haoningabc
- 浏览: 1475140 次
- 性别:
- 来自: 北京
-
文章分类
- 全部博客 (691)
- linux (207)
- shell (33)
- java (42)
- 其他 (22)
- javascript (33)
- cloud (16)
- python (33)
- c (48)
- sql (12)
- 工具 (6)
- 缓存 (16)
- ubuntu (7)
- perl (3)
- lua (2)
- 超级有用 (2)
- 服务器 (2)
- mac (22)
- nginx (34)
- php (2)
- 内核 (2)
- gdb (13)
- ICTCLAS (2)
- mac android (0)
- unix (1)
- android (1)
- vim (1)
- epoll (1)
- ios (21)
- mysql (3)
- systemtap (1)
- 算法 (2)
- 汇编 (2)
- arm (3)
- 我的数据结构 (8)
- websocket (12)
- hadoop (5)
- thrift (2)
- hbase (1)
- graphviz (1)
- redis (1)
- raspberry (2)
- qemu (31)
- opencv (4)
- socket (1)
- opengl (1)
- ibeacons (1)
- emacs (6)
- openstack (24)
- docker (1)
- webrtc (11)
- angularjs (2)
- neutron (23)
- jslinux (18)
- 网络 (13)
- tap (9)
- tensorflow (8)
- nlu (4)
- asm.js (5)
- sip (3)
- xl2tp (5)
- conda (1)
- emscripten (6)
- ffmpeg (10)
- srt (1)
- wasm (5)
- bert (3)
- kaldi (4)
- 知识图谱 (1)
最新评论
-
wahahachuang8:
我喜欢代码简洁易读,服务稳定的推送服务,前段时间研究了一下go ...
websocket的helloworld -
q114687576:
http://www.blue-zero.com/WebSoc ...
websocket的helloworld -
zhaoyanzimm:
感谢您的分享,给我提供了很大的帮助,在使用过程中发现了一个问题 ...
nginx的helloworld模块的helloworld -
haoningabc:
leebyte 写道太NB了,期待早日用上Killinux!么 ...
qemu+emacs+gdb调试内核 -
leebyte:
太NB了,期待早日用上Killinux!
qemu+emacs+gdb调试内核
参考http://docs.openstack.org/liberty/install-guide-rdo/keystone-install.html
最终结果:
基础:
yum install centos-release-openstack-liberty
yum upgrade -y
yum install python-openstackclient openstack-selinux -y
rm -f /etc/localtime
cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ntpdate ntp.ubuntu.com
配置/etc/hostname
/etc/hosts
192.168.139.126 controller
192.168.139.62 compute
#192.168.139.79 net
systemctl stop firewalld.service
systemctl disable firewalld.service
yum install mariadb mariadb-server MySQL-python -y
vim /etc/my.cnf.d/mariadb_openstack.cnf
[mysqld]
bind-address = 10.0.0.11
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'ocontrol' IDENTIFIED BY 'haoning';
flush privileges;
yum install rabbitmq-server -y
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
rabbitmqctl add_user openstack haoning
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
yum install mongodb-server mongodb -y
vim /etc/mongod.conf
bind_ip = 192.168.139.159
systemctl enable mongod.service
systemctl start mongod.service
一下密码全都设置成haoning
----------------------------------------------------------------------
■■■■■■■■■■■■■■■■■■keystone begin■■■■■■■■■■■■■■■■■■
keystone:
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'ocontrol' IDENTIFIED BY 'haoning';
flush privileges;
$ openssl rand -hex 10
06a0afd32e5265a9eba8
yum install openstack-keystone httpd mod_wsgi memcached python-memcached -y
systemctl enable memcached.service
systemctl start memcached.service
修改配置文件后得到
sed -i '/^#/d' /etc/keystone/keystone.conf
sed -i '/^$/d' /etc/keystone/keystone.conf
---------------------------
/etc/keystone/keystone.conf
[DEFAULT]
admin_token = 06a0afd32e5265a9eba8
verbose = True
[assignment]
[auth]
[cache]
[catalog]
[cors]
[cors.subdomain]
[credential]
[database]
connection = mysql://keystone:haoning@ocontrol/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[eventlet_server_ssl]
[federation]
[fernet_tokens]
[identity]
[identity_mapping]
[kvs]
[ldap]
[matchmaker_redis]
[matchmaker_ring]
[memcache]
servers = localhost:11211
[oauth1]
[os_inherit]
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
[policy]
[resource]
[revoke]
driver = sql
[role]
[saml]
[signing]
[ssl]
[token]
provider = uuid
driver = memcache
[tokenless_auth]
[trust]
su -s /bin/sh -c "keystone-manage db_sync" keystone
-------------------------
/etc/httpd/conf/httpd.conf
ServerName ocontrol
/etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
systemctl enable httpd.service
systemctl start httpd.service
###创建服务:
export OS_TOKEN=06a0afd32e5265a9eba8
export OS_URL=http://ocontrol:35357/v3
export OS_IDENTITY_API_VERSION=3
openstack service create --name keystone --description "OpenStack Identity" identity
openstack endpoint create --region wuhan identity public http://ocontrol:5000/v2.0
openstack endpoint create --region wuhan identity internal http://ocontrol:5000/v2.0
openstack endpoint create --region wuhan identity admin http://ocontrol:35357/v2.0
###创建用户角色等 projects, users, and roles
openstack project create --domain default --description "Admin Project" admin
openstack user create --domain default --password-prompt admin
openstack role create admin
openstack role add --project admin --user admin admin
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password-prompt demo
openstack role create user
openstack role add --project demo --user demo user
###Verify operation
Edit the /usr/share/keystone/keystone-dist-paste.ini file and remove admin_token_auth from the [pipeline:public_api], [pipeline:admin_api], and [pipeline:api_v3] sections
#unset OS_TOKEN OS_URL
openstack --os-auth-url http://ocontrol:35357/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name admin --os-username admin --os-auth-type password token issue
openstack --os-auth-url http://ocontrol:5000/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name demo --os-username demo --os-auth-type password token issue
###Create OpenStack client environment scripts
unset OS_TOKEN OS_URL
[root@ocontrol ~]# cat admin-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=haoning
export OS_AUTH_URL=http://ocontrol:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export PS1='[\u@\h \W(keystone_admin_v3)]\$ '
[root@ocontrol ~]# cat demo-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=haoning
export OS_AUTH_URL=http://ocontrol:5000/v3
export OS_IMAGE_API_VERSION=2
export OS_IDENTITY_API_VERSION=3
export PS1='[\u@\h \W(keystone_demo_v3)]\$ '
source admin-openrc.sh
openstack token issue
■■■■■■■■■■■■■■■■■■keystone end■■■■■■■■■■■■■■■■■■
■■■■■■■■■■■■■■■■■■glance begin■■■■■■■■■■■■■■■■■■
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'ocontrol' IDENTIFIED BY 'haoning';
flush privileges;
source admin-openrc.sh
openstack user create --domain default --password-prompt glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image service" image
openstack endpoint create --region wuhan image public http://ocontrol:9292
openstack endpoint create --region wuhan image internal http://ocontrol:9292
openstack endpoint create --region wuhan image admin http://ocontrol:9292
yum install openstack-glance python-glance python-glanceclient -y
---------------------------
/etc/glance/glance-api.conf
[DEFAULT]
notification_driver = noop
verbose = True
[database]
connection = mysql://glance:haoning@ocontrol/glance
[keystone_authtoken]
auth_uri = http://ocontrol:5000
auth_url = http://ocontrol:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = haoning
#Comment out or remove any other options in the [keystone_authtoken] section.
[paste_deploy]
flavor = keystone
[glance_store]
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
#暂时没有这个目录
------------------------------------
/etc/glance/glance-registry.conf
[DEFAULT]
notification_driver = noop
verbose = True
[database]
connection = mysql://glance:haoning@ocontrol/glance
[keystone_authtoken]
auth_uri = http://ocontrol:5000
auth_url = http://ocontrol:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = haoning
[paste_deploy]
flavor = keystone
#Comment out or remove any other options in the [keystone_authtoken] section
su -s /bin/sh -c "glance-manage db_sync" glance
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service
#Verify operation
echo "export OS_IMAGE_API_VERSION=2" | tee -a admin-openrc.sh demo-openrc.sh
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
glance image-create --name "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility public --progress
glance image-list
■■■■■■■■■■■■■■■■■■glance end■■■■■■■■■■■■■■■■■■
■■■■■■■■■■■■■■■■■■nova begin■■■■■■■■■■■■■■■■■■
#★★★★在ocontrol节点
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'ocontrol' IDENTIFIED BY 'haoning';
flush privileges;
source admin-openrc.sh
openstack user create --domain default --password-prompt nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region wuhan compute public http://ocontrol:8774/v2/%\(tenant_id\)s
openstack endpoint create --region wuhan compute internal http://ocontrol:8774/v2/%\(tenant_id\)s
openstack endpoint create --region wuhan compute admin http://ocontrol:8774/v2/%\(tenant_id\)s
yum install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient -y
-------------
/etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
################
my_ip = 192.168.139.159
################
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
#disable the EC2 API:
enabled_apis=osapi_compute,metadata
verbose = True
[database]
connection = mysql://nova:haoning@ocontrol/nova
[oslo_messaging_rabbit]
rabbit_host = ocontrol
rabbit_userid = openstack
rabbit_password = haoning
[keystone_authtoken]
auth_uri = http://ocontrol:5000
auth_url = http://ocontrol:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = haoning
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
host = ocontrol
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
su -s /bin/sh -c "nova-manage db sync" nova
#/var/log/nova 检查log是否成功
systemctl enable openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
#★★★在ocompute节点
yum install openstack-nova-compute sysfsutils -y
---------------------
/etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
#################
my_ip = 192.168.139.160
##############
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
#By default, Compute uses an internal firewall service. Since Networking includes a firewall service, you must disable the Compute firewall service by using the nova.virt.firewall.NoopFirewallDriver firewall driver.
verbose = True
[oslo_messaging_rabbit]
rabbit_host = ocontrol
rabbit_userid = openstack
rabbit_password = haoning
[keystone_authtoken]
auth_uri = http://ocontrol:5000
auth_url = http://ocontrol:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = haoning
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://ocontrol:6080/vnc_auto.html
[glance]
host = ocontrol
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[libvirt]
#egrep -c '(vmx|svm)' /proc/cpuinfo
#virt_type = qemu
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
#Verify operation
source admin-openrc.sh
nova service-list
nova endpoints
nova image-list
■■■■■■■■■■■■■■■■■■nova end■■■■■■■■■■■■■■■■■■
■■■■■■■■■■■■■■■■■■neutron begin■■■■■■■■■■■■■■■■■■
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'ocontrol' IDENTIFIED BY 'haoning';
flush privileges;
openstack user create --domain default --password-prompt neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region wuhan network public http://ocontrol:9696
openstack endpoint create --region wuhan network internal http://ocontrol:9696
openstack endpoint create --region wuhan network admin http://ocontrol:9696
###★★★★★★★★Networking Option 1: Provider networks----------begin★★★★★★★★
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset
-------------------------------
/etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins =
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://ocontrol:8774/v2
verbose = True
[database]
connection = mysql://neutron:haoning@ocontrol/neutron
[oslo_messaging_rabbit]
rabbit_host = ocontrol
rabbit_userid = openstack
rabbit_password = haoning
[keystone_authtoken]
auth_uri = http://ocontrol:5000
auth_url = http://ocontrol:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = haoning
####???????????这里不一样########★★★★★★★★★★★★★★★★★
[nova]
auth_url = http://ocontrol:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = wuhan
project_name = service
username = nova
password = haoning
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
----------------
/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = public
[securitygroup]
enable_ipset = True
----------------
/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
########
physical_interface_mappings = public:eth0
##########
[vxlan]
enable_vxlan = False
[agent]
prevent_arp_spoofing = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
--------------------------------
/etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
verbose = True
###★★★★★★★★Networking Option 1: Provider networks----------end★★★★★★★★
###★★★★★Networking Option 2: Self-service networks-------begin★★★★★★★★
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset
###★★★★★Networking Option 2: Self-service networks------end★★★★★★★★
-------------------------------?????______
/etc/neutron/metadata_agent.ini
[DEFAULT]
auth_uri = http://ocontrol:5000
auth_url = http://ocontrol:35357
auth_region = wuhan
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = haoning
nova_metadata_ip = ocontrol
#########??????########
metadata_proxy_shared_secret = METADATA_SECRET
#########????###############
verbose = True
-------------------------------
/etc/nova/nova.conf
[neutron]
url = http://ocontrol:9696
auth_url = http://ocontrol:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = wuhan
project_name = service
username = neutron
password = haoning
service_metadata_proxy = True
#########没关系不报错,先这么写########
metadata_proxy_shared_secret = METADATA_SECRET
#################
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
##########For networking option 2, also enable and start the layer-3 service:
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service
检查错误:
cd /var/log/neutron
grep ERROR *
systemctl start neutron-server.service
systemctl start neutron-linuxbridge-agent.service
systemctl start neutron-dhcp-agent.service
systemctl stop neutron-metadata-agent.service
★★★★★★★★★★★★★★★compute 节点★☆★★★★★★★★★★★★★
yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset -y
-------------------------------------
/etc/neutron/neutron.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
verbose = True
[oslo_messaging_rabbit]
rabbit_host = ocontrol
rabbit_userid = openstack
rabbit_password = haoning
[keystone_authtoken]
auth_uri = http://ocontrol:5000
auth_url = http://ocontrol:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = haoning
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
###★★★★★Networking Option 1: Provider networks-------begin★★★★★★★★
----------------------------
/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = public:eth0
#the name of the underlying physical public network interface.
[vxlan]
enable_vxlan = False
[agent]
prevent_arp_spoofing = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
#可以比较一下,是一样的
vimdiff scp://root@192.168.139.159//etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini
###★★★★★Networking Option 1: Provider networks------end★★★★★★★★
###★★★★★Networking Option 2: Self-service networks-------begin★★★★★★★★
###★★★★★Networking Option 2: Self-service networks------end★★★★★★★★
-------------------------------
/etc/nova/nova.conf
[neutron]
url = http://ocontrol:9696
auth_url = http://ocontrol:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = wuhan
project_name = service
username = neutron
password = haoning
systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
###Verify operation
[root@ocontrol neutron(keystone_admin_v3)]# neutron ext-list
+-----------------------+--------------------------+
| alias | name |
+-----------------------+--------------------------+
| flavors | Neutron Service Flavors |
| security-group | security-group |
| dns-integration | DNS Integration |
| net-mtu | Network MTU |
| port-security | Port Security |
| binding | Port Binding |
| provider | Provider Network |
| agent | agent |
| quotas | Quota management support |
| subnet_allocation | Subnet Allocation |
| dhcp_agent_scheduler | DHCP Agent Scheduler |
| rbac-policies | RBAC Policies |
| external-net | Neutron external network |
| multi-provider | Multi Provider Network |
| allowed-address-pairs | Allowed Address Pairs |
| extra_dhcp_opt | Neutron Extra DHCP opts |
+-----------------------+--------------------------+
###★★★★★Networking Option 1: Provider networks------begin★★★★★★★★
neutron agent-list
+--------------------------------------+--------------------+----------+-------+----------------+---------------------------+
| id | agent_type | host | alive | admin_state_up | binary |
+--------------------------------------+--------------------+----------+-------+----------------+---------------------------+
| 1f7dd1e9-ef38-471e-a486-43e6c7c1c854 | Metadata agent | ocontrol | :-) | True | neutron-metadata-agent |
| a14b5ccc-60e0-4a85-9ce9-10ba6cb6a82e | Linux bridge agent | ocontrol | :-) | True | neutron-linuxbridge-agent |
| ba07f36d-ec0e-4a98-959f-72eabbdca0cc | Linux bridge agent | ocompute | :-) | True | neutron-linuxbridge-agent |
| bc7c2622-0887-4504-8928-dd12be23371a | DHCP agent | ocontrol | :-) | True | neutron-dhcp-agent |
+--------------------------------------+--------------------+----------+-------+----------------+---------------------------+
#新建个vm
neutron net-create public --shared --provider:physical_network public --provider:network_type flat
-----------------------------------
/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2_type_flat]
flat_networks = public
------------------------------
/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = public:eth0
#neutron subnet-create public PUBLIC_NETWORK_CIDR --name public --allocation-pool start=START_IP_ADDRESS,end=END_IP_ADDRESS --dns-nameserver DNS_RESOLVER --gateway PUBLIC_NETWORK_GATEWAY
neutron subnet-create public 192.168.139.0/20 --name public --allocation-pool start=192.168.139.181,end=192.168.139.200 --dns-nameserver 8.8.4.4 --gateway 192.168.128.1
Created a new subnet:
+-------------------+--------------------------------------------------------+
| Field | Value |
+-------------------+--------------------------------------------------------+
| allocation_pools | {"start": "192.168.139.181", "end": "192.168.139.200"} |
| cidr | 192.168.128.0/20 |
| dns_nameservers | 8.8.4.4 |
| enable_dhcp | True |
| gateway_ip | 192.168.128.1 |
| host_routes | |
| id | fb2ec451-b2f6-4407-865e-5c4e657e9d59 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | public |
| network_id | 386b0ac1-3cdf-4be7-94c7-b52e6b46063e |
| subnetpool_id | |
| tenant_id | 261db0ad41984bd1b113e19c92aa4174 |
+-------------------+--------------------------------------------------------+
source admin-openrc.sh
#demo的不好使
ssh-keygen -q -N ""
nova keypair-add --pub-key ~/.ssh/id_rsa.pub mykey
nova keypair-list
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
nova flavor-list
nova image-list
[root@ocontrol ~(keystone_admin_v3)]# neutron net-list
+--------------------------------------+--------+-------------------------------------------------------+
| id | name | subnets |
+--------------------------------------+--------+-------------------------------------------------------+
| 386b0ac1-3cdf-4be7-94c7-b52e6b46063e | public | fb2ec451-b2f6-4407-865e-5c4e657e9d59 192.168.128.0/20 |
+--------------------------------------+--------+-------------------------------------------------------+
#Replace PUBLIC_NET_ID with the ID of the public provider network
#nova boot --flavor m1.tiny --image cirros --nic net-id=PUBLIC_NET_ID --security-group default --key-name mykey public-instance
nova boot --flavor m1.tiny --image cirros --nic net-id=386b0ac1-3cdf-4be7-94c7-b52e6b46063e --security-group default --key-name mykey public-instance
+--------------------------------------+-----------------------------------------------+
| Property | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-SRV-ATTR:host | - |
| OS-EXT-SRV-ATTR:hypervisor_hostname | - |
| OS-EXT-SRV-ATTR:instance_name | instance-00000001 |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | JgCpGqbkPpA3 |
| config_drive | |
| created | 2016-03-09T13:47:48Z |
| flavor | m1.tiny (1) |
| hostId | |
| id | ea7129c7-18e1-44bf-a17b-ef8a167a8b4b |
| image | cirros (10e9295e-aa88-4cc5-a91e-11ccf0cc5764) |
| key_name | mykey |
| metadata | {} |
| name | public-instance |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | default |
| status | BUILD |
| tenant_id | 261db0ad41984bd1b113e19c92aa4174 |
| updated | 2016-03-09T13:47:48Z |
| user_id | 606788646f2b474a9157c7c86c91faab |
+--------------------------------------+-----------------------------------------------+
nova list
+--------------------------------------+-----------------+--------+------------+-------------+------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+-----------------+--------+------------+-------------+------------------------+
| ea7129c7-18e1-44bf-a17b-ef8a167a8b4b | public-instance | ACTIVE | - | Running | public=192.168.139.182 |
+--------------------------------------+-----------------+--------+------------+-------------+------------------------+
[root@ocontrol ~(keystone_admin_v3)]# nova get-vnc-console public-instance novnc
+-------+-------------------------------------------------------------------------------+
| Type | Url |
+-------+-------------------------------------------------------------------------------+
| novnc | http://ocontrol:6080/vnc_auto.html?token=ec2013e8-7cad-458e-82dd-ae4153f2190c |
+-------+-------------------------------------------------------------------------------+
#ping 网关
#ping 192.168.128.1
#ping www.baidu.com
ssh cirros@192.168.139.182
###★★★★★Networking Option 1: Provider networks------end★★★★★★★★
###★★★★★Networking Option 2: Self-service networks-------begin★★★★★★★★
###★★★★★Networking Option 2: Self-service networks-------end★★★★★★★★
■■■■■■■■■■■■■■■■■■neutron end■■■■■■■■■■■■■■■■■■
■■■■■■■■■■■■■■■■■■horizon begin■■■■■■■■■■■■■■■■■■
■■■■■■■■■■■■■■■■■■horizon end■■■■■■■■■■■■■■■■■■
最终结果:
基础:
yum install centos-release-openstack-liberty
yum upgrade -y
yum install python-openstackclient openstack-selinux -y
rm -f /etc/localtime
cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ntpdate ntp.ubuntu.com
配置/etc/hostname
/etc/hosts
192.168.139.126 controller
192.168.139.62 compute
#192.168.139.79 net
systemctl stop firewalld.service
systemctl disable firewalld.service
yum install mariadb mariadb-server MySQL-python -y
vim /etc/my.cnf.d/mariadb_openstack.cnf
[mysqld]
bind-address = 10.0.0.11
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'ocontrol' IDENTIFIED BY 'haoning';
flush privileges;
yum install rabbitmq-server -y
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
rabbitmqctl add_user openstack haoning
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
yum install mongodb-server mongodb -y
vim /etc/mongod.conf
bind_ip = 192.168.139.159
systemctl enable mongod.service
systemctl start mongod.service
一下密码全都设置成haoning
----------------------------------------------------------------------
■■■■■■■■■■■■■■■■■■keystone begin■■■■■■■■■■■■■■■■■■
keystone:
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'ocontrol' IDENTIFIED BY 'haoning';
flush privileges;
$ openssl rand -hex 10
06a0afd32e5265a9eba8
yum install openstack-keystone httpd mod_wsgi memcached python-memcached -y
systemctl enable memcached.service
systemctl start memcached.service
修改配置文件后得到
sed -i '/^#/d' /etc/keystone/keystone.conf
sed -i '/^$/d' /etc/keystone/keystone.conf
---------------------------
/etc/keystone/keystone.conf
[DEFAULT]
admin_token = 06a0afd32e5265a9eba8
verbose = True
[assignment]
[auth]
[cache]
[catalog]
[cors]
[cors.subdomain]
[credential]
[database]
connection = mysql://keystone:haoning@ocontrol/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[eventlet_server_ssl]
[federation]
[fernet_tokens]
[identity]
[identity_mapping]
[kvs]
[ldap]
[matchmaker_redis]
[matchmaker_ring]
[memcache]
servers = localhost:11211
[oauth1]
[os_inherit]
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
[policy]
[resource]
[revoke]
driver = sql
[role]
[saml]
[signing]
[ssl]
[token]
provider = uuid
driver = memcache
[tokenless_auth]
[trust]
su -s /bin/sh -c "keystone-manage db_sync" keystone
-------------------------
/etc/httpd/conf/httpd.conf
ServerName ocontrol
/etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
systemctl enable httpd.service
systemctl start httpd.service
###创建服务:
export OS_TOKEN=06a0afd32e5265a9eba8
export OS_URL=http://ocontrol:35357/v3
export OS_IDENTITY_API_VERSION=3
openstack service create --name keystone --description "OpenStack Identity" identity
openstack endpoint create --region wuhan identity public http://ocontrol:5000/v2.0
openstack endpoint create --region wuhan identity internal http://ocontrol:5000/v2.0
openstack endpoint create --region wuhan identity admin http://ocontrol:35357/v2.0
###创建用户角色等 projects, users, and roles
openstack project create --domain default --description "Admin Project" admin
openstack user create --domain default --password-prompt admin
openstack role create admin
openstack role add --project admin --user admin admin
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password-prompt demo
openstack role create user
openstack role add --project demo --user demo user
###Verify operation
Edit the /usr/share/keystone/keystone-dist-paste.ini file and remove admin_token_auth from the [pipeline:public_api], [pipeline:admin_api], and [pipeline:api_v3] sections
#unset OS_TOKEN OS_URL
openstack --os-auth-url http://ocontrol:35357/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name admin --os-username admin --os-auth-type password token issue
openstack --os-auth-url http://ocontrol:5000/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name demo --os-username demo --os-auth-type password token issue
###Create OpenStack client environment scripts
unset OS_TOKEN OS_URL
[root@ocontrol ~]# cat admin-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=haoning
export OS_AUTH_URL=http://ocontrol:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export PS1='[\u@\h \W(keystone_admin_v3)]\$ '
[root@ocontrol ~]# cat demo-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=haoning
export OS_AUTH_URL=http://ocontrol:5000/v3
export OS_IMAGE_API_VERSION=2
export OS_IDENTITY_API_VERSION=3
export PS1='[\u@\h \W(keystone_demo_v3)]\$ '
source admin-openrc.sh
openstack token issue
■■■■■■■■■■■■■■■■■■keystone end■■■■■■■■■■■■■■■■■■
■■■■■■■■■■■■■■■■■■glance begin■■■■■■■■■■■■■■■■■■
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'ocontrol' IDENTIFIED BY 'haoning';
flush privileges;
source admin-openrc.sh
openstack user create --domain default --password-prompt glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image service" image
openstack endpoint create --region wuhan image public http://ocontrol:9292
openstack endpoint create --region wuhan image internal http://ocontrol:9292
openstack endpoint create --region wuhan image admin http://ocontrol:9292
yum install openstack-glance python-glance python-glanceclient -y
---------------------------
/etc/glance/glance-api.conf
[DEFAULT]
notification_driver = noop
verbose = True
[database]
connection = mysql://glance:haoning@ocontrol/glance
[keystone_authtoken]
auth_uri = http://ocontrol:5000
auth_url = http://ocontrol:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = haoning
#Comment out or remove any other options in the [keystone_authtoken] section.
[paste_deploy]
flavor = keystone
[glance_store]
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
#暂时没有这个目录
------------------------------------
/etc/glance/glance-registry.conf
[DEFAULT]
notification_driver = noop
verbose = True
[database]
connection = mysql://glance:haoning@ocontrol/glance
[keystone_authtoken]
auth_uri = http://ocontrol:5000
auth_url = http://ocontrol:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = haoning
[paste_deploy]
flavor = keystone
#Comment out or remove any other options in the [keystone_authtoken] section
su -s /bin/sh -c "glance-manage db_sync" glance
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service
#Verify operation
echo "export OS_IMAGE_API_VERSION=2" | tee -a admin-openrc.sh demo-openrc.sh
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
glance image-create --name "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility public --progress
glance image-list
■■■■■■■■■■■■■■■■■■glance end■■■■■■■■■■■■■■■■■■
■■■■■■■■■■■■■■■■■■nova begin■■■■■■■■■■■■■■■■■■
#★★★★在ocontrol节点
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'ocontrol' IDENTIFIED BY 'haoning';
flush privileges;
source admin-openrc.sh
openstack user create --domain default --password-prompt nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region wuhan compute public http://ocontrol:8774/v2/%\(tenant_id\)s
openstack endpoint create --region wuhan compute internal http://ocontrol:8774/v2/%\(tenant_id\)s
openstack endpoint create --region wuhan compute admin http://ocontrol:8774/v2/%\(tenant_id\)s
yum install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient -y
-------------
/etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
################
my_ip = 192.168.139.159
################
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
#disable the EC2 API:
enabled_apis=osapi_compute,metadata
verbose = True
[database]
connection = mysql://nova:haoning@ocontrol/nova
[oslo_messaging_rabbit]
rabbit_host = ocontrol
rabbit_userid = openstack
rabbit_password = haoning
[keystone_authtoken]
auth_uri = http://ocontrol:5000
auth_url = http://ocontrol:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = haoning
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
host = ocontrol
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
su -s /bin/sh -c "nova-manage db sync" nova
#/var/log/nova 检查log是否成功
systemctl enable openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
#★★★在ocompute节点
yum install openstack-nova-compute sysfsutils -y
---------------------
/etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
#################
my_ip = 192.168.139.160
##############
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
#By default, Compute uses an internal firewall service. Since Networking includes a firewall service, you must disable the Compute firewall service by using the nova.virt.firewall.NoopFirewallDriver firewall driver.
verbose = True
[oslo_messaging_rabbit]
rabbit_host = ocontrol
rabbit_userid = openstack
rabbit_password = haoning
[keystone_authtoken]
auth_uri = http://ocontrol:5000
auth_url = http://ocontrol:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = haoning
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://ocontrol:6080/vnc_auto.html
[glance]
host = ocontrol
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[libvirt]
#egrep -c '(vmx|svm)' /proc/cpuinfo
#virt_type = qemu
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
#Verify operation
source admin-openrc.sh
nova service-list
nova endpoints
nova image-list
■■■■■■■■■■■■■■■■■■nova end■■■■■■■■■■■■■■■■■■
■■■■■■■■■■■■■■■■■■neutron begin■■■■■■■■■■■■■■■■■■
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'ocontrol' IDENTIFIED BY 'haoning';
flush privileges;
openstack user create --domain default --password-prompt neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region wuhan network public http://ocontrol:9696
openstack endpoint create --region wuhan network internal http://ocontrol:9696
openstack endpoint create --region wuhan network admin http://ocontrol:9696
###★★★★★★★★Networking Option 1: Provider networks----------begin★★★★★★★★
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset
-------------------------------
/etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins =
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://ocontrol:8774/v2
verbose = True
[database]
connection = mysql://neutron:haoning@ocontrol/neutron
[oslo_messaging_rabbit]
rabbit_host = ocontrol
rabbit_userid = openstack
rabbit_password = haoning
[keystone_authtoken]
auth_uri = http://ocontrol:5000
auth_url = http://ocontrol:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = haoning
####???????????这里不一样########★★★★★★★★★★★★★★★★★
[nova]
auth_url = http://ocontrol:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = wuhan
project_name = service
username = nova
password = haoning
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
----------------
/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = public
[securitygroup]
enable_ipset = True
----------------
/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
########
physical_interface_mappings = public:eth0
##########
[vxlan]
enable_vxlan = False
[agent]
prevent_arp_spoofing = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
--------------------------------
/etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
verbose = True
###★★★★★★★★Networking Option 1: Provider networks----------end★★★★★★★★
###★★★★★Networking Option 2: Self-service networks-------begin★★★★★★★★
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset
###★★★★★Networking Option 2: Self-service networks------end★★★★★★★★
-------------------------------?????______
/etc/neutron/metadata_agent.ini
[DEFAULT]
auth_uri = http://ocontrol:5000
auth_url = http://ocontrol:35357
auth_region = wuhan
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = haoning
nova_metadata_ip = ocontrol
#########??????########
metadata_proxy_shared_secret = METADATA_SECRET
#########????###############
verbose = True
-------------------------------
/etc/nova/nova.conf
[neutron]
url = http://ocontrol:9696
auth_url = http://ocontrol:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = wuhan
project_name = service
username = neutron
password = haoning
service_metadata_proxy = True
#########没关系不报错,先这么写########
metadata_proxy_shared_secret = METADATA_SECRET
#################
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
##########For networking option 2, also enable and start the layer-3 service:
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service
检查错误:
cd /var/log/neutron
grep ERROR *
systemctl start neutron-server.service
systemctl start neutron-linuxbridge-agent.service
systemctl start neutron-dhcp-agent.service
systemctl stop neutron-metadata-agent.service
★★★★★★★★★★★★★★★compute 节点★☆★★★★★★★★★★★★★
yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset -y
-------------------------------------
/etc/neutron/neutron.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
verbose = True
[oslo_messaging_rabbit]
rabbit_host = ocontrol
rabbit_userid = openstack
rabbit_password = haoning
[keystone_authtoken]
auth_uri = http://ocontrol:5000
auth_url = http://ocontrol:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = haoning
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
###★★★★★Networking Option 1: Provider networks-------begin★★★★★★★★
----------------------------
/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = public:eth0
#the name of the underlying physical public network interface.
[vxlan]
enable_vxlan = False
[agent]
prevent_arp_spoofing = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
#可以比较一下,是一样的
vimdiff scp://root@192.168.139.159//etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini
###★★★★★Networking Option 1: Provider networks------end★★★★★★★★
###★★★★★Networking Option 2: Self-service networks-------begin★★★★★★★★
###★★★★★Networking Option 2: Self-service networks------end★★★★★★★★
-------------------------------
/etc/nova/nova.conf
[neutron]
url = http://ocontrol:9696
auth_url = http://ocontrol:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = wuhan
project_name = service
username = neutron
password = haoning
systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
###Verify operation
[root@ocontrol neutron(keystone_admin_v3)]# neutron ext-list
+-----------------------+--------------------------+
| alias | name |
+-----------------------+--------------------------+
| flavors | Neutron Service Flavors |
| security-group | security-group |
| dns-integration | DNS Integration |
| net-mtu | Network MTU |
| port-security | Port Security |
| binding | Port Binding |
| provider | Provider Network |
| agent | agent |
| quotas | Quota management support |
| subnet_allocation | Subnet Allocation |
| dhcp_agent_scheduler | DHCP Agent Scheduler |
| rbac-policies | RBAC Policies |
| external-net | Neutron external network |
| multi-provider | Multi Provider Network |
| allowed-address-pairs | Allowed Address Pairs |
| extra_dhcp_opt | Neutron Extra DHCP opts |
+-----------------------+--------------------------+
###★★★★★Networking Option 1: Provider networks------begin★★★★★★★★
neutron agent-list
+--------------------------------------+--------------------+----------+-------+----------------+---------------------------+
| id | agent_type | host | alive | admin_state_up | binary |
+--------------------------------------+--------------------+----------+-------+----------------+---------------------------+
| 1f7dd1e9-ef38-471e-a486-43e6c7c1c854 | Metadata agent | ocontrol | :-) | True | neutron-metadata-agent |
| a14b5ccc-60e0-4a85-9ce9-10ba6cb6a82e | Linux bridge agent | ocontrol | :-) | True | neutron-linuxbridge-agent |
| ba07f36d-ec0e-4a98-959f-72eabbdca0cc | Linux bridge agent | ocompute | :-) | True | neutron-linuxbridge-agent |
| bc7c2622-0887-4504-8928-dd12be23371a | DHCP agent | ocontrol | :-) | True | neutron-dhcp-agent |
+--------------------------------------+--------------------+----------+-------+----------------+---------------------------+
#新建个vm
neutron net-create public --shared --provider:physical_network public --provider:network_type flat
-----------------------------------
/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2_type_flat]
flat_networks = public
------------------------------
/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = public:eth0
#neutron subnet-create public PUBLIC_NETWORK_CIDR --name public --allocation-pool start=START_IP_ADDRESS,end=END_IP_ADDRESS --dns-nameserver DNS_RESOLVER --gateway PUBLIC_NETWORK_GATEWAY
neutron subnet-create public 192.168.139.0/20 --name public --allocation-pool start=192.168.139.181,end=192.168.139.200 --dns-nameserver 8.8.4.4 --gateway 192.168.128.1
Created a new subnet:
+-------------------+--------------------------------------------------------+
| Field | Value |
+-------------------+--------------------------------------------------------+
| allocation_pools | {"start": "192.168.139.181", "end": "192.168.139.200"} |
| cidr | 192.168.128.0/20 |
| dns_nameservers | 8.8.4.4 |
| enable_dhcp | True |
| gateway_ip | 192.168.128.1 |
| host_routes | |
| id | fb2ec451-b2f6-4407-865e-5c4e657e9d59 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | public |
| network_id | 386b0ac1-3cdf-4be7-94c7-b52e6b46063e |
| subnetpool_id | |
| tenant_id | 261db0ad41984bd1b113e19c92aa4174 |
+-------------------+--------------------------------------------------------+
source admin-openrc.sh
#demo的不好使
ssh-keygen -q -N ""
nova keypair-add --pub-key ~/.ssh/id_rsa.pub mykey
nova keypair-list
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
nova flavor-list
nova image-list
[root@ocontrol ~(keystone_admin_v3)]# neutron net-list
+--------------------------------------+--------+-------------------------------------------------------+
| id | name | subnets |
+--------------------------------------+--------+-------------------------------------------------------+
| 386b0ac1-3cdf-4be7-94c7-b52e6b46063e | public | fb2ec451-b2f6-4407-865e-5c4e657e9d59 192.168.128.0/20 |
+--------------------------------------+--------+-------------------------------------------------------+
#Replace PUBLIC_NET_ID with the ID of the public provider network
#nova boot --flavor m1.tiny --image cirros --nic net-id=PUBLIC_NET_ID --security-group default --key-name mykey public-instance
nova boot --flavor m1.tiny --image cirros --nic net-id=386b0ac1-3cdf-4be7-94c7-b52e6b46063e --security-group default --key-name mykey public-instance
+--------------------------------------+-----------------------------------------------+
| Property | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-SRV-ATTR:host | - |
| OS-EXT-SRV-ATTR:hypervisor_hostname | - |
| OS-EXT-SRV-ATTR:instance_name | instance-00000001 |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | JgCpGqbkPpA3 |
| config_drive | |
| created | 2016-03-09T13:47:48Z |
| flavor | m1.tiny (1) |
| hostId | |
| id | ea7129c7-18e1-44bf-a17b-ef8a167a8b4b |
| image | cirros (10e9295e-aa88-4cc5-a91e-11ccf0cc5764) |
| key_name | mykey |
| metadata | {} |
| name | public-instance |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | default |
| status | BUILD |
| tenant_id | 261db0ad41984bd1b113e19c92aa4174 |
| updated | 2016-03-09T13:47:48Z |
| user_id | 606788646f2b474a9157c7c86c91faab |
+--------------------------------------+-----------------------------------------------+
nova list
+--------------------------------------+-----------------+--------+------------+-------------+------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+-----------------+--------+------------+-------------+------------------------+
| ea7129c7-18e1-44bf-a17b-ef8a167a8b4b | public-instance | ACTIVE | - | Running | public=192.168.139.182 |
+--------------------------------------+-----------------+--------+------------+-------------+------------------------+
[root@ocontrol ~(keystone_admin_v3)]# nova get-vnc-console public-instance novnc
+-------+-------------------------------------------------------------------------------+
| Type | Url |
+-------+-------------------------------------------------------------------------------+
| novnc | http://ocontrol:6080/vnc_auto.html?token=ec2013e8-7cad-458e-82dd-ae4153f2190c |
+-------+-------------------------------------------------------------------------------+
#ping 网关
#ping 192.168.128.1
#ping www.baidu.com
ssh cirros@192.168.139.182
###★★★★★Networking Option 1: Provider networks------end★★★★★★★★
###★★★★★Networking Option 2: Self-service networks-------begin★★★★★★★★
###★★★★★Networking Option 2: Self-service networks-------end★★★★★★★★
■■■■■■■■■■■■■■■■■■neutron end■■■■■■■■■■■■■■■■■■
■■■■■■■■■■■■■■■■■■horizon begin■■■■■■■■■■■■■■■■■■
■■■■■■■■■■■■■■■■■■horizon end■■■■■■■■■■■■■■■■■■
- 大小: 46.4 KB
分享到:
发表评论
-
br0和tap0的互相影响
2019-01-02 19:17 810转载 http://www.cnblogs.com/wlei/ ... -
M版openstack(ovs,dvr,动态迁移)
2017-06-09 10:30 1786主要内容 1.先搭建三个节点的环境,dvr模式 2.建一个vm ... -
M版本的openstack的例子(linuxbridge)
2017-05-23 15:05 556做两个节点控制节点和计算节点 mcontroller521 ... -
openstack的topo图
2016-09-07 14:07 629http://haoningabc.iteye.com/blo ... -
openstack的M版本的neutron的实验
2016-09-01 20:00 3127试验步骤: 1.创建内部 ... -
openstack的M版本安装
2016-08-17 13:33 1057参考 http://docs.openstack.org/mi ... -
linux下TUN/TAP虚拟网卡的使用
2016-03-31 18:46 4882tun在网络层 tap在二层 ls ... -
openstack L版本(openvswitch的安装和应用)
2016-03-24 15:04 3019参考L版本的linuxbridge的安装方式 和k版本的ov ... -
openstack试验(linux vxlan)
2016-03-22 22:27 2725yum install centos-release-open ... -
backup a libvirt xml
2016-03-18 21:23 568<domain type='kvm' id='2'> ... -
neutron router试验
2016-03-17 20:41 964上接 http://haoningabc.iteye.com/ ... -
openstack L版本(使用linux bridge的vxlan)
2016-03-12 23:35 2378参考 http://docs.openstack.org/li ... -
openstack调试 数据库跟踪
2016-03-04 18:07 715查看openstack代码 openstack每个命令之后,数 ... -
使用devstack安装magnum
2015-11-18 21:22 1428在redhat6.5上建立个centos7的虚拟机,使用cen ... -
openstack 快速安装笔记
2015-07-19 15:21 1296前提是要配置好yum源 版本icehouse,操作系统redh ... -
openstack安装笔记 nova (未完成)(七)
2015-02-05 18:15 1156编辑 /etc/sysconfig/iptables ... -
openstack安装笔记 Neutron(未完成)(六)
2015-02-05 18:10 807验证 keystone role-list keysto ... -
openstack安装笔记 Horizon(五)
2015-02-04 16:08 2028适用的django 导入key cd /var/www/ht ... -
openstack安装笔记 swift(四)
2015-02-04 14:54 3036所有的安装都是yum 改配置 在keystone库中写serv ... -
openstack安装笔记 环境(零)
2015-02-04 12:18 1053在mac上用vmware rhel6.5 搭建openstac ...
相关推荐
OpenStack Icehouse版本安装指南是一份指导性文档,它详细描述了如何在Ubuntu 12.04或Ubuntu 14.04 LTS(长期支持版)操作系统上安装OpenStack Icehouse版本的步骤和配置要求。OpenStack Icehouse是OpenStack项目的...
总之,OpenStack Essex版本的安装是一个涉及多步骤的过程,需要对网络、存储和系统管理有深入理解。每个节点的网络配置、NTP服务的同步、iSCSI和块存储的设置,以及Linux桥接网络的构建都是成功部署的关键环节。在...
OpenStack Victoria版安装部署教程详细地涵盖了在CentOS 8.4系统上建立OpenStack云环境的全过程。这个教程由17个章节组成,旨在帮助读者理解并实践OpenStack组件的配置和安装。 首先,安装环境准备阶段,你需要至少...
手动安装openstack Mitaka版
### OpenStack M 版本离线搭建详解 #### 一、概述 OpenStack M 版本,即 OpenStack Mitaka 版本,是 OpenStack 的一个成熟版本之一,广泛应用于私有云建设和管理中。然而,在很多企业的环境中,出于安全考虑,内部...
9. **集成测试**:安装完成后,进行基本的功能验证,如创建虚拟机、网络连接和存储操作,确保OpenStack F版本的各个组件能够协同工作。 10. **持续监控与维护**:安装OpenStack后,定期监控系统的性能和稳定性,...
openstack train 版本安装记录文件.txt 从0安装的一份记录,参考官网安装,也记录了一些官网文档的坑!
总之,OpenStack一体化安装是一个涉及多步骤、多组件的过程,需要对Linux系统、网络配置和OpenStack架构有深入理解。遵循上述步骤,结合实际情况进行调整,可以成功地在VMware Workstation上搭建一个功能齐全的...
1.手动安装 liberty 版本 openstack 环境 2.手动安装 liberty 版本 openstack 环境(allinone)---安装数据库及 rabbitmq 3.手动安装liberty版本openstack环境(allinone)---安装keystone 4.手动安装 liberty 版本 ...
以上就是关于OpenStack M版本搭建的相关知识点,包括环境准备、网络配置、时间同步、软件包安装、数据库配置以及消息队列服务等内容。在实际部署过程中,还需要根据具体的业务需求和技术栈进行调整和优化。
根据提供的文档内容,本文将详细解析OpenStack Newton版本的安装步骤及所需进行的前期准备活动。OpenStack是一款开源的云计算管理平台项目,旨在为公共云和私有云提供可扩展的弹性计算服务。Newton版本是OpenStack的...
单实例 OpenStack 安装将所有基本功能(如计算、网络、存储和仪表板)安装在同一台机器上。 标签: OpenStack 安装 部分内容: 单实例 OpenStack 安装测试环境准备 在本次部署演示中,我们采用 CentOS 7 来部署一个...
### OpenStack Essex 版本安装指南 #### 一、OpenStack Essex 概览 OpenStack Essex 是 OpenStack 发展过程中的一个里程碑版本,发布于2012年4月5日,它标志着 OpenStack 从早期阶段步入了一个相对成熟的阶段。...
在Ubuntu 14.04上安装Openstack Kilo版本,是云计算领域工程师的一个重要实践,有助于了解并掌握Openstack这个开源云计算平台的搭建和使用。下面将详细介绍从系统安装到Openstack各个组件配置的全过程。 1. 安装...
以上内容为OpenStack Kilo版本的安装指南,涵盖了从准备环境到安装、配置、验证各个关键组件的完整流程。文档还提及了各个项目的官方安装手册,对于任何有兴趣深入学习OpenStack的初学者而言,这份安装文档有着重要...
根据提供的文件信息,本文将对OpenStack Ocata版本的安装进行全面深入地介绍,重点涵盖环境配置、公共服务安装、网络设置及必要的系统优化等关键步骤。 ### 环境综述 #### 控制端公共服务的准备 1. **DNS解析推荐...
里面详细讲述了openstack的安装过程,但是这个版本是关于openstack icehouse的安装
OpenStack Queens是OpenStack开源云平台的一个版本,发布于2018年,它提供了丰富的云计算功能和服务,包括计算、存储、网络等基础设施服务。在本文中,我们将深入探讨如何在CentOS 7环境下安装OpenStack Queens,...
openstack的k版安装,完整版英文版。