OpenStack搭建

一、openstack介绍


1、简介

  • OpenStack是一个由NASA(美国国家航空航天局)和Rackspace合作研发并发起的,以Apache许可证授权的自由软件和开放源代码项目。

  • OpenStack是一个开源的云计算管理平台项目,由几个主要的组件组合起来完成具体工作。OpenStack支持几乎所有类型的云环境,项目目标是提供实施简单、可大规模扩展、丰富、标准统一的云计算管理平台。OpenStack通过各种互补的服务提供了基础设施即服务(IaaS)的解决方案,每个服务提供API以进行集成。

  • OpenStack云计算平台,帮助服务商和企业内部实现类似于 Amazon EC2 和 S3 的云基础架构服务(Infrastructure as a Service, IaaS)。OpenStack 包含两个主要模块:Nova 和 Swift,前者是 NASA 开发的虚拟服务器部署和业务计算模块;后者是 Rackspace开发的分布式云存储模块,两者可以一起用,也可以分开单独用。OpenStack除了有 Rackspace 和 NASA 的大力支持外,还有包括 Dell、Citrix、 Cisco、 Canonical等重量级公司的贡献和支持,发展速度非常快,有取代另一个业界领先开源云平台 Eucalyptus 的态势。

2、架构图

在这里插入图片描述

二、实验环境


rhel7.3 selinux firewalld off
百度网盘下载链接: https://pan.baidu.com/s/1T-PYn-nPMCk6UZytZfbXYQ 密码: 75xn
参看官网:https://docs.openstack.org/mitaka/zh_CN/install-guide-rdo/(此版本为中文Mitaka版本)

1、安装说明

注意:要关闭机器的NetworkManager!!!
其实3台机器就够了,可以把时间同步服务器和yum源放在控制节点上(controller)!!!

10.10.10.1(虚拟机)     controller            网卡eth0、eth1
10.10.10.2(虚拟机)     compute               网卡eth0、eht1
10.10.10.3(虚拟机)     block
10.10.10.250(真机)   dream(时间同步服务器、yum源)

2、每台都加入host解析

[root@controller ~]# vim /etc/hosts
10.10.10.1 controller
10.10.10.2 compute
10.10.10.3 block
10.10.10.250 dream

3、yum源(3台)

我是在本地自己搭建yum源进行安装,也可以使用网络的源,如果是Vmware的话直接搭建在controller节点上即可!!!

[root@controller ~]# vim /etc/yum.repos.d/yum.repo 
[rhel7.3]
name=my_yum
baseurl=http://10.10.10.250/rhel7.3
gpgcheck=0

[openstack]
name=mitaka
baseurl=http://10.10.10.250/mitaka
gpgcheck=0

三、基础环境安装


1、时间同步

这里我让三台虚拟机的时间都同步我们真机的时间,你也可以同步控制节点的时间!!!

(1)真机中安装配置chrony(10.10.10.250)
[root@dream ~]# yum install -y chrony
[root@dream ~]# vim /etc/chrony.conf
 21 # Allow NTP client access from local network.
 22 allow 10.10.10.0/24

[root@dream ~]# systemctl restart chronyd
[root@dream ~]# systemctl enable chronyd
(2)三台虚拟机
# yum install -y chrony
# vim /etc/chrony.conf
 server 10.10.10.250 iburst

# systemctl restart chronyd
# systemctl enable chronyd
(3)测试

最后显示为 ^ * 10.10.10.250 即为正确!!!

[root@controller ~]# chronyc sources -v
210 Number of sources = 1

   .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
  / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
 | /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
 ||                                                 .- xxxx [ yyyy ] +/- zzzz
 ||      Reachability register (octal) -.           |  xxxx = adjusted offset,
 ||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
 ||                                \     |          |  zzzz = estimated error.
 ||                                 |    |           \
 MS Name/IP address         Stratum Poll Reach LastRx Last sample
 ===============================================================================
 ^* 10.10.10.250                  3   6   377     0  +1637us[+5649us] +/-  101ms

2、安装OpenStack客户端

[root@controller ~]# yum upgrade                    ###升级包
[root@controller ~]# yum install -y python-openstackclient

3、SQL数据库安装

大多数OpenStack服务使用SQL数据库来存储信息。典型地,数据库运行在控制节点上。

(1)安装软件包
[root@controller ~]# yum install -y mariadb mariadb-server python2-PyMySQL
(2)创建并编辑openstack.cnf
[root@controller ~]# vim /etc/my.cnf.d/openstack.cnf      ###启动选项和UTF-8字符集
[mysqld]
bind-address = 10.10.10.1
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
(3)完成安装
[root@controller ~]# systemctl enable mariadb
[root@controller ~]# systemctl start mariadb
[root@controller ~]# mysql_secure_installation          ###默认没有密码,注意不初始化会报错后面

4、消息队列安装

OpenStack 使用 message queue 协调操作和各服务的状态信息。消息队列服务一般运行在控制节点上。OpenStack支持好几种消息队列服务包括 RabbitMQ, Qpid, 和 ZeroMQ。不过,大多数发行版本的OpenStack包支持特定的消息队列服务。

(1)安装及启动
[root@controller ~]# yum install -y rabbitmq-server
[root@controller ~]# systemctl enable rabbitmq-server.service 
[root@controller ~]# systemctl start rabbitmq-server.service
(2)添加openstack用户及赋予权限
###后面的openstack为openstack的密码,添加openstack用户
[root@controller ~]# rabbitmqctl add_user openstack openstack 
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"     ###给写和读权限
(3)查看openstack用户信息
[root@controller ~]# rabbitmqctl list_user_permissions openstack           ###查看权限
Listing permissions for user "openstack" ...
/	.*	.*	.*
[root@controller ~]# rabbitmqctl authenticate_user openstack openstack     ###查看密码是否正确
Authenticating user "openstack" ...
Success
(4)开启Web管理界面
[root@controller ~]# rabbitmq-plugins enable  rabbitmq_management
The following plugins have been enabled:
  mochiweb
  webmachine
  rabbitmq_web_dispatch
  amqp_client
  rabbitmq_management_agent
  rabbitmq_management

Applying plugin configuration to rabbit@controller...  started 6 plugins.
(5)登陆测试

登陆的帐号和密码都为:guest

http://10.10.10.1:15672/

这里写图片描述

1这里写图片描述

5、Memcached安装

[root@controller ~]# yum install -y memcached python-memcached
[root@controller ~]# systemctl enable memcached.service
[root@controller ~]# systemctl start memcached.service

四、认证服务


1、创建keystone

在控制节点上安装和配置OpenStack身份认证服务,代码名称keystone。

(1)创建数据库keystone
[root@controller ~]# mysql -uroot -p          ###输入密码登录进数据库
MariaDB [(none)]> CREATE DATABASE keystone;
(2)授权keystone数据库

后面的keystone为认证密码!!!

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';

[root@controller ~]# mysql -ukeystone -p       ###测试keystone能否进行登录
(3)生成随机值

[root@controller ~]# openssl rand -hex 10      ###生成一个随机值在初始的配置中作为管理员的令牌
974cff95323e34a0719e

2、安全并配置组件

注意OpenStack的所有配置要写到对应的模块下面,否则不生效

(1)安装包
[root@controller ~]# yum install -y openstack-keystone httpd mod_wsgi
(2)配置keystone.conf
[root@controller ~]# vim /etc/keystone/keystone.conf
[DEFAULT]
admin_token = 974cff95323e34a0719e          ###上面生成的管理员令牌号

[database]
connection = mysql+pymysql://keystone:keystone@controller/keystone

[token]
provider = fernet
(3)初始化
###初始化身份认证服务的数据库
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
###初始化Fernet keys
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
(4)发现多了fernet-keys
[root@controller ~]# ll /etc/keystone/
total 100
-rw-r----- 1 root     keystone  2303 Sep 22  2016 default_catalog.templates
drwx------ 2 keystone keystone    22 Jun  5 04:43 fernet-keys
-rw-r----- 1 root     keystone 73221 Jun  5 04:41 keystone.conf
-rw-r----- 1 root     keystone  2400 Sep 22  2016 keystone-paste.ini
-rw-r----- 1 root     keystone  1046 Sep 22  2016 logging.conf
-rw-r----- 1 keystone keystone  9699 Sep 22  2016 policy.json
-rw-r----- 1 keystone keystone   665 Sep 22  2016 sso_callback_template.html

3、配置Apache HTTP服务器

(1)配置httpd.conf
[root@controller ~]# vim /etc/httpd/conf/httpd.conf
# If your host doesn't have a registered DNS name, enter its IP address here.
#
ServerName controller                      ###改成控制节点主机名
(2)配置wsgi-keystone.conf
[root@controller keystone]# vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357

<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>
(3)启动httpd
[root@controller keystone]# systemctl enable httpd.service
[root@controller keystone]# systemctl start httpd.service

4、创建服务实体和API端点

(1)声明环境变量
[root@controller ~]# export OS_TOKEN=ADMIN_TOKEN                  ###配置认证令牌
[root@controller ~]# export OS_TOKEN=974cff95323e34a0719e         ###前面认证令牌
[root@controller ~]# export OS_URL=http://controller:35357/v3     ###配置端点URL
[root@controller ~]# export OS_IDENTITY_API_VERSION=3             ###配置认证API版本
(2)创建服务实体和身份认证服务

注意:OpenStack 是动态生成 ID 的,因此您看到的输出会与示例中的命令行输出不相同。

[root@controller ~]# openstack service create --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Identity               |
| enabled     | True                             |
| id          | 0bc1b8357eae4c19b2497fc176996688 |
| name        | keystone                         |
| type        | identity                         |
+-------------+----------------------------------+
(3)创建认证服务的API端点
[root@controller ~]# openstack endpoint create --region RegionOne identity public http://controller:5000/v3
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 6ae12e2987ff46739a2eb08d8c2ea0a0 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 0bc1b8357eae4c19b2497fc176996688 |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://controller:5000/v3        |
+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne identity internal http://controller:5000/v3
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 6abf7e043f8d48d888f2be5721c33796 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 0bc1b8357eae4c19b2497fc176996688 |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://controller:5000/v3        |
+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne identity admin http://controller:35357/v3
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | e450f7be0cb64afdb22152afdc989abb |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 0bc1b8357eae4c19b2497fc176996688 |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://controller:35357/v3       |
+--------------+----------------------------------+

5、创建域、项目、用户和角色

(1)创建域default
[root@controller ~]# openstack domain create --description "Default Domain" default
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Default Domain                   |
| enabled     | True                             |
| id          | 296463ec2b564fcd85d49d9e89d8cc15 |
| name        | default                          |
+-------------+----------------------------------+
(2)创建admin项目
[root@controller ~]# openstack project create --domain default --description "Admin Project" admin
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Admin Project                    |
| domain_id   | 296463ec2b564fcd85d49d9e89d8cc15 |
| enabled     | True                             |
| id          | d2c589122d9f4273b572b1752551cdb7 |
| is_domain   | False                            |
| name        | admin                            |
| parent_id   | 296463ec2b564fcd85d49d9e89d8cc15 |
+-------------+----------------------------------+
(3)创建admin用户
[root@controller ~]# openstack user create --domain default --password-prompt admin
 User Password:               ###admin为密码
 Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | 296463ec2b564fcd85d49d9e89d8cc15 |
| enabled   | True                             |
| id        | 7466c9e538a24384ba0ced75472c5b4a |
| name      | admin                            |
+-----------+----------------------------------+
(4)创建admin角色
[root@controller ~]# openstack role create admin
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | a9de7291aed3458cb75a964045345a76 |
| name      | admin                            |
+-----------+----------------------------------+
(5)添加admin角色到admin项目和用户上
[root@controller ~]# openstack role add --project admin --user admin admin     ###这个命令执行后没有输出
(6)创建service项目

使用一个你添加到你的环境中每个服务包含独有用户的service 项目。

[root@controller ~]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | 296463ec2b564fcd85d49d9e89d8cc15 |
| enabled     | True                             |
| id          | 5af0b96b2e804a40ab0be47e7fbfb67f |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | 296463ec2b564fcd85d49d9e89d8cc15 |
+-------------+----------------------------------+
(7)创建demo项目

常规(非管理)任务应该使用无特权的项目和用户。作为例子,这里我们创建 demo 项目和用户。

[root@controller ~]# openstack project create --domain default --description "Demo Project" demo
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Demo Project                     |
| domain_id   | 296463ec2b564fcd85d49d9e89d8cc15 |
| enabled     | True                             |
| id          | 44a378473a174b01b9f11df1d1bfad2c |
| is_domain   | False                            |
| name        | demo                             |
| parent_id   | 296463ec2b564fcd85d49d9e89d8cc15 |
+-------------+----------------------------------+
(8)创建demo 用户
[root@controller ~]# openstack user create --domain default --password-prompt demo
 User Password:                  ###密码为demo
 Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | 296463ec2b564fcd85d49d9e89d8cc15 |
| enabled   | True                             |
| id        | 0f55752937b2424fbaeb04a8d6e147c3 |
| name      | demo                             |
+-----------+----------------------------------+
(9)创建user角色
[root@controller ~]# openstack role create user
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 6b628ab3482a46da915c1b56436fbd62 |
| name      | user                             |
+-----------+----------------------------------+
(10)添加user角色到demo项目和用户

注:你可以重复此过程来创建额外的项目和用户!!!

 [root@controller ~]# openstack role add --project demo --user demo user     ###执行结果没输出

6、验证操作

(1)重置OS_TOKEN和OS_URL 环境变量
[root@controller ~]# unset OS_TOKEN OS_URL
(2)admin用户请求认证令牌

上面设置的admin的密码!!!

[root@controller ~]# openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue
Password: 
+------------+-----------------------------------------------------------------+
| Field      | Value                                                           |
+------------+-----------------------------------------------------------------+
| expires    | 2018-09-19T12:57:50.180103Z                                     |
| id         | gAAAAABbojm-HgSY9jG0TZZSSlHTAvw0Q0CgMeSuD8Zw-ICnXUm8vfTd1USaGYq |
|            | XcTjPc0_WaGrjIFvQYlXwtXl4QO8DJ4YgeXKOM8edTSZcDpmdSfMsqxXUi1dkXB |
|            | DcQ0hFPu233MKmBzhwZrJgUzii3iZWPHUWytA3bNROUGFVbSNiEW4l3P0       |
| project_id | d2c589122d9f4273b572b1752551cdb7                                |
| user_id    | 7466c9e538a24384ba0ced75472c5b4a                                |
+------------+-----------------------------------------------------------------+
(3)demo用户请求认证令牌
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name demo --os-username demo token issue
Password: 
+------------+-----------------------------------------------------------------+
| Field      | Value                                                           |
+------------+-----------------------------------------------------------------+
| expires    | 2018-09-19T12:58:23.623417Z                                     |
| id         | gAAAAABbojnf1E-                                                 |
|            | YRlgexzTl0Ktxxo72UHsL45rnKp_WeS1CXNxPEiLaRD_2nlAzB-             |
|            | 3VbxfLbujFoY52lBvXEyaNa7CflTZ8TtElaG22-DgnPJwjvQnYU7PzjVHeLapaW |
|            | GRzCXFhslEZZLJE2m_ftMSfMDwnPG8wc7h6vjkA_KM-OJ-k7pQ_clM          |
| project_id | 44a378473a174b01b9f11df1d1bfad2c                                |
| user_id    | 0f55752937b2424fbaeb04a8d6e147c3                                |
+------------+-----------------------------------------------------------------+

7、创建客户端环境脚本

(1)创建环境变量脚本(admin和demo)
[root@controller ~]# vim admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
###修改为自己admin用户的密码
export OS_PASSWORD=admin
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

[root@controller ~]# vim demo-openrc 
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
###修改为自己demo用户的密码
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
(2)运行脚本
###其实就是声明环境变量
[root@controller ~]# . admin-openrc
[root@controller ~]# . demo-openrc
###请求认证令牌
[root@controller ~]# openstack token issue
+------------+-----------------------------------------------------------------+
| Field      | Value                                                           |
+------------+-----------------------------------------------------------------+
| expires    | 2018-09-19T12:59:17.338714Z                                     |
| id         | gAAAAABbojoV0P8ZyAs5THwI1YJDuTxi9kj8vuFBxRLxRujosgIvH0cMBdkC0-U |
|            | WUs3eahmPtGBYlL130FnuLAOe8X6YV_rP34xy6BjyoXKPk4qMXby5nGLQk_5Lui |
|            | xY4KyG3ciL8aigkLZCx15jUkqM6XGzKqp5GOci7oZTv2Sol4jVwqty6ao       |
| project_id | 44a378473a174b01b9f11df1d1bfad2c                                |
| user_id    | 0f55752937b2424fbaeb04a8d6e147c3                                |
+------------+-----------------------------------------------------------------+

五、镜像服务


1、简介

  • OpenStack镜像服务是IaaS的核心服务,它接受磁盘镜像或服务器镜像API请求,和来自终端用户或OpenStack计算组件的元数据定义。它也支持包括OpenStack对象存储在内的多种类型仓库上的磁盘镜像或服务器镜像存储。
  • OpenStack镜像服务包括以下组件:
    • glance-api:接收镜像API的调用,诸如镜像发现、恢复、存储。
    • glance-registry:存储、处理和恢复镜像的元数据,元数据包括项诸如大小和类型。请求数据库,然后访问镜像文件的存储仓库(真正镜像所放的位置)

2、安装和配置

(1)创建数据库
[root@controller ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE glance;
(2)授权glance数据库
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
(3)获取admin权限
[root@controller ~]# . admin-openrc
(4)创建glance用户
[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | 296463ec2b564fcd85d49d9e89d8cc15 |
| enabled   | True                             |
| id        | 60498a4043e1411da9ec880aa075e452 |
| name      | glance                           |
+-----------+----------------------------------+
(5)添加admin角色到glance用户和service项目上

注:这个命令执行后没有输出。

[root@controller ~]# openstack role add --project service --user glance admin
(6)创建glance服务实体
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Image                  |
| enabled     | True                             |
| id          | 15aac117b3dd496b9ac5cdedd2907515 |
| name        | glance                           |
| type        | image                            |
+-------------+----------------------------------+
(7)创建镜像服务的API端点
[root@controller ~]# openstack endpoint create --region RegionOne image public http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 56803fcd1a6946378d03a88af396b060 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 15aac117b3dd496b9ac5cdedd2907515 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne image internal http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 966d05db4a204c5e9fb26ed805c04d6d |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 15aac117b3dd496b9ac5cdedd2907515 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne image admin http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 951d542623f645558f3d3f744fe7cb6a |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 15aac117b3dd496b9ac5cdedd2907515 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+

3、安装及配置组件

(1)安装包
[root@controller ~]# yum install -y openstack-glance
(2)配置glance-api.conf
[root@controller ~]# vim /etc/glance/glance-api.conf
[database]
###修改为glance密码
connection = mysql+pymysql://glance:glance@controller/glance

###认证服务访问配置
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
###修改为glance密码
password = glance

[paste_deploy]
flavor = keystone

###本地文件系统存储和镜像文件位置配置
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
(3)配置glance-registry.conf
[root@controller ~]# vim /etc/glance/glance-registry.conf
###数据库访问配置
[database]
###修改为glance密码
connection = mysql+pymysql://glance:glance@controller/glance

###认证服务访问配置
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
###修改为glance密码
password = glance

[paste_deploy]
flavor = keystone
(4)写入镜像服务数据库

注:忽略输出中任何不推荐使用的信息,如果修改了上面的配置,就需要重新执行此命令,否则后面会报错!!!

[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
(5)完成安装

启动镜像服务、配置自动启动!!!

[root@controller ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service
[root@controller ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service

4、验证操作

(1)获取admin权限
[root@controller ~]# . admin-openrc 
(2)下载源镜像
[root@controller ~]# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
(3)设置镜像为公共可见

使用QCOW2磁盘格式,bare容器格式上传镜像到镜像服务并设置公共可见,这样所有的项目都可以访问它!!!

[root@controller ~]# openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
+------------------+------------------------------------------------------+
| Field            | Value                                                |
+------------------+------------------------------------------------------+
| checksum         | ee1eca47dc88f4879d8a229cc70a07c6                     |
| container_format | bare                                                 |
| created_at       | 2018-09-19T12:05:40Z                                 |
| disk_format      | qcow2                                                |
| file             | /v2/images/f5ec2ae2-7a6d-4eaf-96a0-b72afe3eda46/file |
| id               | f5ec2ae2-7a6d-4eaf-96a0-b72afe3eda46                 |
| min_disk         | 0                                                    |
| min_ram          | 0                                                    |
| name             | cirros                                               |
| owner            | d2c589122d9f4273b572b1752551cdb7                     |
| protected        | False                                                |
| schema           | /v2/schemas/image                                    |
| size             | 13287936                                             |
| status           | active                                               |
| tags             |                                                      |
| updated_at       | 2018-09-19T12:05:40Z                                 |
| virtual_size     | None                                                 |
| visibility       | public                                               |
+------------------+------------------------------------------------------+
(4)查看及确定镜像的上传并验证属性
###查看生成文件,发现和上面的id相同
[root@controller ~]# ls /var/lib/glance/images/
f5ec2ae2-7a6d-4eaf-96a0-b72afe3eda46

###active即正确
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| f5ec2ae2-7a6d-4eaf-96a0-b72afe3eda46 | cirros | active |
+--------------------------------------+--------+--------+

六、配置计算服务(计算节点)


下面我们进行计算节点的环境安装!!!

1、安装和配置控制节点(controller)

(1)创建nova_api和nova数据库
[root@controller ~]# mysql -uroot -p
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
(2)授权数据库
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
(3)测试登陆
[root@controller ~]# mysql -u nova -pnova nova
(4)创建nova用户
###获取admin权限
[root@controller ~]# . admin-openrc

###上面刚设置的nova密码
[root@controller ~]# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | 296463ec2b564fcd85d49d9e89d8cc15 |
| enabled   | True                             |
| id        | 439f3e0ad34c49f581a8041e3e6f40d5 |
| name      | nova                             |
+-----------+----------------------------------+
(5)给nova用户添加admin角色

注意:这个命令执行后没有输出。

[root@controller ~]# openstack role add --project service --user nova admin
(6)创建nova服务实体
[root@controller ~]# openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Compute                |
| enabled     | True                             |
| id          | 8a5b04c26cad4085877dc14205e4b01e |
| name        | nova                             |
| type        | compute                          |
+-------------+----------------------------------+
(7)创建Compute服务API端点
[root@controller ~]# openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field        | Value                                     |
+--------------+-------------------------------------------+
| enabled      | True                                      |
| id           | 0967345ed4fa40a3b6d5ed0a0bbfb4e5          |
| interface    | public                                    |
| region       | RegionOne                                 |
| region_id    | RegionOne                                 |
| service_id   | 8a5b04c26cad4085877dc14205e4b01e          |
| service_name | nova                                      |
| service_type | compute                                   |
| url          | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field        | Value                                     |
+--------------+-------------------------------------------+
| enabled      | True                                      |
| id           | d0a700fce7834d1f9254124ef93606ce          |
| interface    | internal                                  |
| region       | RegionOne                                 |
| region_id    | RegionOne                                 |
| service_id   | 8a5b04c26cad4085877dc14205e4b01e          |
| service_name | nova                                      |
| service_type | compute                                   |
| url          | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field        | Value                                     |
+--------------+-------------------------------------------+
| enabled      | True                                      |
| id           | 0b1caf0dfe654f60aaa693b6db06a271          |
| interface    | admin                                     |
| region       | RegionOne                                 |
| region_id    | RegionOne                                 |
| service_id   | 8a5b04c26cad4085877dc14205e4b01e          |
| service_name | nova                                      |
| service_type | compute                                   |
| url          | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+

2、安装及配置组件(controller)

(1)安装软件包
[root@controller ~]# yum install -y openstack-nova-api openstack-nova-conductor \
  openstack-nova-console openstack-nova-novncproxy \
  openstack-nova-scheduler
(2)配置nova.conf
[root@controller ~]# vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
rpc_backend = rabbit
auth_strategy = keystone
###控制节点ip,即本机
my_ip = 10.10.10.1
###支持Networking服务
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[api_database]
###设置为nova的密码
connection = mysql+pymysql://nova:nova@controller/nova_api

[database]
###设置为nova的密码
connection = mysql+pymysql://nova:nova@controller/nova

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
###修改为openstack的密码
rabbit_password = openstack

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova

[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip

###镜像服务 API 的位置配置
[glance]
api_servers = http://controller:9292

###锁路径配置
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
(3)同步Compute数据库
###忽略输出中任何不推荐使用的信息
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova

3、完成安装

启动Compute服务并将其设置为随系统启动!!!

[root@controller ~]# systemctl enable openstack-nova-api.service \
  openstack-nova-consoleauth.service openstack-nova-scheduler.service \
  openstack-nova-conductor.service openstack-nova-novncproxy.service
 
[root@controller ~]# systemctl start openstack-nova-api.service \
  openstack-nova-consoleauth.service openstack-nova-scheduler.service \
  openstack-nova-conductor.service openstack-nova-novncproxy.service

到此Compute的基础环境就准备好了,下面进行Compute节点安装!!!

4、安装并配置组件(compute)

(1)安装包
[root@compute ~]# yum install -y openstack-nova-compute
(2)配置nova.conf
[root@compute ~]# vim /etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
###设置为计算节点IP即本机
my_ip = 10.10.10.2
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
###设置为openstack的密码
rabbit_password = openstack

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
###设置为nova密码
password = nova

###启用并配置远程控制台访问
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html

[glance]
api_servers = http://controller:9292

[oslo_concurrency]
lock_path = /var/lib/nova/tmp
(3)是否支持虚拟机的硬件加速

如果这个命令返回了one or greater的值,那么你的计算节点支持硬件加速且不需要额外的配置。
如果这个命令返回了zero值,那么你的计算节点不支持硬件加速。你必须配置libvirt来使用QEMU去代替KVM

###如果你的返回值不是0的话可以不用执行下一步操作
[root@compute ~]# egrep -c '(vmx|svm)' /proc/cpuinfo
0
(4)不支持执行操作
[root@compute ~]# vim /etc/nova/nova.conf 
[libvirt]
virt_type = qemu
(5)完成安装、设置自启

如果启动报错:ERROR nova.virt.driver [-] Unable to load the virtualization driver
解决方法:yum install -y libvirt

[root@compute ~]# systemctl enable libvirtd.service openstack-nova-compute.service
[root@compute ~]# systemctl start libvirtd.service openstack-nova-compute.service

5、验证操作

(1)获取admin权限
[root@controller ~]# . admin-openrc 
(2)查看compute结果(controller )

列出服务组件,以验证是否成功启动并注册了每个进程!!!

[root@controller ~]# openstack compute service list
+----+--------------+------------+----------+---------+-------+--------------+
| Id | Binary       | Host       | Zone     | Status  | State | Updated At   |
+----+--------------+------------+----------+---------+-------+--------------+
|  1 | nova-        | controller | internal | enabled | up    | 2018-09-19T1 |
|    | consoleauth  |            |          |         |       | 2:21:40.0000 |
|    |              |            |          |         |       | 00           |
|  2 | nova-        | controller | internal | enabled | up    | 2018-09-19T1 |
|    | conductor    |            |          |         |       | 2:21:40.0000 |
|    |              |            |          |         |       | 00           |
|  3 | nova-        | controller | internal | enabled | up    | 2018-09-19T1 |
|    | scheduler    |            |          |         |       | 2:21:40.0000 |
|    |              |            |          |         |       | 00           |
|  6 | nova-compute | compute    | nova     | enabled | up    | 2018-09-19T1 |
|    |              |            |          |         |       | 2:21:35.0000 |
|    |              |            |          |         |       | 00           |
+----+--------------+------------+----------+---------+-------+--------------+

七、Networking服务配置


1、安装配置控制节点

在你配置OpenStack网络(neutron)服务之前,你必须为其创建一个数据库,服务凭证和API端点。

(1)数据库操作(controller)
[root@controller ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
(2)创建neutron用户
[root@controller ~]# . admin-openrc                ###获取admin权限
###输入刚设置的neutron密码
[root@controller ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | 296463ec2b564fcd85d49d9e89d8cc15 |
| enabled   | True                             |
| id        | a639afe08d244e099eb0d587c27266e3 |
| name      | neutron                          |
+-----------+----------------------------------+
(3)添加admin 角色到neutron用户
###这个命令执行后没有输出
[root@controller ~]# openstack role add --project service --user neutron admin
(4)创建neutron服务实体
[root@controller ~]# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Networking             |
| enabled     | True                             |
| id          | dc9aa64760e74570b811b1b74ed2a22e |
| name        | neutron                          |
| type        | network                          |
+-------------+----------------------------------+
(5)创建网络服务API端点
[root@controller ~]# openstack endpoint create --region RegionOne network public http://controller:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | b3c05409694741d29ddbbe3427e959fe |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | dc9aa64760e74570b811b1b74ed2a22e |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne network internal http://controller:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 155a3f69ba734764a6000ae5dba6dd99 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | dc9aa64760e74570b811b1b74ed2a22e |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne network admin http://controller:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | e2e3105220b44a13b51d05575b652f68 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | dc9aa64760e74570b811b1b74ed2a22e |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+
(6)配置网络选项(公共网络)

这里我们也可以配置私有网络,这里我们配置公共网络来做实验!!!

<1> 安装组件

[root@controller ~]# yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables

<2> 配置服务组件

Networking服务器组件的配置包括数据库、认证机制、消息队列、拓扑变化通知和插件。

[root@controller ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
###启用ML2插件并禁用其他插件
core_plugin = ml2
service_plugins =
###配置RabbitMQ消息队列的连
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True

###数据库访问配置
[database]
connection = mysql+pymysql://neutron:neutron@controller/neutron

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
###修改为openstack密码
rabbit_password = openstack

###认证服务访问配置
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
###修改为neutron密码
password = neutron

###配置网络服务来通知计算节点的网络拓扑变化
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
###修改为nova密码
password = nova

###锁路径配置
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

<3> 配置Modular Layer 2 (ML2) 插件

ML2插件使用Linuxbridge机制来为实例创建layer-2虚拟网络基础设施

[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
###启用flat和VLAN网络
type_drivers = flat,vlan
###禁用私有网络
tenant_network_types =
###启用Linuxbridge机制
mechanism_drivers = linuxbridge
###启用端口安全扩展驱动
extension_drivers = port_security

[ml2_type_flat]
###配置公共虚拟网络为flat网络
flat_networks = provider

[securitygroup]
###启用ipset增加安全组规则的高效性
enable_ipset = True

<4> 配置Linuxbridge代理

[root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
###公共虚拟网络和公共物理网络接口对应起来,修改为本机网卡名,本机eth0(IP)和eth1
physical_interface_mappings = provider:eth1

[vxlan]
###禁止VXLAN覆盖网络
enable_vxlan = False

###启用安全组并配置Linuxbridge iptables firewall driver
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

<5> 配置DHCP代理

配置Linuxbridge驱动接口,DHCP驱动并启用隔离元数据,这样在公共网络上的实例就可以通过网络来访问元数据。

[root@controller ~]# vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
(7)配置元数据代理
[root@controller ~]# vim /etc/neutron/metadata_agent.ini
###配置元数据主机以及共享密码
[DEFAULT]
nova_metadata_ip = controller
metadata_proxy_shared_secret = dream
(8)为计算节点配置网络服务
[root@controller ~]# vim /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
###修改为neutron密码
password = neutron

service_metadata_proxy = True
###修改为元数据设置的密码
metadata_proxy_shared_secret = dream
(9)完成安装
###网络服务初始化脚本需要一个超链接/etc/neutron/plugin.ini指向ML2插件配置文件/etc/neutron/plugins/ml2/ml2_conf.ini。如果超链接不存在,使用下面的命令创建它
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
###同步数据库,数据库的同步发生在 Networking 之后,因为脚本需要完成服务器和插件的配置文件。
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
###重启计算API服务
[root@controller ~]# systemctl restart openstack-nova-api.service
###启动Networking服务并配置开机自启
[root@controller ~]# systemctl enable neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service
[root@controller ~]# systemctl start neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service

2、安装和配置计算节点(compute)

计算节点处理实例的连接和安全组 。

(1)安装组件
[root@compute ~]# yum install -y openstack-neutron-linuxbridge ebtables ipset
(2)配置通用组件
[root@compute ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone

###配置RabbitMQ消息队列的连接
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
###修改为openstack密码
rabbit_password = openstack

###认证服务访问配置
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
###修改为neutron密码
password = neutron

###锁路径配置
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
(3)配置网络选项(公共网络)

配置Linuxbridge代理:

[root@compute ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
###将公共虚拟网络和公共物理网络接口对应起来,修改为本机网卡名,本机eth0(IP)和eth1
physical_interface_mappings = provider:eth1

[vxlan]
###禁止VXLAN覆盖网络
enable_vxlan = False

[securitygroup]
###启用安全组并配置Linuxbridge iptables firewall driver
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
(4)为计算节点配置网络服务
[root@compute ~]# vim /etc/nova/nova.conf
###配置访问参数
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
###修改为neutron的密码
password = neutron
(5)完成安装
###重启计算服务
[root@compute ~]# systemctl restart openstack-nova-compute.service
###启动Linuxbridge代理并设置为开机自启
[root@compute ~]# systemctl enable neutron-linuxbridge-agent.service
[root@compute ~]# systemctl start neutron-linuxbridge-agent.service

3、验证操作

(1)获取admin权限
[root@controller ~]# . admin-openrc
(2)列出加载的扩展

验证neutron-server进程是否正常启动!!!

[root@controller ~]# neutron ext-list
+---------------------------+-----------------------------------------------+
| alias                     | name                                          |
+---------------------------+-----------------------------------------------+
| default-subnetpools       | Default Subnetpools                           |
| availability_zone         | Availability Zone                             |
| network_availability_zone | Network Availability Zone                     |
| auto-allocated-topology   | Auto Allocated Topology Services              |
| binding                   | Port Binding                                  |
| agent                     | agent                                         |
| subnet_allocation         | Subnet Allocation                             |
| dhcp_agent_scheduler      | DHCP Agent Scheduler                          |
| tag                       | Tag support                                   |
| external-net              | Neutron external network                      |
| net-mtu                   | Network MTU                                   |
| network-ip-availability   | Network IP Availability                       |
| quotas                    | Quota management support                      |
| provider                  | Provider Network                              |
| multi-provider            | Multi Provider Network                        |
| address-scope             | Address scope                                 |
| timestamp_core            | Time Stamp Fields addition for core resources |
| extra_dhcp_opt            | Neutron Extra DHCP opts                       |
| security-group            | security-group                                |
| rbac-policies             | RBAC Policies                                 |
| standard-attr-description | standard-attr-description                     |
| port-security             | Port Security                                 |
| allowed-address-pairs     | Allowed Address Pairs                         |
+---------------------------+-----------------------------------------------+

八、启动一个实例


1、创建虚拟网络

(1)创建提供者网络
[root@controller ~]# . admin-openrc                 ###获取admin权限
[root@controller ~]# neutron net-create --shared --provider:physical_network provider --provider:network_type flat provider
Created a new network:
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| availability_zone_hints   |                                      |
| availability_zones        |                                      |
| created_at                | 2018-09-19T13:09:36                  |
| description               |                                      |
| id                        | e72f1fe5-e634-4b58-814a-b856a51cc183 |
| ipv4_address_scope        |                                      |
| ipv6_address_scope        |                                      |
| mtu                       | 1500                                 |
| name                      | provider                             |
| port_security_enabled     | True                                 |
| provider:network_type     | flat                                 |
| provider:physical_network | provider                             |
| provider:segmentation_id  |                                      |
| router:external           | False                                |
| shared                    | True                                 |
| status                    | ACTIVE                               |
| subnets                   |                                      |
| tags                      |                                      |
| tenant_id                 | d2c589122d9f4273b572b1752551cdb7     |
| updated_at                | 2018-09-19T13:09:36                  |
+---------------------------+--------------------------------------+
(2)创建subnet
[root@controller ~]# neutron subnet-create --name provider --allocation-pool start=10.10.10.10,end=10.10.10.20 --dns-nameserver 114.114.114.114 --gateway 10.10.10.100 provider 10.10.10.0/24
Created a new subnet:
+-------------------+------------------------------------------------+
| Field             | Value                                          |
+-------------------+------------------------------------------------+
| allocation_pools  | {"start": "10.10.10.10", "end": "10.10.10.20"} |
| cidr              | 10.10.10.0/24                                  |
| created_at        | 2018-09-19T13:09:57                            |
| description       |                                                |
| dns_nameservers   | 114.114.114.114                                |
| enable_dhcp       | True                                           |
| gateway_ip        | 10.10.10.100                                   |
| host_routes       |                                                |
| id                | decc1a0c-53cc-4632-98de-2ff64aaa806f           |
| ip_version        | 4                                              |
| ipv6_address_mode |                                                |
| ipv6_ra_mode      |                                                |
| name              | provider                                       |
| network_id        | e72f1fe5-e634-4b58-814a-b856a51cc183           |
| subnetpool_id     |                                                |
| tenant_id         | d2c589122d9f4273b572b1752551cdb7               |
| updated_at        | 2018-09-19T13:09:57                            |
+-------------------+------------------------------------------------+

2、创建m1.nano规格的主机

[root@controller ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
+----------------------------+---------+
| Field                      | Value   |
+----------------------------+---------+
| OS-FLV-DISABLED:disabled   | False   |
| OS-FLV-EXT-DATA:ephemeral  | 0       |
| disk                       | 1       |
| id                         | 0       |
| name                       | m1.nano |
| os-flavor-access:is_public | True    |
| ram                        | 64      |
| rxtx_factor                | 1.0     |
| swap                       |         |
| vcpus                      | 1       |
+----------------------------+---------+

3、生成一个键值对

大部分云镜像支持公共密钥认证而不是传统的密码认证。在启动实例前,你必须添加一个公共密钥到计算服务。

(1)导入用户demo的凭证
[root@controller ~]# . demo-openrc
(2)生成和添加秘钥对
[root@controller ~]# ssh-keygen -q -N ""              ###回车就好
[root@controller ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field       | Value                                           |
+-------------+-------------------------------------------------+
| fingerprint | 20:ce:f0:e0:1b:4c:ae:e0:6d:c5:d5:e5:99:e4:3b:12 |
| name        | mykey                                           |
| user_id     | 0f55752937b2424fbaeb04a8d6e147c3                |
+-------------+-------------------------------------------------+
(3)验证公钥的添加
[root@controller ~]# openstack keypair list
+-------+-------------------------------------------------+
| Name  | Fingerprint                                     |
+-------+-------------------------------------------------+
| mykey | 20:ce:f0:e0:1b:4c:ae:e0:6d:c5:d5:e5:99:e4:3b:12 |
+-------+-------------------------------------------------+

4、增加安全组规则

(1)允许ICMP (ping)
[root@controller ~]# openstack security group rule create --proto icmp default
+-----------------------+--------------------------------------+
| Field                 | Value                                |
+-----------------------+--------------------------------------+
| id                    | 76f2467b-b4af-4c62-bf24-14f98ff8d940 |
| ip_protocol           | icmp                                 |
| ip_range              | 0.0.0.0/0                            |
| parent_group_id       | 74db9e1b-b34c-4f2a-9e80-a64b82aa5b13 |
| port_range            |                                      |
| remote_security_group |                                      |
+-----------------------+--------------------------------------+
(2)允许安全shell(SSH)的访问
[root@controller ~]# openstack security group rule create --proto tcp --dst-port 22 default
+-----------------------+--------------------------------------+
| Field                 | Value                                |
+-----------------------+--------------------------------------+
| id                    | 4442ece2-07fd-41f5-a755-cc0734cc507d |
| ip_protocol           | tcp                                  |
| ip_range              | 0.0.0.0/0                            |
| parent_group_id       | 74db9e1b-b34c-4f2a-9e80-a64b82aa5b13 |
| port_range            | 22:22                                |
| remote_security_group |                                      |
+-----------------------+--------------------------------------+

5、在公有网络上创建实例

(1)获取demo权限
[root@controller ~]# . demo-openrc
(2)列出可用类型
[root@controller ~]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name      |   RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 0  | m1.nano   |    64 |    1 |         0 |     1 | True      |
| 1  | m1.tiny   |   512 |    1 |         0 |     1 | True      |
| 2  | m1.small  |  2048 |   20 |         0 |     1 | True      |
| 3  | m1.medium |  4096 |   40 |         0 |     2 | True      |
| 4  | m1.large  |  8192 |   80 |         0 |     4 | True      |
| 5  | m1.xlarge | 16384 |  160 |         0 |     8 | True      |
+----+-----------+-------+------+-----------+-------+-----------+
(3)列出可用镜像
[root@controller ~]# openstack image list              ###我们前面创建的cirros
+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| f5ec2ae2-7a6d-4eaf-96a0-b72afe3eda46 | cirros | active |
+--------------------------------------+--------+--------+
(4)列出可用网络
[root@controller ~]# openstack network list          ###我们刚创建的provider
+---------------------------------+----------+---------------------------------+
| ID                              | Name     | Subnets                         |
+---------------------------------+----------+---------------------------------+
| e72f1fe5-e634-4b58-814a-        | provider | decc1a0c-53cc-4632-98de-        |
| b856a51cc183                    |          | 2ff64aaa806f                    |
+---------------------------------+----------+---------------------------------+
(5)列出可用的安全组
[root@controller ~]# openstack security group list
+----------------------+---------+----------------------+----------------------+
| ID                   | Name    | Description          | Project              |
+----------------------+---------+----------------------+----------------------+
| 74db9e1b-b34c-4f2a-  | default | Default security     | 44a378473a174b01b9f1 |
| 9e80-a64b82aa5b13    |         | group                | 1df1d1bfad2c         |
+----------------------+---------+----------------------+----------------------+
(6)创建实例
###provider-instance就为虚拟机的名字,可以自己命名,使用provide公有网络的ID替换PUBLIC_NET_ID
[root@controller ~]# openstack server create --flavor m1.tiny --image cirros --nic net-id=e72f1fe5-e634-4b58-814a-b856a51cc183 --security-group default --key-name mykey provider-instance
+--------------------------------------+---------------------------------------+
| Field                                | Value                                 |
+--------------------------------------+---------------------------------------+
| OS-DCF:diskConfig                    | MANUAL                                |
| OS-EXT-AZ:availability_zone          |                                       |
| OS-EXT-STS:power_state               | 0                                     |
| OS-EXT-STS:task_state                | scheduling                            |
| OS-EXT-STS:vm_state                  | building                              |
| OS-SRV-USG:launched_at               | None                                  |
| OS-SRV-USG:terminated_at             | None                                  |
| accessIPv4                           |                                       |
| accessIPv6                           |                                       |
| addresses                            |                                       |
| adminPass                            | nRjwCSmuWH3i                          |
| config_drive                         |                                       |
| created                              | 2018-09-19T13:13:28Z                  |
| flavor                               | m1.tiny (1)                           |
| hostId                               |                                       |
| id                                   | 8b2f5104-3380-4543-8232-b07bef2dd530  |
| image                                | cirros (f5ec2ae2-7a6d-4eaf-           |
|                                      | 96a0-b72afe3eda46)                    |
| key_name                             | mykey                                 |
| name                                 | provider-instance                     |
| os-extended-volumes:volumes_attached | []                                    |
| progress                             | 0                                     |
| project_id                           | 44a378473a174b01b9f11df1d1bfad2c      |
| properties                           |                                       |
| security_groups                      | [{u'name': u'default'}]               |
| status                               | BUILD                                 |
| updated                              | 2018-09-19T13:13:29Z                  |
| user_id                              | 0f55752937b2424fbaeb04a8d6e147c3      |
+--------------------------------------+---------------------------------------+
(7)检查实例的状态
###可以发现生成的地址在我们刚给的范围内,并且状态由BUILD变为ACTIVE
[root@controller ~]# openstack server list
+----------------------+-------------------+--------+----------------------+
| ID                   | Name              | Status | Networks             |
+----------------------+-------------------+--------+----------------------+
| 8b2f5104-3380-4543-8 | provider-instance | ACTIVE | provider=10.10.10.11 |
| 232-b07bef2dd530     |                   |        |                      |
+----------------------+-------------------+--------+----------------------+

###此时我们在计算节点可以查看到此实例,且状态为running
[root@compute ~]# virsh list
 Id    Name                           State
----------------------------------------------------
 1     instance-00000001              running
(8)使用虚拟控制台访问实例
###获取你实例的URL并从web浏览器访问它,这里名字是provider-instance
[root@controller ~]# openstack console url show provider-instance
+-------+----------------------------------------------------------------------+
| Field | Value                                                                |
+-------+----------------------------------------------------------------------+
| type  | novnc                                                                |
| url   | http://controller:6080/vnc_auto.html?token=c8e02fba-14e6-453b-       |
|       | b0f5-b0f82b270efc                                                    |
+-------+----------------------------------------------------------------------+
(9)访问报错

真机为linux因此也要加入Host解析!!!

<1> 报错:
openstack访问IPXE (http://ipxe.org)) 00:03.0 C980 PCI2.10 PnP PMM

在这里插入图片描述
<2> 解决方案

下载地址:https://www.qemu.org/download/

###报错的原因是QEMU的版本为1.5.3过低,进行升级就好了
[root@compute ~]# virsh version
Compiled against library: libvirt 2.0.0
Using library: libvirt 2.0.0
Using API: QEMU 2.0.0
Running hypervisor: QEMU 1.5.3

[root@compute ~]# wget https://download.qemu.org/qemu-2.6.0.tar.bz2
[root@compute ~]# yum -y install gcc gcc-c++ automake libtool zlib-devel glib2-devel bzip2-devel libuuid-devel spice-protocol spice-server-devel usbredir-devel libaio-devel
[root@compute ~]# tar xf qemu-2.6.0.tar.bz2
[root@compute ~]# cd qemu-2.6.0
[root@compute qemu-2.6.0]# ./configure --prefix=/usr/local/qemu
###注意:编译的过程很慢,可以把百度网盘中的qemu目录放在/usr/local下就好
[root@compute qemu-2.6.0]# make && make install
[root@compute ~]# rm -f /usr/bin/qemu-kvm
[root@compute ~]# rm -f /usr/libexec/qemu-kvm
[root@compute ~]# rm -f /usr/bin/qemu-img
[root@compute ~]# ln -s /usr/local/qemu/bin/qemu-system-x86_64 /usr/bin/qemu-kvm
[root@compute ~]# ln -s /usr/local/qemu/bin/qemu-system-x86_64 /usr/libexec/qemu-kvm
[root@compute ~]# ln -s /usr/local/qemu/bin/qemu-img /usr/bin/qemu-img
[root@compute ~]# virsh version
Compiled against library: libvirt 2.0.0
Using library: libvirt 2.0.0
Using API: QEMU 2.0.0
Running hypervisor: QEMU 2.6.0
(10)再次访问

这里应该是要重启某些服务,我是直接把控制节点和计算节点重启后进行访问!!!

在这里插入图片描述
在这里插入图片描述

九、配置Dashboard


1、安装配置

(1)安装包
[root@controller ~]# yum install -y openstack-dashboard
(2)配置local_settings
[root@controller ~]# vim /etc/openstack-dashboard/local_settings
###配置仪表盘以使用 OpenStack 服务
OPENSTACK_HOST = "controller"
###启用对域的支持
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
###通过仪表盘创建的用户默认角色配置为user
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

###允许所有主机访问仪表板
ALLOWED_HOSTS = ['*', ]

###配置memcached会话存储服务
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'        ###此条不存在
###这条存在直接修改就好了
CACHES = {  
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'controller:11211',
    }
}

###启用对域的支持
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

###配置API版本
OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 2,
}

###通过仪表盘创建用户时的默认域配置为default 
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'default'

###如果您选择网络参数1,禁用支持3层网络服务
OPENSTACK_NEUTRON_NETWORK = {
    'enable_router': False,
    'enable_quotas': False,
    'enable_ipv6': False,
    'enable_distributed_router': False,
    'enable_ha_router': False,
    'enable_lb': False,
    'enable_firewall': False,
    'enable_vpn': False,
    'enable_fip_topology_check': False,
    ...
    }

###配置时区
TIME_ZONE = "Asia/shanghai"
(3)完成安装
[root@controller ~]# systemctl restart httpd.service memcached.service
(4)报错

这个报错我之前搭建也未遇到过,感觉很奇怪!!!

<1> 登陆报错:

http://10.10.10.1/dashboard

在这里插入图片描述
在这里插入图片描述

[root@controller ~]# cat /var/log/httpd/error_log                     ###日志报错
[Thu Sep 20 21:09:58.075790 2018] [:error] [pid 3295]     "Unable to create a new session key. "
[Thu Sep 20 21:09:58.075792 2018] [:error] [pid 3295] RuntimeError: Unable to create a new session key. It is likely that the cache is unavailable.

<2> 解决方案

[root@controller ~]# vim /etc/openstack-dashboard/local_settings

在这里插入图片描述

[root@controller ~]# systemctl restart httpd.service memcached.service             ###重启服务

在这里插入图片描述

(5)修改字体为中文

在这里插入图片描述在这里插入图片描述

十、私有网络配置


1、配置控制节点私有网络(controller)

(1)安装组件

组件在安装公共网络时已经进行了安装!!!

[root@controller ~]# yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
(2)配置服务组件
[root@controller ~]# vim /etc/neutron/neutron.conf                 ###修改这2处即可

在这里插入图片描述

(3)配置Modular Layer 2 (ML2)插件
[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini

在这里插入图片描述
在这里插入图片描述

(4)配置Linuxbridge代理
[root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
###启用VXLAN覆盖网络,配置覆盖网络的物理网络接口的IP地址,启用layer-2 population
[vxlan]
enable_vxlan = True
###本地IP地址(controller)
local_ip = 10.10.10.1
l2_population = True
(5)配置layer-3代理
[root@controller ~]# vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =
(6)启动layer-3服务
[root@controller ~]# systemctl enable neutron-l3-agent.service
[root@controller ~]# systemctl start neutron-l3-agent.service

2、配置计算节点私有网络(compute)

(1)配置Linuxbridge代理
[root@compute ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[vxlan]
enable_vxlan = True
local_ip = 10.10.10.2
l2_population = True
(2)完成安装
[root@compute ~]# systemctl enable neutron-linuxbridge-agent.service
[root@compute ~]# systemctl restart neutron-linuxbridge-agent.service
(3)修改配置local_settings,支持3层网络服务
[root@controller ~]# vim /etc/openstack-dashboard/local_settings

在这里插入图片描述

[root@controller ~]# systemctl restart httpd memcached

十一、Dashboard页面操作


1、配置网络(实现通信)

(1)删除云主机和网络

在这里插入图片描述
在这里插入图片描述

(2)创建公共网络(admin)

在这里插入图片描述

在这里插入图片描述在这里插入图片描述在这里插入图片描述在这里插入图片描述

(3)创建私有网络

在这里插入图片描述在这里插入图片描述在这里插入图片描述
在这里插入图片描述

(4)创建路由(使公网和私网通信)

在这里插入图片描述
在这里插入图片描述在这里插入图片描述
在这里插入图片描述

到此我们可以发现通过路由公网和私网进行了链接!!!

2、创建云主机

在这里插入图片描述在这里插入图片描述
在这里插入图片描述在这里插入图片描述在这里插入图片描述在这里插入图片描述在这里插入图片描述

3、绑定浮动IP

在这里插入图片描述
在这里插入图片描述在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

在这里插入图片描述

4、测试

[root@controller ~]# . admin-openrc 
[root@controller ~]#  openstack server list
+------------------------------+-------+--------+------------------------------+
| ID                           | Name  | Status | Networks                     |
+------------------------------+-------+--------+------------------------------+
| 0700ea53-d2ca-               | cloud | ACTIVE | provite=10.0.0.3,            |
| 4de6-bf40-03f3233ee41b       |       |        | 10.10.10.122                 |
+------------------------------+-------+--------+------------------------------+

###可以发现可以通过URL访问,并且ip addr查看为10.0.0.3
[root@controller ~]# openstack console url show cloud
+-------+---------------------------------------------------------------------------------+
| Field | Value                                                                           |
+-------+---------------------------------------------------------------------------------+
| type  | novnc                                                                           |
| url   | http://controller:6080/vnc_auto.html?token=f150201d-ea5f-4556-a0a3-c1d3e0bf6da8 |
+-------+---------------------------------------------------------------------------------+

[root@controller ~]# ping 10.0.0.3
connect: Network is unreachable
[root@controller ~]# ping 10.10.10.122
PING 10.10.10.122(10.10.10.122) 56(84) bytes of data.
64 bytes from 10.10.10.122: icmp_seq=1 ttl=64 time=0.305 ms
64 bytes from 10.10.10.122: icmp_seq=2 ttl=64 time=0.323 ms

十二、块存储服务


1、安装和配置控制节点(controller)

(1)配置数据库
[root@controller ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE cinder;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';
(2)创建服务证书
[root@controller ~]# . admin-openrc                    ###获取admin权限
[root@controller ~]# openstack user create --domain default --password-prompt cinder
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | 296463ec2b564fcd85d49d9e89d8cc15 |
| enabled   | True                             |
| id        | 8e13279473104f1a8354346743c32e17 |
| name      | cinder                           |
+-----------+----------------------------------+

###添加admin角色到cinder用户上,这个命令执行后没有输出
[root@controller ~]# openstack role add --project service --user cinder admin

###创建cinder和cinderv2服务实体,块设备存储服务要求两个服务实体
[root@controller ~]# openstack service create --name cinder --description "OpenStack Block Storage" volume
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Block Storage          |
| enabled     | True                             |
| id          | 1459c962567d4572a9334d3921792654 |
| name        | cinder                           |
| type        | volume                           |
+-------------+----------------------------------+
[root@controller ~]# openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Block Storage          |
| enabled     | True                             |
| id          | f92b834b5eaf4816af12020b9921eb6c |
| name        | cinderv2                         |
| type        | volumev2                         |
+-------------+----------------------------------+
(3)创建块设备存储服务的API入口点

块设备存储服务每个服务实体都需要端点。

[root@controller ~]# openstack endpoint create --region RegionOne volume public http://controller:8776/v1/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field        | Value                                   |
+--------------+-----------------------------------------+
| enabled      | True                                    |
| id           | 37e871970fea4d4c9d692a9b22369f7e        |
| interface    | public                                  |
| region       | RegionOne                               |
| region_id    | RegionOne                               |
| service_id   | 1459c962567d4572a9334d3921792654        |
| service_name | cinder                                  |
| service_type | volume                                  |
| url          | http://controller:8776/v1/%(tenant_id)s |
+--------------+-----------------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne volume internal http://controller:8776/v1/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field        | Value                                   |
+--------------+-----------------------------------------+
| enabled      | True                                    |
| id           | 081594304c504dbda026e7bbb2d1f843        |
| interface    | internal                                |
| region       | RegionOne                               |
| region_id    | RegionOne                               |
| service_id   | 1459c962567d4572a9334d3921792654        |
| service_name | cinder                                  |
| service_type | volume                                  |
| url          | http://controller:8776/v1/%(tenant_id)s |
+--------------+-----------------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne volume admin http://controller:8776/v1/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field        | Value                                   |
+--------------+-----------------------------------------+
| enabled      | True                                    |
| id           | e232403f9b4f411ab340193b95353376        |
| interface    | admin                                   |
| region       | RegionOne                               |
| region_id    | RegionOne                               |
| service_id   | 1459c962567d4572a9334d3921792654        |
| service_name | cinder                                  |
| service_type | volume                                  |
| url          | http://controller:8776/v1/%(tenant_id)s |
+--------------+-----------------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field        | Value                                   |
+--------------+-----------------------------------------+
| enabled      | True                                    |
| id           | 4d4f4f034442427f8fe9ba5a47e2343c        |
| interface    | public                                  |
| region       | RegionOne                               |
| region_id    | RegionOne                               |
| service_id   | f92b834b5eaf4816af12020b9921eb6c        |
| service_name | cinderv2                                |
| service_type | volumev2                                |
| url          | http://controller:8776/v2/%(tenant_id)s |
+--------------+-----------------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field        | Value                                   |
+--------------+-----------------------------------------+
| enabled      | True                                    |
| id           | ba633f8ec89a4206b9ed71fa18e5e0e7        |
| interface    | internal                                |
| region       | RegionOne                               |
| region_id    | RegionOne                               |
| service_id   | f92b834b5eaf4816af12020b9921eb6c        |
| service_name | cinderv2                                |
| service_type | volumev2                                |
| url          | http://controller:8776/v2/%(tenant_id)s |
+--------------+-----------------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field        | Value                                   |
+--------------+-----------------------------------------+
| enabled      | True                                    |
| id           | 52cae10050dc42919344c0d9f385b162        |
| interface    | admin                                   |
| region       | RegionOne                               |
| region_id    | RegionOne                               |
| service_id   | f92b834b5eaf4816af12020b9921eb6c        |
| service_name | cinderv2                                |
| service_type | volumev2                                |
| url          | http://controller:8776/v2/%(tenant_id)s |
+--------------+-----------------------------------------+
(4)安装配置组件
[root@controller ~]# yum install -y openstack-cinder
(5)配置cinder.conf
[root@controller ~]# vim /etc/cinder/cinder.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
###自身IP
my_ip = 10.10.10.1

###配置数据库访问
[database]
connection = mysql+pymysql://cinder:cinder@controller/cinde

###配置RabbitMQ消息队列访问
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack

###认证服务访问配置
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = cinder

###锁路径配置
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
(6)初始化块设备服务的数据库
###忽略输出中任何不推荐使用的信息
[root@controller ~]# su -s /bin/sh -c "cinder-manage db sync" cinder
(7)配置计算节点以使用块设备存储
[root@controller ~]# vim /etc/nova/nova.conf
[cinder]
os_region_name = RegionOne
(8)完成安装
###重启API服务
[root@controller ~]# systemctl restart openstack-nova-api.service
###启动块设备存储服务,并将其配置为开机自启
[root@controller ~]# systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
[root@controller ~]# systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service

2、配置存储节点(block)

(1)安装支持的工具包
###安装LVM包,一些发行版默认包含了LVM
[root@block ~]# yum install -y lvm2
###启动LVM的metadata服务并且设置该服务随系统启动
[root@block ~]# systemctl enable lvm2-lvmetad.service
[root@block ~]# systemctl start lvm2-lvmetad.service
(2)添加一块存储
[root@block ~]# fdisk -l

在这里插入图片描述

(3)创建LVM
###创建物理卷/dev/vda
[root@block ~]# pvcreate /dev/vda
###创建LVM卷组cinder-volumes
[root@block ~]# vgcreate cinder-volumes /dev/vda

###查看
[root@block ~]# pvs
  PV         VG             Fmt  Attr PSize  PFree
  /dev/sda2  rhel           lvm2 a--  19.00g    0 
  /dev/vda   cinder-volumes lvm2 a--   2.00g 2.00g
[root@block ~]# vgs
  VG             #PV #LV #SN Attr   VSize  VFree
  cinder-volumes   1   0   0 wz--n-  2.00g 2.00g
  rhel             1   2   0 wz--n- 19.00g    0 
(4)配置lvm.conf
[root@block ~]# vim /etc/lvm/lvm.conf
devices {
	...
	filter = [ "a/vda/", "r/.*/"]
(5)安全并配置组件
[root@block ~]# yum install -y openstack-cinder targetcli python-keystone
(6)配置cinder.conf
[root@block ~]# vim /etc/cinder/cinder.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
###配置为本机IP
my_ip = 10.10.10.3
###配置镜像服务API的位置
glance_api_servers = http://controller:9292

###配置数据库访问
[database]
connection = mysql+pymysql://cinder:cinder@controller/cinder

###配置RabbitMQ消息队列访问
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack

###认证服务访问配置
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = cinder

###此模块不存在,自己添加,配置LVM后端以LVM驱动结束
[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm

###锁路径配置
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
(7)完成安装
[root@block ~]# systemctl enable openstack-cinder-volume.service target.service
[root@block ~]# systemctl start openstack-cinder-volume.service target.service
(8)连接云硬盘

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

3、验证操作

[root@controller ~]# . admin-openrc              ###获取admin权限
###列出服务组件以验证是否每个进程都成功启动
[root@controller ~]# cinder service-list
+------------------+------------+------+---------+-------+----------------------------+-----------------+
|      Binary      |    Host    | Zone |  Status | State |         Updated_at         | Disabled Reason |
+------------------+------------+------+---------+-------+----------------------------+-----------------+
| cinder-scheduler | controller | nova | enabled |   up  | 2018-09-21T12:05:56.000000 |        -        |
|  cinder-volume   |  block@lvm | nova | enabled |   up  | 2018-09-21T12:05:49.000000 |        -        |
+------------------+------------+------+---------+-------+----------------------------+-----------------+

###连接到cloud上面可以看到存储即为成功
[root@controller ~]# ssh cirros@10.10.10.122
$sudo fdisk -l
Disk /dev/vdb: 1073 MB,1073741824 Bytes

4、扩展云硬盘

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

十三、创建镜像主机


1、图形安装

[root@dream images]# ls /root/
rhel-server-6.5-x86_64-dvd.iso
[root@dream ~]# cd /var/lib/libvirt/images/
[root@dream images]# qemu-img create -f qcow2 test.qcow2 5G
###也可以使用"--cdrom="来指定镜像
[root@dream images]# virt-install --name test --memory 1024 --location /root/rhel-server-6.5-x86_64-dvd.iso --disk test.qcow2

注意:创建的分区仅仅只有一个/,且格式为ext4!!!

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

2、封装虚拟机

(1)关闭防火墙
# /etc/init.d/iptables stop
# /etc/init.d/ip6tables stop
# chkconfig iptables off
# chkconfig ip6tables off
(2)关闭selinux
# sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinux 
(3)关闭进度条显示
# vim /boot/grub/grub.conf             ###修改后面
        kernel /boot/vmlinuz-2.6.32-431.el6.x86_64 ro root=UUID=5d5513e3-55ac-41a9-b154-c5864cb15391 rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM  quiet cons
(4)配置yum源
# cd /var/www/html/cloud-init/rhel6
# createrepo .

# vim /etc/yum.repos.d/yum.repo
[rhel6.5]
name=rhel6.5
baseurl=http://10.10.10.250/rhel6.5
gpgcheck=0

[cloud-init]
name=cloud-init
baseurl=http://10.10.10.250/cloud-init/rhel6
gpgcheck=0
(5)配置网卡
# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=dhcp

# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=localhost.localdomain
NOZERCONF=yes
(6)安装软件及配置
# yum install -y acpid
# chkconfig acpid on
# yum install -y cloud-init cloud-utils-growpart dracut-modules-growroot
# dracut -f
# ll /boot/
total 20915
-rw-r--r--. 1 root root   105195 Nov 10  2013 config-2.6.32-431.el6.x86_64
drwxr-xr-x. 3 root root     1024 Sep 21 13:51 efi
drwxr-xr-x. 2 root root     1024 Sep 22 02:03 grub
-rw-------. 1 root root 14445312 Sep 22 02:27 initramfs-2.6.32-431.el6.x86_64.img
drwx------. 2 root root    12288 Sep 21 13:49 lost+found
-rw-r--r--. 1 root root   193758 Nov 10  2013 symvers-2.6.32-431.el6.x86_64.gz
-rw-r--r--. 1 root root  2518236 Nov 10  2013 System.map-2.6.32-431.el6.x86_64
-rwxr-xr-x. 1 root root  4128944 Nov 10  2013 vmlinuz-2.6.32-431.el6.x86_64

# vim /etc/cloud/cloud.cfg
cloud_init_modules:
 - bootcmd
 - write-files
 - resizefs
 - set_hostname
 - update_hostname
 - update_etc_hosts
 - rsyslog
 - users-groups
 - ssh
 - resolv-conf                              ###添加此项
(7)关机并清除配置
# poweroff
[root@dream ~]# virt-sysprep -d test                    ###带主机名的就是真机了
(8)压缩镜像
[root@dream ~]# cd /var/lib/libvirt/images/
[root@dream images]# virt-sparsify --compress test.qcow2 test.qcow2.new
[root@dream images]# du -sh test.qcow2 test.qcow2.new 
1.1G	test.qcow2
288M	test.qcow2.new

###复制到自己默认发布目录
[root@dream images]# cp test.qcow2.new /var/www/html/

然后通过dashboard,系统 --> 镜像 --> 创建镜像,输入(http://10.10.10.250/test.qcow2.new)进行导入,这就是模板,我们就可以进行上面的方法进行选择模板进行创建即可进行使用!!!

评论 4
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

Wielun

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值