haoningabc
- 浏览: 1466147 次
- 性别:
- 来自: 北京
-
文章分类
- 全部博客 (691)
- linux (207)
- shell (33)
- java (42)
- 其他 (22)
- javascript (33)
- cloud (16)
- python (33)
- c (48)
- sql (12)
- 工具 (6)
- 缓存 (16)
- ubuntu (7)
- perl (3)
- lua (2)
- 超级有用 (2)
- 服务器 (2)
- mac (22)
- nginx (34)
- php (2)
- 内核 (2)
- gdb (13)
- ICTCLAS (2)
- mac android (0)
- unix (1)
- android (1)
- vim (1)
- epoll (1)
- ios (21)
- mysql (3)
- systemtap (1)
- 算法 (2)
- 汇编 (2)
- arm (3)
- 我的数据结构 (8)
- websocket (12)
- hadoop (5)
- thrift (2)
- hbase (1)
- graphviz (1)
- redis (1)
- raspberry (2)
- qemu (31)
- opencv (4)
- socket (1)
- opengl (1)
- ibeacons (1)
- emacs (6)
- openstack (24)
- docker (1)
- webrtc (11)
- angularjs (2)
- neutron (23)
- jslinux (18)
- 网络 (13)
- tap (9)
- tensorflow (8)
- nlu (4)
- asm.js (5)
- sip (3)
- xl2tp (5)
- conda (1)
- emscripten (6)
- ffmpeg (10)
- srt (1)
- wasm (5)
- bert (3)
- kaldi (4)
- 知识图谱 (1)
最新评论
-
wahahachuang8:
我喜欢代码简洁易读,服务稳定的推送服务,前段时间研究了一下go ...
websocket的helloworld -
q114687576:
http://www.blue-zero.com/WebSoc ...
websocket的helloworld -
zhaoyanzimm:
感谢您的分享,给我提供了很大的帮助,在使用过程中发现了一个问题 ...
nginx的helloworld模块的helloworld -
haoningabc:
leebyte 写道太NB了,期待早日用上Killinux!么 ...
qemu+emacs+gdb调试内核 -
leebyte:
太NB了,期待早日用上Killinux!
qemu+emacs+gdb调试内核
yum install centos-release-openstack-liberty -y
yum upgrade -y
yum install python-openstackclient openstack-selinux -y
#openstack命令用到的
cat /etc/hosts
127.0.0.1 localhost
192.168.139.70 xcontroller
192.168.139.71 xcompute
yum install mariadb mariadb-server MySQL-python -y
----------
/etc/my.cnf.d/mariadb_openstack.cnf
[mysqld]
bind-address = 10.0.0.11
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
# systemctl enable mariadb.service
# systemctl start mariadb.service
yum install rabbitmq-server -y
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
rabbitmqctl add_user openstack haoning
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'xcontroller' IDENTIFIED BY 'haoning';
flush privileges;
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcontroller 节点 BEGIN◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
■■■■■■■■■■■■■■■■■■keystone begin■■■■■■■■■■■■■■■■■■■■■■■■■■
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'xcontroller' IDENTIFIED BY 'haoning';
flush privileges;
yum install openstack-keystone httpd mod_wsgi memcached python-memcached -y
systemctl enable memcached.service
systemctl start memcached.service
------------------
/etc/keystone/keystone.conf
[DEFAULT]
admin_token = ADMIN_TOKEN
verbose = True
[database]
connection = mysql://keystone:haoning@xcontroller/keystone
[memcache]
servers = xcontroller:11211
[token]
provider = uuid
driver = memcache
[revoke]
driver = sql
su -s /bin/sh -c "keystone-manage db_sync" keystone
-----------------
/etc/httpd/conf/httpd.conf
ServerName xcontroller
----------
/etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
systemctl enable httpd.service
systemctl start httpd.service
export OS_TOKEN=ADMIN_TOKEN
export OS_URL=http://xcontroller:35357/v3
export OS_IDENTITY_API_VERSION=3
openstack service create --name keystone --description "OpenStack Identity" identity
openstack endpoint create --region wuhan identity public http://xcontroller:5000/v2.0
openstack endpoint create --region wuhan identity internal http://xcontroller:5000/v2.0
openstack endpoint create --region wuhan identity admin http://xcontroller:35357/v2.0
openstack project create --domain default --description "Admin Project" admin
openstack user create --domain default --password haoning admin
openstack role create admin
openstack role add --project admin --user admin admin
openstack project create --domain default --description "Service Project" service
#这个干啥用了?
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password haoning demo
openstack role create user
openstack role add --project demo --user demo user
---------------
###一下这段不使用也行 begin
/usr/share/keystone/keystone-dist-paste.ini
#For security reasons, disable the temporary authentication token mechanism:
#Edit the /usr/share/keystone/keystone-dist-paste.ini file and remove admin_token_auth from the [pipeline:public_api], [pipeline:admin_api], and [pipeline:api_v3] sections.
###一下这段不使用也行 end
unset OS_TOKEN OS_URL
openstack --os-auth-url http://xcontroller:35357/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name admin --os-username admin --os-auth-type password token issue
openstack --os-auth-url http://xcontroller:5000/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name demo --os-username demo --os-auth-type password token issue
----------
[root@xcontroller ~]# cat admin-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=haoning
export OS_AUTH_URL=http://xcontroller:35357/v3
export OS_IDENTITY_API_VERSION=3
[root@xcontroller ~]# cat demo-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=haoning
export OS_AUTH_URL=http://xcontroller:5000/v3
export OS_IDENTITY_API_VERSION=3
[root@xcontroller ~]#
source admin-openrc.sh
openstack token issue
openstack user list
■■■■■■■■■■■■■■■■■■keystone end■■■■■■■■■■■■■■■■■■■■■■■■■■
■■■■■■■■■■■■■■■■■■glance begin■■■■■■■■■■■■■■■■■■■■■■■■■■
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON keystone.* TO 'glance'@'xcontroller' IDENTIFIED BY 'haoning';
flush privileges;
openstack user create --domain default --password haoning glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image service" image
openstack endpoint create --region wuhan image public http://xcontroller:9292
openstack endpoint create --region wuhan image internal http://xcontroller:9292
openstack endpoint create --region wuhan image admin http://xcontroller:9292
yum install openstack-glance python-glance python-glanceclient -y
-------------------
/etc/glance/glance-api.conf
[database]
connection = mysql://glance:haoning@xcontroller/glance
[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = haoning
[paste_deploy]
flavor = keystone
#Comment out or remove any other options in the [keystone_authtoken] section.
[glance_store]
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[DEFAULT]
notification_driver = noop
verbose = True
-----------------------
/etc/glance/glance-registry.conf
[database]
connection = mysql://glance:haoning@xcontroller/glance
[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = haoning
[paste_deploy]
flavor = keystone
#Comment out or remove any other options in the [keystone_authtoken] section
[DEFAULT]
notification_driver = noop
verbose = True
su -s /bin/sh -c "glance-manage db_sync" glance
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service
echo "export OS_IMAGE_API_VERSION=2" | tee -a admin-openrc.sh demo-openrc.sh
source admin-openrc.sh
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
glance image-create --name "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility public --progress
$ glance image-list
■■■■■■■■■■■■■■■■■■glance end■■■■■■■■■■■■■■■■■■■■■■■■■■
■■■■■■■■■■■■■■■■■■nova begin■■■■■■■■■■■■■■■■■■■■■■■■■■
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'xcontroller' IDENTIFIED BY 'haoning';
flush privileges;
openstack user create --domain default --password haoning nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region wuhan compute public http://xcontroller:8774/v2/%\(tenant_id\)s
openstack endpoint create --region wuhan compute internal http://xcontroller:8774/v2/%\(tenant_id\)s
openstack endpoint create --region wuhan compute admin http://xcontroller:8774/v2/%\(tenant_id\)s
yum install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient -y
---------------------------
/etc/nova/nova.conf
[database]
connection = mysql://nova:haoning@xcontroller/nova
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = xcontroller
rabbit_userid = openstack
rabbit_password = haoning
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = haoning
#Comment out or remove any other options in the [keystone_authtoken] section.
[DEFAULT]
my_ip = 192.168.139.70
[DEFAULT]
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
host = xcontroller
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[DEFAULT]
enabled_apis=osapi_compute,metadata
[DEFAULT]
verbose = True
su -s /bin/sh -c "nova-manage db sync" nova
systemctl enable openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcontroller 节点 END◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcompute 节点 BEGIN◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
yum install openstack-nova-compute sysfsutils -y
----------/etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = xcontroller
rabbit_userid = openstack
rabbit_password = haoning
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = haoning
#Comment out or remove any other options in the [keystone_authtoken] section.
[DEFAULT]
my_ip = 192.168.139.71
#Replace MANAGEMENT_INTERFACE_IP_ADDRESS with the IP address of the management network interface on your compute node, typically 10.0.0.31 for the first node in the example architecture.
[DEFAULT]
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://xcontroller:6080/vnc_auto.html
#If the web browser to access remote consoles resides on a host that cannot resolve the controller hostname, you must replace controller with the management interface IP address of the controller node.
[glance]
host = xcontroller
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[DEFAULT]
verbose = True
[libvirt]
#virt_type = qemu
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
nova service-list
nova endpoints
nova hypervisor-stats
nova image-list
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcompute 节点 END◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
■■■■■■■■■■■■■■■■■■nova end■■■■■■■■■■■■■■■■■■■■■■■■■■
■■■■■■■■■■■■■■■■■■neutron begin■■■■■■■■■■■■■■■■■■■■■■■■■■
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcontroller 节点 END◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'xcontroller' IDENTIFIED BY 'haoning';
flush privileges;
openstack user create --domain default --password haoning neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region wuhan network public http://xcontroller:9696
openstack endpoint create --region wuhan network internal http://xcontroller:9696
openstack endpoint create --region wuhan network admin http://xcontroller:9696
★★★★★★★★★★Networking Option 2: Self-service networks begin★★★★★★★★★★★★★★★
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset -y
-----------------------
/etc/neutron/neutron.conf
[database]
connection = mysql://neutron:haoning@xcontroller/neutron
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = xcontroller
rabbit_userid = openstack
rabbit_password = haoning
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = haoning
#Comment out or remove any other options in the [keystone_authtoken] section.
[DEFAULT]
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://xcontroller:8774/v2
[nova]
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = wuhan
project_name = service
username = nova
password = haoning
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[DEFAULT]
verbose = True
-------------------------
/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
[ml2]
tenant_network_types = vxlan
[ml2]
mechanism_drivers = linuxbridge,l2population
[ml2]
extension_drivers = port_security
[ml2_type_flat]
flat_networks = public
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = True
--------------
/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = public:eth0
#physical_interface_mappings = public:PUBLIC_INTERFACE_NAME
#Replace PUBLIC_INTERFACE_NAME with the name of the underlying physical public network interface.
[vxlan]
enable_vxlan = True
local_ip = 192.168.139.70
l2_population = True
#local_ip = OVERLAY_INTERFACE_IP_ADDRESS
#Replace OVERLAY_INTERFACE_IP_ADDRESS with the IP address of the underlying physical network interface that handles overlay networks. T
#he example architecture uses the management interface to tunnel traffic to the other nodes. Therefore, replace OVERLAY_INTERFACE_IP_ADDRESS with each node’s own management IP address.
[agent]
prevent_arp_spoofing = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
--------------------------------------------
/etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =
#The external_network_bridge option intentionally lacks a value to enable multiple external networks on a single agent.
[DEFAULT]
verbose = True
-----------------
/etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
[DEFAULT]
verbose = True
[DEFAULT]
dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf
----------------
echo "dhcp-option-force=26,1450" > /etc/neutron/dnsmasq-neutron.conf
★★★★★★★★★★Networking Option 2: Self-service networks end★★★★★★★★★★★★★★★
---------------------
/etc/neutron/metadata_agent.ini
[DEFAULT]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_region = wuhan
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = haoning
####★★★★★★★★★★★★★★去掉其他的配置,在这里有一堆
# Show debugging output in log (sets DEBUG log level output)
# debug = True
# The Neutron user information for accessing the Neutron API.
#auth_url = http://localhost:5000/v2.0
#auth_region = RegionOne
## Turn off verification of the certificate for ssl
## auth_insecure = False
## Certificate Authority public key (CA cert) file for ssl
## auth_ca_cert =
#admin_tenant_name = %SERVICE_TENANT_NAME%
#admin_user = %SERVICE_USER%
#admin_password = %SERVICE_PASSWORD%
[DEFAULT]
nova_metadata_ip = xcontroller
[DEFAULT]
metadata_proxy_shared_secret = METADATA_SECRET
[DEFAULT]
verbose = True
----------------------
/etc/nova/nova.conf
[neutron]
url = http://xcontroller:9696
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = wuhan
project_name = service
username = neutron
password = haoning
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET
####Finalize installation
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service
neutron agent-list
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcontroller 节点 END◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcompute 节点 begin◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
-------------------------------
/etc/neutron/neutron.conf
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = xcontroller
rabbit_userid = openstack
rabbit_password = haoning
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = haoning
#★★★★★★有一些多余的东西需要去掉
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[DEFAULT]
verbose = True
-------------------
/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = public:eth0
#Replace PUBLIC_INTERFACE_NAME with the name of the underlying physical public network interface.
[vxlan]
enable_vxlan = True
local_ip = 192.168.139.71
l2_population = True
#Replace OVERLAY_INTERFACE_IP_ADDRESS with the IP address of the underlying physical network interface that handles overlay networks.
#The example architecture uses the management interface to tunnel traffic to the other nodes. Therefore, replace OVERLAY_INTERFACE_IP_ADDRESS with each node’s own management IP address.
[agent]
prevent_arp_spoofing = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
-------------/etc/nova/nova.conf
[neutron]
url = http://xcontroller:9696
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = wuhan
project_name = service
username = neutron
password = haoning
systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
neutron ext-list
neutron agent-list
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcompute 节点 end◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
■■■■■■■■■■■■■■■■■■neutron end■■■■■■■■■■■■■■■■■■■■■■■■■■
补丁:
https://review.openstack.org/#/c/258493/1/neutron/agent/linux/ip_lib.py
#---建立一个vm
########public#########
neutron net-create public --shared --provider:physical_network public --provider:network_type flat
#neutron subnet-create public PUBLIC_NETWORK_CIDR --name public --allocation-pool start=START_IP_ADDRESS,end=END_IP_ADDRESS --dns-nameserver DNS_RESOLVER --gateway PUBLIC_NETWORK_GATEWAY
neutron subnet-create public 192.168.142.0/20 --name public --allocation-pool start=192.168.142.180,end=192.168.142.200 --dns-nameserver 8.8.4.4 --gateway 192.168.128.1
###########private######################
neutron net-create private
#neutron subnet-create private PRIVATE_NETWORK_CIDR --name private --dns-nameserver DNS_RESOLVER --gateway PRIVATE_NETWORK_GATEWAY
neutron subnet-create private 172.16.1.0/24 --name private --dns-nameserver 8.8.4.4 --gateway 172.16.1.1
#Add the router: external option to the public provider network:
neutron net-update public --router:external
neutron router-create router
neutron router-list
neutron router-interface-add router private
neutron router-gateway-set router public
ip netns
neutron router-port-list router
ping -c 4 192.168.142.181
ssh-keygen -q -N ""
nova keypair-add --pub-key ~/.ssh/id_rsa.pub mykey
nova keypair-list
nova secgroup-list
nova secgroup-list-rules default
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
nova flavor-list
nova image-list
neutron net-list
nova secgroup-list
#nova boot --flavor m1.tiny --image cirros --nic net-id=PRIVATE_NET_ID --security-group default --key-name mykey private-instance
#nova boot --flavor m1.tiny --image cirros --nic net-id=c273f3dc-a567-4e4a-8473-0ecaa3587ec7 --security-group default --key-name mykey private-instance
nova list
#Add security group rules
nova boot --flavor m1.tiny --image cirros --nic net-id=c273f3dc-a567-4e4a-8473-0ecaa3587ec7 --security-group default --key-name mykey private-instance
nova list
nova get-vnc-console private-instance novnc
neutron floatingip-create public
nova floating-ip-associate private-instance 192.168.142.182
ssh cirros@192.168.142.182
不用密码登陆
http://docs.openstack.org/liberty/install-guide-rdo/launch-instance-private.html
yum upgrade -y
yum install python-openstackclient openstack-selinux -y
#openstack命令用到的
cat /etc/hosts
127.0.0.1 localhost
192.168.139.70 xcontroller
192.168.139.71 xcompute
yum install mariadb mariadb-server MySQL-python -y
----------
/etc/my.cnf.d/mariadb_openstack.cnf
[mysqld]
bind-address = 10.0.0.11
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
# systemctl enable mariadb.service
# systemctl start mariadb.service
yum install rabbitmq-server -y
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
rabbitmqctl add_user openstack haoning
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'xcontroller' IDENTIFIED BY 'haoning';
flush privileges;
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcontroller 节点 BEGIN◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
■■■■■■■■■■■■■■■■■■keystone begin■■■■■■■■■■■■■■■■■■■■■■■■■■
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'xcontroller' IDENTIFIED BY 'haoning';
flush privileges;
yum install openstack-keystone httpd mod_wsgi memcached python-memcached -y
systemctl enable memcached.service
systemctl start memcached.service
------------------
/etc/keystone/keystone.conf
[DEFAULT]
admin_token = ADMIN_TOKEN
verbose = True
[database]
connection = mysql://keystone:haoning@xcontroller/keystone
[memcache]
servers = xcontroller:11211
[token]
provider = uuid
driver = memcache
[revoke]
driver = sql
su -s /bin/sh -c "keystone-manage db_sync" keystone
-----------------
/etc/httpd/conf/httpd.conf
ServerName xcontroller
----------
/etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
systemctl enable httpd.service
systemctl start httpd.service
export OS_TOKEN=ADMIN_TOKEN
export OS_URL=http://xcontroller:35357/v3
export OS_IDENTITY_API_VERSION=3
openstack service create --name keystone --description "OpenStack Identity" identity
openstack endpoint create --region wuhan identity public http://xcontroller:5000/v2.0
openstack endpoint create --region wuhan identity internal http://xcontroller:5000/v2.0
openstack endpoint create --region wuhan identity admin http://xcontroller:35357/v2.0
openstack project create --domain default --description "Admin Project" admin
openstack user create --domain default --password haoning admin
openstack role create admin
openstack role add --project admin --user admin admin
openstack project create --domain default --description "Service Project" service
#这个干啥用了?
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password haoning demo
openstack role create user
openstack role add --project demo --user demo user
---------------
###一下这段不使用也行 begin
/usr/share/keystone/keystone-dist-paste.ini
#For security reasons, disable the temporary authentication token mechanism:
#Edit the /usr/share/keystone/keystone-dist-paste.ini file and remove admin_token_auth from the [pipeline:public_api], [pipeline:admin_api], and [pipeline:api_v3] sections.
###一下这段不使用也行 end
unset OS_TOKEN OS_URL
openstack --os-auth-url http://xcontroller:35357/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name admin --os-username admin --os-auth-type password token issue
openstack --os-auth-url http://xcontroller:5000/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name demo --os-username demo --os-auth-type password token issue
----------
[root@xcontroller ~]# cat admin-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=haoning
export OS_AUTH_URL=http://xcontroller:35357/v3
export OS_IDENTITY_API_VERSION=3
[root@xcontroller ~]# cat demo-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=haoning
export OS_AUTH_URL=http://xcontroller:5000/v3
export OS_IDENTITY_API_VERSION=3
[root@xcontroller ~]#
source admin-openrc.sh
openstack token issue
openstack user list
■■■■■■■■■■■■■■■■■■keystone end■■■■■■■■■■■■■■■■■■■■■■■■■■
■■■■■■■■■■■■■■■■■■glance begin■■■■■■■■■■■■■■■■■■■■■■■■■■
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON keystone.* TO 'glance'@'xcontroller' IDENTIFIED BY 'haoning';
flush privileges;
openstack user create --domain default --password haoning glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image service" image
openstack endpoint create --region wuhan image public http://xcontroller:9292
openstack endpoint create --region wuhan image internal http://xcontroller:9292
openstack endpoint create --region wuhan image admin http://xcontroller:9292
yum install openstack-glance python-glance python-glanceclient -y
-------------------
/etc/glance/glance-api.conf
[database]
connection = mysql://glance:haoning@xcontroller/glance
[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = haoning
[paste_deploy]
flavor = keystone
#Comment out or remove any other options in the [keystone_authtoken] section.
[glance_store]
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[DEFAULT]
notification_driver = noop
verbose = True
-----------------------
/etc/glance/glance-registry.conf
[database]
connection = mysql://glance:haoning@xcontroller/glance
[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = haoning
[paste_deploy]
flavor = keystone
#Comment out or remove any other options in the [keystone_authtoken] section
[DEFAULT]
notification_driver = noop
verbose = True
su -s /bin/sh -c "glance-manage db_sync" glance
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service
echo "export OS_IMAGE_API_VERSION=2" | tee -a admin-openrc.sh demo-openrc.sh
source admin-openrc.sh
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
glance image-create --name "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility public --progress
$ glance image-list
■■■■■■■■■■■■■■■■■■glance end■■■■■■■■■■■■■■■■■■■■■■■■■■
■■■■■■■■■■■■■■■■■■nova begin■■■■■■■■■■■■■■■■■■■■■■■■■■
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'xcontroller' IDENTIFIED BY 'haoning';
flush privileges;
openstack user create --domain default --password haoning nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region wuhan compute public http://xcontroller:8774/v2/%\(tenant_id\)s
openstack endpoint create --region wuhan compute internal http://xcontroller:8774/v2/%\(tenant_id\)s
openstack endpoint create --region wuhan compute admin http://xcontroller:8774/v2/%\(tenant_id\)s
yum install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient -y
---------------------------
/etc/nova/nova.conf
[database]
connection = mysql://nova:haoning@xcontroller/nova
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = xcontroller
rabbit_userid = openstack
rabbit_password = haoning
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = haoning
#Comment out or remove any other options in the [keystone_authtoken] section.
[DEFAULT]
my_ip = 192.168.139.70
[DEFAULT]
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
host = xcontroller
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[DEFAULT]
enabled_apis=osapi_compute,metadata
[DEFAULT]
verbose = True
su -s /bin/sh -c "nova-manage db sync" nova
systemctl enable openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcontroller 节点 END◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcompute 节点 BEGIN◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
yum install openstack-nova-compute sysfsutils -y
----------/etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = xcontroller
rabbit_userid = openstack
rabbit_password = haoning
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = haoning
#Comment out or remove any other options in the [keystone_authtoken] section.
[DEFAULT]
my_ip = 192.168.139.71
#Replace MANAGEMENT_INTERFACE_IP_ADDRESS with the IP address of the management network interface on your compute node, typically 10.0.0.31 for the first node in the example architecture.
[DEFAULT]
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://xcontroller:6080/vnc_auto.html
#If the web browser to access remote consoles resides on a host that cannot resolve the controller hostname, you must replace controller with the management interface IP address of the controller node.
[glance]
host = xcontroller
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[DEFAULT]
verbose = True
[libvirt]
#virt_type = qemu
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
nova service-list
nova endpoints
nova hypervisor-stats
nova image-list
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcompute 节点 END◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
■■■■■■■■■■■■■■■■■■nova end■■■■■■■■■■■■■■■■■■■■■■■■■■
■■■■■■■■■■■■■■■■■■neutron begin■■■■■■■■■■■■■■■■■■■■■■■■■■
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcontroller 节点 END◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'haoning';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'xcontroller' IDENTIFIED BY 'haoning';
flush privileges;
openstack user create --domain default --password haoning neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region wuhan network public http://xcontroller:9696
openstack endpoint create --region wuhan network internal http://xcontroller:9696
openstack endpoint create --region wuhan network admin http://xcontroller:9696
★★★★★★★★★★Networking Option 2: Self-service networks begin★★★★★★★★★★★★★★★
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset -y
-----------------------
/etc/neutron/neutron.conf
[database]
connection = mysql://neutron:haoning@xcontroller/neutron
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = xcontroller
rabbit_userid = openstack
rabbit_password = haoning
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = haoning
#Comment out or remove any other options in the [keystone_authtoken] section.
[DEFAULT]
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://xcontroller:8774/v2
[nova]
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = wuhan
project_name = service
username = nova
password = haoning
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[DEFAULT]
verbose = True
-------------------------
/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
[ml2]
tenant_network_types = vxlan
[ml2]
mechanism_drivers = linuxbridge,l2population
[ml2]
extension_drivers = port_security
[ml2_type_flat]
flat_networks = public
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = True
--------------
/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = public:eth0
#physical_interface_mappings = public:PUBLIC_INTERFACE_NAME
#Replace PUBLIC_INTERFACE_NAME with the name of the underlying physical public network interface.
[vxlan]
enable_vxlan = True
local_ip = 192.168.139.70
l2_population = True
#local_ip = OVERLAY_INTERFACE_IP_ADDRESS
#Replace OVERLAY_INTERFACE_IP_ADDRESS with the IP address of the underlying physical network interface that handles overlay networks. T
#he example architecture uses the management interface to tunnel traffic to the other nodes. Therefore, replace OVERLAY_INTERFACE_IP_ADDRESS with each node’s own management IP address.
[agent]
prevent_arp_spoofing = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
--------------------------------------------
/etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =
#The external_network_bridge option intentionally lacks a value to enable multiple external networks on a single agent.
[DEFAULT]
verbose = True
-----------------
/etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
[DEFAULT]
verbose = True
[DEFAULT]
dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf
----------------
echo "dhcp-option-force=26,1450" > /etc/neutron/dnsmasq-neutron.conf
★★★★★★★★★★Networking Option 2: Self-service networks end★★★★★★★★★★★★★★★
---------------------
/etc/neutron/metadata_agent.ini
[DEFAULT]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_region = wuhan
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = haoning
####★★★★★★★★★★★★★★去掉其他的配置,在这里有一堆
# Show debugging output in log (sets DEBUG log level output)
# debug = True
# The Neutron user information for accessing the Neutron API.
#auth_url = http://localhost:5000/v2.0
#auth_region = RegionOne
## Turn off verification of the certificate for ssl
## auth_insecure = False
## Certificate Authority public key (CA cert) file for ssl
## auth_ca_cert =
#admin_tenant_name = %SERVICE_TENANT_NAME%
#admin_user = %SERVICE_USER%
#admin_password = %SERVICE_PASSWORD%
[DEFAULT]
nova_metadata_ip = xcontroller
[DEFAULT]
metadata_proxy_shared_secret = METADATA_SECRET
[DEFAULT]
verbose = True
----------------------
/etc/nova/nova.conf
[neutron]
url = http://xcontroller:9696
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = wuhan
project_name = service
username = neutron
password = haoning
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET
####Finalize installation
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service
neutron agent-list
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcontroller 节点 END◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcompute 节点 begin◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
-------------------------------
/etc/neutron/neutron.conf
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = xcontroller
rabbit_userid = openstack
rabbit_password = haoning
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://xcontroller:5000
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = haoning
#★★★★★★有一些多余的东西需要去掉
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[DEFAULT]
verbose = True
-------------------
/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = public:eth0
#Replace PUBLIC_INTERFACE_NAME with the name of the underlying physical public network interface.
[vxlan]
enable_vxlan = True
local_ip = 192.168.139.71
l2_population = True
#Replace OVERLAY_INTERFACE_IP_ADDRESS with the IP address of the underlying physical network interface that handles overlay networks.
#The example architecture uses the management interface to tunnel traffic to the other nodes. Therefore, replace OVERLAY_INTERFACE_IP_ADDRESS with each node’s own management IP address.
[agent]
prevent_arp_spoofing = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
-------------/etc/nova/nova.conf
[neutron]
url = http://xcontroller:9696
auth_url = http://xcontroller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = wuhan
project_name = service
username = neutron
password = haoning
systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
neutron ext-list
neutron agent-list
◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆xcompute 节点 end◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆◆
■■■■■■■■■■■■■■■■■■neutron end■■■■■■■■■■■■■■■■■■■■■■■■■■
补丁:
https://review.openstack.org/#/c/258493/1/neutron/agent/linux/ip_lib.py
#---建立一个vm
########public#########
neutron net-create public --shared --provider:physical_network public --provider:network_type flat
#neutron subnet-create public PUBLIC_NETWORK_CIDR --name public --allocation-pool start=START_IP_ADDRESS,end=END_IP_ADDRESS --dns-nameserver DNS_RESOLVER --gateway PUBLIC_NETWORK_GATEWAY
neutron subnet-create public 192.168.142.0/20 --name public --allocation-pool start=192.168.142.180,end=192.168.142.200 --dns-nameserver 8.8.4.4 --gateway 192.168.128.1
###########private######################
neutron net-create private
#neutron subnet-create private PRIVATE_NETWORK_CIDR --name private --dns-nameserver DNS_RESOLVER --gateway PRIVATE_NETWORK_GATEWAY
neutron subnet-create private 172.16.1.0/24 --name private --dns-nameserver 8.8.4.4 --gateway 172.16.1.1
#Add the router: external option to the public provider network:
neutron net-update public --router:external
neutron router-create router
neutron router-list
neutron router-interface-add router private
neutron router-gateway-set router public
ip netns
neutron router-port-list router
ping -c 4 192.168.142.181
ssh-keygen -q -N ""
nova keypair-add --pub-key ~/.ssh/id_rsa.pub mykey
nova keypair-list
nova secgroup-list
nova secgroup-list-rules default
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
nova flavor-list
nova image-list
neutron net-list
nova secgroup-list
#nova boot --flavor m1.tiny --image cirros --nic net-id=PRIVATE_NET_ID --security-group default --key-name mykey private-instance
#nova boot --flavor m1.tiny --image cirros --nic net-id=c273f3dc-a567-4e4a-8473-0ecaa3587ec7 --security-group default --key-name mykey private-instance
nova list
#Add security group rules
nova boot --flavor m1.tiny --image cirros --nic net-id=c273f3dc-a567-4e4a-8473-0ecaa3587ec7 --security-group default --key-name mykey private-instance
nova list
nova get-vnc-console private-instance novnc
neutron floatingip-create public
nova floating-ip-associate private-instance 192.168.142.182
ssh cirros@192.168.142.182
不用密码登陆
http://docs.openstack.org/liberty/install-guide-rdo/launch-instance-private.html
分享到:
发表评论
-
br0和tap0的互相影响
2019-01-02 19:17 800转载 http://www.cnblogs.com/wlei/ ... -
M版openstack(ovs,dvr,动态迁移)
2017-06-09 10:30 1775主要内容 1.先搭建三个节点的环境,dvr模式 2.建一个vm ... -
M版本的openstack的例子(linuxbridge)
2017-05-23 15:05 547做两个节点控制节点和计算节点 mcontroller521 ... -
openstack的topo图
2016-09-07 14:07 617http://haoningabc.iteye.com/blo ... -
openstack的M版本的neutron的实验
2016-09-01 20:00 3103试验步骤: 1.创建内部 ... -
openstack的M版本安装
2016-08-17 13:33 1051参考 http://docs.openstack.org/mi ... -
linux下TUN/TAP虚拟网卡的使用
2016-03-31 18:46 4871tun在网络层 tap在二层 ls ... -
openstack L版本(openvswitch的安装和应用)
2016-03-24 15:04 3011参考L版本的linuxbridge的安装方式 和k版本的ov ... -
backup a libvirt xml
2016-03-18 21:23 553<domain type='kvm' id='2'> ... -
neutron router试验
2016-03-17 20:41 956上接 http://haoningabc.iteye.com/ ... -
openstack L版本(使用linux bridge的vxlan)
2016-03-12 23:35 2368参考 http://docs.openstack.org/li ... -
openstack的L版本安装(flat网络)
2016-03-07 17:55 957参考http://docs.openstack.org ... -
openstack调试 数据库跟踪
2016-03-04 18:07 702查看openstack代码 openstack每个命令之后,数 ... -
使用devstack安装magnum
2015-11-18 21:22 1416在redhat6.5上建立个centos7的虚拟机,使用cen ... -
openstack 快速安装笔记
2015-07-19 15:21 1282前提是要配置好yum源 版本icehouse,操作系统redh ... -
openstack安装笔记 nova (未完成)(七)
2015-02-05 18:15 1145编辑 /etc/sysconfig/iptables ... -
openstack安装笔记 Neutron(未完成)(六)
2015-02-05 18:10 791验证 keystone role-list keysto ... -
openstack安装笔记 Horizon(五)
2015-02-04 16:08 2020适用的django 导入key cd /var/www/ht ... -
openstack安装笔记 swift(四)
2015-02-04 14:54 3022所有的安装都是yum 改配置 在keystone库中写serv ... -
openstack安装笔记 环境(零)
2015-02-04 12:18 1038在mac上用vmware rhel6.5 搭建openstac ...
相关推荐
openstack Newton vxlan模型搭建N版,亲测有效;手动搭建分布式OpenStack Newton vxlan模式v1.0
"OpenStack 使用 Linux Bridge+VXLAN 模式的网络变化与分析" OpenStack 是一个开源的云计算平台,提供了丰富的网络功能,以满足不同的应用场景。其中,Neutron 是 OpenStack 的网络组件,负责管理和维护网络资源。...
手动搭建分布式Openstack Mitaka vxlan模式。。。。。。
openstack使用openvswitch实现vxlan,分享给大家,具体如下: openstack环境: 1 版本:ocata 2 系统:ubuntu16.04.2 3 控制节点 1个 + 计算节点 1个 4 控制节点网卡为ens33,ip = 172.171.5.200 ens34 manual模式 ...
在探讨OpenStack中使用Linux Bridge实现VXLAN网络的过程中,我们将涉及以下几个方面的知识点: 1. OpenStack环境部署和网络组件 OpenStack版本为ocata,系统采用Ubuntu 16.04.2,部署了一个控制节点和一个计算节点...
本文章为手工搭建的openstack 一、环境准备 1. 前提准备 安装vmware workstation12.5.0,虚拟出三台配置至少CPU 4c MEM 4G的虚拟机 Controller节点和Compute节点配置: CPU:4c MEM:4G Disk:200G Network: 3 (eth0 ...
CentOS6.3下制作可以在OpenStack运行的Linux系统模版
该文档来自OpenStack Days China 2016。UnitedStack有云高级软件工程师王为发表的题为“VXLAN在OpenStack企业网实践” 的主题演讲,欢迎下载!
Linux网桥在OpenStack云计算平台中的应用是一项重要的网络虚拟化技术。在OpenStack中,网桥被用来桥接物理网络接口和虚拟机,或者多个虚拟机之间的网络通信。理解Linux网桥的原理和工作机制对于深入理解OpenStack的...
同时,了解云计算的基本概念,如虚拟化技术(如KVM)、网络模型(如VXLAN)和分布式存储原理,将有助于深入理解和操作OpenStack。 在实际应用中,OpenStack可以与许多其他开源工具集成,如Docker容器、Kubernetes...
VXLAN,全称Virtual eXtensible ...在Neutron等OpenStack组件中,VXLAN被广泛用于构建大规模、灵活的云网络环境。在后续的学习中,我们会深入探讨如何在Neutron中配置和应用VXLAN,以实现虚拟网络的动态管理和扩展。
OpenStack Installation Guide for Red Hat Enterprise Linux, CentOS, and Fedora: The OpenStack® system consists of several key projects that you install separately but that work together depending on ...
OpenStack是一个开源的云计算管理平台项目,是一系列软件开源项目的组合。由NASA(美国国家航空航天局)和Rackspace合作研发并发起,以Apache许可证(Apache软件基金会发布的一个...
官方离线安装包,亲测可用
官方离线安装包,测试可用。使用rpm -ivh [rpm完整包名] 进行安装
本篇主要讲述了如何制作和定制Linux镜像,以适应OpenStack环境。 首先,对于OpenStack的新手来说,了解Glance是非常重要的。Glance是OpenStack的镜像服务,它负责存储、检索和管理虚拟机镜像。在OpenStack中,我们...
Ubuntu是最早支持OpenStack的Linux发行版之一,从11.04版本开始,Ubuntu提供了官方的OpenStack云镜像和工具,简化了OpenStack的部署和管理。 在网络服务领域,思科系统的加入为OpenStack带来了强大的网络功能。思科...