------------------
  2. #### 检查配置文件: cat /etc/keystone/keystone.conf | grep ^[\[a-z]
  3. ------------------------------------------------------------------------
  5. [DEFAULT]
  6. log_dir = /var/log/keystone
  7. [application_credential]
  8. [assignment]
  9. [auth]
  10. [cache]
  11. [catalog]
  12. [cors]
  13. [credential]
  14. [database]
  15. connection = mysql+pymysql://keystone:keystone@controller/keystone
  16. [domain_config]
  17. [endpoint_filter]
  18. [endpoint_policy]
  19. [eventlet_server]
  20. [extra_headers]
  21. [federation]
  22. [fernet_tokens]
  23. [healthcheck]
  24. [identity]
  25. [identity_mapping]
  26. [ldap]
  27. [matchmaker_redis]
  28. [memcache]
  29. [oauth1]
  30. [oslo_messaging_amqp]
  31. [oslo_messaging_kafka]
  32. [oslo_messaging_notifications]
  33. [oslo_messaging_rabbit]
  34. [oslo_messaging_zmq]
  35. [oslo_middleware]
  36. [oslo_policy]
  37. [policy]
  38. [profiler]
  39. [resource]
  40. [revoke]
  41. [role]
  42. [saml]
  43. [security_compliance]
  44. [shadow_users]
  45. [signing]
  46. [token]
  47. provider = fernet
  48. [tokenless_auth]
  49. [trust]
  50. [unified_limit]
  51. [wsgi]


(4) 同步keystone数据库**

  1. su -s /bin/sh -c "keystone-manage db_sync" keystone
  2. keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
  3. keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
  4. keystone-manage bootstrap --bootstrap-password admin --bootstrap-admin-url http://controller:5000/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne


(5) 尝试使用命令创建用户和项目**

  1. #### 配置临时管理员账户
  2. export OS_USERNAME=admin
  3. export OS_PASSWORD=admin
  4. export OS_PROJECT_NAME=admin
  5. export OS_USER_DOMAIN_NAME=Default
  6. export OS_PROJECT_DOMAIN_NAME=Default
  7. export OS_AUTH_URL=http://controller:5000/v3
  8. export OS_IDENTITY_API_VERSION=3
  10. #### 创建service项目
  11. openstack project create --domain default --description "Service Project" service
  13. #### 创建user角色
  14. openstack role create user
  1. #### 确认操作,请求admin认证令牌
  2. openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
  4. #### 输入密码
  5. Password: admin
  7. #### 输出如下:
  8. +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  9. | Field      | Value                                                                                                                                                                                   |
  10. +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  11. | expires    | 2019-05-19T08:46:38+0000                                                                                                                                                                |
  12. | id         | gAAAAABc4QneH4P5pjtrZcej_vEzHKo1J1h9WZYz2Zx0skfd70EGwSKhrnmVm9h0LY-rlJau6Br11nv1P1G4lxpavY_5ear5hQRuvFKDveN7o_xr6vQ1mw8FNfqxc0g9fR69b1shd5YIEJWg-IerhFh1y4OanBmtESkOv3B_mT-5D-g-eNRp1kU |
  13. | project_id | fe13643127904142b74c0bfa2ea34794                                                                                                                                                        |
  14. | user_id    | 28022c0955b04ffb884a90ef97142419                                                                                                                                                        |
  15. +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+


(6) 创建用户的环境脚本**

  1. #### 创建admin用户的环境脚本: vim admin-openrc
  2. export OS_PROJECT_DOMAIN_NAME=Default
  3. export OS_USER_DOMAIN_NAME=Default
  4. export OS_PROJECT_NAME=admin
  5. export OS_USERNAME=admin
  6. export OS_PASSWORD=admin
  7. export OS_AUTH_URL=http://controller:5000/v3
  8. export OS_IDENTITY_API_VERSION=3
  9. export OS_IMAGE_API_VERSION=2
  11. #### 更新环境变量命令
  12. source admin-openrc   或者  . admin-openrc

5.2 Glance 安装【控制节点】

(1) 添加 **Glance **数据库

  1. #### 打开数据库
  2. mysql -u root
  4. #### 添加库和用户并设置权限
  5. CREATE DATABASE glance;
  6. GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'controller' IDENTIFIED BY 'glance';
  7. GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
  9. #### ctrl+D 退出


(2) 创建glance用户**

  1. ##### 未更新环境变量请先更新
  2. . admin-openrc
  4. #### 新建用户并设置权限
  5. openstack user create --domain default --password glance glance
  6. openstack role add --project service --user glance admin
  8. #### 创建镜像服务
  9. openstack service create --name glance --description "OpenStack Image" image
  11. #### 为该服务 创建不同接口的服务端点
  12. openstack endpoint create --region RegionOne image internal http://controller:9292
  13. openstack endpoint create --region RegionOne image public http://controller:9292
  14. openstack endpoint create --region RegionOne image admin http://controller:9292


(3) 安装 **glance 并配置

  1. #### 包安装
  2. apt install glance
  4. #### 使用crudini修改配置文件
  5. crudini --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:glance@controller/glance
  6. crudini --set /etc/glance/glance-api.conf keystone_authtoken www_authenticate_uri http://controller:5000
  7. crudini --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:5000
  8. crudini --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211
  9. crudini --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
  10. crudini --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name Default
  11. crudini --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name Default
  12. crudini --set /etc/glance/glance-api.conf keystone_authtoken project_name service
  13. crudini --set /etc/glance/glance-api.conf keystone_authtoken username glance
  14. crudini --set /etc/glance/glance-api.conf keystone_authtoken password glance
  15. crudini --set /etc/glance/glance-api.conf paste_deploy flavor keystone
  16. crudini --set /etc/glance/glance-api.conf glance_store stores file,http
  17. crudini --set /etc/glance/glance-api.conf glance_store default_store file
  18. crudini --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/
  1. ------------------------------------------------------------------------
  2. #### 检查配置文件: cat /etc/glance/glance-api.conf | grep ^[\[a-z]
  3. ------------------------------------------------------------------------
  5. [DEFAULT]
  6. [cors]
  7. [database]
  8. connection = mysql+pymysql://glance:glance@controller/glance
  9. backend = sqlalchemy
  10. [glance_store]
  11. stores = file,http
  12. default_store = file
  13. filesystem_store_datadir = /var/lib/glance/images/
  14. [image_format]
  15. disk_formats = ami,ari,aki,vhd,vhdx,vmdk,raw,qcow2,vdi,iso,ploop.root-tar
  16. [keystone_authtoken]
  17. www_authenticate_uri = http://controller:5000
  18. auth_url = http://controller:5000
  19. memcached_servers = controller:11211
  20. auth_type = password
  21. project_domain_name = Default
  22. user_domain_name = Default
  23. project_name = service
  24. username = glance
  25. password = glance
  26. [matchmaker_redis]
  27. [oslo_concurrency]
  28. [oslo_messaging_amqp]
  29. [oslo_messaging_kafka]
  30. [oslo_messaging_notifications]
  31. [oslo_messaging_rabbit]
  32. [oslo_messaging_zmq]
  33. [oslo_middleware]
  34. [oslo_policy]
  35. [paste_deploy]
  36. flavor = keystone
  37. [profiler]
  38. [store_type_location_strategy]
  39. [task]
  40. [taskflow_executor]


(4) 修改**glance-registry配置文件

  1. ------------------------------------------------------------------------
  2. #### 修改配置文件: vim /etc/glance/glance-registry.conf
  3. ------------------------------------------------------------------------
  5. [database]
  6. # connection = sqlite:////var/lib/glance/glance.sqlite
  7. connection = mysql+pymysql://glance:glance@controller/glance
  9. [keystone_authtoken]
  10. www_authenticate_uri = http://controller:5000
  11. auth_url = http://controller:5000
  12. memcached_servers = controller:11211
  13. auth_type = password
  14. project_domain_name = Default
  15. user_domain_name = Default
  16. project_name = service
  17. username = glance
  18. password = glance
  20. [paste_deploy]
  21. flavor = keystone
  24. ------------------------------------------------------------------------
  25. #### 检查配置文件: cat /etc/glance/glance-registry.conf | grep ^[\[a-z]
  26. ------------------------------------------------------------------------
  28. [DEFAULT]
  29. [database]
  30. connection = mysql+pymysql://glance:glance@controller/glance
  31. backend = sqlalchemy
  32. [keystone_authtoken]
  33. www_authenticate_uri = http://controller:5000
  34. auth_url = http://controller:5000
  35. memcached_servers = controller:11211
  36. auth_type = password
  37. project_domain_name = Default
  38. user_domain_name = Default
  39. project_name = service
  40. username = glance
  41. password = glance
  42. [matchmaker_redis]
  43. [oslo_messaging_amqp]
  44. [oslo_messaging_kafka]
  45. [oslo_messaging_notifications]
  46. [oslo_messaging_rabbit]
  47. [oslo_messaging_zmq]
  48. [oslo_policy]
  49. [paste_deploy]
  50. flavor = keystone
  51. [profiler]

(5) 同步数据库

  1. #### 同步
  2. su -s /bin/sh -c "glance-manage db_sync" glance
  4. #### 输出如下:
  5. 2019-05-19 17:04:36.657 30932 INFO alembic.runtime.migration [-] Context impl MySQLImpl.
  6. 2019-05-19 17:04:36.658 30932 INFO alembic.runtime.migration [-] Will assume non-transactional DDL.
  7. 2019-05-19 17:04:36.668 30932 INFO alembic.runtime.migration [-] Context impl MySQLImpl.
  8. 2019-05-19 17:04:36.668 30932 INFO alembic.runtime.migration [-] Will assume non-transactional DDL.
  9. ......
  10. INFO  [alembic.runtime.migration] Context impl MySQLImpl.
  11. INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
  12. Database is synced successfully.


(6) 重启服务**

  1. service glance-registry restart
  2. service glance-api restart

(7) 下载并添加测试系统镜像

  1. #### 下载cirros系统镜像
  2. wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
  4. #### 添加该镜像到数据库中
  5. openstack image create "cirros" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --public
  7. #### 查看镜像是否添加成功
  8. openstack image list

5.3 Nova 安装【控制节点】

(1) 添加 **Glance **数据库

  1. #### 打开数据库
  2. mysql -u root
  4. #### 添加库和用户并设置权限
  5. CREATE DATABASE nova_api;
  6. CREATE DATABASE nova;
  7. CREATE DATABASE nova_cell0;
  8. CREATE DATABASE placement;
  10. GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'controller' IDENTIFIED BY 'nova';
  11. GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';
  13. GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'controller' IDENTIFIED BY 'nova';
  14. GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
  16. GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'controller' IDENTIFIED BY 'nova';
  17. GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova';
  19. GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'controller' IDENTIFIED BY 'placement';
  20. GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'placement';
  22. #### ctrl+D 退出


(2) 创建Nova用户**

  1. #### 新建用户并设置权限
  2. openstack user create --domain default --password nova nova
  3. openstack role add --project service --user nova admin
  5. #### 创建镜像服务
  6. openstack service create --name nova --description "OpenStack Compute" compute
  8. #### 为该服务 创建不同接口的服务端点
  9. openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
  10. openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
  11. openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1


(2) 创建Placement用户**

  1. #### 新建用户并设置权限
  2. openstack user create --domain default --password placement placement
  3. openstack role add --project service --user placement admin
  5. #### 创建服务
  6. openstack service create --name placement --description "Placement API" placement
  8. #### 为该服务 创建不同接口的服务端点
  9. openstack endpoint create --region RegionOne placement internal http://controller:8778
  10. openstack endpoint create --region RegionOne placement public http://controller:8778
  11. openstack endpoint create --region RegionOne placement admin http://controller:8778


(3) 安装并配置 nova 和 **Placement

  1. apt install nova-api nova-conductor nova-consoleauth nova-novncproxy nova-scheduler nova-placement-api
  1. ------------------------------------------------------------------------
  2. #### 修改配置文件: vim /etc/nova/nova.conf
  3. ------------------------------------------------------------------------
  5. [api_database]
  6. # connection = sqlite:////var/lib/nova/nova_api.sqlite
  7. connection = mysql+pymysql://nova:nova@controller/nova_api
  9. [database]
  10. # connection = sqlite:////var/lib/nova/nova.sqlite
  11. connection = mysql+pymysql://nova:nova@controller/nova
  13. [placement_database]
  14. connection = mysql+pymysql://placement:placement@controller/placement
  16. [DEFAULT]
  17. # log_dir = /var/log/nova
  18. transport_url = rabbit://openstack:openstack@controller
  20. [api]
  21. auth_strategy = keystone
  23. [keystone_authtoken]
  24. auth_url = http://controller:5000/v3
  25. memcached_servers = controller:11211
  26. auth_type = password
  27. project_domain_name = Default
  28. user_domain_name = Default
  29. project_name = service
  30. username = nova
  31. password = nova
  33. [DEFAULT]
  34. my_ip = 172.20.10.120
  36. [DEFAULT]
  37. use_neutron = true
  38. firewall_driver = nova.virt.firewall.NoopFirewallDriver
  40. [vnc]
  41. enabled = true
  42. server_listen = $my_ip
  43. server_proxyclient_address = $my_ip
  45. [glance]
  46. api_servers = http://controller:9292
  48. [oslo_concurrency]
  49. lock_path = /var/lib/nova/tmp
  51. [placement]
  52. # os_region_name = openstack
  53. region_name = RegionOne
  54. project_domain_name = Default
  55. project_name = service
  56. auth_type = password
  57. user_domain_name = Default
  58. auth_url = http://controller:5000/v3
  59. username = placement
  60. password = placement
  64. ------------------------------------------------------------------------
  65. #### 检查配置文件: cat /etc/nova/nova.conf | grep ^[\[a-z]
  66. ------------------------------------------------------------------------
  68. [DEFAULT]
  69. lock_path = /var/lock/nova
  70. state_path = /var/lib/nova
  71. transport_url = rabbit://openstack:openstack@controller
  72. my_ip = 172.20.10.120
  73. use_neutron = true
  74. firewall_driver = nova.virt.firewall.NoopFirewallDriver
  75. [api]
  76. auth_strategy = keystone
  77. [api_database]
  78. connection = mysql+pymysql://nova:nova@controller/nova_api
  79. [barbican]
  80. [cache]
  81. [cells]
  82. enable = False
  83. [cinder]
  84. [compute]
  85. [conductor]
  86. [console]
  87. [consoleauth]
  88. [cors]
  89. [database]
  90. connection = mysql+pymysql://nova:nova@controller/nova
  91. [devices]
  92. [ephemeral_storage_encryption]
  93. [filter_scheduler]
  94. [glance]
  95. api_servers = http://controller:9292
  96. [guestfs]
  97. [healthcheck]
  98. [hyperv]
  99. [ironic]
  100. [key_manager]
  101. [keystone]
  102. [keystone_authtoken]
  103. auth_url = http://controller:5000/v3
  104. memcached_servers = controller:11211
  105. auth_type = password
  106. project_domain_name = Default
  107. user_domain_name = Default
  108. project_name = service
  109. username = nova
  110. password = nova
  111. [libvirt]
  112. [matchmaker_redis]
  113. [metrics]
  114. [mks]
  115. [neutron]
  116. [notifications]
  117. [osapi_v21]
  118. [oslo_concurrency]
  119. lock_path = /var/lib/nova/tmp
  120. [oslo_messaging_amqp]
  121. [oslo_messaging_kafka]
  122. [oslo_messaging_notifications]
  123. [oslo_messaging_rabbit]
  124. [oslo_messaging_zmq]
  125. [oslo_middleware]
  126. [oslo_policy]
  127. [pci]
  128. [placement]
  129. region_name = RegionOne
  130. project_domain_name = Default
  131. project_name = service
  132. auth_type = password
  133. user_domain_name = Default
  134. auth_url = http://controller:5000/v3
  135. username = placement
  136. password = placement
  137. [placement_database]
  138. connection = mysql+pymysql://placement:placement@controller/placement
  139. [powervm]
  140. [profiler]
  141. [quota]
  142. [rdp]
  143. [remote_debug]
  144. [scheduler]
  145. [serial_console]
  146. [service_user]
  147. [spice]
  148. [upgrade_levels]
  149. [vault]
  150. [vendordata_dynamic_auth]
  151. [vmware]
  152. [vnc]
  153. enabled = true
  154. server_listen = $my_ip
  155. server_proxyclient_address = $my_ip
  156. [workarounds]
  157. [wsgi]
  158. [xenserver]
  159. [xvp]
  160. [zvm]

(4) 同步数据库

  1. #### 同步数据库
  2. su -s /bin/sh -c "nova-manage api_db sync" nova
  3. su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
  4. su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
  5. su -s /bin/sh -c "nova-manage db sync" nova
  7. #### 查看连接
  8. su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
  10. #### 输出如下(若无输出,请检查配置或者查看日志):
  11. +-------+--------------------------------------+------------------------------------+-------------------------------------------------+----------+
  12. |  Name |                 UUID                 |           Transport URL            |               Database Connection               | Disabled |
  13. +-------+--------------------------------------+------------------------------------+-------------------------------------------------+----------+
  14. | cell0 | 00000000-0000-0000-0000-000000000000 |               none:/               | mysql+pymysql://nova:****@controller/nova_cell0 |  False   |
  15. | cell1 | 460f9ad2-6b89-4467-b1a0-fcf44d1553fe | rabbit://openstack:****@controller |    mysql+pymysql://nova:****@controller/nova    |  False   |
  16. +-------+--------------------------------------+------------------------------------+-------------------------------------------------+----------+

(5) 重启服务

  1. service nova-api restart
  2. service nova-consoleauth restart
  3. service nova-scheduler restart
  4. service nova-conductor restart
  5. service nova-novncproxy restart

5.4 Nova 安装【计算节点】

(1) 安装 **nova-compute**

  1. apt install nova-compute


(2) 修改 nova 配置文件**

  1. ------------------------------------------------------------------------
  2. #### 修改配置文件: vim /etc/nova/nova.conf
  3. ------------------------------------------------------------------------
  5. [DEFAULT]
  6. # log_dir = /var/log/nova
  7. transport_url = rabbit://openstack:openstack@controller
  9. [api]
  10. auth_strategy = keystone
  12. [keystone_authtoken]
  13. auth_url = http://controller:5000/v3
  14. memcached_servers = controller:11211
  15. auth_type = password
  16. project_domain_name = Default
  17. user_domain_name = Default
  18. project_name = service
  19. username = nova
  20. password = nova
  22. [DEFAULT]
  23. my_ip = 172.20.10.121
  25. [DEFAULT]
  26. use_neutron = true
  27. firewall_driver = nova.virt.firewall.NoopFirewallDriver
  29. [vnc]
  30. enabled = true
  31. server_listen = 0.0.0.0
  32. server_proxyclient_address = $my_ip
  33. novncproxy_base_url = http://172.20.10.120:6080/vnc_auto.html
  35. [glance]
  36. api_servers = http://controller:9292
  38. [oslo_concurrency]
  39. lock_path = /var/lib/nova/tmp
  41. [placement]
  42. # os_region_name = openstack
  43. region_name = RegionOne
  44. project_domain_name = Default
  45. project_name = service
  46. auth_type = password
  47. user_domain_name = Default
  48. auth_url = http://controller:5000/v3
  49. username = placement
  50. password = placement
  53. ------------------------------------------------------------------------
  54. #### 检查配置文件: cat /etc/nova/nova.conf | grep ^[\[a-z]
  55. ------------------------------------------------------------------------
  57. [DEFAULT]
  58. lock_path = /var/lock/nova
  59. state_path = /var/lib/nova
  60. transport_url = rabbit://openstack:openstack@controller
  61. my_ip = 172.20.10.121
  62. use_neutron = true
  63. firewall_driver = nova.virt.firewall.NoopFirewallDriver
  64. [api]
  65. auth_strategy = keystone
  66. [api_database]
  67. connection = sqlite:////var/lib/nova/nova_api.sqlite
  68. [barbican]
  69. [cache]
  70. [cells]
  71. enable = False
  72. [cinder]
  73. [compute]
  74. [conductor]
  75. [console]
  76. [consoleauth]
  77. [cors]
  78. [database]
  79. connection = sqlite:////var/lib/nova/nova.sqlite
  80. [devices]
  81. [ephemeral_storage_encryption]
  82. [filter_scheduler]
  83. [glance]
  84. api_servers = http://controller:9292
  85. [guestfs]
  86. [healthcheck]
  87. [hyperv]
  88. [ironic]
  89. [key_manager]
  90. [keystone]
  91. [keystone_authtoken]
  92. auth_url = http://controller:5000/v3
  93. memcached_servers = controller:11211
  94. auth_type = password
  95. project_domain_name = Default
  96. user_domain_name = Default
  97. project_name = service
  98. username = nova
  99. password = nova
  100. [libvirt]
  101. [matchmaker_redis]
  102. [metrics]
  103. [mks]
  104. [neutron]
  105. [notifications]
  106. [osapi_v21]
  107. [oslo_concurrency]
  108. lock_path = /var/lib/nova/tmp
  109. [oslo_messaging_amqp]
  110. [oslo_messaging_kafka]
  111. [oslo_messaging_notifications]
  112. [oslo_messaging_rabbit]
  113. [oslo_messaging_zmq]
  114. [oslo_middleware]
  115. [oslo_policy]
  116. [pci]
  117. [placement]
  118. region_name = RegionOne
  119. project_domain_name = Default
  120. project_name = service
  121. auth_type = password
  122. user_domain_name = Default
  123. auth_url = http://controller:5000/v3
  124. username = placement
  125. password = placement
  126. [placement_database]
  127. [powervm]
  128. [profiler]
  129. [quota]
  130. [rdp]
  131. [remote_debug]
  132. [scheduler]
  133. [serial_console]
  134. [service_user]
  135. [spice]
  136. [upgrade_levels]
  137. [vault]
  138. [vendordata_dynamic_auth]
  139. [vmware]
  140. [vnc]
  141. enabled = true
  142. server_listen = 0.0.0.0
  143. server_proxyclient_address = $my_ip
  144. novncproxy_base_url = http://controller:6080/vnc_auto.html
  145. [workarounds]
  146. [wsgi]
  147. [xenserver]
  148. [xvp]
  149. [zvm]

(3) 修改 **nova-compute 配置文件**

  1. ------------------------------------------------------------------------
  2. #### 查看cpu的相关信息: egrep -c '(vmx|svm)' /proc/cpuinfo
  3. ------------------------------------------------------------------------
  4. 0
  6. ------------------------------------------------------------------------
  7. #### 修改配置文件: vim /etc/nova/nova-compute.conf
  8. ------------------------------------------------------------------------
  9. [libvirt]
  10. # virt_type=kvm
  11. virt_type = qemu
  13. ------------------------------------------------------------------------
  14. #### 检查配置文件: cat /etc/nova/nova-compute.conf | grep ^[\[a-z]
  15. ------------------------------------------------------------------------
  16. [DEFAULT]
  17. compute_driver=libvirt.LibvirtDriver
  18. [libvirt]
  19. virt_type = qemu

(4) 重启服务

  1. service nova-compute restart

5.5 添加计算节点【控制节点】

(1) 检查服务

  1. #### 查看计算服务
  2. openstack compute service list --service nova-compute
  4. #### 输出如下:
  5. +----+--------------+-----------+------+---------+-------+----------------------------+
  6. | ID | Binary       | Host      | Zone | Status  | State | Updated At                 |
  7. +----+--------------+-----------+------+---------+-------+----------------------------+
  8. |  8 | nova-compute | compute01 | nova | enabled | up    | 2019-05-19T11:53:09.000000 |
  9. |  9 | nova-compute | compute02 | nova | enabled | up    | 2019-05-19T11:53:10.000000 |
  10. +----+--------------+-----------+------+---------+-------+----------------------------+


(2) 发现主机**

  1. #### 发现
  2. su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
  4. #### 输出如下:
  5. Found 2 cell mappings.
  6. Skipping cell0 since it does not contain hosts.
  7. Getting computes from cell 'cell1': 8b8d1b89-0ecb-4c1e-b9b0-95bd7af15309
  8. Found 0 unmapped computes in cell: 8b8d1b89-0ecb-4c1e-b9b0-95bd7af15309


(3) 再次查看服务**

  1. #### 查看
  2. openstack compute service list
  4. #### 输出如下:
  5. +----+------------------+------------+----------+---------+-------+----------------------------+
  6. | ID | Binary           | Host       | Zone     | Status  | State | Updated At                 |
  7. +----+------------------+------------+----------+---------+-------+----------------------------+
  8. |  1 | nova-scheduler   | controller | internal | enabled | up    | 2019-05-19T11:49:14.000000 |
  9. |  5 | nova-consoleauth | controller | internal | enabled | up    | 2019-05-19T11:49:09.000000 |
  10. |  6 | nova-conductor   | controller | internal | enabled | up    | 2019-05-19T11:49:10.000000 |
  11. |  8 | nova-compute     | compute01  | nova     | enabled | up    | 2019-05-19T11:49:09.000000 |
  12. |  9 | nova-compute     | compute02  | nova     | enabled | up    | 2019-05-19T11:49:10.000000 |
  13. +----+------------------+------------+----------+---------+-------+----------------------------+

(4) 查看所有服务端点信息

  1. #### 查看
  2. openstack catalog list
  4. #### 输出如下:
  5. +-----------+-----------+-----------------------------------------+
  6. | Name      | Type      | Endpoints                               |
  7. +-----------+-----------+-----------------------------------------+
  8. | keystone  | identity  | RegionOne                               |
  9. |           |           |   admin: http://controller:5000/v3/     |
  10. |           |           | RegionOne                               |
  11. |           |           |   internal: http://controller:5000/v3/  |
  12. |           |           | RegionOne                               |
  13. |           |           |   public: http://controller:5000/v3/    |
  14. |           |           |                                         |
  15. | nova      | compute   | RegionOne                               |
  16. |           |           |   public: http://controller:8774/v2.1   |
  17. |           |           | RegionOne                               |
  18. |           |           |   internal: http://controller:8774/v2.1 |
  19. |           |           | RegionOne                               |
  20. |           |           |   admin: http://controller:8774/v2.1    |
  21. |           |           |                                         |
  22. | placement | placement | RegionOne                               |
  23. |           |           |   admin: http://controller:8778         |
  24. |           |           | RegionOne                               |
  25. |           |           |   public: http://controller:8778        |
  26. |           |           | RegionOne                               |
  27. |           |           |   internal: http://controller:8778      |
  28. |           |           |                                         |
  29. | glance    | image     | RegionOne                               |
  30. |           |           |   internal: http://controller:9292      |
  31. |           |           | RegionOne                               |
  32. |           |           |   admin: http://controller:9292         |
  33. |           |           | RegionOne                               |
  34. |           |           |   public: http://controller:9292        |
  35. |           |           |                                         |
  36. +-----------+-----------+-----------------------------------------+
  38. #### 检查错误
  39. #### 1   如果在下表发现出现重复的空服务,可以通过以下方式删除
  40. #### 1.1 openstack service list
  41. #### 1.2 对比上述出现的两个表,找到要删除的服务的id
  42. #### 1.3 openstack service delete <service-id>
  44. #### 2.  如果上表中出现发现重复的Endpoint,可进入数据库删除。
  45. #### 2.1 端点信息存放在keystone数据库中的endpoint表中,找到对应要删除的endpoint对应id进行删除
  46. #### 2.2 进入数据库: mysql -u root
  47. #### 2.3 查看keystone数据库中的表: use keystone; show tables;   
  48. #### 2.4 查看endpoint表中的数据: select * from endpoint;
  49. #### 2.5 根据id删除重复数据: DELETE FROM endpoint WHERE id='<endpoint-id>'

(5) nova 状态检查

  1. #### 查看
  2. nova-status upgrade check
  4. #### 输出如下:
  5. +--------------------------------+
  6. | Upgrade Check Results          |
  7. +--------------------------------+
  8. | Check: Cells v2                |
  9. | Result: Success                |
  10. | Details: None                  |
  11. +--------------------------------+
  12. | Check: Placement API           |
  13. | Result: Success                |
  14. | Details: None                  |
  15. +--------------------------------+
  16. | Check: Resource Providers      |
  17. | Result: Success                |
  18. | Details: None                  |
  19. +--------------------------------+
  20. | Check: Ironic Flavor Migration |
  21. | Result: Success                |
  22. | Details: None                  |
  23. +--------------------------------+
  24. | Check: API Service Version     |
  25. | Result: Success                |
  26. | Details: None                  |
  27. +--------------------------------+
  28. | Check: Request Spec Migration  |
  29. | Result: Success                |
  30. | Details: None                  |
  31. +--------------------------------+
  32. | Check: Console Auths           |
  33. | Result: Success                |
  34. | Details: None                  |
  35. +--------------------------------+

5.6 Neutron 安装【控制节点】

(1) 添加 **Neutron **数据库

  1. #### 进入数据库
  2. mysql -u root
  4. #### 添加库和用户并设置权限
  5. CREATE DATABASE neutron;
  6. GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'controller' IDENTIFIED BY 'neutron';
  7. GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
  9. #### ctrl+D 退出


(2) 创建 Neutron 用户**

  1. #### 新建用户并设置权限
  2. openstack user create --domain default --password-prompt neutron
  3. openstack role add --project service --user neutron admin
  5. #### 创建服务
  6. openstack service create --name neutron --description "OpenStack Networking" network
  8. #### 为该服务 创建不同接口的服务端点
  9. openstack endpoint create --region RegionOne network internal http://controller:9696
  10. openstack endpoint create --region RegionOne network public http://controller:9696
  11. openstack endpoint create --region RegionOne network admin http://controller:9696


(3) 安装**

  1. #### 安装相关包
  2. apt install neutron-server neutron-plugin-ml2 neutron-openvswitch-agent neutron-l3-agent neutron-dhcp-agent neutron-metadata-agent
  4. #### 使用ovs尝试添加网桥
  5. ovs-vsctl add-br br-ext

(4) 修改 **neutron **配置文件

  1. ------------------------------------------------------------------------
  2. #### 修改配置文件: vim /etc/neutron/neutron.conf
  3. ------------------------------------------------------------------------
  5. [database]
  6. # connection = sqlite:////var/lib/neutron/neutron.sqlite
  7. connection = mysql+pymysql://neutron:neutron@controller/neutron
  9. [DEFAULT]
  10. core_plugin = ml2
  11. service_plugins = router
  12. allow_overlapping_ips = true
  14. [DEFAULT]
  15. transport_url = rabbit://openstack:openstack@controller
  17. [DEFAULT]
  18. auth_strategy = keystone
  20. [keystone_authtoken]
  21. www_authenticate_uri = http://controller:5000
  22. auth_url = http://controller:5000
  23. memcached_servers = controller:11211
  24. auth_type = password
  25. project_domain_name = default
  26. user_domain_name = default
  27. project_name = service
  28. username = neutron
  29. password = neutron
  31. [DEFAULT]
  32. notify_nova_on_port_status_changes = true
  33. notify_nova_on_port_data_changes = true
  35. [nova]
  36. # ...
  37. auth_url = http://controller:5000
  38. auth_type = password
  39. project_domain_name = default
  40. user_domain_name = default
  41. region_name = RegionOne
  42. project_name = service
  43. username = nova
  44. password = nova
  46. [oslo_concurrency]
  47. lock_path = /var/lib/neutron/tmp
  49. ------------------------------------------------------------------------
  50. #### 检查配置文件: cat /etc/neutron/neutron.conf | grep ^[\[a-z]
  51. ------------------------------------------------------------------------
  53. [DEFAULT]
  54. core_plugin = ml2
  55. service_plugins = router
  56. allow_overlapping_ips = true
  57. transport_url = rabbit://openstack:openstack@controller
  58. auth_strategy = keystone
  59. notify_nova_on_port_status_changes = true
  60. notify_nova_on_port_data_changes = true
  61. [agent]
  62. root_helper = "sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf"
  63. [cors]
  64. [database]
  65. connection = mysql+pymysql://neutron:neutron@controller/neutron
  66. [keystone_authtoken]
  67. www_authenticate_uri = http://controller:5000
  68. auth_url = http://controller:5000
  69. memcached_servers = controller:11211
  70. auth_type = password
  71. project_domain_name = default
  72. user_domain_name = default
  73. project_name = service
  74. username = neutron
  75. password = neutron
  76. [matchmaker_redis]
  77. [nova]
  78. auth_url = http://controller:5000
  79. auth_type = password
  80. project_domain_name = default
  81. user_domain_name = default
  82. region_name = RegionOne
  83. project_name = service
  84. username = nova
  85. password = nova
  86. [oslo_concurrency]
  87. lock_path = /var/lib/neutron/tmp
  88. [oslo_messaging_amqp]
  89. [oslo_messaging_kafka]
  90. [oslo_messaging_notifications]
  91. [oslo_messaging_rabbit]
  92. [oslo_messaging_zmq]
  93. [oslo_middleware]
  94. [oslo_policy]
  95. [quotas]
  96. [ssl]

(5) 修改 ml2 配置文件

  1. ------------------------------------------------------------------------
  2. #### 修改配置文件: vim /etc/neutron/plugins/ml2/ml2_conf.ini
  3. ------------------------------------------------------------------------
  5. [ml2]
  6. type_drivers = flat,vlan,vxlan
  8. [ml2]
  9. tenant_network_types = vxlan
  11. [ml2]
  12. mechanism_drivers = openvswitch,l2population
  14. [ml2]
  15. extension_drivers = port_security
  17. [ml2_type_flat]
  18. flat_networks = provider
  20. [ml2_type_vxlan]
  21. vni_ranges = 10001:20000
  23. [securitygroup]
  24. enable_ipset = true
  27. ------------------------------------------------------------------------
  28. #### 检查配置文件: cat /etc/neutron/plugins/ml2/ml2_conf.ini | grep ^[\[a-z]
  29. ------------------------------------------------------------------------
  31. [DEFAULT]
  32. [l2pop]
  33. [ml2]
  34. type_drivers = flat,vlan,vxlan
  35. tenant_network_types = vxlan
  36. mechanism_drivers = openvswitch,l2population
  37. extension_drivers = port_security
  38. [ml2_type_flat]
  39. flat_networks = provider
  40. [ml2_type_geneve]
  41. [ml2_type_gre]
  42. [ml2_type_vlan]
  43. [ml2_type_vxlan]
  44. vni_ranges = 10001:20000
  45. [securitygroup]
  46. enable_ipset = true

(6) 修改 **openvswitch_agent **配置文件

  1. ------------------------------------------------------------------------
  2. #### 修改配置文件: vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
  3. ------------------------------------------------------------------------
  5. [ovs]
  6. bridge_mappings = provider:br-ext
  7. local_ip = 172.16.10.120
  9. [agent]
  10. tunnel_types = vxlan
  11. l2_population = True
  13. [securitygroup]
  14. firewall_driver = iptables_hybrid
  17. ------------------------------------------------------------------------
  18. #### 检查配置文件: cat /etc/neutron/plugins/ml2/ml2_conf.ini | grep ^[\[a-z]
  19. ------------------------------------------------------------------------
  21. [DEFAULT]
  22. [agent]
  23. tunnel_types = vxlan
  24. l2_population = True
  25. [network_log]
  26. [ovs]
  27. bridge_mappings = provider:br-ext
  28. local_ip = 172.16.10.120
  29. [securitygroup]
  30. firewall_driver = iptables_hybrid
  31. [xenapi]

(7) 修改 **l3_agent **配置文件

  1. ------------------------------------------------------------------------
  2. #### 修改配置文件: vim /etc/neutron/l3_agent.ini
  3. ------------------------------------------------------------------------
  5. [DEFAULT]
  6. interface_driver = openvswitch
  7. external_network_bridge =
  10. ------------------------------------------------------------------------
  11. #### 检查配置文件: cat /etc/neutron/l3_agent.ini | grep ^[\[a-z]
  12. ------------------------------------------------------------------------
  14. [DEFAULT]
  15. interface_driver = openvswitch
  16. external_network_bridge =
  17. [agent]
  18. [ovs]

(8) **修改 dhcp_agent 配置文件**

  1. ------------------------------------------------------------------------
  2. #### 修改配置文件: vim /etc/neutron/dhcp_agent.ini
  3. ------------------------------------------------------------------------
  5. [DEFAULT]
  6. interface_driver = openvswitch
  7. dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
  8. enable_isolated_metadata = true
  11. ------------------------------------------------------------------------
  12. #### 检查配置文件: cat /etc/neutron/dhcp_agent.ini | grep ^[\[a-z
  13. ------------------------------------------------------------------------
  15. [DEFAULT]
  16. interface_driver = openvswitch
  17. dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
  18. enable_isolated_metadata = true
  19. [agent]
  20. [ovs]

(9) **修改 metadata_agent 配置文件**

  1. ------------------------------------------------------------------------
  2. #### 修改配置文件: vim /etc/neutron/metadata_agent.ini
  3. ------------------------------------------------------------------------
  5. [DEFAULT]
  6. nova_metadata_host = controller
  7. metadata_proxy_shared_secret = metadata
  10. ------------------------------------------------------------------------
  11. #### 检查配置文件: cat /etc/neutron/metadata_agent.ini | grep ^[\[a-z]
  12. ------------------------------------------------------------------------
  14. [DEFAULT]
  15. nova_metadata_host = controller
  16. metadata_proxy_shared_secret = metadata
  17. [agent]
  18. [cache]

(10) 再次修改 **nova 配置文件**

  1. ------------------------------------------------------------------------
  2. #### 修改配置文件: vim /etc/nova/nova.conf 
  3. #### 仅修改 neutron 项
  4. ------------------------------------------------------------------------
  5. [neutron]
  6. url = http://controller:9696
  7. auth_url = http://controller:5000
  8. auth_type = password
  9. project_domain_name = default
  10. user_domain_name = default
  11. region_name = RegionOne
  12. project_name = service
  13. username = neutron
  14. password = neutron
  15. service_metadata_proxy = true
  16. metadata_proxy_shared_secret = metadata

(11) 同步数据

  1. #### 同步
  2. su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
  5. #### 输出如下:
  6. INFO  [alembic.runtime.migration] Context impl MySQLImpl.
  7. INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
  8.   Running upgrade for neutron ...
  9. ......
  10. INFO  [alembic.runtime.migration] Running upgrade 458aa42b14b -> f83a0b2964d0, rename tenant to project
  11. INFO  [alembic.runtime.migration] Running upgrade f83a0b2964d0 -> fd38cd995cc0, change shared attribute for firewall resource
  12.   OK


(12) 重启服务**

service nova-api restart
service neutron-server restart
service neutron-openvswitch-agent restart
service neutron-dhcp-agent restart
service neutron-metadata-agent restart
service neutron-l3-agent restart

5.7 Neutron 安装【计算节点】

(1) 安装ovs代理服务

apt install neutron-openvswitch-agent

(2) 修改 **neutron 配置文件**

------------------------------------------------------------------------
#### 修改配置文件: vim /etc/neutron/neutron.conf
------------------------------------------------------------------------

[database]
# connection = sqlite:////var/lib/neutron/neutron.sqlite

[DEFAULT]
transport_url = rabbit://openstack:openstack@controller

[DEFAULT]
auth_strategy = keystone

[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp



------------------------------------------------------------------------
#### 检查配置文件: cat /etc/neutron/neutron.conf | grep ^[\[a-z]
------------------------------------------------------------------------

[DEFAULT]
core_plugin = ml2
transport_url = rabbit://openstack:openstack@controller
auth_strategy = keystone
[agent]
root_helper = "sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf"
[cors]
[database]
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[matchmaker_redis]
[nova]
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[quotas]
[ssl]

(3) **修改 openvswitch_agent 配置文件**

------------------------------------------------------------------------
#### 修改配置文件: vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
------------------------------------------------------------------------

[ovs]
# bridge_mappings = provider:br-ext
local_ip = 172.16.10.121

[agent]
tunnel_types = vxlan
l2_population = True


------------------------------------------------------------------------
#### 检查配置文件: cat /etc/neutron/plugins/ml2/openvswitch_agent.ini | grep ^[\[a-z]
------------------------------------------------------------------------

[DEFAULT]
[agent]
tunnel_types = vxlan
l2_population = True
[network_log]
[ovs]
local_ip = 172.16.10.121
[securitygroup]
[xenapi]


(4) 再次修改 nova **配置文件
注意:如果在之后遇到openstack前端页面创建实例的控制台无法显示,报错无法连接服务器的话,可以将这个配置文件中 novncproxy_base_url = http://controller:6080/vnc_auto.html 的 controller 修改为控制节点的ip地址:172.20.10.120

------------------------------------------------------------------------
#### 修改配置文件: vim /etc/nova/nova.conf 
#### 仅修改 neutron 项
------------------------------------------------------------------------
[neutron]
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron


(5) 重启服务**

service nova-compute restart
service neutron-openvswitch-agent restart

(6) 回到控制节点检查网络代理

#### 检查
openstack network agent list

#### 输出如下:
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host       | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 40f103b1-115b-40cd-a960-fa2111d68c40 | Open vSwitch agent | controller | None              | :-)   | UP    | neutron-openvswitch-agent |
| 49671c5f-307d-4bb2-b5db-e4040e4b05dc | L3 agent           | controller | nova              | :-)   | UP    | neutron-l3-agent          |
| 741916c3-c2ec-4a56-a24c-5f557ff42f9a | Metadata agent     | controller | None              | :-)   | UP    | neutron-metadata-agent    |
| 8389c912-36c2-410d-b31e-2d7c56045c61 | Open vSwitch agent | compute01  | None              | :-)   | UP    | neutron-openvswitch-agent |
| a4457089-9cc4-4ae4-9421-1f4af667b965 | Open vSwitch agent | compute02  | None              | :-)   | UP    | neutron-openvswitch-agent |
| ad0f2e55-ae59-48b8-a83f-92dbb31d62e7 | DHCP agent         | controller | nova              | :-)   | UP    | neutron-dhcp-agent        |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+

5.8 Horizon安装【控制节点】

(1) 安装

#### 安装相关包
apt install openstack-dashboard

(2) 修改 setting.py 文件
注意:python文件注意段落缩进
打开文件 vim /etc/openstack-dashboard/local_settings.py

# OPENSTACK_HOST = "127.0.0.1"
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*']

SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

#CACHES = {
#    'default': {
#        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
#        'LOCATION': '127.0.0.1:11211',
#    },
#}

CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'controller:11211',
    }
}

OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 2,
}

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"

# OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

# TIME_ZONE = "UTC"
TIME_ZONE = "Asia/Shanghai"

(3) 修改 dashboard 配置文件

#### 打开配置文件
vim /etc/apache2/conf-available/openstack-dashboard.conf

#### 修改 WSGIApplicationGroup 项
WSGIApplicationGroup %{GLOBAL}

(4) 重启 Apache 服务

service apache2 reload

**(5) 检查服务
打开链接 http://172.20.10.120/horizon 检查 OpenStack dashboard 是否成功启动

  • Domain: default
  • User Name : admin
  • Password : admin
  1. Admin->Compute->Flavors:创建Flavors
  2. Admin->Computer->Images:创建镜像
  3. Project->Network->Networks:创建两个网络
  4. Project->Network->Routers:创建路由,并添加两个接口(Add Interface)
  5. Project->Compute->Instances:创建三个实例(分别位于创建的俩网络中,用于检验三层路由能否正常通信)

注意:创建完实例就可以进入控制台去检验二三层能否正常通信,如果三个实例之间相互能够ping通,就代表成功了。

这里插播一个链接

  • 关于openstack集成的一些问题
  • 这是ICE搭建以及ICE与云平台集成的“船新版本”
  • 搭建过程中可以忽略,可以忽略,可以忽略
  • 这个链接的内容可以自行编辑修改

http://note.youdao.com/noteshare?id=31d7bbe5d2d6d2e91b4bb6772cb99a2e

6. 集成 ICE

集成前需要新搭建一个ODL节点,集成的时候需要开启ODL

ICE 节点

解压

tar zxf jdk-8u212-linux-x64.tar.gz -C /root tar zxf karaf-0.8.4.tar.gz -C /root

启动ODL

cd /root/karaf-0.8.4 ./bin/start ./bin/client

安装组件:

opendaylight-user@root> feature:install odl-netvirt-openstack odl-dlux-core odl-mdsal-apidocs

检查内核版本>=4.3

uname -r

4.15.0-45-generic

检查conntrack内核模块

lsmod | grep conntrack

nf_conntrack_ipv6      20480  1
nf_conntrack_ipv4      16384  1
nf_defrag_ipv4         16384  1 nf_conntrack_ipv4
nf_defrag_ipv6         36864  2 nf_conntrack_ipv6,openvswitch
nf_conntrack          131072  6 nf_conntrack_ipv6,nf_conntrack_ipv4,nf_nat,nf_nat_ipv6,nf_nat_ipv4,openvswitch
libcrc32c              16384  4 nf_conntrack,nf_nat,openvswitch,raid456

控制节点、计算节点

git clone https://github.com/openstack/networking-odl.git
cd networking-odl/
git checkout stable/rocky
python ./setup.py install

查看/var/log/neutron/neutron-server.log,如果报websocket相关的错则执行以下三行命令安装websocket

apt install python-pip
pip install websocket
pip install websocket-client==0.47.0

计算节点

systemctl stop neutron-openvswitch-agent
systemctl disable neutron-openvswitch-agent

控制节点

这部分是为了删除在openstack前端界面上创建的实例、网络、路由,因此可以不用执行,但是要保证在前端完全删除了

nova list
nova delete 
neutron subnet-list
neutron router-list
neutron router-port-list 
neutron router-interface-delete  
neutron subnet-delete 
neutron net-list
neutron net-delete 
neutron router-delete 
neutron port-list

systemctl stop neutron-server
systemctl stop neutron-l3-agent
systemctl disable neutron-l3-agent
systemctl stop neutron-openvswitch-agent
systemctl disable neutron-openvswitch-agent

crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers opendaylight_v2
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins odl-router_v2
crudini --set /etc/neutron/dhcp_agent.ini DEFAULT force_metadata True
crudini --set /etc/neutron/dhcp_agent.ini ovs ovsdb_interface vsctl
crudini --set /etc/neutron/dhcp_agent.ini DEFAULT ovs_integration_bridge br-int

------------------------------------------------------------------------
#### 修改配置文件: vim /etc/neutron/plugins/ml2/ml2_conf.ini
#### 添加以下配置
------------------------------------------------------------------------

[ml2_odl] 
url = http://172.20.10.131:8181/controller/nb/v2/neutron
password = admin 
username = admin

删除数据库

mysql -e "DROP DATABASE IF EXISTS neutron;"
mysql -e "CREATE DATABASE neutron CHARACTER SET utf8;"

/usr/bin/neutron-db-manage  \
  --config-file /etc/neutron/neutron.conf  \
  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
  upgrade head

systemctl start neutron-server

注:这里只开启了neutron-server服务,其他服务在前面都被关闭了

systemctl stop openvswitch-switch
rm -rf /var/log/openvswitch/*
rm -rf /etc/openvswitch/conf.db
systemctl start openvswitch-switch
ovs-vsctl set-manager tcp:172.20.10.131:6640
ovs-vsctl set Open_vSwitch . other_config:local_ip=172.20.10.120

注:下面这行配置的是与外部网络通信配置,如果不与外网通信,可以不用执行这条命令

ovs-vsctl set Open_vSwitch . other_config:provider_mappings=provier:ens192
neutron-odl-ovs-hostconfig --datapath_type=system

计算节点

systemctl stop openvswitch-switch
rm -rf /var/log/openvswitch/*
rm -rf /etc/openvswitch/conf.db
systemctl start openvswitch-switch
ovs-vsctl set-manager tcp:172.20.10.131:6640
ovs-vsctl set Open_vSwitch . other_config:local_ip=172.20.10.121
ovs-vsctl set Open_vSwitch . other_config:provider_mappings=provier:ens192
neutron-odl-ovs-hostconfig --datapath_type=system

所有节点

#### 
ovs-vsctl show

#####
356aeefd-1fc7-4f2d-b5b0-69150ae00b94
    Manager "tcp:172.20.10.131:6640"
        is_connected: true
    Bridge br-int
        Controller "tcp:172.20.10.131:6653"
            is_connected: true
        fail_mode: secure
        Port "tun97119295314"
            Interface "tun97119295314"
                type: vxlan
                options: {key=flow, local_ip="172.20.10.120", remote_ip="172.20.10.122"}
                bfd_status: {diagnostic="No Diagnostic", flap_count="1", forwarding="true", remote_diagnostic="No Diagnostic", remote_state=up, state=up}
        Port br-int
            Interface br-int
                type: internal
        Port "ens224"
            Interface "ens224"
        Port "tun249b7250379"
            Interface "tun249b7250379"
                type: vxlan
                options: {key=flow, local_ip="172.20.10.120", remote_ip="172.20.10.121"}
                bfd_status: {diagnostic="No Diagnostic", flap_count="1", forwarding="true", remote_diagnostic="No Diagnostic", remote_state=up, state=up}
    ovs_version: "2.10.0"

控制节点

####
openstack network agent list

####
+--------------------------------------+----------------+------------+-------------------+-------+-------+------------------------------+
| ID                                   | Agent Type     | Host       | Availability Zone | Alive | State | Binary                       |
+--------------------------------------+----------------+------------+-------------------+-------+-------+------------------------------+
| 24319b30-3928-48a4-8f0c-a448732dae05 | ODL L2         | compute02  | None              | :-)   | UP    | neutron-odlagent-portbinding |
| 36a5de48-98c1-4ccf-8aa1-717000924f06 | Metadata agent | controller | None              | :-)   | UP    | neutron-metadata-agent       |
| 58d89f7d-df6c-4b80-8e58-3bdb4b2d73fe | DHCP agent     | controller | nova              | :-)   | UP    | neutron-dhcp-agent           |
| d3fafd3d-9564-48af-958b-2f05cb21718e | ODL L2         | compute01  | None              | :-)   | UP    | neutron-odlagent-portbinding |
| e671e52e-f7f5-48d0-a75c-0598f67f50c8 | ODL L2         | controller | None              | :-)   | UP    | neutron-odlagent-portbinding |
+--------------------------------------+----------------+------------+-------------------+-------+-------+------------------------------+

注:到这里,集成工作也已经接近尾声,需要再次打开openstack前端界面按照之前的操作创建网络、路由、实例,如果能够正常通信就代表平台搭建与集成成功。

重新集成ODL

重新集成应该从哪里开始才能达到既不用恢复快照又能很快完成odl的集成,答案就在odl重新集成三步法:

  • 第一步:

对openstack云平台动手,把你云平台里面的所有实例、网络、路由全部删掉。

  • 第二步:

(1)停掉你的odl,切换到ice的bin目录下,执行./stop

(2)清空odl数据库,在ice的目录下通过删除命令删掉以下三个文件夹 rm -rf data/ snapshots/ journal

注: 此时的ice处于关闭状态,而集成odl时ice应该处于running状态,所以此刻应将ice启动起来,并使其界面恢复正常状态(可以选择SW软集成方式的界面)

  • 第三步:

(重新集成ovs)

(1)控制节点

systemctl stop openvswitch-switch
rm -rf /var/log/openvswitch/*
rm -rf /etc/openvswitch/conf.db
systemctl start openvswitch-switch
ovs-vsctl set-manager tcp:172.20.10.131:6640
ovs-vsctl set Open_vSwitch . other_config:local_ip=172.20.10.120
ovs-vsctl set Open_vSwitch . other_config:provider_mappings=provier:ens224
neutron-odl-ovs-hostconfig --datapath_type=syste

(2)计算节点1

systemctl stop openvswitch-switch
rm -rf /var/log/openvswitch/*
rm -rf /etc/openvswitch/conf.db
systemctl start openvswitch-switch
ovs-vsctl set-manager tcp:172.20.10.131:6640
ovs-vsctl set Open_vSwitch . other_config:local_ip=172.20.10.121
ovs-vsctl set Open_vSwitch . other_config:provider_mappings=provier:ens224
neutron-odl-ovs-hostconfig --datapath_type=system

(3)计算节点2

systemctl stop openvswitch-switch
rm -rf /var/log/openvswitch/*
rm -rf /etc/openvswitch/conf.db
systemctl start openvswitch-switch
ovs-vsctl set-manager tcp:172.20.10.131:6640
ovs-vsctl set Open_vSwitch . other_config:local_ip=172.20.10.122
ovs-vsctl set Open_vSwitch . other_config:provider_mappings=provier:ens224
neutron-odl-ovs-hostconfig --datapath_type=system

如果因为接了个电话,不小心把控制节点的IP粘到了计算节点了!!!不要紧,执行控制节点的前四句,再继续就可以了,不放心的话可以提前执行ovs-vsctl show查看显示的内容
最后在集成这里补充一个ovs的一个官方版本的翻译:
ovs服务是为实例提供底层虚拟网络框架,集成网桥br-int处理ovs内实例内部网络的流通。外部网桥br-ex处理ovs内实例外部网络的流通。

排查问题的步骤:

  • 1.关于odl出问题时,首先我们应该查看控制节点的服务是否正常运行。
    通过命令openstack network agent list 查看各个服务是否正常,如果active 选项出现了XXX,这时候需要通过命令重启某些服务;如果是odl的状态,启动ice

控制节点:查看neutron-server的状态及其log

(1)systemctl status neutron-server  
(2)vim /var/log/neutron/neutron-server.log

计算节点: 查看Nova-compute的状态及其log

(1)systemctl status nova-compute.service
(2)vim /var/log/neutron/neutron-server.log
  • 2.自己在集成后ping平台创建报错了,错误是“ERROR:Failed to perform requested operation on instance “user”,the instance has an error status:please try again later[Error:No valid host was found.There are not enough hosts available]”可能导致这个报错的有其他的原因,我的问题出现在设置[ml2_odl]时,将文档最初的IP拷贝了,然后没有删掉又执行了一遍,结果生成了两个[ml2_odl]
  • 3.对于在平台获取不到IP地址无法实现ping通的原因目前只能总结为绝对和ice有关,有时候重启ice就可以解决问题,但是采取更多的方法是重新集成。大神们都说和流表相关,不懂流表就重新集成吧!

结语

环境搭建的完成并不是意味着结束,而是预示着测试工作的刚刚开始。搭建环境的过程中,除了熟练掌握一些Linux下的常用命令,还要多去思考OpenStack每个组件的作用以及数据流的走向,能够通过log来正确定位问题和解决问题是更值得我们去探索的方向!