- 关闭防火墙、设置selinux 、Firewalld
[root@Ansible ~]# systemctl stop firewalld && systemctl disable firewalld && systemctl status firewalld
[root@Ansible ~]# cat /etc/selinux/config
SELINUX=disabled
epel-release的网址https://dl.fedoraproject.org/pub/epel/
根据自己的系统版本进行选择
[root@Ansible ~]# wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
[root@Ansible ~]# rpm -ivh epel-release-latest-8.noarch.rpmy
每台主机配置hosts
192.168.0.160 CentOSA
192.168.0.161 CentOSB
192.168.0.170 Ansible
进行免密登录
[root@Ansible ~]# ssh-keygen
[root@Ansible ~]# ssh-copy-id root@CentOSA
[root@Ansible ~]# ssh-copy-id root@CentOSB
[root@Ansible ~]# ssh-copy-id root@Ansible
安装ansible
[root@Ansible ~]# pip3 install -U pip
[root@Ansible ~]# yum install libffi-devel gcc openssl-devel -y
[root@Ansible ~]# yum install ansible -y
[root@Ansible ~]# ansible --version
ansible 2.9.23
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, May 8 2021, 09:11:34) [GCC 8.4.1 20210423 (Red Hat 8.4.1-2)]
三、安装docker
#由于需要Docker来构建映像并在所有已部署的目标上都存在Docker,因此Kolla社区建议安装Docker,
#Inc.官方包装的Docker版本,以通过以下命令获得最大的稳定性和兼容性:
[root@Ansible ~]# curl -sSL https://get.docker.io | bash
# Executing docker install script, commit: 28bc4d09b3938ea30c69407d198ee8ece52c3e12
+ sh -c 'yum install -y -q yum-utils'
+ sh -c 'yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo'
添加仓库自:https://download.docker.com/linux/centos/docker-ce.repo
+ '[' stable '!=' stable ']'
+ sh -c 'yum makecache'
software base 3.8 MB/s | 3.9 kB 00:00
software stream 4.3 MB/s | 4.4 kB 00:00
Docker CE Stable - x86_64 18 kB/s | 3.5 kB 00:00
Docker main Repository 19 kB/s | 3.5 kB 00:00
元数据缓存已建立。
+ '[' -n '' ']'
+ sh -c 'yum install -y -q docker-ce'
错误:
问题: problem with installed package buildah-1.19.8-1.module_el8.5.0+733+9bb5dffa.x86_64
- package buildah-1.19.8-1.module_el8.5.0+733+9bb5dffa.x86_64 requires runc >= 1.0.0-26, but none of the providers can be installed
- package buildah-1.22.0-0.2.module_el8.5.0+874+6db8bee3.x86_64 requires runc >= 1.0.0-26, but none of the providers can be installed
- package buildah-1.21.4-2.module_el8.5.0+870+f792de72.x86_64 requires runc >= 1.0.0-26, but none of the providers can be installed
- package containerd.io-1.4.3-3.1.el8.x86_64 conflicts with runc provided by runc-1.0.0-70.rc92.module_el8.5.0+733+9bb5dffa.x86_64
- package containerd.io-1.4.3-3.1.el8.x86_64 obsoletes runc provided by runc-1.0.0-70.rc92.module_el8.5.0+733+9bb5dffa.x86_64
- package containerd.io-1.4.3-3.1.el8.x86_64 conflicts with runc provided by runc-1.0.1-3.module_el8.5.0+870+f792de72.x86_64
- package containerd.io-1.4.3-3.1.el8.x86_64 obsoletes runc provided by runc-1.0.1-3.module_el8.5.0+870+f792de72.x86_64
- package docker-ce-3:20.10.8-3.el8.x86_64 requires containerd.io >= 1.4.1, but none of the providers can be installed
- package containerd.io-1.4.3-3.2.el8.x86_64 conflicts with runc provided by runc-1.0.0-70.rc92.module_el8.5.0+733+9bb5dffa.x86_64
- package containerd.io-1.4.3-3.2.el8.x86_64 obsoletes runc provided by runc-1.0.0-70.rc92.module_el8.5.0+733+9bb5dffa.x86_64
- package containerd.io-1.4.3-3.2.el8.x86_64 conflicts with runc provided by runc-1.0.1-3.module_el8.5.0+870+f792de72.x86_64
- package containerd.io-1.4.3-3.2.el8.x86_64 obsoletes runc provided by runc-1.0.1-3.module_el8.5.0+870+f792de72.x86_64
- package containerd.io-1.4.4-3.1.el8.x86_64 conflicts with runc provided by runc-1.0.0-70.rc92.module_el8.5.0+733+9bb5dffa.x86_64
- package containerd.io-1.4.4-3.1.el8.x86_64 obsoletes runc provided by runc-1.0.0-70.rc92.module_el8.5.0+733+9bb5dffa.x86_64
- package containerd.io-1.4.6-3.1.el8.x86_64 conflicts with runc provided by runc-1.0.0-70.rc92.module_el8.5.0+733+9bb5dffa.x86_64
- package containerd.io-1.4.6-3.1.el8.x86_64 obsoletes runc provided by runc-1.0.0-70.rc92.module_el8.5.0+733+9bb5dffa.x86_64
- package containerd.io-1.4.8-3.1.el8.x86_64 conflicts with runc provided by runc-1.0.0-70.rc92.module_el8.5.0+733+9bb5dffa.x86_64
- package containerd.io-1.4.8-3.1.el8.x86_64 obsoletes runc provided by runc-1.0.0-70.rc92.module_el8.5.0+733+9bb5dffa.x86_64
- package containerd.io-1.4.9-3.1.el8.x86_64 conflicts with runc provided by runc-1.0.0-70.rc92.module_el8.5.0+733+9bb5dffa.x86_64
- package containerd.io-1.4.9-3.1.el8.x86_64 obsoletes runc provided by runc-1.0.0-70.rc92.module_el8.5.0+733+9bb5dffa.x86_64
- cannot install the best candidate for the job
- package runc-1.0.0-56.rc5.dev.git2abd837.module_el8.4.0+521+9df8e6d3.x86_64 is filtered out by modular filtering
- package runc-1.0.0-64.rc10.module_el8.4.0+522+66908d0c.x86_64 is filtered out by modular filtering
- package runc-1.0.0-70.rc92.module_el8.5.0+736+58cc1a5a.x86_64 is filtered out by modular filtering
- package containerd.io-1.4.4-3.1.el8.x86_64 conflicts with runc provided by runc-1.0.1-3.module_el8.5.0+870+f792de72.x86_64
- package containerd.io-1.4.4-3.1.el8.x86_64 obsoletes runc provided by runc-1.0.1-3.module_el8.5.0+870+f792de72.x86_64
- package containerd.io-1.4.6-3.1.el8.x86_64 conflicts with runc provided by runc-1.0.1-3.module_el8.5.0+870+f792de72.x86_64
- package containerd.io-1.4.6-3.1.el8.x86_64 obsoletes runc provided by runc-1.0.1-3.module_el8.5.0+870+f792de72.x86_64
- package containerd.io-1.4.8-3.1.el8.x86_64 conflicts with runc provided by runc-1.0.1-3.module_el8.5.0+870+f792de72.x86_64
- package containerd.io-1.4.8-3.1.el8.x86_64 obsoletes runc provided by runc-1.0.1-3.module_el8.5.0+870+f792de72.x86_64
- package containerd.io-1.4.9-3.1.el8.x86_64 conflicts with runc provided by runc-1.0.1-3.module_el8.5.0+870+f792de72.x86_64
- package containerd.io-1.4.9-3.1.el8.x86_64 obsoletes runc provided by runc-1.0.1-3.module_el8.5.0+870+f792de72.x86_64
3.解决办法
[root@Ansible ~]# yum -y erase podman buildah
[root@Ansible ~]# curl -sSL https://get.docker.io | bash
查看docker版本
[root@Ansible ~]# docker --version
Docker version 20.10.8, build 3967b7d
#创建插入单元文件
[root@Ansible ~]# mkdir -p /etc/systemd/system/docker.service.d
[root@Ansible ~]# tee /etc/systemd/system/docker.service.d/kolla.conf <<-'EOF'
> [Service]
> MountFlags=shared
> EOF
[root@Ansible ~]# systemctl daemon-reload && systemctl restart docker
CentOSA配置cinder(块存储)信息
[root@CentOSA ~]# ls /dev/sdb
/dev/sdb
[root@CentOSA ~]# pvcreate /dev/sdb
Physical volume "/dev/sdb" successfully created.
[root@CentOSA ~]# vgcreate cinder-volumes /dev/sdb
Volume group "cinder-volumes" successfully created
[root@CentOSA ~]# vgs
VG #PV #LV #SN Attr VSize VFree
cinder-volumes 1 0 0 wz--n- <20.00g <20.00g
cs 1 2 0 wz--n- <29.00g 0
第二步:安装Kolla进行开发
从git克隆Kolla和Kolla-Ansible存储库。
[root@Ansible opt]# mkdir -p /etc/kolla
[root@Ansible opt]# git clone https://github.com/openstack/kolla
[root@Ansible opt]# git clone https://github.com/openstack/kolla-ansible
[root@Ansible ~]# cd /opt/kolla
[root@Ansible kolla]# pip3 install .
[root@Ansible kolla]# cd ../kolla-ansible/
[root@Ansible kolla-ansible]# pip3 install .
[root@Ansible opt]# cp -r kolla-ansible/etc/kolla /etc/kolla/
[root@Ansible opt]# cp kolla-ansible/ansible/inventory/* .
[root@Ansible opt]# ls
all-in-one containerd kolla kolla-ansible multinode
[root@Ansible opt]# mv all-in-one multinode /etc/kolla/
[root@Ansible opt]# cd /etc/kolla/
[root@Ansible kolla]# ls
all-in-one kolla multinode
[root@Ansible kolla]# cd kolla/
[root@Ansible kolla]# ls
globals.yml passwords.yml
[root@Ansible kolla]# mv * ..
[root@Ansible kolla]# cd ..
[root@Ansible kolla]# ls
all-in-one globals.yml multinode passwords.yml
安装报错:
ERROR: Cannot uninstall ‘PyYAML’. It is a distutils installed project and thus we cannot accurately determine which files belong to it which would lead to only a partial uninstall.
解决办法
[root@Ansible ~]# pip3 install mythx-cli --ignore-installed PyYAML
kolla-ansible的相关配置文件
all-in-one是安装单节点OpenStack的ansible自动安装配置文件;
multinode是安装多节点OpenStack的ansible自动安装配置文件;
globals.yml是OpenStack部署的自定义配置文件;
passwords.yml是OpenStack中各个服务的密码文件。
配置multinode多节点主机清单文件
[root@Ansible ~]# vim /etc/kolla/multinode
# These initial groups are the only groups required to be modified. The
# additional groups are for more control of the environment.
[control] #控制模块
# These hostname must be resolvable from your deployment host
Ansible #Ansible
# The above can also be specified as follows:
#control[01:03] ansible_user=kolla
# The network nodes are where your l3-agent and loadbalancers will run
# This can be the same as a host in the control group
[network] #网络模块
Ansible #Ansible
[compute] #计算模块
CentOSB #CentOSB
[monitoring] #监控模块
Ansible #Ansible
# When compute nodes and control nodes use different interfaces,
# you need to comment out "api_interface" and other interfaces from the globals.yml
# and specify like below:
#compute01 neutron_external_interface=eth0 api_interface=em1 storage_interface=em1 tunnel_interface=em1
[storage] #存储模块
CentOSA #CentOSA
[deployment] #部署模块
Ansible ansible_connection=local
检测所有主机是否正常通信
[root@Ansible ~]# ansible -i /etc/kolla/multinode all -m ping
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details
Ansible | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
CentOSA | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
CentOSB | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
自动生成OpenStack各服务的密码文件
[root@Ansible ~]# kolla-genpwd
[root@Ansible ~]# vim /etc/kolla/passwords.yml
keystone_admin_password: 12345
编辑/etc/kolla/global.yml自定义OpenStack中的部署事项
[root@Ansible ~]# vim /etc/kolla/globals.yml
选择下载的基础镜像,4选1
# Valid options are ['centos', 'debian', 'rhel', 'ubuntu']
kolla_base_distro: "centos"
binary二进制安装,source源码安装
# Valid options are [ binary, source ]
kolla_install_type: "binary"
选择OpenStack的版本标签,详细请看:https://releases.openstack.org/
# Do not override this unless you know what you are doing.
openstack_release: "master"
存放配置文件的位置
# Location of configuration overrides
node_custom_config: "/etc/kolla/config"
OpenStack内部管理网络地址,通过该IP访问OpenStack Web页面进行管理。如果启用了高可用,需要设置为VIP(漂移IP)
kolla_internal_vip_address: "192.168.0.170"
OpenStack内部管理网络地址的网卡接口
network_interface: "ens33"
除注释,使内部通信网络都走ens33
kolla_external_vip_interface: "{{ network_interface }}"
api_interface: "{{ network_interface }}"
storage_interface: "{{ network_interface }}"
tunnel_interface: "{{ network_interface }}"
dns_interface: "{{ network_interface }}"
OpenStack外部(或公共)网络的网卡接口,可以是vlan模式或flat模式。
//此网卡应该在没有IP地址的情况下处于活动,如果不是,那么OpenStack云平台中的云主机实例将无法访问外部网络。(存在IP时br-ex桥接就不成功)
neutron_external_interface: "ens37"
关闭高可用
enable_haproxy: "no"
启用cinder(块存储)
enable_cinder: "yes"
cinder(块存储)后端启用lvm
enable_cinder_backend_lvm: "yes"
cinder(块存储)的卷组名称,需要和CentOSA主机上的一致
cinder_volume_group: "cinder-volumes"
nova-compute是一个非常重要的守护进程,负责创建和终止虚拟机实例,即管理虚拟机实例的生命周期
nova_compute_virt_type:"qemu"
自动化部署开始
在使用部署的情况下,嵌套的环境中(例如,使用VirtualBox虚拟机,KVM虚拟机),验证您的计算节点支持硬件加速由执行以下命令虚拟机计算节点。
egrep -c '(vmx|svm)' /proc/cpuinfo
如果此命令返回零值,则您的计算节点不支持硬件加速,您必须将 libvirt 配置为使用QEMU 而不是 KVM。创建一个文件 /etc/kolla/config/nova/nova-compute.conf 并添加如下所示的内容。
mkdir /etc/kolla/config/nova
cat << EOF > /etc/kolla/config/nova/nova-compute.conf
[libvirt]
virt_type=qemu
EOF
#为了快速准备主机,可以使用剧本引导服务器。这是一本Ansible剧本,CentOS 8主机上运行,??以安装集群并为OpenStack安装做准备。
[root@Ansible ~]# kolla-ansible -i all-in-one bootstrap-servers
PLAY RECAP **********************************************************************************************
Ansible : ok=38 changed=2 unreachable=0 failed=0 skipped=40 rescued=0 ignored=0
CentOSA : ok=38 changed=2 unreachable=0 failed=0 skipped=40 rescued=0 ignored=0
CentOSB : ok=38 changed=2 unreachable=0 failed=0 skipped=40 rescued=0 ignored=0
#对主机进行预部署检查
[root@Ansible ~]# kolla-ansible -i /etc/kolla/all-in-one prechecks
PLAY RECAP *********************************************************************************************
Ansible : ok=45 changed=0 unreachable=0 failed=0 skipped=85 rescued=0 ignored=0
CentOSA : ok=23 changed=0 unreachable=0 failed=0 skipped=20 rescued=0 ignored=0
CentOSB : ok=26 changed=0 unreachable=0 failed=0 skipped=31 rescued=0 ignored=0
编辑docker volume卷挂载方式,并指定docker加速器
三台主机都需要进行设置,设置方法一样
# mkdir -p /etc/systemd/system/docker.service.d/
# vim /etc/systemd/system/docker.service.d/kolla.conf
[Service]
MountFlags=shared
//指定加速器,这里使用阿里云的加速器
# tee /etc/docker/daemon.json << 'EOF'
{
"registry-mirrors": ["https://8mkqrctt.mirror.aliyuncs.com"]
}
EOF
# systemctl daemon-reload
# systemctl restart docker && systemctl enable docker
#拉取镜像
[root@Ansible ~]# kolla-ansible -i /etc/kolla/all-in-one pull
PLAY RECAP ***********************************************************************************************
Ansible : ok=34 changed=0 unreachable=0 failed=0 skipped=11 rescued=0 ignored=0
CentOSA : ok=10 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
CentOSB : ok=14 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
查看拉取的镜像
[root@Ansible ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
kolla/centos-binary-neutron-server master 539610b0fa39 4 days ago 1.8GB
kolla/centos-binary-neutron-openvswitch-agent master 399b9e163b36 4 days ago 1.8GB
kolla/centos-binary-neutron-metadata-agent master 5f11733cdea2 4 days ago 1.76GB
kolla/centos-binary-neutron-l3-agent master 3a12e134d14a 4 days ago 1.81GB
kolla/centos-binary-neutron-dhcp-agent master 1ee11298f47e 4 days ago 1.76GB
kolla/centos-binary-keystone-fernet master 7e6d088b0a40 4 days ago 1.68GB
kolla/centos-binary-keystone-ssh master d52b336c4600 4 days ago 1.68GB
kolla/centos-binary-keystone master 01594a60f83e 4 days ago 1.68GB
kolla/centos-binary-nova-conductor master 0d121ff748a3 4 days ago 1.79GB
kolla/centos-binary-nova-scheduler master 6be4c3fb8212 4 days ago 1.79GB
kolla/centos-binary-nova-novncproxy master fd64405e4288 4 days ago 1.84GB
kolla/centos-binary-nova-api master 3e0a20af3916 4 days ago 1.79GB
kolla/centos-binary-cinder-scheduler master ed1969a19848 4 days ago 1.79GB
kolla/centos-binary-cinder-api master 637ad0558af3 4 days ago 1.79GB
kolla/centos-binary-heat-engine master 73510907e468 4 days ago 1.77GB
kolla/centos-binary-heat-api-cfn master ce51e2619a07 4 days ago 1.77GB
kolla/centos-binary-glance-api master c7dc9e375d44 4 days ago 1.7GB
kolla/centos-binary-heat-api master 34c833c5f527 4 days ago 1.77GB
kolla/centos-binary-placement-api master 7c50f5982c9d 4 days ago 1.63GB
kolla/centos-binary-horizon master e1557aad73c4 4 days ago 1.78GB
kolla/centos-binary-mariadb-server master 863f2d757313 4 days ago 1.16GB
kolla/centos-binary-kolla-toolbox master e659dfe67a2d 4 days ago 1.7GB
kolla/centos-binary-mariadb-clustercheck master 88ae5efa48d9 4 days ago 1.11GB
kolla/centos-binary-openvswitch-vswitchd master 83ea149386c4 4 days ago 1.03GB
kolla/centos-binary-openvswitch-db-server master 6aecab1baa69 4 days ago 1.03GB
kolla/centos-binary-rabbitmq master c94ad64e50f7 4 days ago 962MB
kolla/centos-binary-fluentd master f2a96d7c101d 4 days ago 1.15GB
kolla/centos-binary-memcached master 9edaa6d934d7 4 days ago 939MB
kolla/centos-binary-cron master 4ab4bcae5ca8 4 days ago 905MB
[root@Ansible ~]# docker images | grep kolla |wc -l
29
[root@CentOSA ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
kolla/centos-binary-cinder-volume master 7dbef604e464 4 days ago 1.83GB
kolla/centos-binary-cinder-backup master 7d260e4b7dea 4 days ago 1.8GB
kolla/centos-binary-kolla-toolbox master e659dfe67a2d 4 days ago 1.7GB
kolla/centos-binary-fluentd master f2a96d7c101d 4 days ago 1.15GB
kolla/centos-binary-iscsid master 3cd6aa83f99d 4 days ago 909MB
kolla/centos-binary-cron master 4ab4bcae5ca8 4 days ago 905MB
[root@CentOSA ~]# docker images | grep kolla |wc -l
6
[root@CentOSB ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
kolla/centos-binary-neutron-openvswitch-agent master 399b9e163b36 4 days ago 1.8GB
kolla/centos-binary-nova-compute master 284aa82d4173 4 days ago 2.87GB
kolla/centos-binary-nova-ssh master cc072eab1799 4 days ago 1.79GB
kolla/centos-binary-nova-libvirt master c2a292ae1de5 4 days ago 2.09GB
kolla/centos-binary-kolla-toolbox master e659dfe67a2d 4 days ago 1.7GB
kolla/centos-binary-openvswitch-vswitchd master 83ea149386c4 4 days ago 1.03GB
kolla/centos-binary-openvswitch-db-server master 6aecab1baa69 4 days ago 1.03GB
kolla/centos-binary-fluentd master f2a96d7c101d 4 days ago 1.15GB
kolla/centos-binary-iscsid master 3cd6aa83f99d 4 days ago 909MB
kolla/centos-binary-cron master 4ab4bcae5ca8 4 days ago 905MB
[root@CentOSB ~]# docker images | grep kolla |wc -l
10
#开始部署
[root@Ansible ~]# kolla-ansible -i /etc/kolla/multinode deploy
PLAY RECAP ***********************************************************************************************
Ansible : ok=231 changed=12 unreachable=0 failed=0 skipped=144 rescued=0 ignored=0
CentOSA : ok=28 changed=1 unreachable=0 failed=0 skipped=11 rescued=0 ignored=0
CentOSB : ok=57 changed=2 unreachable=0 failed=0 skipped=46 rescued=0 ignored=0
#验证部署
[root@Ansible ~]# kolla-ansible -i /etc/kolla/multinode post-deploy
PLAY RECAP ******************************************************************************************
localhost : ok=2 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
[root@Ansible ~]# cat /etc/kolla/admin-openrc.sh
# Ansible managed
# Clear any old environment that may conflict.
for key in $( set | awk '{FS="="} /^OS_/ {print $1}' ); do unset $key ; done
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin # 登陆的管理员的账号
export OS_PASSWORD=123456 # 登陆的管理员的密码
export OS_AUTH_URL=http://192.168.0.170:35357/v3
export OS_INTERFACE=internal
export OS_ENDPOINT_TYPE=internalURL
export OS_IDENTITY_API_VERSION=3
export OS_REGION_NAME=RegionOne
export OS_AUTH_PLUGIN=password
访问测试
要测试您的部署,请运行以下命令以使用概览图像和中子网络初始化网络。
[root@Ansible ~]# cd /etc/kolla/
[root@Ansible kolla]# source admin-openrc.sh
查看网络中的网络拓扑
OpenStack 使用方法
安装OpenStack client端 ,方便后期使用命令行操作
[root@Ansible ~]# pip3 install python-openstackclient python-glanceclient python-neutronclient cryptography
[root@Ansible ~]# pip3 install pyinotify --ignore-installed pyinotify
修改init-runonce脚本,指定浮动IP地址范围
init-runonce是在openstack中快速创建一个云项目例子的脚本。浮动IP就是云主机的公网IP。
[root@Ansible tools]# vi /opt/kolla-ansible/tools/init-runonce
改:
EXT_NET_CIDR=${EXT_NET_CIDR:-'10.0.2.0/24'}
EXT_NET_RANGE=${EXT_NET_RANGE:-'start=10.0.2.150,end=10.0.2.199'}
EXT_NET_GATEWAY=${EXT_NET_GATEWAY:-'10.0.2.1'}
为:
EXT_NET_CIDR='192.168.0.0/24'
EXT_NET_RANGE='start=192.168.0.200,end=192.168.0.210'
EXT_NET_GATEWAY='192.168.0.1'
注:192.168.0.0的网络,就是我上面ens37接入的局域网中的地址,这个网络是通过局域网络中的路由器访问互联网。配置好这个,装完云主机实例就可以直接ping通。
使用init-runonce脚本创建一个openstack云项目
#必须先加载这个文件,把文件中的环境变量加入系统中,才有权限执行下面的命令
[root@Ansible tools]# source /etc/kolla/admin-openrc.sh
[root@Ansible tools]# pwd
/opt/kolla-ansible/tools
#最后弹出以下
[root@Ansible tools]# ./init-runonce
在openstack中创建一个虚拟机
[root@Ansible tools]# openstack server create --image cirros --flavor m1.tiny --key-name mykey --network demo-net demo1
查看创建好的openstack项目中的信息和于主机网络连通性
[root@Ansible tools]# source /etc/kolla/admin-openrc.sh
#要读一下这个环境变量配置文件。不然后,后期在执行命令时,会报如下错:
Missing value auth-url required for auth plugin password
#查看路由信息
[root@Ansible tools]# openstack router list
+--------------------------------------+-------------+--------+-------+----------------------------------+-------------+-------+
| ID | Name | Status | State | Project | Distributed | HA |
+--------------------------------------+-------------+--------+-------+----------------------------------+-------------+-------+
| d0ee707d-260a-4ad2-9880-d735ee06ea6e | demo-router | ACTIVE | UP | f111b72968cc4393bee3f8dc1f073e19 | False | False |
+--------------------------------------+-------------+--------+-------+----------------------------------+-------------+-------+
#查看 demo-router 路由信息
[root@Ansible tools]# openstack router show demo-router
+-------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | nova |
| created_at | 2021-08-05T14:06:27Z |
| description | |
| distributed | False |
| external_gateway_info | {"network_id": "3cb2f641-2687-4960-a433-141fadf27028", "external_fixed_ips": [{"subnet_id": "8fa73dbd-42e5-4dad-b58f-bc4f6aad5d46", "ip_address": "192.168.0.204"}], "enable_snat": true} |
| flavor_id | None |
| ha | False |
| id | d0ee707d-260a-4ad2-9880-d735ee06ea6e |
| interfaces_info | [{"port_id": "7666af37-63d8-4eb4-b286-4143f3bd256f", "ip_address": "10.0.0.1", "subnet_id": "9e1b92a3-fb10-44d3-bedc-5db29c3e4b48"}] |
| name | demo-router |
| project_id | f111b72968cc4393bee3f8dc1f073e19 |
| revision_number | 4 |
| routes | |
| status | ACTIVE |
| tags | |
| updated_at | 2021-08-05T14:06:44Z |
+-------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
#查看网络信息
[root@Ansible tools]# openstack network list
+--------------------------------------+----------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+----------+--------------------------------------+
| 3cb2f641-2687-4960-a433-141fadf27028 | public1 | 8fa73dbd-42e5-4dad-b58f-bc4f6aad5d46 |
| 6790f4fc-e515-48b3-85dd-f93346157f03 | demo-net | 9e1b92a3-fb10-44d3-bedc-5db29c3e4b48 |
+--------------------------------------+----------+--------------------------------------+
#查看名字为 demo1 的虚拟机信息
[root@Ansible tools]# openstack server show demo1
查看实例列表
[root@Ansible tools]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 1f4cf7e5-172d-48a7-960b-9f20c098033b | cirros | active |
+--------------------------------------+--------+--------+
删除实例
[root@Ansible tools]# openstack image delete cirros
把创建的实例云主机,路由,网络都删除,一会我们自己手动创建
删除网络时,要在“管理员”菜单下删除
实站-通过命令行来创建自己的网络拓扑图
1、首先 source openers.sh 脚本,该脚本中是一些环境变量:
运行该脚本,即可通过命令行来管理于资源了:
[root@Ansible tools]# source /etc/kolla/admin-openrc.sh
2、创建对外的公网,名字:public
[root@Ansible tools]# openstack network create --external --provider-physical-network physnet1 --provider-network-type flat public
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2021-08-05T14:29:39Z |
| description | |
| dns_domain | None |
| id | 5ea44a1b-bb75-46f6-84b5-582523b88d8e |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| mtu | 1500 |
| name | public |
| port_security_enabled | True |
| project_id | f111b72968cc4393bee3f8dc1f073e19 |
| provider:network_type | flat |
| provider:physical_network | physnet1 |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 1 |
| router:external | External |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2021-08-05T14:29:39Z |
+---------------------------+--------------------------------------+
3、给 public 网络添加子网:
[root@Ansible tools]# openstack subnet create --no-dhcp --allocation-pool 'start=192.168.0.230,end=192.168.0.240' --network public --subnet-range 192.168.0.0/24 --gateway 192.168.0.1 public-subnet
+----------------------+--------------------------------------+
| Field | Value |
+----------------------+--------------------------------------+
| allocation_pools | 192.168.0.230-192.168.0.240 |
| cidr | 192.168.0.0/24 |
| created_at | 2021-08-05T14:29:45Z |
| description | |
| dns_nameservers | |
| dns_publish_fixed_ip | None |
| enable_dhcp | False |
| gateway_ip | 192.168.0.1 |
| host_routes | |
| id | fc714e93-fbf2-41df-9cd4-75c2182fa267 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | public-subnet |
| network_id | 5ea44a1b-bb75-46f6-84b5-582523b88d8e |
| prefix_length | None |
| project_id | f111b72968cc4393bee3f8dc1f073e19 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2021-08-05T14:29:45Z |
+----------------------+--------------------------------------+
4、创建私有网络:
[root@Ansible tools]# openstack network create --provider-network-type vxlan demo-net
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2021-08-05T14:30:07Z |
| description | |
| dns_domain | None |
| id | 1510cf8e-12af-4073-9a72-3dbf134d7bbe |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| mtu | 1450 |
| name | demo-net |
| port_security_enabled | True |
| project_id | f111b72968cc4393bee3f8dc1f073e19 |
| provider:network_type | vxlan |
| provider:physical_network | None |
| provider:segmentation_id | 90 |
| qos_policy_id | None |
| revision_number | 1 |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2021-08-05T14:30:07Z |
+---------------------------+--------------------------------------+
给私有网络添加子网:
[root@Ansible tools]# openstack subnet create --subnet-range 10.0.0.0/24 --network demo-net --gateway 10.0.0.1 --dns-nameserver 8.8.8.8 demo-subnet
+----------------------+--------------------------------------+
| Field | Value |
+----------------------+--------------------------------------+
| allocation_pools | 10.0.0.2-10.0.0.254 |
| cidr | 10.0.0.0/24 |
| created_at | 2021-08-05T14:30:24Z |
| description | |
| dns_nameservers | 8.8.8.8 |
| dns_publish_fixed_ip | None |
| enable_dhcp | True |
| gateway_ip | 10.0.0.1 |
| host_routes | |
| id | f01526ff-baa3-40f7-88ed-8a3834ee2104 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | demo-subnet |
| network_id | 1510cf8e-12af-4073-9a72-3dbf134d7bbe |
| prefix_length | None |
| project_id | f111b72968cc4393bee3f8dc1f073e19 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2021-08-05T14:30:24Z |
+----------------------+--------------------------------------+
5、给外网和私网之间添加路由:
[root@Ansible tools]# openstack router create demo-router
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2021-08-05T14:30:35Z |
| description | |
| distributed | False |
| external_gateway_info | null |
| flavor_id | None |
| ha | False |
| id | 64b33f22-6e40-427d-ac53-0586a6b4e4e5 |
| name | demo-router |
| project_id | f111b72968cc4393bee3f8dc1f073e19 |
| revision_number | 1 |
| routes | |
| status | ACTIVE |
| tags | |
| updated_at | 2021-08-05T14:30:35Z |
+-------------------------+--------------------------------------+
[root@Ansible tools]# openstack router add subnet demo-router demo-subnet
[root@Ansible tools]# openstack router set --external-gateway public demo-router
6、通过下面的命令可以查询刚刚所建的网络信息:
[root@Ansible tools]# neutron net-list
neutron CLI is deprecated and will be removed in the Z cycle. Use openstack CLI instead.
+--------------------------------------+----------+----------------------------------+-----------------------------------------------------+
| id | name | tenant_id | subnets |
+--------------------------------------+----------+----------------------------------+-----------------------------------------------------+
| 1510cf8e-12af-4073-9a72-3dbf134d7bbe | demo-net | f111b72968cc4393bee3f8dc1f073e19 | f01526ff-baa3-40f7-88ed-8a3834ee2104 10.0.0.0/24 |
| 5ea44a1b-bb75-46f6-84b5-582523b88d8e | public | f111b72968cc4393bee3f8dc1f073e19 | fc714e93-fbf2-41df-9cd4-75c2182fa267 192.168.0.0/24 |
+--------------------------------------+----------+----------------------------------+-----------------------------------------------------+
7、登到 dashboard 上面去看 network topology:
至此,使用命令行创建的网络拓扑结束。
网络拓扑必须在命令行下运行,在 web 界面创建的网络拓扑图,上丌了外网。因为在网页上无法设置
桥接到物理网络上。命令行下有这一步骤:
创建一个台于主机及其他操作,在 web 界面执行就可以了。
开始测试:
[root@Ansible tools]# ping 192.168.0.238
PING 192.168.0.238 (192.168.0.238) 56(84) bytes of data.
64 bytes from 192.168.0.238: icmp_seq=1 ttl=63 time=4.78 ms
64 bytes from 192.168.0.238: icmp_seq=2 ttl=63 time=1.02 ms
64 bytes from 192.168.0.238: icmp_seq=3 ttl=63 time=1.09 ms
64 bytes from 192.168.0.238: icmp_seq=4 ttl=63 time=1.04 ms
直接在物理机上进入于主机
[root@Ansible tools]# ssh cirros@192.168.0.238
$ pwd
/home/cirros
$ ping www.baidu.com
PING www.baidu.com (14.215.177.38): 56 data bytes
64 bytes from 14.215.177.38: seq=0 ttl=50 time=33.581 ms
64 bytes from 14.215.177.38: seq=1 ttl=50 time=32.265 ms
64 bytes from 14.215.177.38: seq=2 ttl=50 time=31.929 ms