参考文章

[https://www.rdoproject.org/in...]
[https://www.rdoproject.org/ne...]
[http://openstack-opflex.cisco...]
[http://onecloudclass.com/advn...]

(1)安装好CentOS Mini版,修改root密码,复杂密码,配置SSH 免密码登录,禁用密码登录

ssh-copy-id -i ~/.ssh/id_rsa.pub root@120.52.8.142
vi /etc/ssh/sshd_config
启用密钥验证
RSAAuthentication yes
PubkeyAuthentication yes
禁用密码登录
PasswordAuthentication yes 改为
PasswordAuthentication no
重启SSH服务
systemctl restart sshd.service

(2)准备安装环境

vi /etc/environment
LANG=en_US.utf-8
LC_ALL=en_US.utf-8

systemctl disable firewalld
systemctl stop firewalld
systemctl disable NetworkManager
systemctl stop NetworkManager
systemctl enable network
systemctl start network

(3)安装packstack

yum install -y https://rdoproject.org/repos/rdo-release.rpm
yum install -y centos-release-openstack-pike
yum update -y
yum install openstack-utils openstack-selinux -y
yum install -y openstack-packstack

(4)使用PackStack 安装All-in-One OpenStack

packstack --allinone --provision-demo=n --os-neutron-ovs-bridge-mappings=extnet:br-ex --os-neutron-ovs-bridge-interfaces=br-ex:ens2f0 --os-neutron-ml2-type-drivers=vxlan,flat

以上将物理网卡ens2f0与br-ex进行桥接。
安装所需时间与服务器性能相关,约20~30分钟,甚至更长。

The --provider-physical-network provider and --provider-network-type flat options connect the flat virtual network to the flat (native/untagged) physical network on the eth1 interface on the host using information from the following files:
ml2_conf.ini:
[ml2_type_flat]
flat_networks = provider
linuxbridge_agent.ini:
[linux_bridge]
physical_interface_mappings = provider:eth1

PackStack安装后,ml2_conf.ini和openvswitch-agent.ini的上述配置如下:

[ml2_type_flat]
flat_networks = *
openvswitch_agent.ini:
[openvswitch]
bridge_mappings=extnet:br-ex

缺省配置下,实例化镜像的时候,会出现以下告警:
No valid host was found. There are not enough hosts available. 修改nova.conf
scheduler_default_filters=AllHostsFilter

[http://lists.openstack.org/pi...]
Issue got resolved.
following changes in both the nova.conf (controller node and compute node )
scheduler_default_filters=AllHostsFilter
ram_allocation_ratio=3.0

(5)安装完毕以后的网卡配置被自动修改,参考如下:

[br-ex]

DEVICE=br-ex
DEVICETYPE=ovs
TYPE=OVSBridge
OVSBOOTPROTO=static
ONBOOT=yes
OVS_EXTRA="set bridge br-ex fail_mode=standalone"
IPADDR=120.52.8.142
NETMASK=255.255.255.248
GATEWAY=120.52.8.141
DNS1=208.67.220.220

[ens2f0]

DEVICE=ens2f0
TYPE=OVSPort
DEVICETYPE=ovs
OVS_BRIDGE=br-ex
BOOTPROTO=none
NAME=ens2f0
ONBOOT=yes

systemctl restart network
由于修改了nova.conf配置,重启一下Openstack服务,应该不需要重启所有服务
openstack-service restart

(6)添加 Network/Subnet/Router

cat keystonerc_admin 密码保存在该文件中
. keystonerc_admin 相当于 source keystonerc_admin

创建Public Network,指定Provider Network为extnet

openstack network create --provider-network-type flat --provider-physical-network extnet --enable --project admin --external public_network

创建Public Subnet

openstack subnet create --no-dhcp --subnet-range 120.52.8.136/29 --gateway 120.52.8.141 --network public_network --allocation-pool start=120.52.8.137,end=120.52.8.140 --dns-nameserver 208.67.220.220 public_subnet

创建Private Network

openstack network create --project admin private_network

创建Private Subnet

openstack subnet create --dhcp --subnet-range 172.16.1.0/24 --gateway 172.16.1.1 --allocation-pool start=172.16.1.10,end=172.16.1.100 --dns-nameserver 208.67.220.220 --host-route destination=172.16.0.0/16,gateway=172.16.1.101 --network private_network private_subnet
[root@localhost ~(keystone_admin)]# ip netns
qrouter-9098d6dd-f325-4343-9642-748aaef4ae67
qdhcp-cfbffb79-a337-4018-8dae-fffd15d546ed
[root@localhost ~(keystone_admin)]# ip netns exec qdhcp-cfbffb79-a337-4018-8dae-fffd15d546ed ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host 
valid_lft forever preferred_lft forever
14: tapeaabfe58-22: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN 
link/ether fa:16:3e:05:a9:04 brd ff:ff:ff:ff:ff:ff
inet 172.16.1.10/24 brd 172.16.1.255 scope global tapeaabfe58-22
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe05:a904/64 scope link 
valid_lft forever preferred_lft forever

DHCP Agent 会自己分配一个地址 172.16.1.10

创建Router

openstack router create --enable --project admin router-gw
openstack router set --fixed-ip subnet=public_subnet,ip-address=120.52.8.140 --external-gateway public_network router-gw
openstack port create --network private_network --fixed-ip subnet=private_subnet,ip-address=172.16.1.1 --enable router-gw-private`
openstack router add port router-gw router-gw-private

为CSR1000v创建端口

如果用CSR1000V做路由器,需要--disable-port-security参数

openstack port create --network private_network --fixed-ip subnet=private_subnet,ip-address=172.16.1.101 --enable --disable-port-security CSR1000v-private

(7)创建Flavor

创建Flavor, 2C4G-30GB, 1C4G-8GB

openstack flavor create --id 10 --ram 4096 --disk 30 --vcpus 2 --public 2C4G-30GB
openstack flavor create --id 11 --ram 4096 --disk 8 --vcpus 1 --public 1C4G-8GB

(8)创建Security Group

openstack security group create CloudCenter --description "CloudCenter Security Group"
openstack security group rule create --protocol tcp --dst-port 22 --ingress CloudCenter
openstack security group rule create --protocol tcp --dst-port 443 --ingress CloudCenter
openstack security group rule create --protocol tcp --dst-port 4560 --ingress CloudCenter
openstack security group rule create --protocol tcp --dst-port 5000 --ingress CloudCenter
openstack security group rule create --protocol tcp --dst-port 5671 --ingress CloudCenter
openstack security group rule create --protocol tcp --dst-port 7788 --ingress CloudCenter
openstack security group rule create --protocol tcp --dst-port 8443 --ingress CloudCenter
openstack security group rule create --protocol tcp --dst-port 8881:8882 --ingress CloudCenter
openstack security group rule create --protocol tcp --dst-port 15672 --ingress CloudCenter
openstack security group rule create --protocol icmp --icmp-type 0 --ingress CloudCenter
openstack security group rule list CloudCenter
openstack security group create DMVPN --description "DMVPN Security Group"
openstack security group rule create --protocol tcp --dst-port 22 --ingress DMVPN
openstack security group rule create --protocol udp --dst-port 500 --ingress DMVPN
openstack security group rule create --protocol udp --dst-port 4500 --ingress DMVPN
openstack security group rule create --protocol 47 --ingress DMVPN
openstack security group rule create --protocol 50 --ingress DMVPN
openstack security group rule create --protocol 51 --ingress DMVPN
openstack security group rule create --protocol tcp --dst-port 1:65535 --ingress --remote-ip 172.16.0.0/16 DMVPN
openstack security group rule create --protocol udp --dst-port 1:65535 --ingress --remote-ip 172.16.0.0/16 DMVPN
openstack security group rule create --protocol icmp --icmp-type 0 --ingress DMVPN
openstack security group rule list DMVPN

(9)创建虚机实例,测试Floating IP

在宿主机上运行ssh-keygen -t rsa,敲三下回车

openstack keypair create --public-key .ssh/id_rsa.pub cloud-key

上传镜像

curl http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img | glance image-create --name='cirros image' --visibility=public --container-format=bare --disk-format=qcow2`
curl http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud-1710.qcow2 | glance image-create --name='CentOS7 image' --visibility=public --container-format=bare --disk-format=qcow2

启动虚机实例,分配Floating IP

openstack server create --image CSR1000v --flavor 1C4G-8GB --security-group DMVPN --port=CSR1000v
openstack server create --image "CentOS7 image" --flavor 2C4G-30GB --security-group CloudCenter --key-name cloud-key --network private_network CentOS1
openstack floating ip create public_network
openstack port list
openstack floating ip set --port a2edfb3b-2b54-4013-85a2-1bd364e97718 120.52.8.137

实例启动完毕后,通过 ssh -i cloud-key centos@120.52.8.137登录,如果在宿主机上,可以直接ssh centos@ipadd
cloud-key 是私钥文件,可以从宿主机~/.ssh/id_rsa复制

[root@localhost ~(keystone_admin)]# ssh centos@120.52.8.137
Last login: Thu Nov 30 07:51:37 2017 from 120.52.8.142
[centos@centos1 ~]$ 
[centos@centos1 ~]$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=42 time=52.2 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=42 time=51.9 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=42 time=51.9 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=42 time=51.9 ms

启动CSR1000V,并通过root/iosxe_config.txt进行初始化配置。

openstack server create --image CSR1000v --flavor 1C4G-8GB --port=CSR1000v-private --config-drive True --file iosxe_config.txt=/root/iosxe_config.txt CSR1000v

使用中遇到的问题:

(Errcode: 24 "Too many open files") 的报警

[req-a08c099d-5576-4be3-b9b2-3b00b5ed97d4 - - - - -] Failed to get metadata for instance id: b11f6069-6bd4-44a0-b005-852f1bd2b460: DBError: (pymysql.err.InternalError) (23, u'Out of resources when opening file '/tmp/#sql_1b45_0.MAI' (Errcode: 24 "Too many open files")
在/var/log/mariadb/mariadb.log中出现以下告警:
[ERROR] Error in accept: Bad file descriptor

参照http://blog.aiven8.com/blog/2...

解决步骤:

mkdir -p /etc/systemd/system/mariadb.service.d/
添加限制文件,这里的大小可以根据自己的需要调整。

cat /etc/systemd/system/mariadb.service.d/limits.conf
[Service]
LimitNOFILE=1000000

重新加载
systemctl daemon-reload

重启mariadb服务
systemctl restart mariadb

修改了宿主机hostname,导致OpenStack各项服务出现问题

恢复以前的hostname配置,并参考
https://thornelabs.net/2014/0...
将出现的重复的主机删除。

aodb日志报错:

ERROR aodh.evaluator ProgrammingError: (pymysql.err.ProgrammingError) (1146, u"Table 'aodh.alarm' doesn't exist")
经查是packstack的Bug,
https://ask.openstack.org/en/...
Try to use aodh-dbsync to initialise aodh database.


Raoweibo
17 声望1 粉丝

引用和评论

0 条评论