Openstack
准备两台纯净的虚拟机7.2
Openstack1:172.25.30.1(2G)
Openstack2:172.25.30.2(1G)
搭建http服务(openstack目录)
http://172.25.30.250/openstack/html/mitaka/zh_CN/install-guide-rdo/overview.html
核心组建
环境:
安全(用户名和密码)
网络(建议使用私有段)
时间同步S(集群:解析,时间同步)
1.解析
[root@openstack1 ~]# vim /etc/hosts
172.25.30.1 controller
172.25.30.2 computel
172.25.30.3 block1
[root@openstack1 ~]# hostnamectl set-hostname controller
[root@controller ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
[root@controller ~]# systemctl restart network
[root@controller ~]# ip route
172.25.30.0/24 dev eth0 proto kernel scope link src 172.25.30.1 metric 100
[root@foundation30 ~]# ping www.baidu.com
[root@foundation30 ~]# vim /etc/chrony.conf
....
server time1.aliyun.com iburst
allow 172.25/16
.....
[root@foundation30 ~]# systemctl start chronyd
[root@foundation30 ~]# systemctl status chronyd.service
&&&chronyd状态是running
[root@controller ~]# yum install chrony -y
[root@controller ~]# vim /etc/chrony.conf
.....
server 172.25.30.250 iburst
[root@controller ~]# systemctl start chronyd
[root@controller ~]# systemctl status chronyd
[root@controller ~]# chronyc sources -v
^* 172.25.30.250 4 6 17 29 -1475ns[-1314us] +/- 58ms
[root@controller ~]# date
Sun Nov 19 10:07:22 CST 2017
[root@controller ~]# vim /etc/yum.repos.d/westos.repo
[rhel7.2]
name=redhat linux 7.2
baseurl=http://172.25.30.250/rhel7.2
gpgcheck=0
[openstack]
name=mitaka
baseurl=http://172.25.30.250/openstack/mitaka
gpgcheck=0
[root@controller ~]# yum upgrade -y
[root@controller ~]# yum install python-openstackclient -y
核心:数据库
认证服务
先决条件
镜像
计算服务
nova
网络服务
netturon
块存储
cinder
[root@controller ~]# yum install mariadb mariadb-server python2-PyMySQL -y
[root@controller ~]# vim /etc/my.cnf.d/openstack.cnf
[root@controller ~]# cat /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 172.25.30.1
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
[root@controller ~]# systemctl enable mariadb.service
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@controller ~]# systemctl start mariadb.service
[root@controller ~]# mysql_secure_installation
[root@controller ~]# vim addr.sql
[root@controller ~]# cat addr.sql
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'keystone';
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY 'glance';
CREATE DATABASE nova_api;
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY 'nova';
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'neutron';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'neutron';
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \
IDENTIFIED BY 'cinder';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \
IDENTIFIED BY 'cinder'
[root@controller ~]# mysql -pwestos < addr.sql
[root@controller ~]# mysql -pwestos
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 23
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| cinder |
| glance |
| information_schema |
| keystone |
| mysql |
| neutron |
| nova |
| nova_api |
| performance_schema |
+--------------------+
9 rows in set (0.00 sec)
MariaDB [(none)]> quit
Bye
[root@controller ~]# mysql -u nova -pnova
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 24
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| nova |
| nova_api |
+--------------------+
3 rows in set (0.00 sec)
MariaDB [(none)]> quit
Bye
[root@controller ~]#
消息队列
[root@controller ~]# yum install rabbitmq-server -y
[root@controller ~]# systemctl enable rabbitmq-server.service
Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.
[root@controller ~]# systemctl start rabbitmq-server.service
[root@controller ~]# rabbitmqctl add_user openstack openstack
Creating user "openstack" ...
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...
[root@controller ~]# rabbitmq-plugins enable rabbitmq_management
The following plugins have been enabled:
mochiweb
webmachine
rabbitmq_web_dispatch
amqp_client
rabbitmq_management_agent
rabbitmq_management
Applying plugin configuration to rabbit@controller... started 6 plugins.
[root@controller ~]# netstat -antlp | grep 5672
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 13135/beam
tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 13135/beam
tcp 0 0 172.25.30.1:57556 172.25.30.1:25672 TIME_WAIT -
tcp6 0 0 :::5672 :::* LISTEN 13135/beam
[root@controller ~]#
浏览器访问http://172.25.30.1:15672/(用户名和密码:guest)
[root@controller ~]# rabbitmqctl list_users
Listing users ...
openstack []
guest [administrator]
[root@controller ~]# rabbitmqctl list_permissions
Listing permissions in vhost "/" ...
guest .* .* .*
openstack .* .* .*
[root@controller ~]#
Memcache
[root@controller ~]# yum install memcached python-memcached -y
[root@controller ~]# systemctl enable memcached.service
Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.
[root@controller ~]# systemctl start memcached.service
[root@controller ~]# netstat -antlp | grep :11211
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 14157/memcached
tcp6 0 0 ::1:11211 :::* LISTEN 14157/memcached
[root@controller ~]# vim /etc/sysconfig/memcached
[root@controller ~]# cat /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
#OPTIONS="-l 127.0.0.1,::1"
[root@controller ~]# systemctl restart memcached
认证服务
[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y
[root@controller ~]# openssl rand -hex 10
d1c444cc780e64a79f2d
[root@controller ~]# vim /etc/keystone/keystone.conf
[root@controller ~]# cd /var/log/keystone/
[root@controller keystone]# ll
total 0
[root@controller keystone]# su -s /bin/sh -c "keystone-manage db_sync" keystone
[root@controller keystone]# ll
total 8
-rw-r--r-- 1 keystone keystone 4402 Nov 19 11:30 keystone.log
[root@controller keystone]# cd /etc/keystone/
[root@controller keystone]# ls
default_catalog.templates keystone-paste.ini policy.json
keystone.conf logging.conf sso_callback_template.html
[root@controller keystone]# ll
total 100
-rw-r----- 1 root keystone 2303 Sep 22 2016 default_catalog.templates
-rw-r----- 1 root keystone 73225 Nov 19 11:28 keystone.conf
-rw-r----- 1 root keystone 2400 Sep 22 2016 keystone-paste.ini
-rw-r----- 1 root keystone 1046 Sep 22 2016 logging.conf
-rw-r----- 1 keystone keystone 9699 Sep 22 2016 policy.json
-rw-r----- 1 keystone keystone 665 Sep 22 2016 sso_callback_template.html
[root@controller keystone]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
配置http服务
[root@controller keystone]# vim /etc/httpd/conf/httpd.conf
.....
95 ServerName controller
[root@controller keystone]# vim /etc/httpd/conf/httpd.conf
[root@controller keystone]# cat /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
[root@controller keystone]# vim /etc/httpd/conf.d/wsgi-keystone.conf
[root@controller keystone]# systemctl enable httpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@controller keystone]# systemctl start httpd.service
[root@controller keystone]# netstat -antlp | grep :5000
tcp6 0 0 :::5000 :::* LISTEN 14486/httpd
[root@controller keystone]# netstat -antlp | grep :35357
tcp6 0 0 :::35357 :::* LISTEN 14486/httpd
[root@controller keystone]# vim /etc/keystone/keystone.conf
[root@controller keystone]# export OS_TOKEN=d1c444cc780e64a79f2d
[root@controller keystone]# export OS_URL=http://controller:35357/v3
[root@controller keystone]# export OS_IDENTITY_API_VERSION=3
[root@controller keystone]# openstack service create \
> --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | 41e491e36c044b4188b3b1846f490ba5 |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
[root@controller keystone]# openstack endpoint create --region RegionOne \
> identity public http://controller:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b72001414ce24b05966b31b869229dbd |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 41e491e36c044b4188b3b1846f490ba5 |
| service_name | keystone |
| service_type | identity |
| url | http://controller:5000/v3 |
+--------------+----------------------------------+
[root@controller keystone]# openstack endpoint create --region RegionOne \
> identity internal http://controller:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | d77210c36c324a9683199ebf8bb3be3e |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 41e491e36c044b4188b3b1846f490ba5 |
| service_name | keystone |
| service_type | identity |
| url | http://controller:5000/v3 |
+--------------+----------------------------------+
[root@controller keystone]# openstack endpoint create --region RegionOne \
> identity admin http://controller:35357/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0ac23ad795344d08a82f2fcc257d2d97 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 41e491e36c044b4188b3b1846f490ba5 |
| service_name | keystone |
| service_type | identity |
| url | http://controller:35357/v3 |
+--------------+----------------------------------+
[root@controller keystone]#
创建服务实体和API端点
[root@controller keystone]# vim /etc/keystone/keystone.conf
[root@controller keystone]# export OS_TOKEN=d1c444cc780e64a79f2d
[root@controller keystone]# export OS_URL=http://controller:35357/v3
[root@controller keystone]# export OS_IDENTITY_API_VERSION=3
[root@controller keystone]# openstack service create \
> --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | 41e491e36c044b4188b3b1846f490ba5 |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
[root@controller keystone]# openstack endpoint create --region RegionOne \
> identity public http://controller:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b72001414ce24b05966b31b869229dbd |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 41e491e36c044b4188b3b1846f490ba5 |
| service_name | keystone |
| service_type | identity |
| url | http://controller:5000/v3 |
+--------------+----------------------------------+
[root@controller keystone]# openstack endpoint create --region RegionOne \
> identity internal http://controller:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | d77210c36c324a9683199ebf8bb3be3e |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 41e491e36c044b4188b3b1846f490ba5 |
| service_name | keystone |
| service_type | identity |
| url | http://controller:5000/v3 |
+--------------+----------------------------------+
[root@controller keystone]# openstack endpoint create --region RegionOne \
> identity admin http://controller:35357/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0ac23ad795344d08a82f2fcc257d2d97 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 41e491e36c044b4188b3b1846f490ba5 |
| service_name | keystone |
| service_type | identity |
| url | http://controller:35357/v3 |
+--------------+----------------------------------+
创建域、项目、用户和角色
[root@controller keystone]# openstack domain create --description "Default Domain" default
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Default Domain |
| enabled | True |
| id | eaaac1382374477dab77555bf3809732 |
| name | default |
+-------------+----------------------------------+
[root@controller keystone]# openstack project create --domain default \
> --description "Admin Project" admin
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Admin Project |
| domain_id | eaaac1382374477dab77555bf3809732 |
| enabled | True |
| id | ef8f54e076e84090b349e10d1904058c |
| is_domain | False |
| name | admin |
| parent_id | eaaac1382374477dab77555bf3809732 |
+-------------+----------------------------------+
[root@controller keystone]# openstack user create --domain default \
> --password-prompt admin
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | eaaac1382374477dab77555bf3809732 |
| enabled | True |
| id | 0250bc72aa91411b82e62a48c29d9266 |
| name | admin |
+-----------+----------------------------------+
[root@controller keystone]# openstack role create admin
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 005b48a4ac394756aae242f461a673ad |
| name | admin |
+-----------+----------------------------------+
[root@controller keystone]# openstack role add --project admin --user admin admin
[root@controller keystone]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 0250bc72aa91411b82e62a48c29d9266 | admin |
+----------------------------------+-------+
[root@controller keystone]# openstack user create --domain default --password-prompt demo
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | eaaac1382374477dab77555bf3809732 |
| enabled | True |
| id | 7f04d6d5af22472ab94dbf681b42799e |
| name | demo |
+-----------+----------------------------------+
[root@controller keystone]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 0250bc72aa91411b82e62a48c29d9266 | admin |
| 7f04d6d5af22472ab94dbf681b42799e | demo |
+----------------------------------+-------+
[root@controller keystone]# openstack project list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| ef8f54e076e84090b349e10d1904058c | admin |
+----------------------------------+-------+
[root@controller keystone]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 4ce27424bea2410e8400c7f39f768c6c |
| name | user |
+-----------+----------------------------------+
[root@controller keystone]# openstack role list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 005b48a4ac394756aae242f461a673ad | admin |
| 4ce27424bea2410e8400c7f39f768c6c | user |
+----------------------------------+-------+
[root@controller keystone]# openstack project list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| ef8f54e076e84090b349e10d1904058c | admin |
+----------------------------------+-------+
[root@controller keystone]# openstack role add --project demo --user demo user
No project with a name or ID of 'demo' exists.
[root@controller keystone]# openstack project create --domain default \
> --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | eaaac1382374477dab77555bf3809732 |
| enabled | True |
| id | 62ccfb5dcbdc43f9b8f4aad7ce13ec43 |
| is_domain | False |
| name | service |
| parent_id | eaaac1382374477dab77555bf3809732 |
+-------------+----------------------------------+
[root@controller keystone]# openstack project create --domain default \
> --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | eaaac1382374477dab77555bf3809732 |
| enabled | True |
| id | e6a579ae8ee54d6995f3998724a5c70f |
| is_domain | False |
| name | demo |
| parent_id | eaaac1382374477dab77555bf3809732 |
+-------------+----------------------------------+
[root@controller keystone]# openstack role add --project demo --user demo user
[root@controller keystone]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 62ccfb5dcbdc43f9b8f4aad7ce13ec43 | service |
| e6a579ae8ee54d6995f3998724a5c70f | demo |
| ef8f54e076e84090b349e10d1904058c | admin |
+----------------------------------+---------+
[root@controller keystone]# openstack domain list
+----------------------------------+---------+---------+----------------+
| ID | Name | Enabled | Description |
+----------------------------------+---------+---------+----------------+
| eaaac1382374477dab77555bf3809732 | default | True | Default Domain |
+----------------------------------+---------+---------+----------------+
[root@controller keystone]# openstack endpoint
openstack: 'endpoint' is not an openstack command. See 'openstack --help'.
Did you mean one of these?
endpoint create
endpoint delete
endpoint list
endpoint set
endpoint show
snapshot create
snapshot delete
snapshot list
snapshot set
snapshot show
snapshot unset
[root@controller keystone]#
验证操作
[root@controller keystone]# unset OS_TOKEN OS_URL
[root@controller keystone]# openstack --os-auth-url http://controller:35357/v3 \
> --os-project-domain-name default --os-user-domain-name default \
> --os-project-name admin --os-username admin token issue
Password:
+------------+----------------------------------+
| Field | Value |
+------------+----------------------------------+
| expires | 2017-11-19T05:02:17.000052Z |
| id | 8571f0a34ce242079ff9f863d360063c |
| project_id | ef8f54e076e84090b349e10d1904058c |
| user_id | 0250bc72aa91411b82e62a48c29d9266 |
+------------+----------------------------------+
[root@controller keystone]# openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name demo --os-username demo token issue
Password:
+------------+----------------------------------+
| Field | Value |
+------------+----------------------------------+
| expires | 2017-11-19T05:02:48.853447Z |
| id | 35102cfb17b446d9a82e47c1e0e67d97 |
| project_id | e6a579ae8ee54d6995f3998724a5c70f |
| user_id | 7f04d6d5af22472ab94dbf681b42799e |
+------------+----------------------------------+
[root@controller keystone]#
创建 OpenStack 客户端环境脚本
[root@controller ~]# vim demo-openrc
[root@controller ~]# vim admin-openrc
[root@controller ~]# source admin-openrc
[root@controller ~]# openstack token issue #请求认证令牌(只能用一次)
+------------+----------------------------------+
| Field | Value |
+------------+----------------------------------+
| expires | 2017-11-19T05:53:31.592390Z |
| id | 57f0749668724516b96bafbd504bdd4d |
| project_id | ef8f54e076e84090b349e10d1904058c |
| user_id | 0250bc72aa91411b82e62a48c29d9266 |
+------------+----------------------------------+
[root@controller ~]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 0250bc72aa91411b82e62a48c29d9266 | admin |
| 7f04d6d5af22472ab94dbf681b42799e | demo |
+----------------------------------+-------+
[root@controller ~]# source demo-openrc
[root@controller ~]# openstack user list
You are not authorized to perform the requested action: identity:list_users (HTTP 403) (Request-ID: req-31c17e82-2f74-46eb-8948-3d8f0af1a3bc)
[root@controller ~]# source admin-openrc
[root@controller ~]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 0250bc72aa91411b82e62a48c29d9266 | admin |
| 7f04d6d5af22472ab94dbf681b42799e | demo |
+----------------------------------+-------+
[root@controller ~]#
&&镜像服务(glance)
[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | eaaac1382374477dab77555bf3809732 |
| enabled | True |
| id | fc155891eb8242789d7cf6af6cf45297 |
| name | glance |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project service --user glance admin
[root@controller ~]# openstack service create --name glance \
> --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | d9988de7f45748689733fb9918fd0a77 |
| name | glance |
| type | image |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 27e16c40201a4b0e97c70dba955dd49d |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d9988de7f45748689733fb9918fd0a77 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 8db388f59afb4cbaba28ff4b46ed7a56 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d9988de7f45748689733fb9918fd0a77 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | ce088a1c4e0b4bcf8d2045033a400466 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d9988de7f45748689733fb9918fd0a77 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# yum install openstack-glance -y
[root@controller ~]# vim /etc/glance/glance-api.conf #注意修改密码
[root@controller ~]# vim /etc/glance/glance-registry.conf
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
[root@controller ~]# systemctl enable openstack-glance-api.service \
> openstack-glance-registry.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-registry.service to /usr/lib/systemd/system/openstack-glance-registry.service.
[root@controller ~]# systemctl start openstack-glance-api.service \
> openstack-glance-registry.service
[root@controller ~]# openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public #上传镜像
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2017-11-19T06:05:26Z |
| disk_format | qcow2 |
| file | /v2/images/a0df5a13-666b-494a-b75e-7d06fcdb2a71/file |
| id | a0df5a13-666b-494a-b75e-7d06fcdb2a71 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | ef8f54e076e84090b349e10d1904058c |
| protected | False |
| schema | /v2/schemas/image |
| size | 13287936 |
| status | active |
| tags | |
| updated_at | 2017-11-19T06:05:26Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| a0df5a13-666b-494a-b75e-7d06fcdb2a71 | cirros | active |
+--------------------------------------+--------+--------+
[root@controller ~]#
&&计算服务
nova核心计算
[root@controller ~]# openstack user create --domain default \
> --password-prompt nova
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | eaaac1382374477dab77555bf3809732 |
| enabled | True |
| id | 576cbd1aded646fa9333cfa6930f772b |
| name | nova |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project service --user nova admin
[root@controller ~]# openstack service create --name nova \
> --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | d305ffcf57ff4c1b83cec9ce17f25560 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute public http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 5f7cafbc89d14e2bb8928e88db594137 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d305ffcf57ff4c1b83cec9ce17f25560 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute internal http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 7f36cbad39984b0482da86b945163d2c |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d305ffcf57ff4c1b83cec9ce17f25560 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute admin http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | b313864608a84c2ba58d2e38c8e85d1d |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d305ffcf57ff4c1b83cec9ce17f25560 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor \
> openstack-nova-console openstack-nova-novncproxy \
> openstack-nova-scheduler -y
[root@controller ~]# vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
rpc_backend = rabbit
auth_strategy = keystone
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]
connection = mysql+pymysql://nova:nova@controller/nova_api
[database]
connection = mysql+pymysql://nova:nova@controller/nova
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack #rabbit时创建的openstack用户和openstack密码
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release.')
result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release.')
result = self._query(query)
[root@controller ~]# systemctl enable openstack-nova-api.service \
> openstack-nova-consoleauth.service openstack-nova-scheduler.service \
> openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller ~]# systemctl start openstack-nova-api.service \
> openstack-nova-consoleauth.service openstack-nova-scheduler.service \
> openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller ~]# openstack compute list
openstack: 'compute' is not an openstack command. See 'openstack --help'.
Did you mean one of these?
compute agent create
compute agent delete
compute agent list
compute agent set
compute service delete
compute service list
compute service set
complete
[root@controller ~]# openstack compute service list
+----+------------------+------------+----------+---------+-------+---------------------+
| Id | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+------------+----------+---------+-------+---------------------+
| 1 | nova-consoleauth | controller | internal | enabled | up | 2017-11-19T06:52:51 |
| | | | | | | .000000 |
| 2 | nova-conductor | controller | internal | enabled | up | 2017-11-19T06:52:51 |
| | | | | | | .000000 |
| 3 | nova-scheduler | controller | internal | enabled | up | 2017-11-19T06:52:51 |
| | | | | | | .000000 |
+----+------------------+------------+----------+---------+-------+---------------------+
[root@controller ~]#
**需要启动第二台机器
计算节点
(主机名解析|时间同步)
[root@computel ~]# cat /etc/hosts
172.25.30.1 controller
172.25.30.2 computel
172.25.30.3 block1
[root@computel ~]# yum install chrony -y
[root@computel ~]# vim /etc/chrony.conf
.....
server 172.25.30.250 iburst
[root@computel ~]# systemctl start chronyd
[root@computel ~]# chronyc sources -v
.....
^* 172.25.30.250 4 6 17 37 -539ns[ -510us] +/- 79
[root@computel ~]# yum install openstack-nova-compute -y
[root@computel ~]# vim /etc/nova/nova.conf
[root@computel ~]# vim /etc/nova/nova.conf
[root@computel ~]# systemctl enable libvirtd.service openstack-nova-compute.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service to /usr/lib/systemd/system/openstack-nova-compute.service.
[root@computel ~]# systemctl start libvirtd.service openstack-nova-compute.service
&&&此时有4个节点
[root@controller ~]# openstack compute service list
+----+-----------------+------------+----------+---------+-------+-------------------+
| Id | Binary | Host | Zone | Status | State | Updated At |
+----+-----------------+------------+----------+---------+-------+-------------------+
| 1 | nova- | controller | internal | enabled | up | 2017-11-19T07:35: |
| | consoleauth | | | | | 16.000000 |
| 2 | nova-conductor | controller | internal | enabled | up | 2017-11-19T07:35: |
| | | | | | | 15.000000 |
| 3 | nova-scheduler | controller | internal | enabled | up | 2017-11-19T07:35: |
| | | | | | | 15.000000 |
| 6 | nova-compute | computel | nova | enabled | up | 2017-11-19T07:35: |
| | | | | | | 20.000000 |
+----+-----------------+
&&网络服务
网络搞定就可以起云主机啦
主要是插件和代理
[root@controller ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | eaaac1382374477dab77555bf3809732 |
| enabled | True |
| id | e1f1f42fe5ec44ba8d2b1a503d1d1c63 |
| name | neutron |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project service --user neutron admin
[root@controller ~]# openstack service create --name neutron \
> --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 9d0c1e19e6644ce3bd04a4b6e0e1a5c3 |
| name | neutron |
| type | network |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 9fbaffbbe8364821bd4527f525ad3526 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9d0c1e19e6644ce3bd04a4b6e0e1a5c3 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 2c396b02b05a4e9482381166fc96ba53 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9d0c1e19e6644ce3bd04a4b6e0e1a5c3 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 873c93e8d9a64292891bc1b6bc7abc5f |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9d0c1e19e6644ce3bd04a4b6e0e1a5c3 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller ~]#
&&选择网络选项1:公共网络
[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
[root@controller ~]# vim /etc/neutron/
conf.d/ l3_agent.ini neutron.conf policy.json
dhcp_agent.ini metadata_agent.ini plugins/ rootwrap.conf
[root@controller ~]# vim /etc/neutron/neutron.conf
[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[root@controller ~]# vim /etc/neutron/dhcp_agent.ini
[root@controller ~]# vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_ip = controller
metadata_proxy_shared_secret = westos #注意密码
[root@controller ~]# vim /etc/nova/nova.conf
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
> --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
[root@controller ~]# systemctl restart openstack-nova-api.service
[root@controller ~]# systemctl enable neutron-server.service \
> neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
> neutron-metadata-agent.service
[root@controller ~]# systemctl start neutron-server.service \
> neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
> neutron-metadata-agent.service
[root@controller ~]# neutron agent-list
&&&计算节点
[root@computel ~]# yum install openstack-neutron-linuxbridge ebtables ipset -y
[root@computel ~]# vim /etc/neutron/neutron.conf
[root@computel ~]# vim /etc/neutron/neutron.conf
[root@computel ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[root@computel ~]# vim /etc/nova/nova.conf
[root@computel ~]# systemctl restart openstack-nova-compute.service
[root@computel ~]# systemctl enable neutron-linuxbridge-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
[root@computel ~]# systemctl start neutron-linuxbridge-agent.service
[root@controller ~]# vim /etc/neutron/metadata_agent.ini [root@controller ~]# neutron agent-list
+------------+------------+------------+-------------------+-------+----------------+----------------+
| id | agent_type | host | availability_zone | alive | admin_state_up | binary |
+------------+------------+------------+-------------------+-------+----------------+----------------+
| 9489fe53-b | Linux | controller | | :-) | True | neutron- |
| 61e-4367 | bridge | | | | | linuxbridge- |
| -b56d-7aac | agent | | | | | agent |
| 9285bf46 | | | | | | |
| aab5b2df- | Linux | computel | | :-) | True | neutron- |
| 40dc-480d- | bridge | | | | | linuxbridge- |
| 9097-6937b | agent | | | | | agent |
| 4aa22a7 | | | | | | |
| c8622dc4-8 | DHCP agent | controller | nova | :-) | True | neutron-dhcp- |
| f51-4da4-b | | | | | | agent |
| cf8-f93543 | | | | | | |
| e44553 | | | | | | |
| fc4a122a-c | Metadata | controller | | :-) | True | neutron- |
| 789-4663-a | agent | | | | | metadata-agent |
| d49-ecb513 | | | | | | |
| e11258 | | | | | | |
+------------+------------+------------+-------------------+-------+----------------+----------------+
&&创建一个实例
提供者网络
[root@controller ~]# . admin-openrc
[root@controller ~]# neutron net-create --shared --provider:physical_network provider \
> --provider:network_type flat provider
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2017-11-19T09:45:03 |
| description | |
| id | 27b86832-0d98-4676-9624-f781f8022418 |
| ipv4_address_scope | |
| ipv6_address_scope | |
| mtu | 1500 |
| name | provider |
| port_security_enabled | True |
| provider:network_type | flat |
| provider:physical_network | provider |
| provider:segmentation_id | |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | ef8f54e076e84090b349e10d1904058c |
| updated_at | 2017-11-19T09:45:03 |
+---------------------------+--------------------------------------+
Openstack
最新推荐文章于 2024-05-11 10:17:43 发布