标签:newton image vim -name 安全 准备 repo form public
与M版本很相似,大家更应当去关注功能上的调整
一.基本情况:
1.操作系统:CentOS 7.2
2.Openstack:newton版本
3.网络情况:
管理网络:192.168.163.0/24
数据网络:192.168.182.0/24
二.环境准备:
1.对所有机器进行解析
vim /etc/hosts
192.168.163.11 controller
192.168.163.12 network
192.168.163.13 computer
2.关闭防火墙以及selinux(所有机器)
3.配置yum源
yum install centos-release-openstack-newton https://rdoproject.org/repos/rdo-release.rpm -y
yum upgrade
yum install python-openstackclient openstack-selinux -y # 最后一个包安装的很慢,与机器性能有关系,后续很多操作也需要等待
sed -i s/gpgchek=1/gpgchek=0/g /etc/yum.repos.d/*
yum clean all
yum makecache
yum groupinstall base -y
4.时间服务部署打开,ntp、chrony皆可,7版本推荐chrony
三.正式开始安装
1.控制节点
yum install mariadb mariadb-server python2-PyMySQL rabbitmq-server openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler memcached openstack-glance python-memcached openstack-keystone httpd mod_wsgi openstack-dashboard openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.163.11
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
systemctl enable mariadb
systemctl start mariadb
systemctl enable rabbitmq-server
systemctl start rabbitmq-server
rabbitmqctl add_user rabbitmq bfmq
rabbitmqctl set_permissions rabbitmq ".*" ".*" ".*"
systemctl enable memcached
systemctl start memcached
mysql_secure_installation(设置你的数据库root密码)
mysql -uroot -pbfmq
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone‘@‘localhost‘ IDENTIFIED BY ‘bfmq‘;
GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone‘@‘%‘ IDENTIFIED BY ‘bfmq‘;
GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone‘@‘controller‘ IDENTIFIED BY ‘bfmq‘; # 最好也写上,本人曾出过BUG
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO ‘glance‘@‘localhost‘ IDENTIFIED BY ‘bfmq‘;
GRANT ALL PRIVILEGES ON glance.* TO ‘glance‘@‘%‘ IDENTIFIED BY ‘bfmq‘;
GRANT ALL PRIVILEGES ON glance.* TO ‘glance‘@‘controller‘ IDENTIFIED BY ‘bfmq‘;
CREATE DATABASE nova_api;
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova‘@‘localhost‘ IDENTIFIED BY ‘bfmq‘;
GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova‘@‘%‘ IDENTIFIED BY ‘bfmq‘;
GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova‘@‘controller‘ IDENTIFIED BY ‘bfmq‘;
GRANT ALL PRIVILEGES ON nova.* TO ‘nova‘@‘localhost‘ IDENTIFIED BY ‘bfmq‘;
GRANT ALL PRIVILEGES ON nova.* TO ‘nova‘@‘%‘ IDENTIFIED BY ‘bfmq‘;
GRANT ALL PRIVILEGES ON nova.* TO ‘nova‘@‘controller‘ IDENTIFIED BY ‘bfmq‘;
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron‘@‘localhost‘ IDENTIFIED BY ‘bfmq‘;
GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron‘@‘%‘ IDENTIFIED BY ‘bfmq‘;
GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron‘@‘controller‘ IDENTIFIED BY ‘bfmq‘;
flush privileges;
quit
vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:bfmq@controller/keystone
[token]
provider = fernet # token生成方式,共4种:uuid、pki、pkiz、fernet
su -s /bin/sh -c "keystone-manage db_sync" keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
keystone-manage bootstrap --bootstrap-password bfmq --bootstrap-admin-url http://controller:35357/v3/ --bootstrap-internal-url http://controller:35357/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne
vim /etc/httpd/conf/httpd.conf
ServerName controller
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
systemctl enable httpd
systemctl start httpd
export OS_USERNAME=admin
export OS_PASSWORD=bfmq
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password-prompt demo
openstack role create user
openstack role add --project demo --user demo user
vim /etc/keystone/keystone-paste.ini
[pipeline:public_api], [pipeline:admin_api], [pipeline:api_v3]里去掉admin_token_auth,这是为了安全考虑,测试可省略
unset OS_AUTH_URL OS_PASSWORD
openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name demo --os-username demo token issue
vim admin-openrc新建内容(管理员的环境)
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=bfmq
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
vim demo-openrc新建内容(普通用户的环境)
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=bfmq
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
. admin-openrc
openstack token issue(出现admin的用户信息)
openstack user create --domain default --password-prompt glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
vim /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:bfmq@controller/glance
[keystone_authtoken]
# auth_url = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = bfmq
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
vim /etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:bfmq@controller/glance
[keystone_authtoken]
# auth_url = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = bfmq
[paste_deploy]
flavor = keystone
su -s /bin/sh -c "glance-manage db_sync" glance
systemctl enable openstack-glance-api openstack-glance-registry
systemctl start openstack-glance-api openstack-glance-registry
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
openstack image list
openstack user create --domain default --password-prompt nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1/%\(tenant_id\)s
vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://rabbitmq:bfmq@controller
auth_strategy = keystone
my_ip = 192.168.163.11
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]
connection = mysql+pymysql://nova:bfmq@controller/nova_api
[database]
connection = mysql+pymysql://nova:bfmq@controller/nova
[keystone_authtoken]
# auth_url = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = bfmq
[vnc]
vncserver_listen = 192.168.163.11
vncserver_proxyclient_address = 192.168.163.11
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage db sync" nova
systemctl enable openstack-nova-api openstack-nova-consoleauth openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy
systemctl start openstack-nova-api openstack-nova-consoleauth openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy
2.计算节点
yum install openstack-nova-compute libvirt-daemon-lxc openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch -y
vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://rabbitmq:bfmq@controller
auth_strategy = keystone
my_ip = 192.168.163.13
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[keystone_authtoken]
# auth_url = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = bfmq
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = 192.168.163.13
novncproxy_base_url = http://192.168.163.11:6080/vnc_auto.html
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
ps:如果在不支持虚拟化的机器上部署nova,请确认
egrep -c ‘(vmx|svm)‘ /proc/cpuinfo结果为0
vim /etc/nova/nova.conf修改
[libvirt]
virt_type = qemu
systemctl enable libvirtd openstack-nova-compute
systemctl start libvirtd openstack-nova-compute
3.控制节点
. admin-openrc
openstack compute service list(会出现计算节点computer在里面)
openstack user create --domain default --password-prompt neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
vim /etc/nova/nova.conf
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = bfmq
service_metadata_proxy = True
metadata_proxy_shared_secret = bfmq
vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
transport_url = rabbit://rabbitmq:bfmq@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
[database]
connection = mysql+pymysql://neutron:bfmq@controller/neutron
[keystone_authtoken]
# auth_url = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = bfmq
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = nova
password = bfmq
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = True
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
systemctl restart openstack-nova-api
systemctl enable neutron-server
systemctl start neutron-server
4.网络节点
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
vim /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
sysctl -p
vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
transport_url= rabbit://rabbitmq:bfmq@controller
auth_strategy = keystone
[keystone_authtoken]
# auth_url = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = bfmq
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1
[vxlan]
enable_vxlan = True
local_ip = 192.168.163.12
l2_population = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
vim /etc/neutron/metadata_agent.ini
nova_metadata_ip = controller
metadata_proxy_shared_secret = bfmq
systemctl enable neutron-server neutron-linuxbridge-agent neutron-dhcp-agent neutron-metadata-agent neutron-l3-agent
systemctl start neutron-server neutron-linuxbridge-agent neutron-dhcp-agent neutron-metadata-agent neutron-l3-agent
5.计算节点
vim /etc/sysctl.conf
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
sysctl -p
yum install openstack-neutron-linuxbridge ebtables ipset
vim /etc/neutron/neutron.conf
[DEFAULT]
transport_url= rabbit://rabbitmq:bfmq@controller
auth_strategy = keystone
[keystone_authtoken]
# auth_url = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = bfmq
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
vim /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = bfmq
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1
[vxlan]
enable_vxlan = True
local_ip = 192.168.163.13
l2_population = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
systemctl restart openstack-nova-compute
systemctl enable neutron-linuxbridge-agent
systemctl start neutron-linuxbridge-agent
6.控制节点
openstack network agent list
vim /etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = [‘*‘, ]
SESSION_ENGINE = ‘django.contrib.sessions.backends.cache‘
CACHES = {
‘default‘: {
‘BACKEND‘: ‘django.core.cache.backends.memcached.MemcachedCache‘,
‘LOCATION‘: ‘controller:11211‘,
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
TIME_ZONE = "TIME_ZONE"
systemctl enable httpd memcached
systemctl restart httpd memcached
四.完成验证
http://192.168.163.11/dashboard
五.ovs版本
3.控制节点
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch -y
. admin-openrc
openstack compute service list(会出现计算节点computer在里面)
openstack user create --domain default --password-prompt neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
vim /etc/nova/nova.conf
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = bfmq
service_metadata_proxy = True
metadata_proxy_shared_secret = bfmq
vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
transport_url = rabbit://rabbitmq:bfmq@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
[database]
connection = mysql+pymysql://neutron:bfmq@controller/neutron
[keystone_authtoken]
# auth_url = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = bfmq
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = nova
password = bfmq
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = True
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
systemctl restart openstack-nova-api
systemctl enable neutron-server
systemctl start neutron-server
4.网络节点
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch -y
vim /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
sysctl -p
vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
transport_url= rabbit://rabbitmq:bfmq@controller
auth_strategy = keystone
[keystone_authtoken]
# auth_url = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = bfmq
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
[ovs]
local_ip=192.168.182.12
bridge_mappings=external:br-ex
[agent]
tunnel_types=gre,vxlan
l2_population=True
prevent_arp_spoofing=True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
vim /etc/neutron/metadata_agent.ini
nova_metadata_ip = controller
metadata_proxy_shared_secret = bfmq
systemctl enable neutron-server neutron-openvswitch-agent neutron-dhcp-agent neutron-metadata-agent neutron-l3-agent
systemctl start neutron-server neutron-openvswitch-agent neutron-dhcp-agent neutron-metadata-agent neutron-l3-agent
ovs-vsctl add-br br-ex
cat /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
TYPE=Ethernet
ONBOOT="yes"
BOOTPROTO="none"
cat /etc/sysconfig/network-scripts/ifcfg-br-ex
DEVICE=br-ex
TYPE=Ethernet
ONBOOT="yes"
BOOTPROTO="none"
IPADDR=192.168.182.13
GATEWAY=192.168.182.254
PREFIX=24
DNS1=8.8.8.8
NM_CONTROLLED=no # 需要写上
systemctl restart network && ovs-vsctl add-port br-ex eth1
5.计算节点
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch -y
vim /etc/sysctl.conf
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
sysctl -p
vim /etc/neutron/neutron.conf
[DEFAULT]
transport_url= rabbit://rabbitmq:bfmq@controller
auth_strategy = keystone
[keystone_authtoken]
# auth_url = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = bfmq
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
vim /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = bfmq
vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
[ovs]
local_ip = 192.168.182.13
[agent]
tunnel_types = gre,vxlan
l2_population = True
prevent_arp_spoofing = True
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = True
systemctl restart openstack-nova-compute
systemctl enable neutron-openvswitch-agent
systemctl start neutron-openvswitch-agent
六:块存储
1.控制节点
yum install openstack-cinder
mysql -uroot -pbfmq
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO ‘cinder‘@‘localhost‘ IDENTIFIED BY ‘bfmq‘;
GRANT ALL PRIVILEGES ON cinder.* TO ‘cinder‘@‘%‘ IDENTIFIED BY ‘bfmq‘;
GRANT ALL PRIVILEGES ON cinder.* TO ‘cinder‘@‘controller01‘ IDENTIFIED BY ‘bfmq‘;
flush privileges;
quit
openstack user create --domain default --password-prompt cinder
openstack role add --project service --user cinder admin
openstack service create --name cinder --description "OpenStack Block Storage" volume
openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
openstack endpoint create --region RegionOne volume public http://controller:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volume internal http://controller:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volume admin http://controller:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(tenant_id\)s
vim /etc/cinder/cinder.conf
[DEFAULT]
transport_url = rabbit://rabbitmq:bfmq@controller
auth_strategy = keystone
my_ip = 192.168.163.11
[keystone_authtoken]
# auth_url = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = cinder
password = bfmq
[database]
connection = mysql+pymysql://cinder:bfmq@controller/cinder
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
su -s /bin/sh -c "cinder-manage db sync" cinder
vim /etc/nova/nova.conf
[cinder]
os_region_name = RegionOne
systemctl restart openstack-nova-api
systemctl enable openstack-cinder-api openstack-cinder-scheduler
systemctl start openstack-cinder-api openstack-cinder-scheduler
2.存储节点
yum install lvm2 openstack-cinder targetcli python-keystone -y # 默认lv方式,对接ceph请看http://www.cnblogs.com/bfmq/p/6073334.html
systemctl enable lvm2-lvmetad
systemctl start lvm2-lvmetad
pvcreate /dev/sdb # sdb是你准备用于openstack存储的磁盘
vgcreate cinder-volumes /dev/sdb
vim /etc/lvm/lvm.conf
devices {
filter = [ "a/sdb/", "r/.*/"] # sda千万别写进去!
vim /etc/cinder/cinder.conf
[DEFAULT]
transport_url = rabbit://rabbitmq:bfmq@controller
auth_strategy = keystone
my_ip = 192.168.163.21
enabled_backends = lvm
glance_api_servers = http://controller:9292
[keystone_authtoken]
# auth_url = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = cinder
password = bfmq
[database]
connection = mysql+pymysql://cinder:bfmq@controller/cinder
[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
systemctl enable openstack-cinder-volume target
systemctl start openstack-cinder-volume target
3.控制节点
. admin-openrc
openstack volume service list # 查看到刚才添加的块存储主机
标签:newton image vim -name 安全 准备 repo form public
原文地址:http://www.cnblogs.com/bfmq/p/6349033.html