频道栏目
首页 > 网络 > 云计算 > 正文

openstack高可用环境搭建(一):非高可用环境的搭建

2016-06-08 09:01:21         来源:行者无疆  
收藏   我要投稿

5.openstack逐个模块安装:根据官网文档,安装四节点环境,先安装controller1和compute1

HostnameIPRole

controller110.192.44.148Controller1 (network1)

controller210.192.44.149Controller2(networ2)

compute110.192.44.150Compute1

compute210.192.44.151Compute2

先安装如下两个节点

HostnameIPRole

controller110.192.44.148Controller1 (network1)

compute110.192.44.150Compute1

5.1 基本环境安装

设置hostname和hosts

10.1.14.235 mirrors.hikvision.com.cn

10.192.44.148 controller1

10.192.44.150 compute1

5.1.1 数据库安装

# yum install mariadb mariadb-serverMySQL-python

修改/etc/my.cnf.d/server.cnf:

[mysqld]

bind-address = 10.192.44.148

default-storage-engine= innodb

innodb_file_per_table

collation-server =utf8_general_ci

init-connect = 'SETNAMES utf8'

character-set-server = utf8

启动数据库:

# systemctl enable mariadb.service

# systemctl start mariadb.service

设置密码:

# mysql_secure_installation

Root密码为1,其他全部选择Y

检查数据库:

[root@controller1 my.cnf.d]# mysql -uroot-p

Enter password:

Welcome to the MariaDB monitor. Commands end with ; or \g.

Your MariaDB connection id is 11

Server version: 5.5.44-MariaDB MariaDBServer

Copyright (c) 2000, 2015, Oracle, MariaDBCorporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' toclear the current input statement.

MariaDB [(none)]> Ctrl-C -- exit!

Aborted

5.1.2 安装rabbitmq

yum install rabbitmq-server

启动rabbitmq-server:

[root@controller1 7]# systemctl enablerabbitmq-server.service

[root@controller1 7]# systemctl startrabbitmq-server.service

增加openstack用户:

# rabbitmqctl add_user openstack 1 这里密码为1

设置访问权限:

rabbitmqctl set_permissionsopenstack ".*" ".*" ".*"

systemctl restart rabbitmq-server.service

OK

5.2 安装keystone

5.2.1 创建数据库,密码为1

MariaDB [(none)]> CREATE DATABASEkeystone;

Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGESON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '1';

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGESON keystone.* TO 'keystone'@'%' IDENTIFIED BY '1';

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> FLUSH PRIVILEGES;

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> quit

生成随机数

[root@controller17]# openssl rand -hex 10

5a67199a1ba44a78ddcb

5.2.2 安装keystone

yum installopenstack-keystone httpd mod_wsgi python-openstackclient memcached python-memcached

启动memcached:

[root@controller1 7]# systemctl enablememcached.service

ln -s'/usr/lib/systemd/system/memcached.service''/etc/systemd/system/multi-user.target.wants/memcached.service'

[root@controller1 7]# systemctl startmemcached.service

5.2.3 修改keystone配置:

将packstack自动安装的配置拷贝过来进行修改

生成随机数

[root@controller1 7]# openssl rand -hex 10

5a67199a1ba44a78ddcb

修改、检查如下字段:

[DEFAULT]

admin_token = 5a67199a1ba44a78ddcb

public_port=5000

admin_bind_host=0.0.0.0

public_bind_host=0.0.0.0

admin_port=35357

connection =mysql://keystone:1@10.192.44.148/keystone

rabbit_host = 10.192.44.148

rabbit_port = 5672

rabbit_hosts ="10.192.44.148:5672"

同步数据库:

su -s /bin/sh -c"keystone-manage db_sync" keystone

5.2.4 配置httpd

将packstack的httpd配置拷贝过来

修改如下内容:

[root@controller1 httpd]#grep node ./ -r

./conf/httpd.conf:ServerName"node1"

./conf.d/15-horizon_vhost.conf: ServerName node1

./conf.d/15-horizon_vhost.conf: ServerAlias node1

./conf.d/10-keystone_wsgi_admin.conf: ServerName node1

./conf.d/10-keystone_wsgi_main.conf: ServerName node1

改为:

[root@controller1 httpd]#grep controller1 ./ -r

./conf/httpd.conf:ServerName"controller1"

./conf.d/15-horizon_vhost.conf: ServerName controller1

./conf.d/15-horizon_vhost.conf: ServerAlias controller1

./conf.d/10-keystone_wsgi_admin.conf: ServerName controller1

./conf.d/10-keystone_wsgi_main.conf: ServerName controller1

[root@controller1 httpd]#

[root@controller1 httpd]# grep 192 ./ -r

./conf.d/15-horizon_vhost.conf: ServerAlias 192.168.129.131

改为:

ServerAlias 10.192.44.148

创建keystone站点:

mkdir -p/var/www/cgi-bin/keystone

拷贝packstack环境的:

[root@controller1 keystone]# chown -Rkeystone:keystone /var/www/cgi-bin/keystone

[root@controller1 keystone]# chmod 755/var/www/cgi-bin/keystone/*

启动httpd服务:

# systemctl enable httpd.service

# systemctl start httpd.service

验证:

15-default.conf

修改:

ServerName controller1

重启:

可以重启成功

但是目前无法登录

安装horizon再验证排查

5.2.5 创建service和endpoint

5a67199a1ba44a78ddcb

[root@controller1 ~]# exportOS_TOKEN=5a67199a1ba44a78ddcb

[root@controller1 ~]# exportOS_URL=http://10.192.44.148:35357/v2.0

[root@controller1 ~]# openstack servicelist

创建service:

[root@controller1 ~]# openstack servicecreate --name keystone --description "OpenStack Identity" identity

+-------------+----------------------------------+

| Field | Value |

+-------------+----------------------------------+

| description | OpenStack Identity |

| enabled | True |

| id | 69c389157be24cf6b4511d648e8412be |

| name | keystone |

| type | identity |

+-------------+----------------------------------+

创建endpoint:

openstack endpoint create \

--publicurl http://controller1:5000/v2.0 \

--internalurl http://controller1:5000/v2.0\

--adminurl http://controller1:35357/v2.0 \

--region RegionOne \

identity

# openstack endpoint create --publicurlhttp://controller1:5000/v2.0 --internalurl http://controller1:5000/v2.0--adminurl http://controller1:35357/v2.0 --region RegionOne identity

+--------------+----------------------------------+

| Field | Value |

+--------------+----------------------------------+

| adminurl | http://controller1:35357/v2.0 |

| id | 6df505c12153483a9f8dc42d64879c69 |

| internalurl | http://controller1:5000/v2.0 |

| publicurl | http://controller1:5000/v2.0 |

| region | RegionOne |

| service_id | 69c389157be24cf6b4511d648e8412be |

| service_name | keystone |

| service_type | identity |

+--------------+----------------------------------+

5.2.6 创建项目、用户、角色

[root@controller1 ~]# openstack projectcreate --description "Admin Project" admin

+-------------+----------------------------------+

| Field | Value |

+-------------+----------------------------------+

| description | Admin Project |

| enabled | True |

| id | 617e98e151b245d081203adcbb0ce7a4 |

| name | admin |

+-------------+----------------------------------+

[root@controller1 ~]# openstack user create--password-prompt admin

User Password:

Repeat User Password:

+----------+----------------------------------+

| Field| Value|

+----------+----------------------------------+

| email| None|

| enabled| True |

| id| cfca3361950644de990b52ad341a06f0 |

| name| admin|

| username | admin |

+----------+----------------------------------+

[root@controller1 ~]# openstack role createadmin

+-------+----------------------------------+

| Field | Value |

+-------+----------------------------------+

| id| 6c89e70e3b274c44b068dbd6aef08bb2 |

| name| admin|

+-------+----------------------------------+

[root@controller1 ~]#

[root@controller1 ~]# openstack role add--project admin --user admin admin

+-------+----------------------------------+

| Field | Value |

+-------+----------------------------------+

| id| 6c89e70e3b274c44b068dbd6aef08bb2 |

| name| admin|

+-------+----------------------------------+

[root@controller1 ~]# openstack projectcreate --description "Service Project" service

+-------------+----------------------------------+

| Field | Value |

+-------------+----------------------------------+

| description | Service Project |

| enabled | True |

| id | 165f6edf748d4bff957beada1f2a728e |

| name | service |

+-------------+----------------------------------+

5.2.7 keystone的验证

unset OS_TOKEN OS_URL

[root@controller1 ~]# openstack--os-auth-url http://controller1:35357 --os-project-name admin --os-usernameadmin --os-auth-type password token issue

Password:

+------------+----------------------------------+

| Field| Value|

+------------+----------------------------------+

| expires| 2016-05-25T03:27:46Z|

| id| 2b1325bdd1c643ad9b6ceed17e663913 |

| project_id |617e98e151b245d081203adcbb0ce7a4 |

| user_id| cfca3361950644de990b52ad341a06f0 |

+------------+----------------------------------+

# openstack --os-auth-urlhttp://controller1:35357 --os-project-domain-id default --os-user-domain-iddefault --os-project-name admin --os-username admin --os-auth-type passwordtoken issue

Password:

+------------+----------------------------------+

| Field| Value|

+------------+----------------------------------+

| expires| 2016-05-25T03:30:03.368364Z|

| id| 5c8f0e1ac4f0457884e788dff3b232d8 |

| project_id |617e98e151b245d081203adcbb0ce7a4 |

| user_id| cfca3361950644de990b52ad341a06f0 |

+------------+----------------------------------+

创建环境变量脚本:

[root@controller1 ~(keystone_admin)]# catadmin_keystone

unset OS_SERVICE_TOKEN OS_TOKEN OS_URL

export OS_USERNAME=admin

export OS_PASSWORD=1

exportOS_AUTH_URL=http://10.192.44.148:35357/v2.0

export PS1='[\u@\h \W(keystone_admin)]\$ '

export OS_TENANT_NAME=admin

export OS_REGION_NAME=RegionOne

[root@controller1 ~(keystone_admin)]#openstack user list

+----------------------------------+-------+

| ID | Name |

+----------------------------------+-------+

| cfca3361950644de990b52ad341a06f0 | admin|

+----------------------------------+-------+

5.3 安装horizon

5.3.1 horizon安装

yum installopenstack-dashboard httpd mod_wsgi memcached pythonmemcached

5.3.1 修改horizon配置

将packstack的/etc/openstack-dashboard拷贝过来:

修改如下内容:

./local_settings:OPENSTACK_KEYSTONE_URL = http://192.168.129.131:5000/v2.0

改为:

OPENSTACK_KEYSTONE_URL ="http://10.192.44.148:5000/v2.0"

其他不必修改

setsebool -Phttpd_can_network_connect on

# chown -R apache:apache/usr/share/openstack-dashboard/static

重启httpd:

# systemctlenable httpd.service memcached.service

# systemctl restarthttpd.service memcached.service

5.3.2 登录验证

Internal Server Error

The server encounteredan internal error or misconfiguration and was unable to complete your request.

Please contact theserver administrator at [no address given] to inform them of the time thiserror occurred, and the actions you performed just before this error.

More informationabout this error may be available in the server error log.

这个问题遇到过,参考PART3:

/var/log/horizon/horizon.log的属主有问题:

[root@lxp-node2horizon(keystone_admin)]#ls -l

total 0

-rw-r--r--1 root root 0 May 20 23:44horizon.log

应该是:

[root@lxp-node1horizon(keystone_admin)]#ls -l

total 4

-rw-r-----.1 apache apache 316 May 1819:35 horizon.log

修改:

# chownapache:apache horizon.log

OK,界面可以登录:

其他组件还没有安装、

所以登录进去肯定报错:

5.4 安装glance

5.4.1 创建数据库

MariaDB [(none)]> CREATE DATABASEglance;

MariaDB [(none)]> GRANT ALL PRIVILEGESON glance.* TO 'glance'@'localhost' IDENTIFIED BY '1';

MariaDB [(none)]> GRANT ALL PRIVILEGESON glance.* TO 'glance'@'%' IDENTIFIED BY '1';

[root@controller1~(keystone_admin)]# openstack user create --password-prompt glance

User Password:密码全是1

Repeat User Password:

+----------+----------------------------------+

| Field | Value |

+----------+----------------------------------+

| email | None |

| enabled | True |

| id | 9b9b7d340f5c47fa8ead236b55400675 |

| name | glance |

| username | glance |

+----------+----------------------------------+

# openstack role add --project service --userglance admin

+-------+----------------------------------+

| Field | Value |

+-------+----------------------------------+

| id| 6c89e70e3b274c44b068dbd6aef08bb2 |

| name| admin|

+-------+----------------------------------+

# openstack service create --name glance--description "OpenStack Image service" image

+-------------+----------------------------------+

| Field | Value |

+-------------+----------------------------------+

| description | OpenStack Imageservice |

| enabled | True |

| id | a0c905098446491cbb2f948285364c43 |

| name | glance |

| type | image |

+-------------+----------------------------------+

openstackendpoint create \

--publicurlhttp://10.192.44.148:9292 \

--internalurlhttp://10.192.44.148:9292 \

--adminurlhttp://10.192.44.148:9292 \

--regionRegionOne \

image

# openstack endpoint create --publicurlhttp://10.192.44.148:9292 --internalurl http://10.192.44.148:9292 --adminurlhttp://10.192.44.148:9292 --region RegionOne image

+--------------+----------------------------------+

| Field | Value |

+--------------+----------------------------------+

| adminurl | http://10.192.44.148:9292 |

| id | 49a032e19f9841b381e795f60051f131 |

| internalurl | http://10.192.44.148:9292 |

| publicurl | http://10.192.44.148:9292 |

| region | RegionOne |

| service_id | a0c905098446491cbb2f948285364c43 |

| service_name | glance |

| service_type | image |

+--------------+----------------------------------+

5.4.2 安装glance

yum install openstack-glancepython-glance python-glanceclient

5.4.3 配置glance

将packstack的glance配置拷贝过来,修改

[root@controller1 glance(keystone_admin)]#grep 192 ./ -r

./glance-registry.conf:connection=mysql://glance:b859cde598ec474f@192.168.129.131/glance

./glance-registry.conf:auth_uri=http://192.168.129.131:5000/v2.0

./glance-registry.conf:identity_uri=http://192.168.129.131:35357

./glance-api.conf:connection=mysql://glance:b859cde598ec474f@192.168.129.131/glance

./glance-api.conf:auth_uri=http://192.168.129.131:5000/v2.0

./glance-api.conf:identity_uri=http://192.168.129.131:35357

改为:

[root@controller1 glance(keystone_admin)]#grep 192 ./ -r

./glance-registry.conf:connection=mysql://glance:1@10.192.44.148/glance

./glance-registry.conf:auth_uri=http://10.192.44.148:5000/v2.0

./glance-registry.conf:identity_uri=http://10.192.44.148:35357

./glance-api.conf:connection=mysql://glance:1@10.192.44.148/glance

./glance-api.conf:auth_uri=http://10.192.44.148:5000/v2.0

./glance-api.conf:identity_uri=http://10.192.44.148:353

同步数据库:

su -s /bin/sh -c"glance-manage db_sync" glance

重启服务:

systemctlenable openstack-glance-api.service openstack-glance-registry.service

systemctl startopenstack-glance-api.service openstack-glance-registry.service

5.4.4 glance上传镜像验证

echo "exportOS_IMAGE_API_VERSION=2" | tee -a ./admin_keystone

[root@controller1 ~(keystone_admin)]# catadmin_keystone

unset OS_SERVICE_TOKEN OS_TOKEN OS_URL

export OS_USERNAME=admin

export OS_PASSWORD=1

exportOS_AUTH_URL=http://10.192.44.148:35357/v2.0

export PS1='[\u@\h \W(keystone_admin)]\$ '

export OS_TENANT_NAME=admin

export OS_REGION_NAME=RegionOne

export OS_IMAGE_API_VERSION=2

[root@controller1 ~(keystone_admin)]# .admin_keystone

网络组件还没安装,暂时上传不了

5.5 安装nova:控制节点

5.5.1 创建数据库

MariaDB [(none)]> CREATE DATABASE nova;

MariaDB [(none)]> GRANT ALL PRIVILEGESON nova.* TO 'nova'@'localhost' IDENTIFIED BY '1';

MariaDB [(none)]> GRANT ALL PRIVILEGESON nova.* TO 'nova'@'%' IDENTIFIED BY '1';

创建用户:密码都是1

# openstack user create --password-promptnova

User Password:

Repeat User Password:

+----------+----------------------------------+

| Field| Value|

+----------+----------------------------------+

| email| None|

| enabled| True|

| id| 0520ac06230f4c238ef96c66dc9d7ba6 |

| name| nova|

| username | nova |

+----------+----------------------------------+

# openstack role add --project service--user nova admin

+-------+----------------------------------+

| Field | Value |

+-------+----------------------------------+

| id| 6c89e70e3b274c44b068dbd6aef08bb2 |

| name| admin|

+-------+----------------------------------+

# openstack service create --name nova --description"OpenStack Compute" compute

+-------------+----------------------------------+

| Field | Value |

+-------------+----------------------------------+

| description | OpenStack Compute |

| enabled| True |

| id | f82db038024746449b5b6be918b826f0 |

| name | nova |

| type | compute |

+-------------+----------------------------------+

创建endpoint:

openstackendpoint create \

--publicurlhttp://10.192.44.148:8774/v2/%\(tenant_id\)s \

--internalurlhttp:// 10.192.44.148:8774/v2/%\(tenant_id\)s \

--adminurlhttp:// 10.192.44.148:8774/v2/%\(tenant_id\)s \

--regionRegionOne \

compute

# openstack endpoint create --publicurlhttp://10.192.44.148:8774/v2/%\(tenant_id\)s --internalurlhttp://10.192.44.148:8774/v2/%\(tenant_id\)s --adminurlhttp://10.192.44.148:8774/v2/%\(tenant_id\)s --region RegionOne compute

+--------------+--------------------------------------------+

| Field | Value |

+--------------+--------------------------------------------+

| adminurl |http://10.192.44.148:8774/v2/%(tenant_id)s |

| id | c34d670ee15b47bda43830a48e9c4ef2 |

| internalurl | http://10.192.44.148:8774/v2/%(tenant_id)s|

| publicurl |http://10.192.44.148:8774/v2/%(tenant_id)s |

| region | RegionOne |

| service_id | f82db038024746449b5b6be918b826f0 |

| service_name | nova |

| service_type | compute |

+--------------+--------------------------------------------+

5.5.2 安装控制节点

yuminstall openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-consoleopenstack-nova-novncproxy openstack-nova-scheduler python-novaclient

5.5.3 配置:参考萤石云配置和官网配置、packstack配置

Packstack安装的nova.conf配置项目太多太复杂,参考萤石云的配置,然后检查逛网设置的几项:

[root@controller1 nova(keystone_admin)]#

[root@controller1 nova(keystone_admin)]#cat nova.conf

[DEFAULT]

rpc_backend = rabbit

auth_strategy = keystone

my_ip = 10.192.44.148

vncserver_listen = 10.192.44.148

vncserver_proxyclient_address = 10.192.148

memcached_servers = controller1:11211

[database]

connection =mysql://nova:1@10.192.44.148/nova

[oslo_messaging_rabbit]

rabbit_hosts=10.192.44.148:5672

rabbit_userid = openstack

rabbit_password = 1

[keystone_authtoken]

auth_uri = http://10.192.44.148:5000

auth_url = http://10.192.44.148:35357

auth_plugin = password

project_domain_id = default

user_domain_id = default

project_name = service

username = nova

password = 1

host = 10.192.44.148

[oslo_concurrency]

lock_path = /var/lock/nova

[root@controller1 nova(keystone_admin)]#

同步数据库:

su -s /bin/sh -c"nova-manage db sync" nova

启动服务:

# systemctlenable openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.serviceopenstack-nova-scheduler.service openstack-nova-conductor.serviceopenstack-nova-novncproxy.service

# systemctl startopenstack-nova-api.service openstack-nova-cert.serviceopenstack-nova-consoleauth.service openstack-nova-scheduler.serviceopenstack-nova-conductor.service openstack-nova-novncproxy.service

Nova-api启动失败,其他服务OK

[root@controller1 nova(keystone_admin)]# systemctl restart openstack-nova-cert.service

[root@controller1nova(keystone_admin)]# systemctl restartopenstack-nova-consoleauth.service

[root@controller1nova(keystone_admin)]# systemctl restartopenstack-nova-scheduler.service

[root@controller1nova(keystone_admin)]# systemctl restartopenstack-nova-conductor.service

[root@controller1nova(keystone_admin)]# systemctl restartopenstack-nova-novncproxy.service

[root@controller1nova(keystone_admin)]#

排查nova-api启动失败原因:

2016-05-25 13:46:00.431 21599 ERRORnova OSError: [Errno 13] Permission denied: '/var/lock/nova'

手动创建试试:

[root@controller1lock(keystone_admin)]# mkdir nova

[root@controller1lock(keystone_admin)]# chmod 777 nova

OK,重启成功

5.5.4 验证nova service-list

[root@controller1 ~(keystone_admin)]# novaservice-list

+----+------------------+-------------+----------+---------+-------+----------------------------+-----------------+

| Id | Binary | Host | Zone | Status| State | Updated_at| Disabled Reason |

+----+------------------+-------------+----------+---------+-------+----------------------------+-----------------+

| 1| nova-cert | controller1 |internal | enabled | up |2016-05-25T05:49:02.000000 | -|

| 2| nova-consoleauth | controller1 | internal | enabled | up | 2016-05-25T05:48:57.000000 | - |

| 3| nova-conductor | controller1 |internal | enabled | up |2016-05-25T05:48:59.000000 | -|

| 4| nova-scheduler | controller1 |internal | enabled | up |2016-05-25T05:49:03.000000 | -|

+----+------------------+-------------+----------+---------+-------+----------------------------+-----------------+

OK,nova控制节点所有服务状态正常

5.6 安装nova:计算节点(compute1)【作废:libvirtd升级会有问题】

5.6.1 安装

#yum installopenstack-nova-compute sysfsutils

5.6.2 配置

[neutron]字段暂时保留,后续整理

---------------------------------------------------------------------------------------------------------------------------------------------------

[DEFAULT]

rpc_backend = rabbit

auth_strategy = keystone

my_ip = 10.192.44.150

vnc_enabled = True

vncserver_listen = 0.0.0.0

vncserver_proxyclient_address = 10.192.150

novncproxy_base_url =http://10.192.44.148:6080/vnc_auto.html

memcached_servers = controller1:11211

[database]

connection =mysql://nova:1@10.192.44.148/nova

[oslo_messaging_rabbit]

rabbit_host=10.192.44.148

rabbit_hosts=10.192.44.148:5672

rabbit_userid = openstack

rabbit_password = 1

[keystone_authtoken]

auth_uri = http://10.192.44.148:5000

auth_url = http://10.192.44.148:35357

auth_plugin = password

project_domain_id = default

user_domain_id = default

project_name = service

username = nova

password = 1

host = 10.192.44.148

[glance]

host=10.192.44.148

[oslo_concurrency]

lock_path = /var/lock/nova

[libvirt]

virt_type=qemu

---------------------------------------------------------------------------------------------------------------------------------------------------

确认:

egrep -c '(vmx|svm)'/proc/cpuinfo

# systemctl enable libvirtd.service openstack-nova-compute.service

# systemctl start libvirtd.serviceopenstack-nova-compute.service

启动出错,排查:

oslo_config.cfg.ConfigFilesPermissionDeniedError:Failed to open some config files: /etc/nova/nova.conf

修改nova.conf的属性:

-rw-r----- 1 root root 805 May 25 15:32 nova.conf

# chown root:nova nova.conf

再次重启:

OK,启动成功

5.6.3 验证:nova service-list

为什么没有出现nova-compute?

Packstack安装完全的nova-compute是可以看到的

这里先记录一下,放到neutron之后再排查

5.7 neutron的安装(控制节点)

5.7.1 创建数据库

MariaDB [(none)]> CREATE DATABASEneutron;

MariaDB [(none)]> GRANT ALL PRIVILEGESON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '1';

MariaDB [(none)]> GRANT ALL PRIVILEGESON neutron.* TO 'neutron'@'%' IDENTIFIED BY '1';

# openstack user create --password-promptneutron

User Password:

Repeat User Password:

+----------+----------------------------------+

| Field| Value|

+----------+----------------------------------+

| email| None|

| enabled| True|

| id|2398cfe405ac4480b27d3dfba36b64b4 |

| name| neutron|

| username | neutron |

+----------+----------------------------------+

# openstack role add --project service--user neutron admin

+-------+----------------------------------+

| Field | Value |

+-------+----------------------------------+

| id| 6c89e70e3b274c44b068dbd6aef08bb2 |

| name| admin|

+-------+----------------------------------+

# openstack service create --name neutron--description "OpenStack Networking" network

+-------------+----------------------------------+

| Field | Value |

+-------------+----------------------------------+

| description | OpenStack Networking |

| enabled | True |

| id | a3f4980ffb63482b905282ca7d3a2b01 |

| name | neutron |

| type | network |

+-------------+----------------------------------+

创建endpoint:

openstackendpoint create \

--publicurlhttp://10.192.44.148:9696 \

--adminurlhttp://10.192.44.148:9696 \

--internalurlhttp://10.192.44.148:9696 \

--regionRegionOne \

network

# openstack endpoint create --publicurlhttp://10.192.44.148:9696 --adminurl http://10.192.44.148:9696 --internalurlhttp://10.192.44.148:9696 --region RegionOne network

+--------------+----------------------------------+

| Field | Value |

+--------------+----------------------------------+

| adminurl | http://10.192.44.148:9696 |

| id | 63fa679e443a4249a96a86ff17387b9f |

| internalurl | http://10.192.44.148:9696 |

| publicurl | http://10.192.44.148:9696 |

| region | RegionOne |

| service_id | a3f4980ffb63482b905282ca7d3a2b01 |

| service_name | neutron |

| service_type | network |

+--------------+----------------------------------+

5.7.2 安装网络组件:(控制节点)

yuminstall openstack-neutron openstack-neutron-ml2 python-neutronclient which

5.7.3 配置neutron

主要参考萤石云的配置。packstack的配置比较多,有些用不到,后面不好整理。

neutron.conf

[root@controller1 neutron(keystone_admin)]#cat neutron.conf

[DEFAULT]

rpc_backend = rabbit

auth_strategy = keystone

core_plugin = ml2

service_plugins = router

allow_overlapping_ips = True

notify_nova_on_port_status_changes = True

notify_nova_on_port_data_changes = True

nova_url = http://10.192.44.148:8774/v2

[database]

connection =mysql://neutron:1@10.192.44.148/neutron

[oslo_messaging_rabbit]

rabbit_hosts = 10.192.44.148:5672

rabbit_userid = openstack

rabbit_password = 1

[keystone_authtoken]

auth_uri = http://10.192.44.148:5000

auth_url = http://10.192.44.148:35357

auth_plugin = password

project_domain_id = default

user_domain_id = default

project_name = service

username = neutron

password = 1

[nova]

auth_url = http://10.192.44.148:35357

auth_plugin = password

project_domain_id = default

user_domain_id = default

region_name = RegionOne

project_name = service

username = nova

password = 1

[root@controller1 neutron(keystone_admin)]#

ml2_conf.ini

/etc/neutron/plugins/ml2/ml2_conf.ini:

[ml2]

type_drivers = flat,vlan,gre,vxlan

tenant_network_types = vxlan

mechanism_drivers = openvswitch

[ml2_type_vxlan]

vni_ranges = 1:1000

[securitygroup]

enable_security_group = True

enable_ipset = True

firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

创建软连接:

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini/etc/neutron/plugin.ini

nova.conf 【compute节点也要改】

[DEFAULT]

...

network_api_class =nova.network.neutronv2.api.API

security_group_api = neutron

linuxnet_interface_driver =nova.network.linux_net.LinuxOVSInterfaceDriver

firewall_driver =nova.virt.firewall.NoopFirewallDriver

[neutron]

url = http://10.192.44.148:9696

auth_strategy = keystone

admin_auth_url =http://10.192.44.148:35357/v2.0

admin_tenant_name = service

admin_username = neutron

admin_password = 1

5.7.4 同步数据库&启动服务

同步数据库:

# su -s /bin/sh -c "neutron-db-manage--config-file /etc/neutron/neutron.conf --config-file/etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

重启nova:

systemctl restartopenstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service

重启nova-compute:

systemctl start libvirtd.serviceopenstack-nova-compute.service

启动neutron-server:

# systemctl enable neutron-server.service

# systemctl start neutron-server.service

5.7.5 验证

[root@controller1 ml2(keystone_admin)]#neutron ext-list

+-----------------------+-----------------------------------------------+

| alias | name |

+-----------------------+-----------------------------------------------+

| flavors | Neutron Service Flavors |

| security-group | security-group |

| dns-integration | DNS Integration |

| l3_agent_scheduler | L3 Agent Scheduler |

| net-mtu | Network MTU |

| ext-gw-mode | Neutron L3 Configurable externalgateway mode |

| binding | Port Binding |

| provider | Provider Network |

| agent | agent |

| quotas | Quota management support |

| subnet_allocation | Subnet Allocation |

| dhcp_agent_scheduler | DHCP Agent Scheduler |

| rbac-policies | RBAC Policies |

| l3-ha | HA Router extension |

| multi-provider | Multi Provider Network |

| external-net | Neutron external network |

| router | Neutron L3 Router |

| allowed-address-pairs | Allowed AddressPairs |

| extraroute | Neutron Extra Route |

| extra_dhcp_opt | Neutron Extra DHCP opts |

| dvr | Distributed VirtualRouter |

+-----------------------+-----------------------------------------------+

5.8 neutron agent的安装(网络节点)

5.8.1 修改sysctl.conf

net.ipv4.ip_forward=1

net.ipv4.conf.all.rp_filter=0

net.ipv4.conf.default.rp_filter=0

[root@controller1 etc(keystone_admin)]#sysctl -p

net.ipv4.icmp_echo_ignore_broadcasts = 1

net.ipv4.conf.all.rp_filter = 1

vm.max_map_count = 300000

kernel.sem = -1 -1 -1 8192

kernel.sem = -1 256000 -1 8192

kernel.sem = 1250 256000 -1 8192

kernel.sem = 1250 256000 100 8192

kernel.shmall = 1152921504606846720

kernel.shmmax = 21474836480

kernel.panic_on_io_nmi = 1

kernel.panic_on_unrecovered_nmi = 1

kernel.unknown_nmi_panic = 1

kernel.panic_on_stackoverflow = 1

net.ipv4.tcp_keepalive_intvl = 1

net.ipv4.tcp_keepalive_time = 5

net.ipv4.tcp_keepalive_probes = 5

net.ipv4.ip_forward = 1

net.ipv4.conf.all.rp_filter = 0

net.ipv4.conf.default.rp_filter = 0

5.8.2 安装配置neutron组件

yum install openstack-neutronopenstack-neutron-ml2 openstack-neutron-openvswitch

1. 配置neutron.conf:

(1)配置rabbitmq

[DEFAULT]

...

rpc_backend = rabbit

[oslo_messaging_rabbit]

...

rabbit_host = 10.192.44.148

rabbit_userid = openstack

rabbit_password = 1

(2)配置keystone

[DEFAULT]

...

auth_strategy = keystone

[keystone_authtoken]

...

auth_uri = http://10.192.44.148:5000

auth_url = http://10.192.44.148:35357

auth_plugin = password

project_domain_id = default

user_domain_id = default

project_name = service

username = neutron

password = 1

(3)配置ml2

[DEFAULT]

...

core_plugin = ml2

service_plugins = router

allow_overlapping_ips = True

2修改ml2_conf.ini

[root@controller1 neutron(keystone_admin)]#cat plugin.ini

[ml2]

type_drivers = flat,vlan,gre,vxlan

tenant_network_types = vxlan

mechanism_drivers = openvswitch

[ml2_type_vxlan]

vni_ranges = 1:1000

[securitygroup]

enable_security_group = True

enable_ipset = True

firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

[ml2_type_flat]

flat_networks = external

[ml2_type_gre]

tunnel_id_ranges = 1:1000

[ovs]

# this is a tunnel ip, pay attention

local_ip = 10.192.44.152 #(eth3)

bridge_mappings = external:br-ex

[agent]

tunnel_types = vxlan

[root@controller1 neutron(keystone_admin)]#

3 l3_agent.ini配置:参考packstack

[DEFAULT]

debug = False

interface_driver=neutron.agent.linux.interface.OVSInterfaceDriver

handle_internal_only_routers = True

external_network_bridge = br-ex

metadata_port = 9697

send_arp_for_ha = 3

periodic_interval = 40

periodic_fuzzy_delay = 5

enable_metadata_proxy = True

router_delete_namespaces = True

agent_mode = legacy

[AGENT]

4 dhcp_agent.ini:参考Packstack

[root@node1 neutron(keystone_admin)]# catdhcp_agent.ini |grep -v '^#' |grep -v'^$'

[DEFAULT]

debug = False

resync_interval = 30

interface_driver=neutron.agent.linux.interface.OVSInterfaceDriver

dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq

enable_isolated_metadata = False

enable_metadata_network = False

dnsmasq_config_file =/etc/neutron/dnsmasq-neutron.conf

root_helper=sudo neutron-rootwrap/etc/neutron/rootwrap.conf

state_path=/var/lib/neutron

5 metadata_agent.ini

[DEFAULT]

auth_uri = http://10.192.44.148:5000

auth_url = http://10.192.44.148:35357

auth_region = RegionOne

auth_plugin = password

project_domain_id = default

user_domain_id = default

project_name = service

username = neutron

password = 1

nova_metadata_ip = 10.192.44.148

metadata_proxy_shared_secret = 1

verbose = True

6 nova.conf

[neutron]

...

service_metadata_proxy = True

metadata_proxy_shared_secret = 1

重启nova-api:

systemctl restartopenstack-nova-api.service

5.8.3 配置Open vSwitch服务

# systemctlenable openvswitch.service

# systemctl startopenvswitch.service

创建br-ex:

# ovs-vsctl add-br br-ex

绑定一个网口到br-ex:

ovs-vsctl add-port br-ex eth0

这里网络不通了

从其他网口登录,解绑定:

[root@controller1 ~]#ovs-vsctl del-port br-ex eth0

[root@controller1 ~]# ovs-vsctllist-ports

ovs-vsctl: 'list-ports'command requires at least 1 arguments

[root@controller1 ~]#ovs-vsctl list-ports br-ex

这里需要另外一个网口来作为br-ex,外网网桥

这里使用eth3

HostnameIP(eth0)IP1(open vswitch)

(br-ex)openstack roleCeph mon roleCeph osd配置Vip

node110.192.44.148Eth3:10.192.44.152Controller1+network1Mon0Osd0~osd34Core 16G10.192.44.155

node210.192.44.149

Controller2+network2Mon1Osd4~osd74Core 16G10.192.44.155

node310.192.44.150

Compute1Mon2Osd8~osd114Core 16G

node410.192.44.151

Compute2Mon3Osd12~osd158Core 16G

创建br-ex:

# ovs-vsctl add-br br-ex

# ovs-vsctl add-port br-ex eth3

ethtool -K eth3 grooff

5.8.4 创建软连接,启动服务

ln -s/etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

# cp /usr/lib/systemd/system/neutron-openvswitch-agent.service/usr/lib/systemd/system/neutron-openvswitch-agent.service.orig

sed -i's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g'/usr/lib/systemd/system/neutron-openvswitch-agent.service

启动服务:

# systemctlenable neutron-openvswitch-agent.service neutron-l3-agent.serviceneutron-dhcp-agent.service neutron-metadata-agent.serviceneutron-ovs-cleanup.service

# systemctl startneutron-openvswitch-agent.service neutron-l3-agent.service neutron-dhcp-agent.serviceneutron-metadata-agent.service

5.8.5 验证neutron服务

[root@controller1 ~(keystone_admin)]#neutron agent-list

+--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+

| id|agent_type | host | alive | admin_state_up | binary |

+--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+

| 1746662a-081c-4800-b371-479e670fbb20 |Metadata agent | controller1 |:-) | True | neutron-metadata-agent |

| 2ead14e3-6d3d-4e1c-9e07-7665a2632565 | L3agent | controller1 | :-) | True | neutron-l3-agent |

| ad55ffa2-dd19-4cee-b5fc-db4bc60b796b |DHCP agent | controller1 |:-) | True | neutron-dhcp-agent |

| d264e9b0-c0c1-4e13-9502-43c248127dff |Open vSwitch agent | controller1 | :-)| True |neutron-openvswitch-agent |

+--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+

OK,所有服务都已经启动

5.9 neutron ovs的安装(计算节点)【作废:ovs配置错误】

5.9.1 sysctl.conf修改

net.ipv4.conf.all.rp_filter=0

net.ipv4.conf.default.rp_filter=0

net.bridge.bridge-nf-call-iptables=1

net.bridge.bridge-nf-call-ip6tables=1

[root@compute1 etc]# sysctl -p

net.ipv4.conf.all.rp_filter = 0

net.ipv4.conf.default.rp_filter = 0

net.bridge.bridge-nf-call-iptables = 1

net.bridge.bridge-nf-call-ip6tables = 1

5.9.2 安装及配置neutron组件(计算节点)

1. 安装

yum installopenstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch

2 配置neutron.conf

[DEFAULT]

rpc_backend = rabbit

auth_strategy = keystone

core_plugin = ml2

service_plugins = router

allow_overlapping_ips = True

[oslo_messaging_rabbit]

rabbit_hosts = 10.192.44.148:5672

rabbit_userid = openstack

rabbit_password = 1

[keystone_authtoken]

auth_uri = http://10.192.44.148:5000

auth_url = http://10.192.44.148:35357

auth_plugin = password

project_domain_id = default

user_domain_id = default

project_name = service

username = neutron

password = 1

3 配置ml2_conf.ini

[ml2]

type_drivers = flat,vlan,gre,vxlan

tenant_network_types = vxlan

mechanism_drivers = openvswitch

[ml2_type_vxlan]

vni_ranges = 1:1000

[securitygroup]

enable_security_group = True

enable_ipset = True

firewall_driver =neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

[ovs]

local_ip = 10.192.44.150

[agent]

tunnel_types = vxlan #注意这里要和网络节点类型一致

重启open vSwitch:

# systemctl enableopenvswitch.service

# systemctl startopenvswitch.service

重启网络、控制节点neutron服务:

# systemctl restartneutron-openvswitch-agent.service neutron-l3-agent.serviceneutron-dhcp-agent.service neutron-metadata-agent.service

4 修改nova.conf

[DEFAULT]

...

network_api_class =nova.network.neutronv2.api.API

security_group_api = neutron

linuxnet_interface_driver =nova.network.linux_net.

LinuxOVSInterfaceDriver

firewall_driver =nova.virt.firewall.NoopFirewallDriver

[neutron]

url = http://10.192.44.148:9696

auth_strategy = keystone

admin_auth_url =http://10.192.44.148:35357/v2.0

admin_tenant_name = service

admin_username = neutron

admin_password = 1

5 完成安装,重启服务

ln -s/etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

cp /usr/lib/systemd/system/neutron-openvswitch-agent.service/usr/lib/systemd/system/neutron-openvswitch-agent.service.orig

sed -i's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g'/usr/lib/systemd/system/neutron-openvswitch-agent.service

重启nova-compute:

systemctl restartopenstack-nova-compute.service

启动openvswitch

# systemctlenable neutron-openvswitch-agent.service

# systemctl startneutron-openvswitch-agent.service

[root@controller1 ~(keystone_admin)]#neutron agent-list

+--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+

| id |agent_type | host | alive | admin_state_up | binary |

+--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+

| 1746662a-081c-4800-b371-479e670fbb20 |Metadata agent | controller1 |:-) | True | neutron-metadata-agent |

| 2ead14e3-6d3d-4e1c-9e07-7665a2632565 | L3agent | controller1 | :-) | True | neutron-l3-agent |

| 96820906-bc31-4fcf-a473-10a6d6865b2a |Open vSwitch agent | compute1 |:-) | True | neutron-openvswitch-agent |

| ad55ffa2-dd19-4cee-b5fc-db4bc60b796b |DHCP agent | controller1 |:-) | True | neutron-dhcp-agent |

| d264e9b0-c0c1-4e13-9502-43c248127dff |Open vSwitch agent | controller1 | :-)| True |neutron-openvswitch-agent |

+--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+

OK!

相关TAG标签 环境
上一篇:Spark定制版:011~SparkStreaming源码解读之Driver中的ReceiverTracker架构设计以及具体实现彻底研究
下一篇:openstack高可用环境搭建(二):高可环境的搭建
相关文章
图文推荐
热门新闻

关于我们 | 联系我们 | 广告服务 | 投资合作 | 版权申明 | 在线帮助 | 网站地图 | 作品发布 | Vip技术培训 | 举报中心

版权所有: 红黑联盟--致力于做实用的IT技术学习网站