用户云计算基础架构服务平台手册

### 版本：先电 iaas V2.2
发布日期：2017年11月1日 南京第五十五所技术开发有限公司
 
版本修订说明 修订版本 修订时间 修订说明
Xiandian-iaas-v2.0 2016年10月28日 云计算基础架构服务平台用户手册2.0
Xiandian-iaas-v2.1 2017年04月20日 修改上个版本已知错误，部分配置文件进行修改优化，修改数据库连接，添加Trove组件，添加系统卸载脚本
Xiandian-iaas-v2.2 2017年11月1日 添加Lbaas组件、Fwaas组件，添加nginx模板使用。 目 录

1. List item

1 基本环境配置 9
1.1安装CentOS7说明 10
1.2配置网络、主机名 10
1.3配置yum源 12
1.4编辑环境变量 14
1.5通过脚本安装服务 15
1.6安装Openstack包 16
1.7配置域名解析 16
1.8配置防火墙和Selinux 16
1.9安装ntp服务 17
1.10通过脚本安装服务 17
1.11安装Mysql数据库服务 17
1.12安装Mongo数据库服务 18
1.13安装RabbitMQ服务 19
1.14安装memcahce 19
2 安装Keystone认证服务 19
2.1 通过脚本安装keystone服务 19
2.2安装keystone服务软件包 20
2.3创建Keystone数据库 20
2.4配置数据库连接 20
2.5为keystone服务创建数据库表 20
2.6创建令牌 20
2.7创建签名密钥和证书 21
2.8定义用户、租户和角 {MOD} 22
2.9创建admin-openrc.sh 23
3 安装Glance镜像服务 24
3.1 通过脚本安装glance服务 24
3.2 安装Glance镜像服务软件包 24
3.3创建Glance数据库 24
3.4配置文件创建数据库连接 24
3.5为镜像服务创建数据库表 25
3.6创建用户 25
3.7配置镜像服务 25
3.8创建Endpoint和API端点 27
3.9启动服务 27
3.10上传镜像 27
4 安装Nova计算服务 27
4.1通过脚本安装nova服务 28
4.2安装Nova 计算服务软件包 28
4.3创建Nova数据库 28
4.4创建计算服务表 29
4.5创建用户 29
4.6配置计算服务 29
4.7创建Endpoint和API端点 31
4.8启动服务 31
4.9验证Nova 31
4.10安装Nova计算服务软件包 31
4.11配置Nova服务 32
4.12检查系统处理器是否支持虚拟机的硬件加速 33
4.13启动 33
4.14 清除防火墙 34
5 安装Neutron网络服务 34
5.1通过脚本安装neutron服务 34
5.2通过脚本创建neutron网络 34
5.3创建Neutron数据库 35
5.4创建用户 35
5.5创建Endpoint和API端点 35
5.6安装neutron网络服务软件包 36
5.7配置Neutron服务 36
5.8 编辑内核 41
5.9 创建数据库 41
5.10 启动服务和创建网桥 41
5.11 安装软件包 42
5.12 配置Neutron服务 42
5.13 编辑内核 45
5.14 启动服务进而创建网桥 45
5.15 选择Neutron网络模式 45
5.15.1 Flat 45
5.15.2 Gre 48
5.15.3 Vlan 51
5.16 网络高级应用 54
5.16.1 负载均衡操作 54
5.16.2 防火墙操作 59
6 安装Dashboard服务 63
6.1通过脚本安装dashboard服务 63
6.2安装Dashboard服务软件包 63
6.3配置 63
6.4启动服务 67
6.5访问 67
6.6创建云主机（gre/vlan） 67
7 安装Cinder块存储服务 67
7.1 通过脚本安装Cinder服务 67
7.2 安装Cinder块存储服务软件包 68
7.3 创建数据库 68
7.4 创建用户 68
7.5 创建Endpoint和API端点 69
7.6 配置Cinder服务 69
7.7 创建数据库 70
7.8 启动服务 71
7.9 安装块存储软件 71
7.10 创建LVM物理和逻辑卷 71
7.11 修改Cinder配置文件 71
7.12 重启服务 73
7.13 验证 73
8 安装Swift对象存储服务 73
8.1通过脚本安装Swift服务 73
8.2创建用户 74
8.3创建Endpoint和API端点 74
8.4 编辑/etc/swift/proxy-server.conf 74
8.5 创建账号、容器、对象 77
8.6 编辑/etc/swift/swift.conf文件 77
8.7 启动服务和赋予权限 78
8.8 安装软件包 78
8.9 配置rsync 78
8.10 配置账号、容器和对象 80
8.11 修改Swift配置文件 82
8.12 重启服务和赋予权限 83
9 安装Trove服务 84
9.1 执行脚本进行安装 84
9.2 安装Trove数据库服务的软件包 84
9.3 创建数据库 84
9.4 创建用户 84
9.5 创建Endpoint和API端点 85
9.6 配置trove.conf文件 85
9.7 配置trove-taskmanager.conf 87
9.8 配置trove-conductor.conf文件 88
9.9 配置trove-guestagent.conf文件 89
9.10 同步数据库 91
9.11 启动服务 91
9.12 上传镜像 91
9.13 创建数据库存储 91
9.14 使用上传的镜像更新数据库 91
10 安装Heat编配服务 92
10.1通过脚本安装heat服务 92
10.2安装heat编配服务软件包 92
10.3创建数据库 92
10.4创建用户 93
10.5创建Endpoint和API端点 93
10.6配置Heat服务 94
10.7创建数据库 96
10.8启动服务 96
10.9 nginx模板 96
11 安装Ceilometer监控服务 99
11.1通过脚本安装Ceilometer服务 99
11.2 安装Ceilometer监控服务软件包 99
11.3 创建数据库 100
11.4 创建用户 100
11.5 创建Endpoint和API端点 100
11.6 配置Ceilometer 100
11.7 启动服务 102
11.8 监控组件 102
11.9 安装软件包 104
11.10 配置Ceilometer 104
12 安装Alarm监控服务 106
12.1通过脚本安装alarm服务 106
12.2 创建数据库 106
12.3 创建keystone用户 107
12.4 创建Endpoint和API 107
12.5 安装软件包 107
12.6 配置aodh 107
12.7 同步数据库 109
12.8 启动服务 109
13 添加控制节点资源到云平台 110
13.1 修改openrc.sh 110
13.2 运行iaas-install-nova-compute.sh 110
14 系统卸载 110
15 Xindian-IaaS-2.2版本升级说明： 110

1 基本环境配置
云计算平台的拓扑图如图1所示，IP地址规划如图1所示。 图1云计算平台拓扑图 本次搭建采用双节点安装，即controller node控制节点和compute node计算节点。enp8s0为外部网络，enp9s0为内部管理网络。存储节点安装操作系统时划分两个空白分区以sda，sdb为例。作为cinder和swift存储磁盘，搭建 ftp服务器作为搭建云平台的yum源。配置文件中密码需要根据实际环境进行配置。
1.1安装CentOS7说明
【CentOS7版本】
CentOS7系统选择1511版本：CentOS-7-x86_64-DVD-1511.iso
【空白分区划分】
CentOS7的安装与CentOS6.5的安装有明显的区别。在CentOS7安装过程中，设置分区都需要一个挂载点，这样一来就无法创建两个空白的磁盘分区作为cinder服务和swift服务的存储磁盘了。
所以我们应该在系统安装过程中留下足够的磁盘大小，系统安装完成后，使用命令parted划分新分区，然后使用mkfs.xfs进行文件系统格式化，完成空白分区的划分。具体命令如下：
[root@compute ~]# parted /dev/md126
(parted) mkpart swift 702G 803G //创建swift分区，从702G到803G
[root@compute ~]# mkfs.xfs /dev/md126p5
1.2配置网络、主机名
修改和添加/etc/sysconfig/network-scripts/ifcfg-enp*（具体的网口）文件。
（1）controller节点
配置网络：
enp8s0: 192.168.100.10
DEVICE=enp8s0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.100.10
PREFIX=24
GATEWAY=192.168.100.1 enp9s0: 192.168.200.10
DEVICE=enp9s0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.200.10
PREFIX=24
配置主机名：

hostnamectl set-hostname controller

按ctrl+d 退出 重新登陆
（2）compute 节点
配置网络：
enp8s0: 192.168.100.20
DEVICE=enp8s0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.100.20
PREFIX=24
GATEWAY=192.168.100.1 enp9s0: 192.168.200.20
DEVICE=enp9s0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.200.20
PREFIX=24 配置主机名：

hostnamectl set-hostname compute

按ctrl+d 退出 重新登陆 1.3配置yum源
#Controller和compute节点
（1）yum源备份
#mv /etc/yum.repos.d/* /opt/
（2）创建repo文件
【controller】
在/etc/yum.repos.d创建centos.repo源文件
[centos]
name=centos
baseurl=file:///opt/centos
gpgcheck=0
enabled=1
[iaas]
name=iaas
baseurl=file:///opt/iaas-repo
gpgcheck=0
enabled=1 【compute】
在/etc/yum.repos.d创建centos.repo源文件
[centos]
name=centos
baseurl=ftp://192.168.100.10/centos
gpgcheck=0
enabled=1
[iaas]
name=iaas
baseurl=ftp://192.168.100.10/iaas-repo
gpgcheck=0
enabled=1 （3）挂载iso文件
【挂载CentOS-7-x86_64-DVD-1511.iso】
[root@controller ~]# mount -o loop CentOS-7-x86_64-DVD-1511.iso /mnt/
[root@controller ~]# mkdir /opt/centos
[root@controller ~]# cp -rvf /mnt/* /opt/centos/
[root@controller ~]# umount /mnt/ 【挂载XianDian-IaaS-v2.2.iso】
[root@controller ~]# mount -o loop XianDian-IaaS-v2.2.iso /mnt/
[root@controller ~]# cp -rvf /mnt/* /opt/
[root@controller ~]# umount /mnt/ （4）搭建ftp服务器，开启并设置自启
[root@controller ~]# yum install vsftpd –y
[root@controller ~]# vi /etc/vsftpd/vsftpd.conf
添加anon_root=/opt/
保存退出 [root@controller ~]# systemctl start vsftpd
[root@controller ~]# systemctl enable vsftpd （5）关闭防火墙并设置开机不自启
【controller/compute】
systemctl stop firewalld
systemctl disable firewalld （6）清除缓存，验证yum源
【controller/compute】

yum clean all

yum list

1.4编辑环境变量

controller和compute节点

yum install iaas-xiandian -y

编辑文件/etc/xiandian/openrc.sh,此文件是安装过程中的各项参数，根据每项参数上一行的说明及服务器实际情况进行配置。
HOST_IP=192.168.100.10
HOST_NAME=controller
HOST_IP_NODE=192.168.100.20
HOST_NAME_NODE=compute
RABBIT_USER=openstack
RABBIT_PASS=000000
DB_PASS=000000
DOMAIN_NAME=demo（自定义）
ADMIN_PASS=000000
DEMO_PASS=000000
KEYSTONE_DBPASS=000000
GLANCE_DBPASS=000000
GLANCE_PASS=000000
NOVA_DBPASS=000000
NOVA_PASS=000000
NEUTRON_DBPASS=000000
NEUTRON_PASS=000000
METADATA_SECRET=000000
INTERFACE_NAME=enp9s0（外网网卡名）
CINDER_DBPASS=000000
CINDER_PASS=000000
TROVE_DBPASS=000000
TROVE_PASS=000000
BLOCK_DISK=md126p4（空白分区名）
SWIFT_PASS=000000
OBJECT_DISK=md126p5（空白分区名）
STORAGE_LOCAL_NET_IP=192.168.100.20
HEAT_DBPASS=000000
HEAT_PASS=000000
CEILOMETER_DBPASS=000000
CEILOMETER_PASS=000000
AODH_DBPASS=000000
AODH_PASS=000000 1.5通过脚本安装服务
1.6-1.9的基础配置操作命令已经编写成shell脚本，通过脚本进行一键安装。如下：

Controller节点和Compute节点

执行脚本iaas-pre-host.sh进行安装

安装完成后同时重启

[root@controller ~]# reboot 1.6安装Openstack包

controller和compute节点

yum -y install openstack-utils openstack-selinux python-openstackclient

yum upgrade

1.7配置域名解析
修改/etc/hosts添加一下内容
（1）controller 节点
20.0.0.10 controller
20.0.0.20 compute
（2）compute 节点
20.0.0.10 controller
20.0.0.20 compute
1.8配置防火墙和Selinux
编辑selinux文件

vi /etc/selinux/config

SELINUX=permissive
关闭防火墙并设置开机不自启

systemctl stop firewalld.service

systemctl disable firewalld.service

yum remove -y NetworkManager firewalld

yum -y install iptables-services

systemctl enable iptables

systemctl restart iptables

iptables -F

iptables -X

iptables -X

service iptables save

1.9安装ntp服务
（1）controller和compute节点

yum -y install ntp

（2）配置controller节点
编辑/etc/ntp.conf文件
添加以下内容（删除默认sever规则）
server 127.127.1.0
fudge 127.127.1.0 stratum 10
启动ntp服务器

service ntpd start

chkconfig ntpd on

（3）配置compute节点

ntpdate controller

chkconfig ntpdate on

1.10通过脚本安装服务
1.11-1.14基础服务的操作命令已经编写成shell脚本，通过脚本进行一键安装。如下：

Controller节点

执行脚本iaas-install-mysql.sh进行安装 1.11安装Mysql数据库服务

yum install mysql mysql-server MySQL-python

修改 /etc/my.cnf文件[mysqld]中添加
max_connections=10000
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = ‘SET NAMES utf8’
character-set-server = utf8
启动服务
#systemctl enable mariadb.service
#systemctl start mariadb.service
配置Mysql
#mysql_secure_installation
修改/usr/lib/systemd/system/mariadb.service
[Service]
新添加两行如下参数：
LimitNOFILE=10000
LimitNPROC=10000
重新加载系统服务，并重启mariadb服务

systemctl daemon-reload

service mariadb restart

按enter确认后设置数据库root密码
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] n
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
（2）compute节点
#yum -y install MySQL-python
1.12安装Mongo数据库服务
#yum install -y mongodb-server mongodb
编辑 /etc/mongod.conf文件
删除bind_ip行
修改 smallfiles = true
#systemctl enable mongod.service
#systemctl start mongod.service
1.13安装RabbitMQ服务

yum install -y rabbitmq-server

systemctl enable rabbitmq-server.service
systemctl restart rabbitmq-server.service
rabbitmqctl add_user openstack 000000
rabbitmqctl set_permissions openstack “." ".” “.*”
1.14安装memcahce
#yum install memcached python-memcached
systemctl enable memcached.service
systemctl restart memcached.service
2 安装Keystone认证服务
#Controller
2.1 通过脚本安装keystone服务
2.2-2.9的认证服务的操作命令已经编写成shell脚本，通过脚本进行一键安装。如下：

Controller节点

执行脚本iaas-install-keystone.sh进行安装。 2.2安装keystone服务软件包
yum install -y openstack-keystone htsRtpd mod_wsgi
2.3创建Keystone数据库

mysql –u root -p（此处数据库密码为之前安装Mysql设置的密码） mysql> CREATE a kDATABASE keystone; mysql> GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@‘localhost’ IDENTIFIED BY ‘KEYSTONE_DBPASS’; mysql> GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@’%’ IDENTIFIED BY ‘KEYSTONE_DBPASS’; mysql> exit

2.4配置数据库连接
#openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
2.5为keystone服务创建数据库表
#su -s /bin/sh -c “keystone-manage db_sync” keystone
2.6创建令牌
#ADMIN_TOKEN=$(openssl rand -hex 10)
#openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
#openstack-config --set /etc/keystone/keystone.conf token provider fernet
2.7创建签名密钥和证书
#keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
修改/etc/httpd/conf/httpd.conf配置文件将ServerName www.example.com:80 替换为ServerName controller
创建/etc/httpd/conf.d/wsgi-keystone.conf文件，内容如下：
Listen 5000
Listen 35357
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat “%{cu}t %M”
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined Require all granted
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat “%{cu}t %M”
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined Require all granted #systemctl enable httpd.service #systemctl start httpd.service 2.8定义用户、租户和角 {MOD} （1）设置环境变量 export OS_TOKEN=$ADMIN_TOKEN export OS_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 （2）创建keystone相关内容 openstack service create --name keystone --description "OpenStack Identity" identity openstack endpoint create --region RegionOne identity public http://controller:5000/v3 openstack endpoint create --region RegionOne identity internal http://controller:5000/v3 openstack endpoint create --region RegionOne identity admin http://controller:35357/v3 openstack domain create --description "Default Domain" default openstack project create --domain default --description "Admin Project" admin openstack user create --domain default --password 000000 admin openstack role create admin openstack role add --project admin --user admin admin openstack project create --domain default --description "Service Project" service openstack project create --domain default --description "Demo Project" demo openstack user create --domain default --password 000000 demo openstack role create user openstack role add --project demo --user demo user （3）清除环境变量 #unset OS_TOKEN OS_URL 2.9创建admin-openrc.sh 创建admin环境变量admin-openrc.sh export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=000000 export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 生效环境变量 #source admin-openrc.sh 3 安装Glance镜像服务 #Controller 3.1 通过脚本安装glance服务 3.2-3.9的镜像服务的操作命令已经编写成shell脚本，通过脚本进行一键安装。如下： # Controller 节点 执行脚本iaas-install-glance.sh进行安装 3.2 安装Glance镜像服务软件包

yum install -y openstack-glance

3.3创建Glance数据库
#mysql -u root -p
mysql> CREATE DATABASE glance;
mysql> GRANT ALL PRIVILEGES ON glance.* TO ‘glance’@‘localhost’ IDENTIFIED BY ‘GLANCE_DBPASS’;
mysql> GRANT ALL PRIVILEGES ON glance.* TO ‘glance’@’%’ IDENTIFIED BY ‘GLANCE_DBPASS’;
3.4配置文件创建数据库连接

openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance

#openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
3.5为镜像服务创建数据库表

su -s /bin/sh -c “glance-manage db_sync” glance

3.6创建用户
openstack user create --domain default --password 000000 glance
openstack role add --project service --user glance admin
3.7配置镜像服务
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password 000000
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-api.conf paste_deploy config_file /usr/share/glance/glance-api-dist-paste.ini
openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http
openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password 000000
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-registry.conf paste_deploy config_file /usr/share/glance/glance-registry-dist-paste.ini
3.8创建Endpoint和API端点
openstack service create --name glance --description “OpenStack Image” image
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
3.9启动服务
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl restart openstack-glance-api.service openstack-glance-registry.service
3.10上传镜像
首先下载（Wget）提供的系统镜像到本地，本次以上传CentOS6.5x86_64镜像为例。
可以安装Wget，从Ftp服务器上下载镜像到本地。

source /etc/keystone/admin-openrc.sh

glance image-create --name “CentOS7.0” --disk-format qcow2 --container-format bare --progress < /opt/iaas/images/centos_7-x86_64_xiandian.qcow2

4 安装Nova计算服务
#Controller
4.1通过脚本安装nova服务
4.2-4.14计算服务的操作命令已经编写成shell脚本，通过脚本进行一键安装。如下：
#Controller节点
执行脚本iaas-install-nova-controller.sh进行安装
#Compute节点
执行脚本iaas-install-nova-compute.sh进行安装 4.2安装Nova 计算服务软件包

yum install -y openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler

4.3创建Nova数据库

mysql -u root -p

mysql> CREATE DATABASE nova;
mysql> GRANT ALL PRIVILEGES ON nova.* TO ‘nova’@‘localhost’ IDENTIFIED BY ‘NOVA_DBPASS’;
mysql> GRANT ALL PRIVILEGES ON nova.* TO ‘nova’@’%’ IDENTIFIED BY ‘NOVA_DBPASS’;
mysql> create database IF NOT EXISTS nova_api;
mysql> GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova’@‘localhost’ IDENTIFIED BY ‘NOVA_DBPASS’ ;
mysql> GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova’@’%’ IDENTIFIED BY ‘NOVA_DBPASS’ ;
修改数据库连接
openstack-config --set /etc/nova/nova.conf database connection mysql+pymysql://nova:NOVA_DBPASS@controller/nova
openstack-config --set /etc/nova/nova.conf api_database connection mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
4.4创建计算服务表
su -s /bin/sh -c “nova-manage db sync” nova
su -s /bin/sh -c “nova-manage api_db sync” nova
4.5创建用户
openstack user create --domain default --password 000000 nova
openstack role add --project service --user nova admin
4.6配置计算服务
openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 20.0.0.10
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron True
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf DEFAULT metadata_listen 0.0.0.0
openstack-config --set /etc/nova/nova.conf DEFAULT metadata_listen_port 8775
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password 000000
openstack-config --set /etc/nova/nova.conf vnc vncserver_listen 20.0.0.10
openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address 20.0.0.10
openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
4.7创建Endpoint和API端点
openstack service create --name nova --description “OpenStack Compute” compute
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1/%(tenant_id)s
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1/%(tenant_id)s
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1/%(tenant_id)s
4.8启动服务
systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
4.9验证Nova
#nova image-list #Compute
4.10安装Nova计算服务软件包
yum install lvm2 -y
yum install openstack-nova-compute -y
4.11配置Nova服务
openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password 000000
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 20.0.0.20
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron True
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf vnc enabled True
openstack-config --set /etc/nova/nova.conf vnc vncserver_listen 0.0.0.0
openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address 20.0.0.20
openstack-config --set /etc/nova/nova.conf vnc novncproxy_base_url http://20.0.0.10:6080/vnc_auto.html
openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
openstack-config --set /etc/nova/nova.conf libvirt inject_key True
4.12检查系统处理器是否支持虚拟机的硬件加速
执行命令
#egrep -c ‘(vmx|svm)’ /proc/cpuinfo
（1）如果该命令返回一个1或更大的值,说明你的系统支持硬件加速，通常不需要额外的配置。
（2）如果这个指令返回一个0值，说明你的系统不支持硬件加速，你必须配置libvirt取代KVM来使用QEMU。

openstack-config --set /etc/nova/nova.conf libvirt virt_type qemu

4.13启动
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
4.14 清除防火墙
controller和compute节点
iptables -F
iptables -X
iptables -Z
/usr/libexec/iptables/iptables.init save
5 安装Neutron网络服务
#Controller节点
5.1通过脚本安装neutron服务
5.3-5.14网络服务的操作命令已经编写成shell脚本，通过脚本进行一键安装。如下：
#Controller节点
执行脚本iaas-install-neutron-controller.sh进行安装
#Compute节点
执行脚本iaas-install-neutron-compute.sh进行安装 5.2通过脚本创建neutron网络
5.15网络服务的操作命令已经编写成shell脚本，通过脚本进行一键安装。如下： 创建flat网络
#Controller节点
执行脚本iaas-install-neutron-controller-flat.sh进行安装
#Compute节点
执行脚本iaas-install-neutron-compute-flat.sh进行安装 创建gre网络
#Controller节点
执行脚本iaas-install-neutron-controller-gre.sh进行安装
#Compute节点
执行脚本iaas-install-neutron-compute-gre.sh进行安装 创建vlan网络
#Controller节点
执行脚本iaas-install-neutron-controller-vlan.sh进行安装
#Compute节点
执行脚本iaas-install-neutron-compute-vlan.sh进行安装 5.3创建Neutron数据库
#mysql -u root -p
mysql> CREATE DATABASE neutron;
mysql> GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron’@‘localhost’ IDENTIFIED BY ‘000000’;
mysql> GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron’@’%’ IDENTIFIED BY ‘000000’;
5.4创建用户
openstack user create --domain default --password 000000 neutron
openstack role add --project service --user neutron admin
5.5创建Endpoint和API端点
openstack service create --name neutron --description “OpenStack Networking” network
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
5.6安装neutron网络服务软件包

yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables openstack-neutron-openvswitch openstack-neutron-lbaas python-neutron-lbaas haproxy openstack-neutron-fwaas

5.7配置Neutron服务
openstack-config --set /etc/neutron/neutron.conf database connection mysql://neutron:000000@controller/neutron
openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router
openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password 000000
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True
openstack-config --set /etc/neutron/neutron.conf nova auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf nova auth_type password
openstack-config --set /etc/neutron/neutron.conf nova project_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova user_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne
openstack-config --set /etc/neutron/neutron.conf nova project_name service
openstack-config --set /etc/neutron/neutron.conf nova username nova
openstack-config --set /etc/neutron/neutron.conf nova password 000000
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan,gre,vxlan,local
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch,l2population
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_security_group true
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver iptables_hybrid
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata True
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini agent l2_population True
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini agent prevent_arp_spoofing True
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs integration_bridge br-int
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini securitygroup firewall_driver iptables_hybrid
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_ip 20.0.0.10
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret 000000
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_port 8775
openstack-config --set /etc/nova/nova.conf DEFAULT auto_assign_floating_ip True
openstack-config --set /etc/nova/nova.conf DEFAULT metadata_listen 0.0.0.0
openstack-config --set /etc/nova/nova.conf DEFAULT metadata_listen_port 8775
openstack-config --set /etc/nova/nova.conf DEFAULT scheduler_default_filters ‘AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter’
openstack-config --set /etc/nova/nova.conf DEFAULT compute_driver libvirt.LibvirtDriver
openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf neutron auth_type password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name default
openstack-config --set /etc/nova/nova.conf neutron user_domain_name default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password 20.0.0.10
openstack-config --set /etc/nova/nova.conf neutron service_metadata_proxy True
openstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret 000000
5.8 编辑内核
编辑文件/etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0
生效配置
sysctl –p
5.9 创建数据库
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c “neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head” neutron
5.10 启动服务和创建网桥
systemctl restart openvswitch
systemctl enable openvswitch
ovs-vsctl add-br br-int
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service neutron-openvswitch-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl restart neutron-server.service neutron-openvswitch-agent neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service
systemctl restart neutron-l3-agent.service
#Compute节点
5.11 安装软件包
yum install openstack-neutron-linuxbridge ebtables ipset openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch –y
5.12 配置Neutron服务
openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router
openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password 000000
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan,gre,vxlan,local
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch,l2population
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_security_group true
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver iptables_hybrid
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini agent l2_population True
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini agent prevent_arp_spoofing True
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs integration_bridge br-int
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini securitygroup firewall_driver iptables_hybrid
openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf neutron auth_type password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name default
openstack-config --set /etc/nova/nova.conf neutron user_domain_name default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password 000000
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron True
openstack-config --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf DEFAULT vif_plugging_is_fatal True
openstack-config --set /etc/nova/nova.conf DEFAULT vif_plugging_timeout 300
5.13 编辑内核
编辑文件/etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0
生效配置
sysctl –p
5.14 启动服务进而创建网桥
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
systemctl restart openvswitch
systemctl enable openvswitch
ovs-vsctl add-br br-int
systemctl restart openstack-nova-compute.service
systemctl restart openstack-nova-compute neutron-metadata-agent
systemctl restart neutron-openvswitch-agent
systemctl enable neutron-openvswitch-agent neutron-metadata-agent
5.15 选择Neutron网络模式
以下任意选择一种方式进行安装
5.15.1 Flat
#Controller节点
# source /etc/xiandian/openrc.sh

source /etc/keystone/admin-openrc.sh

ovs-vsctl add-br br-ex

修改/etc/sysconfig/network-scripts/ifcfg-enp9s0配置如下：
DEVICE=enp9s0
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
修改完成后执行以下命令

ovs-vsctl add-port br-ex enp9s0

systemctl restart network

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks physnet1

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types flat

openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs bridge_mappings physnet1:br-ex

systemctl restart neutron-openvswitch-agent

配置lbaas服务
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router,lbaas
openstack-config --set /etc/neutron/neutron_lbaas.conf service_providers service_provider LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
openstack-config --set /etc/neutron/lbaas_agent.ini DEFAULT device_driver neutron_lbaas.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver
openstack-config --set /etc/neutron/lbaas_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
openstack-config --set /etc/neutron/lbaas_agent.ini haproxy user_group haproxy
创建数据库
neutron-db-manage --service lbaas upgrade head
重启服务
systemctl restart neutron-server neutron-lbaas-agent
systemctl enabled neutron-server neutron-lbaas-agent
#Compute节点

ovs-vsctl add-br br-ex

修改/etc/sysconfig/network-scripts/ifcfg-enp9s0配置如下：
DEVICE=enp9s0
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
修改完成后执行以下命令

ovs-vsctl add-port br-ex enp9s0

systemctl restart network

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks physnet1

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types flat

openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs bridge_mappings physnet1:br-ex

systemctl restart neutron-openvswitch-agent

创建FLAT网络

Controller节点

tenantID=openstack project list | grep service | awk '{print $2}'
neutron net-create --tenant-id KaTeX parse error: Expected 'EOF', got '#' at position 108: …t1 5.15.2 Gre #̲Controller节点 op…minvlan:KaTeX parse error: Expected 'EOF', got '#' at position 655: …tron-l3-agent #̲Compute节点 opens…minvlan:$maxvlan(最小vlan号：最大vlanID号)
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini securitygroup firewall_driver iptables_hybrid
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge br-ex
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs bridge_mappings physnet1:br-ex
ovs-vsctl add-br br-ex
修改/etc/sysconfig/network-scripts/ifcfg-enp9s0配置如下：
DEVICE=enp9s0
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
修改完成后执行以下命令
ovs-vsctl add-port br-ex enp9s0
systemctl restart network
systemctl restart neutron-openvswitch-agent
配置lbaas服务
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router,lbaas,firewall
openstack-config --set /etc/neutron/neutron_lbaas.conf service_providers service_provider LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
openstack-config --set /etc/neutron/lbaas_agent.ini DEFAULT device_driver neutron_lbaas.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver
openstack-config --set /etc/neutron/lbaas_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
openstack-config --set /etc/neutron/lbaas_agent.ini haproxy user_group haproxy
配置fwaas服务
openstack-config --set /etc/neutron/neutron.conf service_providers FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default
openstack-config --set /etc/neutron/fwaas_driver.ini fwaas driver neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
openstack-config --set /etc/neutron/fwaas_driver.ini fwaas enabled True
创建数据库
neutron-db-manage --service lbaas upgrade head
neutron-db-manage --subproject neutron-fwaas upgrade head
重启服务
systemctl restart neutron-server neutron-lbaas-agent systemctl restart neutron-l3-agent
systemctl enabled neutron-lbaas-agent
创建Vlan网络

Controller节点

neutron net-create ext-net --router:external True --provider:physical_network physnet1 --provider:network_type flat
neutron net-create demo-net --tenant-id openstack project list |grep -w admin |awk '{print $2}' --provider:network_type vlan
5.16 网络高级应用
5.16.1 负载均衡操作
（1）新增资源池 （2）为负载均衡资源池添加云主机成员（web页面），选择要添加的资源池以及成员云主机，设置协议端口。 （3）负载均衡资源池添加VIP，VIP子网需可以和云主机成员子网通信 （4）新增监控，建立成员云主机监控规则。 设置资源池关联监控 选择监控规则 （5）负载均衡器绑定浮动IP，（此网络模式为gre网络，需绑定浮动IP；flat网络模式不需要绑定浮动IP，即直接访问资源池VIP即可；vlan网络模式，如VIP为外部可访问地址，也可直接访问VIP地址，否则，需绑定浮动IP。） 分配访问浮动IP地址 访问负载均衡IP地址：http://172.30.11.7/ 5.16.2 防火墙操作
GRE和VLAN网络模式可以使用fwaas防火墙服务，Flat不能使用防火墙功能。 （1）新建防火墙规则 （2）新建防火墙策略 在防火墙策略中添加防火墙规则。 （3）创建防火墙 防火墙选择所作用于的路由。 （4）web-2是一个nginx服务器，通过页面访问http://172.30.11.4 6 安装Dashboard服务
6.1通过脚本安装dashboard服务
6.2-6.4dashboard的操作命令已经编写成shell脚本，通过脚本进行一键安装。如下：
#Controller
执行脚本iaas-install-dashboard.sh进行安装 6.2安装Dashboard服务软件包

yum install openstack-dashboard –y

6.3配置
修改/etc/openstack-dashboard/local_settings内容如下
修改
import os
from django.utils.translation import ugettext_lazy as _
from openstack_dashboard import exceptions
from openstack_dashboard.settings import HORIZON_CONFIG
DEBUG = False
TEMPLATE_DEBUG = DEBUG
WEBROOT = ‘/dashboard/’
ALLOWED_HOSTS = [’’,‘localhost’]
OPENSTACK_API_VERSIONS = {
“identity”: 3,
“volume”: 2,
“compute”: 2,
}
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = ‘default’
LOCAL_PATH = ‘/tmp’
SECRET_KEY=‘e2cf67af77d15971b311’
SESSION_ENGINE = ‘django.contrib.sessions.backends.cache’
CACHES = {
‘default’: {
‘BACKEND’: ‘django.core.cache.backends.memcached.MemcachedCache’,
‘LOCATION’: ‘127.0.0.1:11211’,
},
}
EMAIL_BACKEND = ‘django.core.mail.backends.console.EmailBackend’
OPENSTACK_HOST = “controller”
OPENSTACK_KEYSTONE_URL = “http://%s:5000/v3” % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = “user”
OPENSTACK_KEYSTONE_BACKEND = {
‘name’: ‘native’,
‘can_edit_user’: True,
‘can_edit_group’: True,
‘can_edit_project’: True,
‘can_edit_domain’: True,
‘can_edit_role’: True,
}
OPENSTACK_HYPERVISOR_FEATURES = {
‘can_set_mount_point’: False,
‘can_set_password’: False,
‘requires_keypair’: False,
}
OPENSTACK_CINDER_FEATURES = {
‘enable_backup’: False,
}
OPENSTACK_NEUTRON_NETWORK = {
‘enable_router’: True,
‘enable_quotas’: True,
‘enable_ipv6’: True,
‘enable_distributed_router’: False,
‘enable_ha_router’: False,
‘enable_lb’: True,
‘enable_firewall’: True,
‘enable_vpn’: True,
‘enable_fip_topology_check’: True,
‘default_ipv4_subnet_pool_label’: None,
‘default_ipv6_subnet_pool_label’: None,
‘profile_support’: None,
‘supported_provider_types’: [’’],
‘supported_vnic_types’: [’*’],
}
OPENSTACK_HEAT_STACK = {
‘enable_user_pass’: True,
}
IMAGE_CUSTOM_PROPERTY_TITLES = {
“architecture”: _(“Architecture”),
“kernel_id”: _(“Kernel ID”),
“ramdisk_id”: _(“Ramdisk ID”),
“image_state”: _(“Euca2ools state”),
“project_id”: _(“Project ID”),
“image_type”: _(“Image Type”),
}
IMAGE_RESERVED_CUSTOM_PROPERTIES = []
API_RESULT_LIMIT = 1000
API_RESULT_PAGE_SIZE = 20
SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024
DROPDOWN_MAX_ITEMS = 30
TIME_ZONE = “UTC”
POLICY_FILES_PATH = ‘/etc/openstack-dashboard’
LOGGING = {
…
}
SECURITY_GROUP_RULES = {
…
}
REST_API_REQUIRED_SETTINGS = [‘OPENSTACK_HYPERVISOR_FEATURES’,
‘LAUNCH_INSTANCE_DEFAULTS’]
6.4启动服务

systemctl restart httpd.service memcached.service

6.5访问
打开浏览器访问Dashboard
http://controller（或本机内网ip）/dashboard
注：检查防火墙规则，确保允许http服务相关端口通行，或者关闭防火墙。 6.6创建云主机（gre/vlan）
（1）管理员 → 网络 → 创建网络（内外网） → 创建子网（外网填服务器的外网网段） （2）项目 → 网络 → 路由 → 新建路由 → 添加网关和内网接口 （3）项目 → 计算 → 访问安全 → 管理规则 → 添加规则（ICMP、TCP、UDP） （4）项目 → 计算 → 云主机 → 创建云主机 → 绑定浮动IP 7 安装Cinder块存储服务
7.1 通过脚本安装Cinder服务
7.2-7.13块存储服务的操作命令已经编写成shell脚本，通过脚本进行一键安装。如下：
#Controller
执行脚本iaas-install-cinder-controller.sh进行安装
#Compute节点
执行脚本iaas-install-cinder-compute.sh进行安装 7.2 安装Cinder块存储服务软件包

yum install openstack-cinder

修改权限配置文件，修改文件/etc/cinder/policy.json，将consistencygroup权限修改为空，修改如下：
“consistencygroup:create” : “”,
“consistencygroup:delete”: “”,
“consistencygroup:update”: “”,
“consistencygroup:get”: “”,
“consistencygroup:get_all”: “”,
“consistencygroup:create_cgsnapshot” : “”,
“consistencygroup:delete_cgsnapshot”: “”,
“consistencygroup:get_cgsnapshot”: “”,
“consistencygroup:get_all_cgsnapshots”: “”,
7.3 创建数据库

mysql -u root -p

mysql> CREATE DATABASE cinder;
mysql> GRANT ALL PRIVILEGES ON cinder.* TO ‘cinder’@‘localhost’ IDENTIFIED BY ‘000000’;
mysql> GRANT ALL PRIVILEGES ON cinder.* TO ‘cinder’@’%’ IDENTIFIED BY ‘000000’;
7.4 创建用户
openstack user create --domain default --password 000000 cinder
openstack role add --project service --user cinder admin
7.5 创建Endpoint和API端点
openstack service create --name cinder --description “OpenStack Block Storage” volume
openstack service create --name cinderv2 --description “OpenStack Block Storage” volumev2
openstack endpoint create --region RegionOne volume public http://controller:8776/v1/%(tenant_id)s
openstack endpoint create --region RegionOne volume internal http://controller:8776/v1/%(tenant_id)s
openstack endpoint create --region RegionOne volume admin http://controller:8776/v1/%(tenant_id)s
openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%(tenant_id)s
openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%(tenant_id)s
openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%(tenant_id)s
7.6 配置Cinder服务
openstack-config --set /etc/cinder/cinder.conf database connection mysql+pymysql://cinder:000000@controller/cinder
openstack-config --set /etc/cinder/cinder.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/cinder/cinder.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_type password
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_domain_name