openstack-train版本集群部署（手动安装配置各个组件）

一、目录：

openstack-train版本集群部署

• 1 master初始化，安装源
• 2 master安装keystone组件
• 3 在master创建账户，域和项目
• 4 master安装glance组件
• 5 maser安装placement
• 6 master安装nova组件
• 7（node） 在node节点安装nova组件
• 8 master配置neutron组件
• 9 （node）在node安装neutron组件
• 10 master分配网络
• 11（node）在node修改系统硬件配置，要不然不能创建虚拟机
• 12 master创建虚拟机，查看是否能运行
• 13 master安装网页组件dashboard
• 14 master和node优化

二、组件介绍

官网组件介绍：openstack组件
主要组件：

• Keystone(认证管理服务)：主要为其他组件进行身份认证、授权、服务发现等功能。
• Glance(镜像管理服务)：主要为虚拟机提供镜像的注册、查询、存储等功能。
• Nova(计算管理服务)：主要为裸机、虚拟机等提供硬件资源计算、分配、管理等功能。
• placement(Nova内的组件)：主要检查、收集node节点的资源状态，从而为Nova组件提供支持。
• Neutron(网络服务)：主要为master和node节点、node的虚拟机和虚拟机之间提供网络环境等功能
• cinder(块存储)：，提供存储资源池，类似于U盘，可以实现不同虚拟机之间的数据转移等功能
• Horizon(web管理接口)：服务名字为dashboard，主要为openstack集群提供网页界面控制，实现可视化控制集群。

环境准备：

2台机器安装C7.9，网卡名也要保持一致

103.73.119.106:22    master.openstack  eno1 
103.73.119.116:22    node1.openstack   eno1

hostnamectl set-hostname master.opstack
echo xxx|passwd --stdin root

hostnamectl set-hostname node1.openstack
echo xxx|passwd --stdin root

三 、部署安装

1、master/node初始化，安装源

默认的内核是3.10，内核版本要升级，要不然不能安装内核模块

升级内核(参考：CentOS升级内核 – 笔记本)

cd ~
wget --http-user=qwe --http-passwd=qwe http://61.160.213.184/dl/centos/kernel/kernel-ml-6.1.11-1.el7.elrepo.x86_64.rpm
wget --http-user=qwe --http-passwd=qwe http://61.160.213.184/dl/centos/kernel/kernel-ml-devel-6.1.11-1.el7.elrepo.x86_64.rpm
rpm -Uvh *.rpm
grub2-set-default 0
grub2-mkconfig -o /boot/grub2/grub.cfg  

安装内核模块

yum install -y bridge-utils

编辑文件/etc/sysctl.conf

cat >>/etc/sysctl.conf <<EOF
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF

设置开机自启模块

echo br_netfilter > /etc/modules-load.d/br_netfilter.conf

重启系统，确认内核模块生效

reboot

uname -r
lsmod |grep br_netfilter
sysctl -p

初始化系统

systemctl disable --now firewalld
systemctl disable --now NetworkManager.service
sed -i 's/SELINUX=enforcing$/SELINUX=disabled/g' /etc/selinux/config
setenforce 0

配置时间同步

ntpdate 61.160.213.184
clock -w
echo "0 */1 * * * /usr/sbin/ntpdate 61.160.213.184 &> /dev/null" >> /var/spool/cron/root

设置hosts

cat >>/etc/hosts<<EOF
103.73.119.106    master.openstack
103.73.119.116    node1.openstack
EOF

安装openstack源

yum install -y centos-release-openstack-train.noarch
yum install python-openstackclient openstack-selinux wget -y

以上是master和node节点共同的配置

master安装mariadb或者mysql，rabbitmq，memcached

yum -y install mariadb mariadb-server python2-PyMySQL

配置mysql

cat >/etc/my.cnf.d/openstack.cnf<<EOF
[mysqld]
bind-address = 0.0.0.0
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
EOF
systemctl enable --now mariadb
systemctl status mariadb

配置rabbitmq

yum -y install rabbitmq-server
systemctl enable --now rabbitmq-server.service
systemctl status rabbitmq-server.service

设置账户openstack和密码test1234，设置最高权限

rabbitmqctl add_user openstack test1234
rabbitmqctl set_user_tags openstack administrator
rabbitmqctl set_permissions openstack ".*" ".*" ".*"

开启网页插件

rabbitmq-plugins enable rabbitmq_management

安装memcached,修改缓存大小、监听地址

yum -y install memcached python-memcached
sed -i '/CACHESIZE=/c CACHESIZE="1024"' /etc/sysconfig/memcached
sed -i '/OPTIONS==/c OPTIONS="-l 0.0.0.0"' /etc/sysconfig/memcached
systemctl enable --now memcached.service
systemctl status memcached.service  

确认端口都打开，服务正常运行

ss -tnl

• 25672 rabbitmq端口
• 3306 mysql端口
• 11211 memcached端口
• 15672 rabbitmq网页端口
• 4369 rabbitmq端口
• 5672 rabbitmq端口

访问rabbitmq网页，查看账户是否创建成功

http://103.73.119.106:15672/
openstack 账户
test1234 密码

2、master安装keystone组件

官网安装文档：keystone安装

创建配置keystore数据库

mysql
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'test1234';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'test1234';
exit

安装和配置keystone插件

yum -y install openstack-keystone httpd mod_wsgi

vi /etc/keystone/keystone.conf 配置keystone和mysql连接，文件不要写中文内容

[database]
#keystone:test1234是数据库账户和密码
#master.openstack是master的主机名，/keystone这里的是数据库名字
connection = mysql+pymysql://keystone:test1234@master.openstack/keystone

[token]
#在这里添加
provider = fernet

cp /etc/keystone/keystone.conf{,.bak}
sed -i '/#connection =/a connection = mysql+pymysql://keystone:test1234@master.openstack/keystone' /etc/keystone/keystone.conf
sed -i '/# IDs. (string value)/a provider = fernet' /etc/keystone/keystone.conf
egrep -n '^connection =|^provider =' /etc/keystone/keystone.conf

启动配置

su -s /bin/sh -c "keystone-manage db_sync" keystone

生成2个账户信息目录

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

注册身份，只要改master.openstack这个主机名就行
–bootstrap-password admin 这个admin是账户admin的密码

keystone-manage bootstrap --bootstrap-password admin \
--bootstrap-admin-url http://master.openstack:5000/v3/ \
--bootstrap-internal-url http://master.openstack:5000/v3/ \
--bootstrap-public-url http://master.openstack:5000/v3/ \
--bootstrap-region-id RegionOne

配置httpd

vi /etc/httpd/conf/httpd.conf 添加

ServerName master.openstack:80

sed -i '/ServerName www.example.com:80/a ServerName master.openstack:80' /etc/httpd/conf/httpd.conf
grep -n 'ServerName master.openstack:80' /etc/httpd/conf/httpd.conf

ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
systemctl enable --now httpd.service
systemctl status httpd.service

创建admin账户变量

cat >/etc/profile.d/openstack-admin.sh<<EOF
#!/bin/bash
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://master.openstack:5000/v3
export OS_IDENTITY_API_VERSION=3
EOF
source /etc/profile.d/openstack-admin.sh
#查看账户是否生效
openstack user list 

3 在master创建账户，域和项目

官网文档：创建账户，域和项目

创建域example

仅测试，可后期在Dashboard上创建

openstack domain create --description "An Example Domain" example

创建项目service(要执行)

openstack project create --domain default \ --description "Service Project" service

创建项目myproject

仅测试，可后期在Dashboard上创建

openstack project create --domain default \
--description "Demo Project" myproject

创建用户myuser，需要输入密码test1234

仅测试，可后期在Dashboard上创建

openstack user create --domain default \
--password-prompt myuser

创建角色规则myrole

仅测试，可后期在Dashboard上创建

openstack role create myrole

将项目，用户和角色绑定

仅测试，可后期在Dashboard上创建

openstack role add --project myproject --user myuser myrole

取消刚才定义的环境变量

仅测试，可后期在Dashboard上创建

unset OS_AUTH_URL OS_PASSWORD

输入admin账户密码admin,测试账户认证功能

仅测试，可后期在Dashboard上创建

openstack --os-auth-url http://master.openstack:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue

输入myuser账户密码test1234,测试账户认证功能

仅测试，可后期在Dashboard上创建

openstack --os-auth-url http://master.openstack:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name myproject --os-username myuser token issue

修改admin变量，下面都是用admin变量进行创建组件

cat >/etc/profile.d/openstack-admin.sh<<EOF
#!/bin/bash
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://master.openstack:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF
source /etc/profile.d/openstack-admin.sh
#测试token
openstack token issue

查看keystone数据库是否生成了数据

mysql -u keystone -p'test1234' -e 'use keystone;show tables;'

4、master安装glance组件

官网文档：glance组件安装文档
安装glance后，镜像测试文档：image镜像

创建配置glance数据库

mysql
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'test1234';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'test1234';
exit

用admin变量创建配置

source /etc/profile.d/openstack-admin.sh

创建glance账户，密码配test1234，创建身份认证

openstack user create --domain default --password-prompt glance

授权glance用户admin权限并分配给service项目

openstack role add --project service --user glance admin

创建glance service,类型是image

openstack service create --name glance \
--description "OpenStack Image" image

在3个网络上开放端口

openstack endpoint create --region RegionOne \
image public http://master.openstack:9292
openstack endpoint create --region RegionOne \
image internal http://master.openstack:9292
openstack endpoint create --region RegionOne \
image admin http://master.openstack:9292

安装配置glance

yum install openstack-glance -y

vi /etc/glance/glance-api.conf

[database]
#设置连接数据库
connection = mysql+pymysql://glance:test1234@master.openstack/glance

[keystone_authtoken]
#设置连接到keystone的信息，username和password是上面注册的账户和密码
www_authenticate_uri = http://master.openstack:5000
auth_url = http://master.openstack:5000
memcached_servers = master.openstack:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = test1234

[paste_deploy]
#设置连接到keystone
flavor = keystone

[glance_store]
#设置存放镜像的目录和格式
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

cp /etc/glance/glance-api.conf{,.bak}
sed -i '/#connection =/a connection = mysql+pymysql://glance:test1234@master.openstack/glance' /etc/glance/glance-api.conf
sed -i '/#www_authenticate_uri =/a www_authenticate_uri = http://master.openstack:5000\nauth_url = http://master.openstack:5000\nmemcached_servers = master.openstack:11211\nauth_type = password\nproject_domain_name = Default\nuser_domain_name = Default\nproject_name = service\nusername = glance\npassword = test1234' /etc/glance/glance-api.conf
sed -i '/#flavor = keystone/a flavor = keystone' /etc/glance/glance-api.conf
sed -i '/#stores = file,http/a stores = file,http\ndefault_store = file\nfilesystem_store_datadir = /var/lib/glance/images/' /etc/glance/glance-api.conf

启动配置

su -s /bin/sh -c "glance-manage db_sync" glance 
systemctl enable --now openstack-glance-api.service
systemctl status openstack-glance-api.service 

默认创建后就会自动生成images目录，不用自己新建，注意账户权限是glance即可

ll /var/lib/glance/

下载官网测试镜像，测试glance组件是否能正常工作，在浏览器打开下载这个镜像然后上传到这个目录下

cd /var/lib/glance/images/
#官网下载慢
#wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
wget --http-user=qwe --http-passwd=qwe http://61.160.213.184/dl/centos/openstack/cirros-0.4.0-x86_64-disk.img

上传镜像到组件

glance image-create --name "cirros" \
--file cirros-0.4.0-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--visibility public

查看镜像列表

glance image-list 

查看数据库是否生成文件

mysql -u glance -p'test1234' -e 'use glance;show tables;'

5、maser安装placement

官网介绍文档：placement

mysql配置

mysql
CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'test1234';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'test1234';
exit

source /etc/profile.d/openstack-admin.sh
#创建账户placement，密码配test1234，创建身份认证
openstack user create --domain default --password-prompt placement

授权

openstack role add --project service --user placement admin

创建service

openstack service create --name placement \
--description "Placement API" placement

创建3个网络端口

openstack endpoint create --region RegionOne \
placement public http://master.openstack:8778
openstack endpoint create --region RegionOne \
placement internal http://master.openstack:8778
openstack endpoint create --region RegionOne \
placement admin http://master.openstack:8778

安装配置placement

yum install openstack-placement-api -y

vi /etc/placement/placement.conf 修改配置

[placement_database]
#设置数据库信息
connection = mysql+pymysql://placement:test1234@master.openstack/placement

[api]
#设置API为keystone
auth_strategy = keystone

[keystone_authtoken]
#设置上面注册的账户信息
auth_url = http://master.openstack:5000/v3
memcached_servers = master.openstack:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = test1234

cp /etc/placement/placement.conf {,.bak}
sed -i '/#connection =/a connection = mysql+pymysql://placement:test1234@master.openstack/placement' /etc/placement/placement.conf 
sed -i '/#auth_strategy =/a auth_strategy = keystone' /etc/placement/placement.conf 
sed -i '/#www_authenticate_uri/a auth_url = http://master.openstack:5000/v3\nmemcached_servers = master.openstack:11211\nauth_type = password\nproject_domain_name = Default\nuser_domain_name = Default\nproject_name = service\nusername = placement\npassword = test1234' /etc/placement/placement.conf 

su -s /bin/sh -c "placement-manage db sync" placement

会出现下面这个警告，忽略即可

修改httpd配置

vi /etc/httpd/conf.d/00-placement-api.conf 文件底部添加

cat >>/etc/httpd/conf.d/00-placement-api.conf<<EOF
<Directory /usr/bin>
   <IfVersion >= 2.4>
      Require all granted
   </IfVersion>
   <IfVersion < 2.4>
      Order allow,deny
      Allow from all
   </IfVersion>
</Directory>
EOF

systemctl restart httpd
systemctl status httpd

查看数据库是否生成文件

mysql -u placement -p'test1234' -e 'use placement;show tables;'

6、master安装nova组件

官网介绍文档：nova

mysql配置

mysql
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'test1234';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'test1234';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'test1234';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'test1234';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'test1234';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'test1234';
exit

source /etc/profile.d/openstack-admin.sh
#创建账户nova，密码配test1234，创建身份认证
openstack user create --domain default --password-prompt nova

授权

openstack role add --project service --user nova admin

创建service

openstack service create --name nova \
--description "OpenStack Compute" compute

创建3个服务端口

openstack endpoint create --region RegionOne \
compute public http://master.openstack:8774/v2.1
openstack endpoint create --region RegionOne \
compute internal http://master.openstack:8774/v2.1
openstack endpoint create --region RegionOne \
compute admin http://master.openstack:8774/v2.1

安装配置nova

yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler -y

vi /etc/nova/nova.conf 修改配置

[DEFAULT]
#设置组件
enabled_apis = osapi_compute,metadata
#master的IP地址
my_ip = 103.73.119.106
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
#配置rabbitmq创建的账户和密码
transport_url = rabbit://openstack:test1234@master.openstack:5672/

[api_database]
#配置nova_api数据库的连接
connection = mysql+pymysql://nova:test1234@master.openstack/nova_api

[database]
#配置连接nova数据库信息
connection = mysql+pymysql://nova:test1234@master.openstack/nova

[api]
#设置认证方式
auth_strategy = keystone

[keystone_authtoken]
#设置认证信息，账户和密码为上面注册的信息
www_authenticate_uri = http://master.openstack:5000/
auth_url = http://master.openstack:5000/
memcached_servers = master.openstack:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = test1234

[vnc]
#设置监听地址为本机IP
enabled = true
server_listen = 103.73.119.106
server_proxyclient_address = 103.73.119.106

[glance]
#设置glance信息
api_servers = http://master.openstack:9292

[oslo_concurrency]
#锁路径配置
lock_path = /var/lib/nova/tmp

[scheduler]
#开启自动扫描添加node
discover_hosts_in_cells_interval = 300

[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://master.openstack:5000/v3
username = placement
password = test1234

此处要修改成自己的master节点的IP地址

cp /etc/nova/nova.conf{,.bak}
#此处要修改成自己的master节点的IP地址
sed -i '/#enabled_apis/a enabled_apis = osapi_compute,metadata\nmy_ip = 103.73.119.106\nuse_neutron = true\nfirewall_driver = nova.virt.firewall.NoopFirewallDriver\ntransport_url = rabbit://openstack:test1234@master.openstack:5672/' /etc/nova/nova.conf
sed -i '/#connection=mysql/a connection = mysql+pymysql://nova:test1234@master.openstack/nova_api' /etc/nova/nova.conf
sed -ir '/#connection=</a connection = mysql+pymysql://nova:test1234@master.openstack/nova' /etc/nova/nova.conf
sed -i '/#auth_strategy/a auth_strategy = keystone' /etc/nova/nova.conf
sed -i '/#www_authenticate_uri/a www_authenticate_uri = http://master.openstack:5000/\nauth_url = http://master.openstack:5000/\nmemcached_servers = master.openstack:11211\nauth_type = password\nproject_domain_name = Default\nuser_domain_name = Default\nproject_name = service\nusername = nova\npassword = test1234' /etc/nova/nova.conf
#此处要修改成自己的master节点的IP地址
sed -i '/#enabled=true/a enabled = true\nserver_listen = 103.73.119.106\nserver_proxyclient_address = 103.73.119.106' /etc/nova/nova.conf
sed -i '/#api_servers/a api_servers = http://master.openstack:9292' /etc/nova/nova.conf
sed -i '/#lock_path/a lock_path = /var/lib/nova/tmp' /etc/nova/nova.conf
sed -i '/#discover_hosts/a discover_hosts_in_cells_interval = 300' /etc/nova/nova.conf
sed -i '/^\[placement/a region_name = RegionOne\nproject_domain_name = Default\nproject_name = service\nauth_type = password\nuser_domain_name = Default\nauth_url = http://master.openstack:5000/v3\nusername = placement\npassword = test1234' /etc/nova/nova.conf

确认配置

grep "^[a-Z]" /etc/nova/nova.conf

启动配置

su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova

出现警告，不用管

查看配置是否启动成功

su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova

启动服务，没有报错就行

systemctl enable --now \
openstack-nova-api.service \
openstack-nova-scheduler.service \
openstack-nova-conductor.service \
openstack-nova-novncproxy.service
systemctl status \
openstack-nova-api.service \
openstack-nova-scheduler.service \
openstack-nova-conductor.service \
openstack-nova-novncproxy.service

查看服务及对应端口

ss -tnl

7、在node节点安装nova组件

安装配置nova

yum install -y openstack-nova-compute

vi /etc/nova/nova.conf

[DEFAULT]
#设置组件和连接master的rabbitmq的信息
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:test1234@master.openstack
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[api]
#设置认证方式
auth_strategy = keystone

[keystone_authtoken]
#设置master的nova的账户信息
www_authenticate_uri = http://master.openstack:5000/
auth_url = http://master.openstack:5000/
memcached_servers = master.openstack:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = test1234

[vnc]
#103.73.119.116为node的IP，虚拟机的出口就是整个IP
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = 103.73.119.116
novncproxy_base_url = http://master.openstack:6080/vnc_auto.html

[glance]
#设置连接master的glance组件
api_servers = http://master.openstack:9292

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

[placement]
#设置连接master的placement组件信息
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://master.openstack:5000/v3
username = placement
password = test1234

cp /etc/nova/nova.conf{,.bak}
sed -i '/#enabled_apis/a enabled_apis = osapi_compute,metadata\nuse_neutron = true\nfirewall_driver = nova.virt.firewall.NoopFirewallDriver\ntransport_url = rabbit://openstack:test1234@master.openstack/' /etc/nova/nova.conf
sed -i '/#auth_strategy/a auth_strategy = keystone' /etc/nova/nova.conf
sed -i '/#www_authenticate_uri/a www_authenticate_uri = http://master.openstack:5000/\nauth_url = http://master.openstack:5000/\nmemcached_servers = master.openstack:11211\nauth_type = password\nproject_domain_name = Default\nuser_domain_name = Default\nproject_name = service\nusername = nova\npassword = test1234' /etc/nova/nova.conf
sed -i '/#enabled=true/a enabled = true\nserver_listen = 0.0.0.0\nserver_proxyclient_address = 103.73.119.116\nnovncproxy_base_url = http://master.openstack:6080/vnc_auto.html' /etc/nova/nova.conf
sed -i '/#api_servers/a api_servers = http://master.openstack:9292' /etc/nova/nova.conf
sed -i '/#lock_path/a lock_path = /var/lib/nova/tmp' /etc/nova/nova.conf
sed -i '/^\[placement/a region_name = RegionOne\nproject_domain_name = Default\nproject_name = service\nauth_type = password\nuser_domain_name = Default\nauth_url = http://master.openstack:5000/v3\nusername = placement\npassword = test1234' /etc/nova/nova.conf

确认配置

grep "^[a-Z]" /etc/nova/nova.conf 

启动服务

systemctl enable --now libvirtd.service openstack-nova-compute.service
systemctl status libvirtd.service openstack-nova-compute.service

node启动服务后，在master节点上查看node的nova是否注册到了集群

source /etc/profile.d/openstack-admin.sh
openstack compute service list --service nova-compute

master查看node1已经注册成功

8、master配置neutron组件

官网介绍文档：neutron组件

mysql配置

mysql
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'test1234';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'test1234';
exit

source /etc/profile.d/openstack-admin.sh
#创建账户neutron，密码配test1234，创建身份认证
openstack user create --domain default --password-prompt neutron

授权

openstack role add --project service --user neutron admin

创建service

openstack service create --name neutron \
--description "OpenStack Networking" network

注册3个端口

openstack endpoint create --region RegionOne \
network public http://master.openstack:9696
openstack endpoint create --region RegionOne \
network internal http://master.openstack:9696
openstack endpoint create --region RegionOne \
network admin http://master.openstack:9696

neutron有2种网络模式，一般使用桥接模式

桥接模式文档：neutron桥接模式
自服务模式文档：neutron自服务模式

安装配置neutron

yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables

vi /etc/neutron/neutron.conf 修改配置

[DEFAULT]
设置组件模式
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:test1234@master.openstack
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true

[database]
#设置neutron数据库信息
connection = mysql+pymysql://neutron:test1234@master.openstack/neutron

[keystone_authtoken]
#设置上面注册的neutron账户信息
www_authenticate_uri = http://master.openstack:5000
auth_url = http://master.openstack:5000
memcached_servers = master.openstack:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = test1234

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

#下面全部都要添加到文件尾部
[nova]
#设置nova的连接信息
auth_url = http://master.openstack:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = test1234

sed -i '/^\[DEFAULT\]/a core_plugin = ml2\nservice_plugins =\ntransport_url = rabbit://openstack:test1234@master.openstack\nauth_strategy = keystone\nnotify_nova_on_port_status_changes = true\nnotify_nova_on_port_data_changes = true' /etc/neutron/neutron.conf

sed -i '/#connection =/a connection = mysql+pymysql://neutron:test1234@master.openstack/neutron' /etc/neutron/neutron.conf

sed -i '/#www_authenticate_uri/a www_authenticate_uri = http://master.openstack:5000\nauth_url = http://master.openstack:5000\nmemcached_servers = master.openstack:11211\nauth_type = password\nproject_domain_name = default\nuser_domain_name = default\nproject_name = service\nusername = neutron\npassword = test1234' /etc/neutron/neutron.conf

sed -i '/# lock_path/a lock_path = /var/lib/neutron/tmp' /etc/neutron/neutron.conf

cat >>/etc/neutron/neutron.conf<<EOF
[nova]
auth_url = http://master.openstack:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = test1234
EOF

确认配置

grep "^[a-Z]" /etc/neutron/neutron.conf

配置ml2插件的ml2_conf.ini文件

插件配置文件网址：ml2_conf.ini,黑色区域的文件内容要使用到

用浏览器打开网址，将内容全部复制替换掉老的文件

vi /etc/neutron/plugins/ml2/ml2_conf.ini 删除老的文件，复制上面网址的全部内容粘贴上去

cd ~
wget --http-user=qwe --http-passwd=qwe http://61.160.213.184/dl/centos/openstack/ml2_conf.ini
cp /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}
cat ml2_conf.ini > /etc/neutron/plugins/ml2/ml2_conf.ini
rm -rf ml2_conf.ini

修改配置文件

[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security

[ml2_type_flat]
#定义网络名字external，可以自定义，但是名字需要和下面linuxbridge_agent.ini文件保持一致
flat_networks = external

[securitygroup]
#安全组配置
enable_ipset = true

sed -i '/#type_drivers =/a type_drivers = flat,vlan\ntenant_network_types =\nmechanism_drivers = linuxbridge\nextension_drivers = port_security' /etc/neutron/plugins/ml2/ml2_conf.ini 
sed -i '/#flat_networks =/a flat_networks = external' /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/#enable_ipset/a enable_ipset = true' /etc/neutron/plugins/ml2/ml2_conf.ini

确认配置

grep "^[a-Z[]" /etc/neutron/plugins/ml2/ml2_conf.ini

配置ml2插件的linuxbridge_agent.ini文件

插件文档：linuxbridge_agent.ini,黑色部分内容要使用到

用浏览器打开网址，将内容全部复制替换掉老的文件

cd ~
wget --http-user=qwe --http-passwd=qwe http://61.160.213.184/dl/centos/openstack/linuxbridge_agent.ini
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
cat linuxbridge_agent.ini > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
rm -rf linuxbridge_agent.ini

vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
#需要和上面的ml2_conf.ini文件的flat_networks = external名字一样
#eno1是本机网卡名字，使用能连接外网的网卡
physical_interface_mappings = external:eno1

[vxlan]
enable_vxlan = false

[securitygroup]
#安全组配置
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

sed -i '/#physical_interface/a physical_interface_mappings = external:eno1' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/#enable_vxlan/a enable_vxlan = false' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/#enable_security_group/a enable_security_group = true\nfirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver' /etc/neutron/plugins/ml2/linuxbridge_agent.ini

确认配置

grep "^[a-Z[]" /etc/neutron/plugins/ml2/linuxbridge_agent.ini

配置dhcp_agent.ini文件，这个是使虚拟机自动获取到IP

vi /etc/neutron/dhcp_agent.ini

[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

cp /etc/neutron/dhcp_agent.ini{,.bak}
sed -i '/^\[DEFAULT\]/a interface_driver = linuxbridge\ndhcp_driver = neutron.agent.linux.dhcp.Dnsmasq\nenable_isolated_metadata = true' /etc/neutron/dhcp_agent.ini

配置metadata_agent.ini文件，设置nova连接认证密码

vi /etc/neutron/metadata_agent.ini

[DEFAULT]
nova_metadata_host = master.openstack
#test1234这个密码要和下面metadata_proxy_shared_secret一致
metadata_proxy_shared_secret = test1234

cp /etc/neutron/metadata_agent.ini{,.bak}
sed -i '/^\[DEFAULT\]/a nova_metadata_host = master.openstack\nmetadata_proxy_shared_secret = test1234' /etc/neutron/metadata_agent.ini

配置nova使用neutron组件

vi /etc/nova/nova.conf

[neutron]
auth_url = http://master.openstack:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = test1234
service_metadata_proxy = true
#这个需要和上面metadata_agent.ini配的保持一致
metadata_proxy_shared_secret = test1234

sed -i '/^\[neutron\]/a auth_url = http://master.openstack:5000\nauth_type = password\nproject_domain_name = default\nuser_domain_name = default\nregion_name = RegionOne\nproject_name = service\nusername = neutron\npassword = test1234\nservice_metadata_proxy = true\nmetadata_proxy_shared_secret = test1234' /etc/nova/nova.conf

启动配置

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

重启nova

systemctl restart openstack-nova-api.service
systemctl status openstack-nova-api.service

启动服务

systemctl enable --now neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl status neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service

查看数据生成

mysql -u neutron -p'test1234' -e 'use neutron; show tables;'

9、在node安装neutron组件

官网node安装neutron组件文档：node-neutron

安装配置neutron

yum install openstack-neutron-linuxbridge ebtables ipset -y

vi /etc/neutron/neutron.conf 修改配置

[DEFAULT]
#设置rabbitmq的账户和密码
transport_url = rabbit://openstack:test1234@master.openstack
auth_strategy = keystone

[keystone_authtoken]
#连接master的neutron组件，账户信息都是master的neutron信息
www_authenticate_uri = http://master.openstack:5000
auth_url = http://master.openstack:5000
memcached_servers = master.openstack:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = test1234

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

sed -i '/^\[DEFAULT\]/a transport_url = rabbit://openstack:test1234@master.openstack\nauth_strategy = keystone' /etc/neutron/neutron.conf
sed -i '/#www_authenticate_uri/a www_authenticate_uri = http://master.openstack:5000\nauth_url = http://master.openstack:5000\nmemcached_servers = master.openstack:11211\nauth_type = password\nproject_domain_name = default\nuser_domain_name = default\nproject_name = service\nusername = neutron\npassword = test1234' /etc/neutron/neutron.conf
sed -i '/lock_path/a lock_path = /var/lib/neutron/tmp' /etc/neutron/neutron.conf

确认配置

grep "^[a-Z[]" /etc/neutron/neutron.conf

配置ml2插件的linuxbridge_agent.ini文件

插件文档：linuxbridge_agent.ini,黑色部分内容要使用到

cd ~
wget --http-user=qwe --http-passwd=qwe http://61.160.213.184/dl/centos/openstack/linuxbridge_agent.ini
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
cat linuxbridge_agent.ini > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
rm -rf linuxbridge_agent.ini

vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = external:eno1

[vxlan]
enable_vxlan = false

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

sed -i '/#physical_interface/a physical_interface_mappings = external:eno1' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/enable_vxlan/a enable_vxlan = false' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/enable_security_group/a enable_security_group = true\nfirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver' /etc/neutron/plugins/ml2/linuxbridge_agent.ini

配置nova

vi /etc/nova/nova.conf

[neutron]
auth_url = http://master.openstack:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = test1234

sed -i '/^\[neutron\]/a auth_url = http://master.openstack:5000\nauth_type = password\nproject_domain_name = default\nuser_domain_name = default\nregion_name = RegionOne\nproject_name = service\nusername = neutron\npassword = test1234' /etc/nova/nova.conf

重启nova服务

systemctl restart openstack-nova-compute.service
systemctl status openstack-nova-compute.service

启动neutron组件

systemctl enable --now neutron-linuxbridge-agent.service
systemctl status neutron-linuxbridge-agent.service

10、master分配网络(先忽略不做)

neutron组件分配网络文档：neutron网络分配

确认4个组件都是up

openstack network agent list 

openstack network create --share --external \
--provider-physical-network external \
--provider-network-type flat external

The --share option allows all projects to use the virtual network.

The --external option defines the virtual network to be external. If you wish to create an internal network, you can use --internal instead. Default value is internal.

The --provider-physical-network provider and --provider-network-type flat options connect the flat virtual network to the flat (native/untagged) physical network on the eth1 interface on the host using information from the following files:

external 这里的名字必须和上面文件配置的网络一致

openstack subnet create --network external \
--allocation-pool start=103.73.119.100,end=103.73.119.200 \
--dns-nameserver 114.114.114.114 --gateway 103.73.119.1 \
--subnet-range 103.73.119.0/24 external-sub
reboot

执行此命令后网络就不通了，需要重启下服务器

#查看网卡绑定
brctl show 
#查看真机的IP绑定到新增的网卡了
ip a 

创建的网桥有问题，物理网卡eno1没有接入网桥

11、在node修改系统硬件配置，要不然不能创建虚拟机

查看CPU的选项

virsh capabilities |grep pc 

vi /etc/nova/nova.conf 修改nova配置文件

[libvirt]
hw_machine_type=x86_64=pc-i440fx-rhel7.2.0
cpu_mode=host-passthrough

sed -i '/^\[libvirt\]/a hw_machine_type=x86_64=pc-i440fx-rhel7.2.0\ncpu_mode=host-passthrough' /etc/nova/nova.conf

重启服务

systemctl restart libvirtd.service openstack-nova-compute.service
systemctl status libvirtd.service openstack-nova-compute.service

12、master创建虚拟机，查看是否能运行(先忽略不做)

创建虚拟机文档：虚拟机创建

创建虚拟机硬件模板(实例类型)，虚拟机会根据模板的硬件配置而创建

source /etc/profile.d/openstack-admin.sh
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano

–id 0 指定编号
–vcpus 1 指定CPU个数
–ram 64 指定使用内存，单位是M
–disk 1 指定使用硬盘大小，单位是G
m1.nano 硬件类型名称

创建秘钥，这个是用来master远程虚拟机使用的

#回车就行，后面不能有空格
ssh-keygen -q -N ""

openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
openstack keypair list

创建安全组规则

openstack security group rule create --proto icmp default
openstack security group rule create --proto tcp --dst-port 22 default
#查看安全组列表
openstack security group list 

创建虚拟机

#查看镜像名字
openstack image list 
#查看网络ID
openstack network list 
#创建虚拟机
openstack server create --flavor m1.nano --image cirros \
--nic net-id=46f6c7a7-5b9d-4758-af7c-59df7e50c038 --security-group default \
--key-name mykey xuniji-vm1

–flavor m1.nano 指定使用的硬件类型名
–image cirros 指定镜像名字
–nic net-id=46f6c7a7-5b9d-4758-af7c-59df7e50c038 指定使用的网络
–security-group default 指定使用的安全组
–key-name mykey xuniji-vm1 指定密钥及虚拟机名字

#查看虚拟机
openstack server list
#查看网页登录虚拟机方式
openstack console url show xuniji-vm1 

创建的虚拟机报错，不应该创建在外网上啊

如果有对master.openstack进行hosts解析就直接访问网址即可，没有则把master.openstack改成master的IP地址
url | http://master.openstack:6080/vnc_auto.html?path=%3Ftoken%3D017353d8-9cca-44c8-b6eb-7537be63423f

虚拟机要连接在内网上，内网再做路由到外网上，在dashboard创建内网报错

13 master安装网页组件dashboard

网页组件dashboard文档：dashboard

安装配置dashboard

yum install openstack-dashboard -y

vi /etc/openstack-dashboard/local_settings 修改配置

#设置master的IP
OPENSTACK_HOST = "103.73.119.106"

#下面全部true改为false
OPENSTACK_NEUTRON_NETWORK = {
'enable_auto_allocated_network': False,
'enable_distributed_router': False,
'enable_fip_topology_check': False,
'enable_ha_router': False,
'enable_ipv6': False,
# TODO(amotoki): Drop OPENSTACK_NEUTRON_NETWORK completely from here.
# enable_quotas has the different default value here.
'enable_quotas': False,
'enable_rbac_policy': False,
'enable_router': False,

#在这里添加访问的路径
# https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
WEBROOT = '/dashboard'

#修改允许访问的方式
ALLOWED_HOSTS = ['103.73.119.106','master.openstack']

#这里添加内容
#SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies'
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

#在这里添加下面
#CACHES = {
#'default': {
#'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
#'LOCATION': '127.0.0.1:11211',
#},
#}

CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'master.openstack:11211',
    }
}
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"


#修改时区为上海
#of your entire OpenStack installation, and hopefully be in UTC.
TIME_ZONE = "Asia/Shanghai"

此处要修改成自己的master节点的IP地址

cp /etc/openstack-dashboard/local_settings{,.bak}
#此处要修改成自己的master节点的IP地址
sed -i '/OPENSTACK_HOST =/c OPENSTACK_HOST = "103.73.119.106"' /etc/openstack-dashboard/local_settings
sed -ri 's#(.*enable_fip_topology_check.*)True\,#\1False\,#g' /etc/openstack-dashboard/local_settings
sed -ri 's#(.*enable_ipv6.*)True\,#\1False\,#g' /etc/openstack-dashboard/local_settings
sed -ri 's#(.*enable_quotas.*)True\,#\1False\,#g' /etc/openstack-dashboard/local_settings
sed -ri 's#(.*enable_rbac_policy.*)True\,#\1False\,#g' /etc/openstack-dashboard/local_settings
sed -ri 's#(.*enable_router.*)True\,#\1False\,#g' /etc/openstack-dashboard/local_settings
sed -i "/ALLOWED_HOSTS =/i WEBROOT = '/dashboard'" /etc/openstack-dashboard/local_settings
#此处要修改成自己的master节点的IP地址
sed -i "/ALLOWED_HOSTS =/c ALLOWED_HOSTS = ['103\.73\.119\.106','master\.openstack']" /etc/openstack-dashboard/local_settings
sed -i "/SESSION_ENGINE =/a SESSION_ENGINE = 'django.contrib.sessions.backends.cache'" /etc/openstack-dashboard/local_settings
cat >>/etc/openstack-dashboard/local_settings<<'EOF'
CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'master.openstack:11211',
    }
}
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
EOF
sed -i '/TIME_ZONE/c TIME_ZONE = "Asia/Shanghai"' /etc/openstack-dashboard/local_settings

vi /etc/httpd/conf.d/openstack-dashboard.conf 头部添加

sed -i '1i WSGIApplicationGroup %{GLOBAL}' /etc/httpd/conf.d/openstack-dashboard.conf

重启服务

systemctl restart httpd.service memcached.service
systemctl status httpd.service memcached.service

访问网页版(这里的/dashboard就是上面的WEBROOT路径)

http://103.73.119.106/dashboard 

域输入default，账户admin，密码admin

查看账户密码去这个脚本查看

cat /etc/profile.d/openstack-admin.sh

但登录报错

sed -i "/SESSION_ENGINE = 'django.contrib.sessions.backends.cache'/c SESSION_ENGINE = 'django.contrib.sessions.backends.file'" /etc/openstack-dashboard/local_settings
systemctl restart httpd.service memcached.service
systemctl status httpd.service memcached.service

参考解决方法：RuntimeError: Unable to create a new session key. It is likely that the cache is unavailable. – 阿小杜 – 博客园 (cnblogs.com)

解决问题，登录成功

参考学习：(15条消息) openstack-train版本集群部署，openstack组件介绍，openstack自定义镜像创建虚拟机，openstack简单优化_淡泪无痕的博客-CSDN博客_openstack train