controller部署nova
MariaDB [(none)]> CREATE DATABASE nova_api; # 创建数据库
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> CREATE DATABASE nova;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> CREATE DATABASE nova_cell0;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova123';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova123';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova123';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova123';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'nova123';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova123';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron123';
MariaDB [(none)]> exit
Bye[root@openstack-controller ~]# openstack user create --domain default --password-prompt nova # 创建nova用户
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 45a0a6ee483a4956b03f5116b8e331d4 |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@openstack-controller ~]# openstack role add --project service --user nova admin # 添加角色
[root@openstack-controller ~]# openstack service create --name nova --description "OpenStack Compute" compute # 创建nova服务
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 24df8ee3e8064d72b4dd6c03ba6d6db2 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
[root@openstack-controller ~]# openstack endpoint create --region RegionOne compute public http://openstack-controller.ponfey:8774/v2.1 # 创建Compute API服务端点
+--------------+----------------------------------------------+
| Field | Value |
+--------------+----------------------------------------------+
| enabled | True |
| id | 2a0bc8b0e172485b89391b1fae8cb853 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 24df8ee3e8064d72b4dd6c03ba6d6db2 |
| service_name | nova |
| service_type | compute |
| url | http://openstack-controller.ponfey:8774/v2.1 |
+--------------+----------------------------------------------+
[root@openstack-controller ~]# openstack endpoint create --region RegionOne compute internal http://openstack-controller.ponfey:8774/v2.1
+--------------+----------------------------------------------+
| Field | Value |
+--------------+----------------------------------------------+
| enabled | True |
| id | f9325f6a4c124e4cb20dd0eae09866db |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 24df8ee3e8064d72b4dd6c03ba6d6db2 |
| service_name | nova |
| service_type | compute |
| url | http://openstack-controller.ponfey:8774/v2.1 |
+--------------+----------------------------------------------+
[root@openstack-controller ~]# openstack endpoint create --region RegionOne compute admin http://openstack-controller.ponfey:8774/v2.1
+--------------+----------------------------------------------+
| Field | Value |
+--------------+----------------------------------------------+
| enabled | True |
| id | 48baf317499440f7bea60721f15038d9 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 24df8ee3e8064d72b4dd6c03ba6d6db2 |
| service_name | nova |
| service_type | compute |
| url | http://openstack-controller.ponfey:8774/v2.1 |
+--------------+----------------------------------------------+
[root@openstack-controller ~]# yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler -y # 安装nova
[root@openstack-controller ~]# vim /etc/nova/nova.conf
[DEFAULT]
# ...
enabled_apis = osapi_compute,metadata # 启用计算和元数据API
[api_database]
# ...
connection = mysql+pymysql://nova:nova123@openstack-controller.ponfey/nova_api # 配置数据库访问
[database]
# ...
connection = mysql+pymysql://nova:nova123@openstack-controller.ponfey/nova # 配置数据库访问
[DEFAULT]
# ...
transport_url = rabbit://openstack:openstack@openstack-controller.ponfey:5672/ # 配置RabbitMQ消息队列访问
[api]
# ...
auth_strategy = keystone # 配置身份服务访问
www_authenticate_uri = http://openstack-controller.ponfey:5000/ # 配置身份服务访问
auth_url = http://openstack-controller.ponfey:5000/
memcached_servers = openstack-controller.ponfey:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASS
[DEFAULT]
# ...
my_ip = 10.0.2.16 # 使用控制器节点的管理接口IP地址
use_neutron = true # 启用对网络服务的支持
firewall_driver = nova.virt.firewall.NoopFirewallDriver # 默认情况下,Compute使用内部防火墙。由于网络服务包括防火墙,因此必须使用nova.virt.firewall.NoopFirewallDriver防火墙驱动程序禁用计算防火墙
[vnc] # VNC代理配置为使用控制器节点的管理接口IP地址
enabled = true
# ...
server_listen = $my_ip
server_proxyclient_address = $my_ip
[glance] # 配置图像服务API的位置
# ...
api_servers = http://openstack-controller.ponfey:9292
[oslo_concurrency] # 配置锁定路径
# ...
lock_path = /var/lib/nova/tmp
[placement] # 配置对展示位置服务的访问权限
# ...
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = auth_url = http://openstack-controller.ponfey:5000/v3
username = placement
password = placement123
[root@openstack-controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova # 初始化数据库
[root@openstack-controller ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova # 注册cell0数据库
[root@openstack-controller ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova # 创建cell1单元格
ff60fd51-6300-4bb2-a2a1-f2bf5cf46426
[root@openstack-controller ~]# su -s /bin/sh -c "nova-manage db sync" nova # 初始化数据库
[root@openstack-controller ~]# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova # 验证nova cell0和cell1是否正确注册
+-------+--------------------------------------+-----------------------------------------------------------+------------------------------------------------------------------+----------+
| Name | UUID | Transport URL | Database Connection | Disabled |
+-------+--------------------------------------+-----------------------------------------------------------+------------------------------------------------------------------+----------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@openstack-controller.ponfey/nova_cell0 | False |
| cell1 | ff60fd51-6300-4bb2-a2a1-f2bf5cf46426 | rabbit://openstack:****@openstack-controller.ponfey:5672/ | mysql+pymysql://nova:****@openstack-controller.ponfey/nova | False |
+-------+--------------------------------------+-----------------------------------------------------------+------------------------------------------------------------------+----------+
[root@openstack-controller ~]# systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@openstack-controller ~]# systemctl start openstack-nova-api.service openstack-nova-scheduler.service penstack-nova-conductor.service openstack-nova-novncproxy.service
[root@openstack-controller ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables # 部署提供商网络
[root@openstack-controller ~]# vim /etc/neutron/neutron.conf
[database]
# ...
connection = mysql+pymysql://neutron:nova123@openstack-controller.ponfey/neutron # 配置数据库访问
[DEFAULT]
# ...
core_plugin = ml2 # 启用模块化第2层(ML2)插件并禁用其他插件
service_plugins =
[DEFAULT]
# ...
transport_url = rabbit://openstack:openstack@openstack-controller.ponfey # 配置RabbitMQ 消息队列访问
[DEFAULT] # [DEFAULT]和[keystone_authtoken]部分中,配置身份服务访问
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
www_authenticate_uri = http://openstack-controller.ponfey:5000
auth_url = http://openstack-controller.ponfey:5000
memcached_servers = openstack-controller.ponfey:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[DEFAULT] # 在[DEFAULT]和[nova]部分中,将网络配置为通知Compute网络拓扑更改
# ...
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp # 配置锁定路径
[root@openstack-controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini # 配置模块化层2(ML2)插件
[ml2] #配置文件底部新增
type_drivers = flat,vlan # 启用平面和VLAN网络
tenant_network_types = # 禁用自助服务网络
mechanism_drivers = linuxbridge # 启用Linux桥接机制
extension_drivers = port_security # 启用端口安全扩展
flat_networks = provider # 将提供者虚拟网络配置为平面网络
enable_ipset = true # 启用ipset以提高安全组规则的效率配置Linux网桥代理
Linux网桥代理为实例构建第2层(桥接和交换)虚拟网络基础结构并处理安全组。
[root@openstack-controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge] # 底部新增
physical_interface_mappings = provider:eth1 # 将提供者虚拟网络映射到提供者物理网络接口
[vxlan]
enable_vxlan = false # 禁用VXLAN覆盖网络
[securitygroup]
# ...
enable_security_group = true # 启用安全组并配置Linux网桥iptables防火墙
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[root@openstack-controller ~]# vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1 # 确保Linux操作系统内核支持网桥过滤器1
[root@openstack-controller ~]# sysctl -p配置DHCP代理
[root@openstack-controller ~]# vim /etc/neutron/dhcp_agent.ini
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true # 配置Linux桥接口 Dnsmasq DHCP,并启用隔离的元数据,以便提供商网络上的实例可以通过网络访问元数据自助服务网络
[root@openstack-controller ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y配置计算服务使用网络服务
[root@openstack-controller ~]# vim /etc/nova/nova.conf
[neutron] # 配置访问参数,启用元数据代理
# ...
auth_url = http://openstack-controller.ponfey:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = true
metadata_proxy_shared_secret = ''
[root@openstack-controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron # 初始化数据库
[root@openstack-controller ~]# systemctl restart openstack-nova-api.service # 重新启动Compute API
[root@openstack-controller ~]# systemctl enable neutron-server neutron-linuxbridge-agent.service neutron-dhcp-agent neutron-metadata-agent
[root@openstack-controller ~]# systemctl start neutron-server neutron-linuxbridge-agent.service neutron-dhcp-agent neutron-metadata-agent
[root@openstack-controller ~]# systemctl start neutron-l3-agent && systemctl enable neutron-l3-agent # 对于网络选项2,还启用并启动第3层服务
.jpg)