主机环境

VMware Workstation Pro搭建的两个虚拟机

1
2
controller  10.2.2.3  Centos 8.2
compute 10.2.2.4 Centos 8.2

配置相关源和环境(控制节点、计算节点)

阿里源镜像

base

1
2
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo

epel

1
2
3
4
yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
sed -i 's|^#baseurl=https://download.fedoraproject.org/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
yum makecache

安装pip阿里源

mkdir ~/.pip
vim ~/.pip/pip.conf

1
2
3
4
5
[global]
index-url = https://mirrors.aliyun.com/pypi/simple/

[install]
trusted-host=mirrors.aliyun.com

安装常用程序

1
yum install -y vim wget chrony git

安装zsh(可省略)

1
2
3
4
5
6
yum install -y zsh
chsh -s /bin/zsh
git clone git://github.com/robbyrussell/oh-my-zsh.git ~/.oh-my-zsh
cp ~/.oh-my-zsh/templates/zshrc.zsh-template ~/.zshrc
echo "PROMPT=%m\ \$PROMPT" >> .zshrc
zsh

修改hosts文件

vim /etc/hosts

1
2
10.2.2.3 controller
10.2.2.4 compute

关闭防火墙、SElinux

1
2
3
systemctl stop firewalld.service
systemctl disable firewalld.service
setenforce 0

vim /etc/selinux/config

1
SELINUX=disabled

配置时间同步(控制节点、计算节点)

控制节点

vim /etc/chrony.conf

1
2
3
4
pool ntp1.aliyun.com iburst
pool time1.cloud.tencent.com iburst

allow 10.2.2.0/24
1
2
systemctl enable chronyd
systemctl restart chronyd

计算节点

vim /etc/chrony.conf

1
2
# 只留这个
pool controller iburst
1
2
3
4
systemctl enable chronyd
systemctl restart chronyd
chronyc sources
# 提示^* controller...则为同步成功

安装OpenStack包(控制节点、计算节点)

安装OpenStack阿里源镜像

vim /etc/yum.repos.d/Openstack-Ussuri.repo

1
2
3
4
5
[oepnstack]
name=Openstack-Ussuri
baseurl=https://mirrors.aliyun.com/centos/8/cloud/x86_64/openstack-ussuri/
enabled=1
gpgcheck=0
1
yum makecache

安装OpenStack包

1
2
yum install -y centos-release-openstack-ussuri
yum config-manager --set-enabled PowerTools

安装rdo库

1
yum install -y https://www.rdoproject.org/repos/rdo-release.el8.rpm

升级所有节点上的包

1
2
3
yum upgrade
# 重启
reboot

安装OpenStack客户端

1
yum install -y python3-openstackclient

安装openstack-selinux

1
yum install -y openstack-selinux

安装数据库(控制节点)

1
yum install -y mariadb mariadb-server python2-PyMySQL

vim /etc/my.cnf.d/mariadb-server.cnf

1
2
3
4
5
6
7
8
[mysqld]
bind-address = 10.2.2.3

default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
1
systemctl enable --now mariadb.service

初始化mariadb

1
mysql_secure_installation

允许远程登录

1
mysql -u root -p
1
2
3
use mysql
update user set host = '%' where user = 'root' and host='localhost';
flush privileges;

安装Message queue(控制节点)

1
2
3
4
5
6
yum install -y rabbitmq-server
systemctl enable --now rabbitmq-server.service
# 添加用户
rabbitmqctl add_user openstack RABBIT_PASS // 自定义密码
# 允许用户openstack进行配置、写入和读取访问
rabbitmqctl set_permissions openstack ".*" ".*" ".*"

安装Memcached(控制节点)

1
yum install -y memcached python3-memcached

vim /etc/sysconfig/memcached

1
OPTIONS="-l 127.0.0.1,::1,controller"
1
systemctl enable --now memcached.service

安装Etcd(控制节点)

1
yum install -y etcd

vim /etc/etcd/etcd.conf

1
2
3
4
5
6
7
8
9
10
11
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://10.2.2.3:2380"
ETCD_LISTEN_CLIENT_URLS="http://10.2.2.3:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.2.2.3:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://10.2.2.3:2379"
ETCD_INITIAL_CLUSTER="controller=http://10.2.2.3:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
1
systemctl enable --now etcd

安装Keystone模块(控制节点)

配置数据库

1
mysql -u root -p
1
2
3
4
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS'; // 自定义密码
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS'; // 自定义密码
flush privileges;

安装

1
yum install -y openstack-keystone httpd python3-mod_wsgi

修改keystone.conf

vim /etc/keystone/keystone.conf

1
2
3
4
5
6
7
8
在573行
[database]
# ...
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone // 自定义密码
在2446行
[token]
# ...
provider = fernet
1
su -s /bin/sh -c "keystone-manage db_sync" keystone

初始化

1
2
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

引导认证服务

1
2
3
4
5
keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne // 自定义密码

编辑/etc/httpd/conf/httpd.conf

vim /etc/httpd/conf/httpd.conf

1
2
在98行
ServerName controller

链接配置文件

1
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

开起httpd服务

1
systemctl enable --now httpd.service

导入环境 (这个为了方便设置的全局变量,后面可单独设置)

1
2
3
4
5
6
7
8
echo "export OS_USERNAME=admin" >> /etc/profile
echo "export OS_PASSWORD=ADMIN_PASS" >> /etc/profile // 自定义密码
echo "export OS_PROJECT_NAME=admin" >> /etc/profile
echo "export OS_USER_DOMAIN_NAME=Default" >> /etc/profile
echo "export OS_PROJECT_DOMAIN_NAME=Default" >> /etc/profile
echo "export OS_AUTH_URL=http://controller:5000/v3" >> /etc/profile
echo "export OS_IDENTITY_API_VERSION=3" >> /etc/profile
source /etc/profile

创建域和用户

1
2
3
4
5
6
7
8
9
10
11
12
#创建Domain
openstack domain create --description "An Example Domain" example
# 创建服务:Service Project
openstack project create --domain default --description "Service Project" service
# 创建项目:Demo Project
openstack project create --domain default --description "Demo Project" myproject
# 创建用户:myuser
openstack user create --domain default --password-prompt myuser
# 创建角色:myrole
openstack role create myrole
# 将角色添加到项目和用户
openstack role add --project myproject --user myuser myrole

取消设置临时变量和环境变量

1
unset OS_AUTH_URL OS_PASSWORD

使用admin认证

1
2
3
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue

使用myuser认证

1
2
3
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name myproject --os-username myuser token issue

分别创建admin和myuser的环境变量

vim ~/admin-openrc

1
2
3
4
5
6
7
8
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS // 自定义密码
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

vim ~/demo-openrc

1
2
3
4
5
6
7
8
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=DEMO_PASS // 自定义密码
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

使用办法

1
2
3
. ~/admin-openrc
验证
openstack token issue

安装Glance模块 (控制节点)

配置数据库

1
mysql -u root -p
1
2
3
4
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS'; // 自定义密码
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS'; // 自定义密码
flush privileges;

创建用户和项目

1
2
3
4
5
6
7
8
9
10
11
12
# 使用. admin-openrc认证
. ~/admin-openrc
# 创建glance用户
openstack user create --domain default --password-prompt glance
# 将角色添加到用户和项目
openstack role add --project service --user glance admin
# 创建服务实体:glance
openstack service create --name glance --description "OpenStack Image" image
# 创建镜像服务
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292

安装glance

1
yum install -y openstack-glance

vim /etc/glance/glance-api.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# 在2061行
[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance // 自定义密码

# 在3412行
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images

# 在5035行
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS // 自定义密码

# 在5687行
[paste_deploy]
flavor = keystone

填充数据库

1
su -s /bin/sh -c "glance-manage db_sync" glance

启动服务

1
systemctl enable --now openstack-glance-api.service

验证

1
2
3
4
5
6
7
8
9
10
. ~/admin-openrc
wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img

# 上传到镜像
glance image-create --name "cirros" \
--file cirros-0.4.0-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--visibility=public
# 确认图像的上传并验证属性
glance image-list

安装Placement模块(控制节点)

安装数据库环境

1
mysql -uroot -p
1
2
3
CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'PLACEMENT_DBPASS'; // 自定义密码
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'PLACEMENT_DBPASS'; // 自定义密码

配置用户和端点

1
2
3
4
5
6
7
. ~/admin-openrc
openstack user create --domain default --password-prompt placement
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778

安装和配置组件

1
2
yum install -y openstack-placement-api
mkdir /etc/placement

vim /etc/placement/placement.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# 在515行
[placement_database]
connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement // 自定义密码

# 在208行
[api]
auth_strategy = keystone

# 在240行
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = PLACEMENT_PASS // 自定义密码

填充数据库

1
su -s /bin/sh -c "placement-manage db sync" placement

验证

1
2
3
4
placement-status upgrade check
pip3 install osc-placement
openstack --os-placement-api-version 1.2 resource class list --sort-column name
openstack --os-placement-api-version 1.6 trait list --sort-column name

安装Nova模块 (控制节点)

配置数据库

1
mysql -u root -p
1
2
3
4
5
6
7
8
9
10
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS'; // 自定义密码
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS'; // 自定义密码
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS'; // 自定义密码
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS'; // 自定义密码
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS'; // 自定义密码
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS'; // 自定义密码
flush privileges;

创建域和服务

1
2
3
4
5
6
7
8
. ~/admin-openrc
openstack user create --domain default --password-prompt nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute

openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1

安装Nova

1
yum install -y openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler

vim /etc/nova/nova.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# 第1行
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ // 自定义密码
my_ip = 10.2.2.3

# 第1081行
[api_database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api // 自定义密码

# 第1626行
[database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova // 自定义密码

# 第872行
[api]
auth_strategy = keystone

# 第1941行
[glance]
api_servers = http://controller:9292

# 第2564行
[keystone_authtoken]
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASS // 自定义密码

# 第3588行
[oslo_concurrency]
lock_path = /var/lib/nova/tmp

# 第4109行
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = PLACEMENT_PASS // 自定义密码

# 第4535行
[scheduler]
discover_hosts_in_cells_interval = 300

# 第5195行
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip

同步

1
2
3
4
5
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova

启动服务

1
2
3
4
5
systemctl enable --now \
openstack-nova-api.service \
openstack-nova-scheduler.service \
openstack-nova-conductor.service \
openstack-nova-novncproxy.service

安装Nova模块 (计算节点)

1
yum install -y openstack-nova-compute

vim /etc/nova/nova.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# 第1行
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:RABBIT_PASS@controller // 自定义密码
my_ip = MANAGEMENT_INTERFACE_IP_ADDRESS

# 第872行
[api]
auth_strategy = keystone

# 第1939行
[glance]
api_servers = http://controller:9292

# 第2564行
[keystone_authtoken]
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASS // 自定义密码

# 第3588行
[oslo_concurrency]
lock_path = /var/lib/nova/tmp

# 第4103行
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = PLACEMENT_PASS // 自定义密码

# 第5189行
[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html

确定计算节点是否支持虚拟机的硬件加速

1
egrep -c '(vmx|svm)' /proc/cpuinfo

返回one or greater则支持,不需要设置

返回zero or libvirt则支持,需要设置以下内容

vim /etc/nova/nova.conf

1
2
[libvirt]
virt_type = qemu
1
systemctl enable --now libvirtd.service openstack-nova-compute.service

计算节点添加至数据库(控制节点)

1
2
3
4
. ~/admin-openrc
## 列出计算节点(如果计算节点设置好能看到一台设备)
openstack compute service list --service nova-compute
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova

安装Neutron模块(控制节点)

配置数据库

mysql -u root -p

1
2
3
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; // 自定义密码
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS'; // 自定义密码

配置用户和环境

1
2
3
4
5
6
7
. ~/admin-openrc
openstack user create --domain default --password-prompt neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696

安装Neutron

1
yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables

vim /etc/neutron/neutron.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# 第1行
[DEFAULT]
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:RABBIT_PASS@controller // 自定义密码
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true


# 第260行
[database]
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron // 自定义密码

# 第365行
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS // 自定义密码

# 第534行
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS // 自定义密码

vim /etc/neutron/plugins/ml2/ml2_conf.ini

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security

[ml2_type_flat]
flat_networks = provider

[securitygroup]
enable_ipset = true

[linux_bridge]
physical_interface_mappings = provider:ens33

[vxlan]
enable_vxlan = false

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

vim /etc/neutron/dhcp_agent.ini

1
2
3
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

vim /etc/neutron/metadata_agent.ini

1
2
3
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET

完成安装

vim /etc/nova/nova.conf

1
2
3
4
5
6
7
8
9
10
11
12
# 在3351行
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS // 自定义密码
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET

链接配置文件

1
2
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

启动服务

1
2
3
4
systemctl restart openstack-nova-api.service
systemctl enable --now neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service

安装Neutron模块(计算节点)

1
yum -y install openstack-neutron-linuxbridge ebtables ipset

vim /etc/neutron/neutron.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller // 自定义密码
auth_strategy = keystone

# 359行
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS // 自定义密码

# 531行
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

vim /etc/nova/nova.conf

1
2
3
4
5
6
7
8
9
10
# 3347行
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS // 自定义密码

启动服务

1
2
systemctl restart openstack-nova-compute.service
systemctl enable --now neutron-linuxbridge-agent.service

vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini

1
2
3
4
5
6
7
8
9
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME

[vxlan]
enable_vxlan = false

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

安装Dashboard模块(控制节点)

1
yum install -y openstack-dashboard

vim /etc/openstack-dashboard/local_settings

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*']
# 官网大坑没有指定5000端口
OPENSTACK_KEYSTONE_URL = "http://%s:5000/identity/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
TIME_ZONE = "Asia/Shanghai"
WEBROOT = '/dashboard/'
1
echo 'WSGIApplicationGroup %{GLOBAL}' >> /etc/httpd/conf.d/openstack-dashboard.conf
1
systemctl restart httpd.service memcached.service

安装完成访问

可访问 http://10.2.2.3/dashboard/ 查看,域default 账号admin