OpenStack Rocky(R版) 部署手册 - 控制节点
部署环境
| 主机名 | IP | 系统 | 部署模块 |
|---|---|---|---|
| controller | 192.168.31.11 | CentOS 7 x86_64 | MySQL-server RabbitMQ-server memcached etcd keystone glance nova-api placement neutron horizon |
| node2 | 192.168.31.12 | CentOS 7 x86_64 | nova-compute neutron-linuxbridge |
| node3 | 192.168.31.13 | CentOS 7 x86_64 | nova-compute neutron-linuxbridge |
环境准备
关闭防火墙
[root@controller ~]# systemctl disable firewalld
[root@controller ~]# systemctl stop firewalld关闭 SELinux
[root@controller ~]# sed -i 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
[root@controller ~]# setenforce 0时间同步
[root@controller ~]# yum install -y chrony
[root@controller ~]# systemctl enable chronyd
[root@controller ~]# systemctl start chronydHost 解析
192.168.31.11 controller
192.168.31.12 node2
192.168.31.13 node3更新系统
[root@controller ~]# yum upgrade -y安装 OpenStack 基础软件包
安装 openstack yum 源
[root@controller ~]# yum install -y centos-release-openstack-rocky安装 openstack 客户端
[root@controller ~]# yum install -y python-openstackclient安装 openstack-selinux 包实现对 OpenStack 服务的安全策略进行自动管理
[root@controller ~]# yum install -y openstack-selinux安装数据库服务
安装 MySQL Server
[root@controller ~]# yum install -y mariadb mariadb-server python2-PyMySQLMySQL配置文件
[root@controller ~]# cat > /etc/my.cnf.d/openstack.cnf << EOF
[mysqld]
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
EOF启动MySQL
[root@controller ~]# systemctl enable mariadb
[root@controller ~]# systemctl start mariadbMySQL安全初始化
[root@controller ~]# mysql_secure_installationmysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.Enter current password for root (enter for none):
OK, successfully used password, moving on...Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.Set root password? [Y/n] Y <== 输入Y
New password: <== 设置MySQL root密码
Re-enter new password: <== 重复密码
Password updated successfully!
Reloading privilege tables..
... Success!By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.Remove anonymous users? [Y/n] Y <== 输入Y
... Success!Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.Disallow root login remotely? [Y/n] Y <== 输入Y
... Success!By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.Remove test database and access to it? [Y/n] Y <== 输入Y
- Dropping test database...
... Success!- Removing privileges on test database...
... Success!Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.Reload privilege tables now? [Y/n] Y <== 输入Y
... Success!Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.Thanks for using MariaDB!
安装配置消息队列服务
安装RabbitMQ
[root@controller ~]# yum install -y rabbitmq-server启动RabbitMQ
[root@controller ~]# systemctl enable rabbitmq-server
[root@controller ~]# systemctl enable rabbitmq-server配置RabbitMQ访问权限
[root@controller ~]# rabbitmqctl add_user openstack RABBIT_PASS
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"安装配置缓存服务
安装memcached
[root@controller ~]# yum install -y memcached python-memcached编辑memcached配置文件/etc/sysconfig/memcached,修改以下参数
OPTIONS="-l 127.0.0.1,::1,controller"启动 memcached
[root@controller ~]# systemctl enable memcached
[root@controller ~]# systemctl start memcached安装配置 etcd
[root@controller ~]# yum install -y etcd修改 etcd 配置文件 /etc/etcd/etcd.conf
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://192.168.31.11:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.31.11:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.31.11:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.31.11:2379"
ETCD_INITIAL_CLUSTER="controller=http://192.168.31.11:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"启动 etcd
[root@controller ~]# systemctl enable etcd
[root@controller ~]# systemctl start etcd安装配置 Keystone
MySQL建库和授权访问
[root@controller ~]# mysql -u root -pMariaDB [(none)]> CREATE DATABASE keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
MariaDB [(none)]> exit验证 MySQL
[root@controller ~]# mysql -ukeystone -pKEYSTONE_DBPASS -hcontroller -e "show databases;"
# 结果能看到 keystone 库即表示OK
+--------------------+
| Database |
+--------------------+
| information_schema |
| keystone |
+--------------------+安装 keystone 及其相关软件包
[root@controller ~]# yum install -y openstack-keystone httpd mod_wsgi编辑 keystone 配置文件 /etc/keystone/keystone.conf
[database]
# ...
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
[token]
# ...
provider = fernet初始化 keystone 数据库
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone验证
[root@controller ~]# mysql -ukeystone -pKEYSTONE_DBPASS -hcontroller -e "use keystone; show tables;"
# 输出以下结果即表示初始化成功
+-----------------------------+
| Tables_in_keystone |
+-----------------------------+
| access_token |
| application_credential |
| application_credential_role |
……
……
| user_option |
| whitelisted_config |
+-----------------------------+初始化密钥信息
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone \
--keystone-group keystone
[root@controller ~]# keystone-manage credential_setup --keystone-user keystone \
--keystone-group keystone初始化 keystone
[root@controller ~]# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne配置 Apache HTTP Server
编辑 /etc/httpd/conf/httpd.conf
ServerName controllerkeystone 的配置文件软链接至 /etc/httpd/conf.d/
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/启动 httpd 服务
[root@controller ~]# systemctl enable httpd
[root@controller ~]# systemctl start httpd配置环境变量
[root@controller ~]# export OS_USERNAME=admin
[root@controller ~]# export OS_PASSWORD=ADMIN_PASS
[root@controller ~]# export OS_PROJECT_NAME=admin
[root@controller ~]# export OS_USER_DOMAIN_NAME=Default
[root@controller ~]# export OS_PROJECT_DOMAIN_NAME=Default
[root@controller ~]# export OS_AUTH_URL=http://controller:5000/v3
[root@controller ~]# export OS_IDENTITY_API_VERSION=3创建域、项目、用户和角色
创建 default 域
[root@controller ~]# openstack domain create --description "An Example Domain" example +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | An Example Domain | | enabled | True | | id | 8b4e4a51be8a4547b7fd8b37e6681df2 | | name | example | | tags | [] | +-------------+----------------------------------+创建 service 项目
[root@controller ~]# openstack project create --domain default \ --description "Service Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | default | | enabled | True | | id | a0e0875bf35b4165830461c932ba22a8 | | is_domain | False | | name | service | | parent_id | default | | tags | [] | +-------------+----------------------------------+创建 myproject 项目
[root@controller ~]# openstack project create --domain default \ --description "Demo Project" myproject +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Demo Project | | domain_id | default | | enabled | True | | id | 935738b309f9478a80c644924b7785b9 | | is_domain | False | | name | myproject | | parent_id | default | | tags | [] | +-------------+----------------------------------+创建 myuser 用户
[root@controller ~]# openstack user create --domain default \ --password-prompt myuser User Password: <== 输入用户据密码,我这里输入的是MYUSER_PASS Repeat User Password: <== 重复密码 +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | default | | enabled | True | | id | 3b5af6b5404146a29eb678da9daf7a44 | | name | myuser | | options | {} | | password_expires_at | None | +---------------------+----------------------------------+创建 myrole 角色
[root@controller ~]# openstack role create myrole +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | 09e8b89c49d743a7ab8c50ba21213374 | | name | myrole | +-----------+----------------------------------+添加 myuser 至 myproject 项目和 myrole 角色
[root@controller ~]# openstack role add --project myproject --user myuser myrole
验证
删除环境变量
[root@controller ~]# unset OS_USERNAME OS_PASSWORD OS_PROJECT_NAME OS_USER_DOMAIN_NAME OS_PROJECT_DOMAIN_NAME OS_AUTH_URL OS_IDENTITY_API_VERSION验证 admin 用户登陆
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \ --os-project-domain-name Default --os-user-domain-name Default \ --os-project-name admin --os-username admin \ --os-identity-api-version 3 token issue Password: <== 输入admin密码,我这里是ADMIN_PASS +------------+-----------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------+ | expires | 2019-03-03T01:37:40+0000 | | id | VT2Kc1nYpU7F6F38rpqXrSH0xLmYzXwAWpSVTutiNuHGIgyYKv6IY4PUBd8zMPa | | | qH3NUGziCslxejMTdfhPQkzLjWuDsSpSPwpixyULcP8R-GNMPGGJGkWCP1loBOm | | | ZvGQv4_CPzsjyev5ms | | project_id | 3a0c69d746954f9fa7997a81a86b4a15 | | user_id | 62f0110e73924344855caf604e8bffd9 | +------------+-----------------------------------------------------------------+验证 myuser 用户登陆
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \ --os-project-domain-name Default --os-user-domain-name Default \ --os-project-name myproject --os-username myuser \ --os-identity-api-version 3 token issue Password: <== 输入myuser密码,我这里是MYUSER_PASS +------------+-----------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------+ | expires | 2019-03-03T01:38:03+0000 | | id | gAAAAABceyHrFRdjErDQ50EySfeHqTCLHonzoo-hCnKlq2QJXrYLgPJkPbDE29d | | | Q82myu0J7ngYsLUF0623wIu3MRnpzFEIEg0VdKXXEGz-ancir1Jp2_o8mzYcid- | | | 5Uo2hvGMP3wZrWLhvgZM1yKbc3cTi_xrnMwJhHs4MPNSz8Nt197oJ7XUE | | project_id | 935738b309f9478a80c644924b7785b9 | | user_id | 3b5af6b5404146a29eb678da9daf7a44 | +------------+-----------------------------------------------------------------+
创建 OpenStack 客户端环境变量
[root@controller ~]# cat > openstack-admin.rc << EOF
export PS1='[\u@\h \W (openstack-admin)]\\$ '
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF
[root@controller ~]# cat > openstack-myuser.rc << EOF
export PS1='[\u@\h \W (openstack-myuser)]\\$ '
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=MYUSER_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF验证
验证 admin 用户
[root@controller ~]# . openstack-admin.rc [root@controller ~ (openstack-admin)]# openstack token issue +------------+-----------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------+ | expires | 2019-03-03T01:37:40+0000 | | id | gAAAAABceyLwXgRSVgEwwcTzRoLdC1Ph3hv0Wi55JbCF9RiKccu0e936IJiIybO | | | ZXkJa-Qcv2b1RipiRe9Nt1N5MGXXBzvdQh84m7ssMh-Mte6wR_p2L_qgODm7ZUD | | | 92R1Efj-6yoBlS5WsiJBoxcrjoPR3eeQK3IZHg2W24wh6m5CoKIHbABQs | | project_id | 3a0c69d746954f9fa7997a81a86b4a15 | | user_id | 62f0110e73924344855caf604e8bffd9 | +------------+-----------------------------------------------------------------+验证 myuser 用户
[root@controller ~]# . openstack-myuser.rc [root@controller ~ (openstack-myuser)]# openstack token issue +------------+-----------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------+ | expires | 2019-03-03T01:38:03+0000 | | id | gAAAAABceyL4nMC92KnYH8rcPmjTie4Avgh-nYbE5QMh8W3Xk9lCAZpRCnFDNAH | | | UwCF4eo9TqSCqxn70qK-Nv6HR8-KwNiDJAvHQ63s4vC6-kSjU9BuN7hOY1UMKuF | | | 3OW7We4sVJO_TV6YihcmOVyfnU0xqogq8fejBrqyq9MUQ9X2k7XIDI3L8 | | project_id | 935738b309f9478a80c644924b7785b9 | | user_id | 3b5af6b5404146a29eb678da9daf7a44 | +------------+-----------------------------------------------------------------+
安装配置 Glance
MySQL建库和授权访问
[root@controller ~]# mysql -u root -pMariaDB [(none)]> CREATE DATABASE glance;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'GLANCE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY 'GLANCE_DBPASS';
MariaDB [(none)]> exit验证 MySQL
[root@controller ~]# mysql -uglance -pGLANCE_DBPASS -hcontroller -e "show databases;"
# 结果能看到 glance 库即表示OK
+--------------------+
| Database |
+--------------------+
| information_schema |
| glance |
+--------------------+创建 glance 用户
[root@controller ~ (openstack-admin)]# openstack user create --domain default \
--password-prompt glance
User Password: <== 输入密码,我这里输入GLANCE_PASS
Repeat User Password: <== 重复密码
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 3bf8b12db5fd477b8969601a7899e680 |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+添加 glance 用户到 service 项目和 admin 角色
[root@controller ~ (openstack-admin)]# openstack role add --project service \
--user glance admin创建 glance 服务
[root@controller ~ (openstack-admin)]# openstack service create --name glance \
--description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 5bc062b5e61d4a10b538407d369010a3 |
| name | glance |
| type | image |
+-------------+----------------------------------+创建镜像服务 API 后端
[root@controller ~ (openstack-admin)]# openstack endpoint create --region RegionOne \
image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3628922e6a3848489b153f310ee465f0 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 5bc062b5e61d4a10b538407d369010a3 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[rcontrollerster ~ (openstack-admin)]# openstack endpoint create --region RegionOne \
image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 02db6b35469a4db18132c00deaf1a11d |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 5bc062b5e61d4a10b538407d369010a3 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
controllert@controller ~ (openstack-admin)]# openstack endpoint create \
--region RegionOne image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 75cbc02829fc40858c48fbc48f1be303 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 5bc062b5e61d4a10b538407d369010a3 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+安装 glance 相关软件包
[root@controller ~]# yum install -y openstack-glance编辑 glance api 配置文件 /etc/glance/glance-api.conf
[database]
# ...
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
# ...
flavor = keystone
[glance_store]
# ...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/编辑 glance registry 配置文件 /etc/glance/glance-registry.conf
[database]
# ...
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
# ...
flavor = keystone初始化 glance 数据库
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance启动 glance 服务
[root@controller ~]# systemctl enable openstack-glance-api openstack-glance-registry
[rcontrollerster ~]# systemctl start openstack-glance-api openstack-glance-registry安装配置计算节点控制器
MySQL建库和授权访问
[root@controller ~]# mysql -u root -pMariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
MariaDB [(none)]> CREATE DATABASE placement;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \
IDENTIFIED BY 'PLACEMENT_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \
IDENTIFIED BY 'PLACEMENT_DBPASS';
MariaDB [(none)]> exit验证 MySQL
[root@controller ~]# mysql -unova -pNOVA_DBPASS -hcontroller -e "show databases;"
# 结果能看到 nova 库即表示OK
+--------------------+
| Database |
+--------------------+
| information_schema |
| nova |
| nova_api |
| nova_cell0 |
+--------------------+创建 nova 用户
[root@controller ~ (openstack-admin)]# openstack user create --domain default \
--password-prompt nova
User Password: <== 设置nova用户的密码,我这里设置为NOVA_PASS
Repeat User Password: <== 重复密码
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 77a12bc2febf461aa403c4fea5ac2381 |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+添加 nova 用户到 service 项目和 admin 角色
[root@controller ~ (openstack-admin)]# openstack role add --project service \
--user nova admin创建 nova 服务
[root@controller ~ (openstack-admin)]# openstack service create --name nova \
--description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 6124e4f36ca84aa8873477a88c6990ce |
| name | nova |
| type | compute |
+-------------+----------------------------------+创建 nova 服务后端
[root@controller ~ (openstack-admin)]# openstack endpoint create --region RegionOne \
compute public http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f96f15e2fb3140b68312479509c480a9 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6124e4f36ca84aa8873477a88c6990ce |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~ (openstack-admin)]# openstack endpoint create --region RegionOne \
compute internal http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0f6cc0d392d9466b9e442100d20eb93a |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6124e4f36ca84aa8873477a88c6990ce |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~ (openstack-admin)]# openstack endpoint create --region RegionOne \
compute admin http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | a1e6532aa6304055bc02bbd303bfdf60 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6124e4f36ca84aa8873477a88c6990ce |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+创建 placement 用户
[root@controller ~ (openstack-admin)]# openstack user create --domain default \
--password-prompt placement
User Password: <== 设置 placement 用户密码,我这里设置为PLACEMENT_PASS
Repeat User Password: <== 重复密码
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | e0114fd10807498399ba0f5190365314 |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+添加 placement 用户到 service 项目和 admin 角色
[root@controller ~ (openstack-admin)]# openstack role add --project service \
--user placement admin创建 placement API 服务
[root@controller ~ (openstack-admin)]# openstack service create --name placement \
--description "Placement API" placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | 267bb7d52dce454b8b62d167de528afc |
| name | placement |
| type | placement |
+-------------+----------------------------------+创建 placement API 后端服务
[root@controller ~ (openstack-admin)]# openstack endpoint create --region RegionOne \
placement public http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 7585653fe4ae44258190ece7effa0a14 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 267bb7d52dce454b8b62d167de528afc |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
[root@controller ~ (openstack-admin)]# openstack endpoint create --region RegionOne \
placement internal http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 7c40b1c14af64cb09ac40ced2fd60e87 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 267bb7d52dce454b8b62d167de528afc |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
[root@controller ~ (openstack-admin)]# openstack endpoint create --region RegionOne \
placement admin http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3edc0888182e4d47aa7e38f81cbf84a7 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 267bb7d52dce454b8b62d167de528afc |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+安装 nova 控制节点相关软件包
[root@controller ~]# yum install -y openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler openstack-nova-placement-api编辑 nova 配置文件 /etc/nova/nova.conf
[DEFAULT]
# ...
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:RABBIT_PASS@controller
my_ip = 192.168.31.11
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]
# ...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
[database]
# ...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova
[placement_database]
# ...
connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement
[api]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS
[vnc]
enabled = true
# ...
server_listen = $my_ip
server_proxyclient_address = $my_ip
[glance]
# ...
api_servers = http://controller:9292
[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp
[placement]
# ...
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = PLACEMENT_PASS配置 httpd
编辑 /etc/httpd/conf.d/00-nova-placement-api.conf
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>重启 httpd
[root@controller ~]# systemctl restart httpd初始化数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 \
--verbose" nova
af54a768-7733-4104-9b88-98ff8428ddd5
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova验证
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
+-------+--------------------------------------+
| Name | UUID |
+-------+--------------------------------------+
| cell0 | 00000000-0000-0000-0000-000000000000 |
| cell1 | af54a768-7733-4104-9b88-98ff8428ddd5 |
+-------+--------------------------------------+启动服务
[root@controller ~]# systemctl enable openstack-nova-api \
openstack-nova-consoleauth openstack-nova-scheduler \
openstack-nova-conductor openstack-nova-novncproxy
[root@controller ~]# systemctl start openstack-nova-api \
openstack-nova-consoleauth openstack-nova-scheduler \
openstack-nova-conductor openstack-nova-novncproxy安装配置 Neutron
MySQL建库和授权访问
[root@controller ~]# mysql -u root -pMariaDB [(none)]> CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'NEUTRON_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'NEUTRON_DBPASS';
MariaDB [(none)]> exit验证 MySQL
[root@controller ~]# mysql -uneutron -pNEUTRON_DBPASS -hcontroller -e "show databases;"
# 结果能看到 neutron 库即表示OK
+--------------------+
| Database |
+--------------------+
| information_schema |
| neutron |
+--------------------+创建 neutron 用户
[root@controller ~ (openstack-admin)]# openstack user create --domain default \
--password-prompt neutron
User Password: <== 设置 neutron 密码,我这里设为 NEUTRON_PASS
Repeat User Password: <== 重复密码
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 2ee326948c354c0f9dfb86a0c912eae4 |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+添加 neutron 用户到 service 项目和 admin 角色
[root@controller ~ (openstack-admin)]# openstack role add --project service \
--user neutron admin创建 neutron 服务
[root@controller ~ (openstack-admin)]# openstack service create --name neutron \
--description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 09d1a9a8b4584e72b803b5e65d0a398e |
| name | neutron |
| type | network |
+-------------+----------------------------------+添加 neutron 服务后端
[root@controller ~ (openstack-admin)]# openstack endpoint create --region RegionOne \
network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 2fe7b6dc5fd74eeba7c3bc9ed5ebb3aa |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 09d1a9a8b4584e72b803b5e65d0a398e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller ~ (openstack-admin)]# openstack endpoint create --region RegionOne \
network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 1871c27a05514626baddc2f5493d8781 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 09d1a9a8b4584e72b803b5e65d0a398e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller ~ (openstack-admin)]# openstack endpoint create --region RegionOne \
network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 36c1fd97431a4ae78d57e480c10b3dbd |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 09d1a9a8b4584e72b803b5e65d0a398e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+安装 neutron 相关软件包
[root@controller ~]# yum install -y openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables因为 openstack-neutron-linuxbridge 包提供了一个配置文件 /usr/lib/sysctl.d/99-neutron-linuxbridge-agent.conf 修改了内核参数 net.bridge.bridge-nf-call-iptables 和 net.bridge.bridge-nf-call-ip6tables,因此需要执行 sysctl 命令使配置生效
[root@controller ~]# sysctl --system网络选项一:提供者网络
安装相关软件包
[root@controller ~]# yum install -y openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables配置 neutron
编辑 neutron 配置文件 /etc/neutron/neutron.conf
[database]
# ...
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
[DEFAULT]
# ...
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
[nova]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp配置网络插件
编辑网络插件配置文件 /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
# ...
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers =
extension_drivers = port_security
[ml2_type_flat]
# ...
flat_networks = provider
[securitygroup]
# ...
enable_ipset = true配置文件软链接至 /etc/neutron/
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini配置 linux bridge agent
编辑 linux bridge 配置文件 /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth0
[vxlan]
enable_vxlan = false
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver配置 DHCP 服务
编辑 /etc/neutron/dhcp_agent.ini
[DEFAULT]
# ...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true配置 metadata
编辑 /etc/neutron/metadata_agent.ini
[DEFAULT]
# ...
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET配置 nova
编辑 /etc/nova/nova.conf
[neutron]
# ...
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET初始化数据库
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage \
--config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron重启 nova api 服务
systemctl restart openstack-nova-api启动 neutron 服务
[root@controller ~]# systemctl enable neutron-server \
neutron-linuxbridge-agent neutron-dhcp-agent \
neutron-metadata-agent
[root@controller ~]# systemctl start neutron-server \
neutron-linuxbridge-agent neutron-dhcp-agent \
neutron-metadata-agent创建网络
[root@controller ~ (openstack-admin)]# openstack network create --share --external \
--provider-physical-network provider \
--provider-network-type flat provider
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2019-03-04T02:31:22Z |
| description | |
| dns_domain | None |
| id | 3b584700-d1f6-4126-b623-f88f6a7a78a4 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | None |
| is_vlan_transparent | None |
| mtu | 1500 |
| name | provider |
| port_security_enabled | True |
| project_id | 3a0c69d746954f9fa7997a81a86b4a15 |
| provider:network_type | flat |
| provider:physical_network | provider |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 0 |
| router:external | External |
| segments | None |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2019-03-04T02:31:22Z |
+---------------------------+--------------------------------------+创建子网
[root@controller ~ (openstack-admin)]# openstack subnet create --network provider \
--allocation-pool start=192.168.31.50,end=192.168.31.99 \
--dns-nameserver 192.168.31.1 --gateway 192.168.31.1 \
--subnet-range 192.168.31.0/24 provider
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 192.168.31.50-192.168.31.99 |
| cidr | 192.168.31.0/24 |
| created_at | 2019-03-04T02:33:43Z |
| description | |
| dns_nameservers | 192.168.31.1 |
| enable_dhcp | True |
| gateway_ip | 192.168.31.1 |
| host_routes | |
| id | 0e8d193b-2718-4556-9b0b-db9ff4e402ae |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | provider |
| network_id | 3b584700-d1f6-4126-b623-f88f6a7a78a4 |
| project_id | 3a0c69d746954f9fa7997a81a86b4a15 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2019-03-04T02:33:43Z |
+-------------------+--------------------------------------+网络选项二:自服务网络
安装相关软件包
[root@controller ~]# yum install -y openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables配置 neutron
编辑 neutron 配置文件 /etc/neutron/neutron.conf
[database]
# ...
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
[DEFAULT]
# ...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
[nova]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp配置网络插件
编辑网络插件配置文件 /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
# ...
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
# ...
flat_networks = provider
[ml2_type_vxlan]
# ...
vni_ranges = 1:1000
[securitygroup]
# ...
enable_ipset = true将配置文件软链接至 /etc/neutron/
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini配置 linuxbridge agent
编辑 linux bridge 配置文件 /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth0
[vxlan]
enable_vxlan = true
local_ip = 192.168.31.11
l2_population = true
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver配置 Layer-3 (L3)
编辑 /etc/neutron/l3_agent.ini
[DEFAULT]
# ...
interface_driver = linuxbridge配置 DHCP 服务
编辑 /etc/neutron/dhcp_agent.ini
[DEFAULT]
# ...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true配置 metadata
编辑 /etc/neutron/metadata_agent.ini
[DEFAULT]
# ...
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET配置 nova
编辑 /etc/nova/nova.conf
[neutron]
# ...
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET初始化数据库
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage \
--config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron重启 nova api 服务
systemctl restart openstack-nova-api启动 neutron 服务
[root@controller ~]# systemctl enable neutron-server \
neutron-linuxbridge-agent neutron-dhcp-agent \
neutron-metadata-agent
[root@controller ~]# systemctl start neutron-server \
neutron-linuxbridge-agent neutron-dhcp-agent \
neutron-metadata-agent
[root@controller ~]# systemctl enable neutron-l3-agent.service
[root@controller ~]# systemctl start neutron-l3-agent.service自服务网络依赖于提供者网络,也就是我们要先创建提供者网络再创建自服务网络
创建提供者网络
[root@controller ~ (openstack-admin)]# openstack network create --share --external \
--provider-physical-network provider \
--provider-network-type flat provider
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2019-03-04T02:31:22Z |
| description | |
| dns_domain | None |
| id | 3b584700-d1f6-4126-b623-f88f6a7a78a4 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | None |
| is_vlan_transparent | None |
| mtu | 1500 |
| name | provider |
| port_security_enabled | True |
| project_id | 3a0c69d746954f9fa7997a81a86b4a15 |
| provider:network_type | flat |
| provider:physical_network | provider |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 0 |
| router:external | External |
| segments | None |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2019-03-04T02:31:22Z |
+---------------------------+--------------------------------------+创建提供者网络子网
[root@controller ~ (openstack-admin)]# openstack subnet create --network provider \
--allocation-pool start=192.168.31.50,end=192.168.31.99 \
--dns-nameserver 192.168.31.1 --gateway 192.168.31.1 \
--subnet-range 192.168.31.0/24 provider
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 192.168.31.50-192.168.31.99 |
| cidr | 192.168.31.0/24 |
| created_at | 2019-03-04T02:33:43Z |
| description | |
| dns_nameservers | 192.168.31.1 |
| enable_dhcp | True |
| gateway_ip | 192.168.31.1 |
| host_routes | |
| id | 0e8d193b-2718-4556-9b0b-db9ff4e402ae |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | provider |
| network_id | 3b584700-d1f6-4126-b623-f88f6a7a78a4 |
| project_id | 3a0c69d746954f9fa7997a81a86b4a15 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2019-03-04T02:33:43Z |
+-------------------+--------------------------------------+创建自服务网络
openstack network create selfservice
Created a new network:
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2016-11-04T18:20:59Z |
| description | |
| headers | |
| id | 7c6f9b37-76b4-463e-98d8-27e5686ed083 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| mtu | 1450 |
| name | selfservice |
| port_security_enabled | True |
| project_id | 3828e7c22c5546e585f27b9eb5453788 |
| project_id | 3828e7c22c5546e585f27b9eb5453788 |
| revision_number | 3 |
| router:external | Internal |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | [] |
| updated_at | 2016-11-04T18:20:59Z |
+-------------------------+--------------------------------------+创建自服务网络子网
[root@controller ~ (openstack-admin)]# openstack subnet create --network selfservice \
--dns-nameserver 8.8.4.4 --gateway 172.16.1.1 \
--subnet-range 172.16.1.0/24 selfservice
Created a new subnet:
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 172.16.1.2-172.16.1.254 |
| cidr | 172.16.1.0/24 |
| created_at | 2016-11-04T18:30:54Z |
| description | |
| dns_nameservers | 8.8.4.4 |
| enable_dhcp | True |
| gateway_ip | 172.16.1.1 |
| headers | |
| host_routes | |
| id | 5c37348e-e7da-439b-8c23-2af47d93aee5 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | selfservice |
| network_id | b9273876-5946-4f02-a4da-838224a144e7 |
| project_id | 3828e7c22c5546e585f27b9eb5453788 |
| project_id | 3828e7c22c5546e585f27b9eb5453788 |
| revision_number | 2 |
| service_types | [] |
| subnetpool_id | None |
| updated_at | 2016-11-04T18:30:54Z |
+-------------------+--------------------------------------+创建路由器
[root@controller ~ (openstack-admin)]# openstack router create router
Created a new router:
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2016-11-04T18:32:56Z |
| description | |
| external_gateway_info | null |
| flavor_id | None |
| headers | |
| id | 67324374-396a-4db6-9443-c70be167a42b |
| name | router |
| project_id | 3828e7c22c5546e585f27b9eb5453788 |
| project_id | 3828e7c22c5546e585f27b9eb5453788 |
| revision_number | 2 |
| routes | |
| status | ACTIVE |
| updated_at | 2016-11-04T18:32:56Z |
+-------------------------+--------------------------------------+给路由器添加一个私网子网的接口
[root@controller ~ (openstack-admin)]# openstack router add subnet router selfservice给路由器设置公有网络的网关
[root@controller ~ (openstack-admin)]# openstack router set router --external-gateway provider安装 Horizon
# yum install openstack-dashboard编辑 /etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*', ]
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
麻烦问下
创建自服务网络
openstack network create selfservice
这里就报错了
Unable to create the network. No tenant network is available for allocation
不知道 为什么