文档
OpenStack 涵盖太多知识量,总是找不到一个称心的官方文档
-
OpenStack Installation Guide for Red Hat Enterprise Linux and CentOS
这个是中文版的,但是 UPDATED: 2017-06-12 11:14 ,很古老了!基本概念和思想还是一样的 -
https://docs.openstack.org/install-guide/launch-instance-provider.html
这个是英文版的,更新日期也是最新的 -
RDO 官方安装文档
这里只有 CentOS 8 ,没有 CentOS 7 的 -
Neutron with existing external network
主要就是折腾网络,最终解决桥接配置还是照着这里操作完成的
学习环境和过程
- 前后使用过 VirtualBox 虚拟机 8G 内存 和 Hyper-V 虚拟机 16G 内存
都是单网卡 - 足够的耐心,开始不熟悉的时候,错了重来!所以,多准备几个新的虚拟机,过程中多做几次快照,以便回滚
- 不同的国内源,版本可能不一样,所以,报错也不一样,我这里最终选择的阿里源
- 本文实际环境:
CentOS-7-x86_64-DVD-2009.iso
内存 : 16G
IP : 192.168.0.151
hostname : centos7-151
简单起见,直接 root 登录
安装过程
-
准备网络和防火墙
# systemctl disable firewalld# systemctl stop firewalld# systemctl disable NetworkManager# systemctl stop NetworkManager# systemctl enable network# systemctl start network# hostnamectl set-hosrname centos7-151# vim /etc/hosts 加上192.168.0.151 centos7-151# vim /etc/selinux/config SELINUX=disabled配置国内源:我选择的是 阿里源这些准备好,并且 yum update 之后,做一份快照或者复制一份虚拟机备用
-
查询并安装合适的版本
# yum list centos-release-openstack* 已加载插件:fastestmirror Loading mirror speeds from cached hostfile* base: mirrors.aliyun.com* extras: mirrors.aliyun.com* updates: mirrors.aliyun.com 可安装的软件包 centos-release-openstack-queens.noarch 1-2.el7.centos extras centos-release-openstack-rocky.noarch 1-1.el7.centos extras centos-release-openstack-stein.noarch 1-1.el7.centos extras centos-release-openstack-train.noarch 1-1.el7.centos extras我开始学习时,囫囵的抄写别人,安装的 centos-release-openstack-train
后来改用了最新的 centos-release-openstack-queens# yum install centos-release-openstack-queens.noarch# yum update -y继续查询 openstack-packstack
# yum list openstack-packstack* 已加载插件:fastestmirror Loading mirror speeds from cached hostfile* base: mirrors.aliyun.com* centos-qemu-ev: mirrors.huaweicloud.com* extras: mirrors.aliyun.com* updates: mirrors.aliyun.com 可安装的软件包 openstack-packstack.noarch 1:12.0.1-1.el7 centos-openstack-queens openstack-packstack-doc.noarch 1:12.0.1-1.el7 centos-openstack-queens openstack-packstack-puppet.noarch 1:12.0.1-1.el7 centos-openstack-queens安装 openstack-packstack
# yum install -y openstack-packstack.noarch -
提前准备过程中会出现的错误处理
可以不必其前准备,待安装过程报错之后,分别处理
然后重新运行 (换成自己的 answer-file)# packstack --answer-file=packstack-answers-20221002-170651.txt-
. 降级 leatherman
# yum list installed | grep leathermaleatherman.x86_64 1.10.0-1.el7 @epel # yum downgrade leatherman
2). 应对 openstack-keystone 错误
# yum -d 0 -e 0 -y install openstack-keystone错误:软件包:python2-qpid-proton-0.22.0-1.el7.x86_64 (centos-openstack-queens)需要:qpid-proton-c(x86-64) = 0.22.0-1.el7可用: qpid-proton-c-0.14.0-2.el7.x86_64 (extras)qpid-proton-c(x86-64) = 0.14.0-2.el7可用: qpid-proton-c-0.17.0-4.el7.x86_64 (centos-openstack-queens)qpid-proton-c(x86-64) = 0.17.0-4.el7可用: qpid-proton-c-0.22.0-1.el7.x86_64 (centos-openstack-queens)qpid-proton-c(x86-64) = 0.22.0-1.el7正在安装: qpid-proton-c-0.37.0-1.el7.x86_64 (epel)qpid-proton-c(x86-64) = 0.37.0-1.el7您可以尝试添加 --skip-broken 选项来解决该问题您可以尝试执行:rpm -Va --nofiles --nodigest# yum -y install qpid-proton-c-0.22.0-1.el7.x86_643). 应对错误: Error: Execution of ‘/usr/bin/yum -d 0 -e 0 -y install openstack-ceilometer-ipmi’ returned 1:
# yum -d 0 -e 0 -y install openstack-ceilometer-ipmiDelta RPMs disabled because /usr/bin/applydeltarpm not installed.# yum -d 0 -e 0 -y install openstack-ceilometer-ipmiDelta RPMs disabled because /usr/bin/applydeltarpm not installed.[root@centos7-15 ~]# yum install applydeltarpm已加载插件:fastestmirrorLoading mirror speeds from cached hostfile* base: mirrors.aliyun.com* centos-qemu-ev: mirrors.bupt.edu.cn* extras: mirrors.aliyun.com* updates: mirrors.aliyun.com没有可用软件包 applydeltarpm。错误:无须任何处理# yum -d 0 -e 0 -y install openstack-ceilometer-ipmi软件包 1:openstack-ceilometer-ipmi-10.0.1-1.el7.noarch 已安装并且是最新版本 -
-
开始 all-in-one
建议开始之前,做一份快照备用,除非已经很熟悉错误处理# packstack --allinone --provision-demo=n直接 packstack --allinone 会配置一份 demo 项目,开始学习时,反而扰乱视听
按照 Neutron with existing external network 加上网桥参数,最终经过对比 answer 文件以及实际结果,没有发现差别,可能是英文理解问题
# packstack --allinone --provision-demo=n --os-neutron-ovn-bridge-mappings=extnet:br-ex --os-neutron-ovn-bridge-interfaces=br-ex:eth0
安装完成,配置网桥
-
修改桥接网卡配置
修改之前查看一下# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000link/ether 00:15:5d:5a:a6:59 brd ff:ff:ff:ff:ff:ffinet 192.168.0.151/24 brd 192.168.0.255 scope global eth0valid_lft forever preferred_lft foreverinet6 fe80::215:5dff:fe5a:a659/64 scope link valid_lft forever preferred_lft forever 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000link/ether 36:8c:b5:5a:43:a1 brd ff:ff:ff:ff:ff:ff 4: br-ex: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000link/ether 82:c0:23:69:97:44 brd ff:ff:ff:ff:ff:ffinet6 fe80::80c0:23ff:fe69:9744/64 scope link valid_lft forever preferred_lft forever 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000link/ether 4a:2a:82:f4:b5:43 brd ff:ff:ff:ff:ff:ff 6: br-tun: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000link/ether fa:e3:41:fe:d0:4b brd ff:ff:ff:ff:ff:ff按照 Neutron with existing external network ,配置 ifcfg-br-ex 和 ifcfg-eth0 文件
修改并 reboot 之后,再次查看
# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master ovs-system state UP group default qlen 1000link/ether 00:15:5d:5a:a6:59 brd ff:ff:ff:ff:ff:ffinet6 fe80::215:5dff:fe5a:a659/64 scope link valid_lft forever preferred_lft forever 3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000link/ether ea:29:03:97:a3:20 brd ff:ff:ff:ff:ff:ff 6: br-int: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN group default qlen 1000link/ether 4a:2a:82:f4:b5:43 brd ff:ff:ff:ff:ff:ff 8: br-tun: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000link/ether fa:e3:41:fe:d0:4b brd ff:ff:ff:ff:ff:ff 9: br-ex: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000link/ether 00:15:5d:5a:a6:59 brd ff:ff:ff:ff:ff:ffinet 192.168.0.151/24 brd 192.168.0.255 scope global br-exvalid_lft forever preferred_lft foreverinet6 fe80::215:5dff:fe5a:a659/64 scope link valid_lft forever preferred_lft forever 11: qbr811577b5-22: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default qlen 1000link/ether ba:9b:cd:9f:78:a4 brd ff:ff:ff:ff:ff:ff 12: qvo811577b5-22@qvb811577b5-22: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1450 qdisc noqueue master ovs-system state UP group default qlen 1000link/ether 52:0b:51:28:c3:df brd ff:ff:ff:ff:ff:ffinet6 fe80::500b:51ff:fe28:c3df/64 scope link valid_lft forever preferred_lft forever 13: qvb811577b5-22@qvo811577b5-22: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1450 qdisc noqueue master qbr811577b5-22 state UP group default qlen 1000link/ether ba:9b:cd:9f:78:a4 brd ff:ff:ff:ff:ff:ffinet6 fe80::b89b:cdff:fe9f:78a4/64 scope link valid_lft forever preferred_lft forever 16: qbr654bc70b-d9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default qlen 1000link/ether 16:aa:47:7e:4c:93 brd ff:ff:ff:ff:ff:ff 17: qvo654bc70b-d9@qvb654bc70b-d9: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1450 qdisc noqueue master ovs-system state UP group default qlen 1000link/ether 36:8c:53:d5:b3:3f brd ff:ff:ff:ff:ff:ffinet6 fe80::348c:53ff:fed5:b33f/64 scope link valid_lft forever preferred_lft forever 18: qvb654bc70b-d9@qvo654bc70b-d9: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1450 qdisc noqueue master qbr654bc70b-d9 state UP group default qlen 1000link/ether 16:aa:47:7e:4c:93 brd ff:ff:ff:ff:ff:ffinet6 fe80::14aa:47ff:fe7e:4c93/64 scope link valid_lft forever preferred_lft forever 19: tap654bc70b-d9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast master qbr654bc70b-d9 state UNKNOWN group default qlen 1000link/ether fe:16:3e:dc:0f:c9 brd ff:ff:ff:ff:ff:ffinet6 fe80::fc16:3eff:fedc:fc9/64 scope link valid_lft forever preferred_lft forever
创建外网和外网子网
抄写 Neutron with existing external network 并修改成自己的网络参数
# . keystonerc_admin# neutron net-create external_network --provider:network_type flat --provider:physical_network extnet --router:external# neutron subnet-create --name public_subnet --enable_dhcp=False --allocation-pool=start=192.168.0.10,end=192.168.0.20 \--gateway=192.168.0.81 external_network 192.168.0.0/24
按照个人经验,项目私有内部网络创建、路由、实例等操作留待浏览器控制台操作
文档中写到这里,又切换到新用户新项目去,后续命令行操作反而会出现多份 default 等混乱
下载并配置一份镜像
上这里 http://download.cirros-cloud.net/找一下最新的 cirror 镜像,我找的时候最新的是 0.5.2
# wget http://download.cirros-cloud.net/0.5.2/cirros-0.5.2-x86_64-disk.img# openstack image create "cirros_1" --file cirros-0.5.2-x86_64-disk.img --disk-format qcow2 --container-format bare --public
生成一个键值对
按照启动一个实例这里继续操作
不再生成,直接上传# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
增加安全组规则
允许 ICMP (ping):
# openstack security group rule create --proto icmp default允许安全 shell (SSH) 的访问:
# openstack security group rule create --proto tcp --dst-port 22 default
浏览器登录 dashboard
# cat keystonerc_admin
unset OS_SERVICE_TOKENexport OS_USERNAME=adminexport OS_PASSWORD='b5f5521added4ab2'export OS_REGION_NAME=RegionOneexport OS_AUTH_URL=http://192.168.0.151:5000/v3export PS1='[\u@\h \W(keystone_admin)]\$ 'export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_IDENTITY_API_VERSION=3
http://192.168.0.151/dashboard/auth/login/?next=/dashboard/project/
- 按照以上用户密码登录,直接操作 admin 项目
2. 创建内网子网
使用 DHCP
- 新建路由
点击路由,增加内网接口
确认网络拓扑
确认 ping 路由
[root@centos7-151 ~]# ping 192.168.0.12
PING 192.168.0.12 (192.168.0.12) 56(84) bytes of data.
64 bytes from 192.168.0.12: icmp_seq=1 ttl=64 time=0.910 ms
64 bytes from 192.168.0.12: icmp_seq=2 ttl=64 time=0.086 ms
64 bytes from 192.168.0.12: icmp_seq=3 ttl=64 time=0.093 ms
-
新建一个虚拟机实例
过程忽略
最终结果如下
-
ping 测试
[root@centos7-151 ~]# ping 192.168.0.11PING 192.168.0.11 (192.168.0.11) 56(84) bytes of data.64 bytes from 192.168.0.11: icmp_seq=1 ttl=63 time=6.23 ms -
ssh 测试
# ssh cirros@192.168.0.11登录到虚拟机
$ ip a1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast qlen 1000link/ether fa:16:3e:a7:a3:f6 brd ff:ff:ff:ff:ff:ffinet 10.2.1.3/24 brd 10.2.1.255 scope global eth0valid_lft forever preferred_lft foreverinet6 fe80::f816:3eff:fea7:a3f6/64 scope link valid_lft forever preferred_lft forever$ uname -aLinux vm-20221009 5.3.0-26-generic #28~18.04.1-Ubuntu SMP Wed Dec 18 16:40:14 UTC 2019 x86_64 GNU/Linux
