Openstack

Openstack

准备两台纯净的虚拟机7.2
Openstack1:172.25.30.1(2G)
Openstack2:172.25.30.2(1G)

搭建http服务(openstack目录)
http://172.25.30.250/openstack/html/mitaka/zh_CN/install-guide-rdo/overview.html

核心组建

环境:
    安全(用户名和密码)
    网络(建议使用私有段)

时间同步S(集群:解析,时间同步)

1.解析
[root@openstack1 ~]# vim /etc/hosts
172.25.30.1 controller
172.25.30.2 computel
172.25.30.3 block1
[root@openstack1 ~]# hostnamectl  set-hostname controller
[root@controller ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0 
[root@controller ~]# systemctl restart network
[root@controller ~]# ip route
172.25.30.0/24 dev eth0  proto kernel  scope link  src 172.25.30.1  metric 100 




[root@foundation30 ~]# ping www.baidu.com
[root@foundation30 ~]# vim /etc/chrony.conf
....
server time1.aliyun.com iburst
allow 172.25/16
.....
[root@foundation30 ~]# systemctl start chronyd
[root@foundation30 ~]# systemctl status chronyd.service
&&&chronyd状态是running

[root@controller ~]# yum install chrony -y
[root@controller ~]# vim /etc/chrony.conf 
.....
server 172.25.30.250 iburst

[root@controller ~]# systemctl start chronyd
[root@controller ~]# systemctl status chronyd

[root@controller ~]# chronyc  sources -v
^* 172.25.30.250                 4   6    17    29  -1475ns[-1314us] +/-   58ms
[root@controller ~]# date
Sun Nov 19 10:07:22 CST 2017



[root@controller ~]# vim /etc/yum.repos.d/westos.repo 
[rhel7.2]
name=redhat linux 7.2
baseurl=http://172.25.30.250/rhel7.2
gpgcheck=0


[openstack]
name=mitaka
baseurl=http://172.25.30.250/openstack/mitaka
gpgcheck=0

[root@controller ~]# yum upgrade -y
[root@controller ~]# yum install python-openstackclient -y



核心:数据库
认证服务
    先决条件

    镜像


计算服务
    nova
网络服务
    netturon
块存储
    cinder


[root@controller ~]# yum install mariadb mariadb-server python2-PyMySQL -y 

[root@controller ~]# vim /etc/my.cnf.d/openstack.cnf
[root@controller ~]# cat /etc/my.cnf.d/openstack.cnf 
[mysqld]
bind-address = 172.25.30.1
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
[root@controller ~]# systemctl enable mariadb.service
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@controller ~]# systemctl start mariadb.service
[root@controller ~]#  mysql_secure_installation
[root@controller ~]# vim addr.sql
[root@controller ~]# cat addr.sql 
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
  IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
  IDENTIFIED BY 'keystone';

CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
  IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
  IDENTIFIED BY 'glance';

CREATE DATABASE nova_api;
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
  IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
  IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
  IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
  IDENTIFIED BY 'nova';

CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
  IDENTIFIED BY 'neutron';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
  IDENTIFIED BY 'neutron';

CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \
  IDENTIFIED BY 'cinder';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \
  IDENTIFIED BY 'cinder'
[root@controller ~]# mysql -pwestos < addr.sql 
[root@controller ~]# mysql -pwestos
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 23
Server version: 10.1.20-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| cinder             |
| glance             |
| information_schema |
| keystone           |
| mysql              |
| neutron            |
| nova               |
| nova_api           |
| performance_schema |
+--------------------+
9 rows in set (0.00 sec)

MariaDB [(none)]> quit
Bye
[root@controller ~]# mysql -u nova -pnova
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 24
Server version: 10.1.20-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| nova               |
| nova_api           |
+--------------------+
3 rows in set (0.00 sec)

MariaDB [(none)]> quit
Bye
[root@controller ~]# 





消息队列
[root@controller ~]# yum install rabbitmq-server -y 
[root@controller ~]# systemctl enable rabbitmq-server.service
Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.
[root@controller ~]# systemctl start rabbitmq-server.service
[root@controller ~]# rabbitmqctl add_user openstack openstack
Creating user "openstack" ...
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...
[root@controller ~]# rabbitmq-plugins enable rabbitmq_management
The following plugins have been enabled:
  mochiweb
  webmachine
  rabbitmq_web_dispatch
  amqp_client
  rabbitmq_management_agent
  rabbitmq_management

Applying plugin configuration to rabbit@controller... started 6 plugins.
[root@controller ~]# netstat -antlp | grep 5672
tcp        0      0 0.0.0.0:25672           0.0.0.0:*               LISTEN      13135/beam          
tcp        0      0 0.0.0.0:15672           0.0.0.0:*               LISTEN      13135/beam          
tcp        0      0 172.25.30.1:57556       172.25.30.1:25672       TIME_WAIT   -                   
tcp6       0      0 :::5672                 :::*                    LISTEN      13135/beam          
[root@controller ~]# 

浏览器访问http://172.25.30.1:15672/(用户名和密码:guest)

[root@controller ~]# rabbitmqctl list_users
Listing users ...
openstack   []
guest   [administrator]
[root@controller ~]# rabbitmqctl list_permissions
Listing permissions in vhost "/" ...
guest   .*  .*  .*
openstack   .*  .*  .*
[root@controller ~]# 




Memcache
[root@controller ~]# yum install memcached python-memcached -y
[root@controller ~]# systemctl enable memcached.service
Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.
[root@controller ~]# systemctl start memcached.service
[root@controller ~]# netstat -antlp | grep :11211
tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      14157/memcached     
tcp6       0      0 ::1:11211               :::*                    LISTEN      14157/memcached     
[root@controller ~]# vim /etc/sysconfig/memcached 
[root@controller ~]# cat /etc/sysconfig/memcached 
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
#OPTIONS="-l 127.0.0.1,::1"
[root@controller ~]# systemctl restart memcached



认证服务

[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y
[root@controller ~]# openssl rand -hex 10
d1c444cc780e64a79f2d
[root@controller ~]# vim /etc/keystone/keystone.conf
[root@controller ~]# cd /var/log/keystone/
[root@controller keystone]# ll
total 0
[root@controller keystone]# su -s /bin/sh -c "keystone-manage db_sync" keystone
[root@controller keystone]# ll
total 8
-rw-r--r-- 1 keystone keystone 4402 Nov 19 11:30 keystone.log
[root@controller keystone]# cd /etc/keystone/
[root@controller keystone]# ls
default_catalog.templates  keystone-paste.ini  policy.json
keystone.conf              logging.conf        sso_callback_template.html
[root@controller keystone]# ll
total 100
-rw-r----- 1 root     keystone  2303 Sep 22  2016 default_catalog.templates
-rw-r----- 1 root     keystone 73225 Nov 19 11:28 keystone.conf
-rw-r----- 1 root     keystone  2400 Sep 22  2016 keystone-paste.ini
-rw-r----- 1 root     keystone  1046 Sep 22  2016 logging.conf
-rw-r----- 1 keystone keystone  9699 Sep 22  2016 policy.json
-rw-r----- 1 keystone keystone   665 Sep 22  2016 sso_callback_template.html
[root@controller keystone]#  keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone


配置http服务
[root@controller keystone]# vim /etc/httpd/conf/httpd.conf
.....
 95 ServerName controller
[root@controller keystone]# vim /etc/httpd/conf/httpd.conf
[root@controller keystone]# cat /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357

<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

[root@controller keystone]# vim /etc/httpd/conf.d/wsgi-keystone.conf
[root@controller keystone]# systemctl enable httpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@controller keystone]# systemctl start httpd.service
[root@controller keystone]# netstat -antlp | grep :5000
tcp6       0      0 :::5000                 :::*                    LISTEN      14486/httpd         
[root@controller keystone]# netstat -antlp | grep :35357
tcp6       0      0 :::35357                :::*                    LISTEN      14486/httpd  
[root@controller keystone]# vim /etc/keystone/keystone.conf 
[root@controller keystone]# export OS_TOKEN=d1c444cc780e64a79f2d
[root@controller keystone]# export OS_URL=http://controller:35357/v3
[root@controller keystone]# export OS_IDENTITY_API_VERSION=3
[root@controller keystone]# openstack service create \
>   --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Identity               |
| enabled     | True                             |
| id          | 41e491e36c044b4188b3b1846f490ba5 |
| name        | keystone                         |
| type        | identity                         |
+-------------+----------------------------------+
[root@controller keystone]# openstack endpoint create --region RegionOne \
>   identity public http://controller:5000/v3
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | b72001414ce24b05966b31b869229dbd |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 41e491e36c044b4188b3b1846f490ba5 |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://controller:5000/v3        |
+--------------+----------------------------------+
[root@controller keystone]# openstack endpoint create --region RegionOne \
>   identity internal http://controller:5000/v3
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | d77210c36c324a9683199ebf8bb3be3e |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 41e491e36c044b4188b3b1846f490ba5 |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://controller:5000/v3        |
+--------------+----------------------------------+
[root@controller keystone]# openstack endpoint create --region RegionOne \
>   identity admin http://controller:35357/v3
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 0ac23ad795344d08a82f2fcc257d2d97 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 41e491e36c044b4188b3b1846f490ba5 |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://controller:35357/v3       |
+--------------+----------------------------------+

[root@controller keystone]# 

创建服务实体和API端点
[root@controller keystone]# vim /etc/keystone/keystone.conf 
[root@controller keystone]# export OS_TOKEN=d1c444cc780e64a79f2d
[root@controller keystone]# export OS_URL=http://controller:35357/v3
[root@controller keystone]# export OS_IDENTITY_API_VERSION=3
[root@controller keystone]# openstack service create \
>   --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Identity               |
| enabled     | True                             |
| id          | 41e491e36c044b4188b3b1846f490ba5 |
| name        | keystone                         |
| type        | identity                         |
+-------------+----------------------------------+
[root@controller keystone]# openstack endpoint create --region RegionOne \
>   identity public http://controller:5000/v3
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | b72001414ce24b05966b31b869229dbd |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 41e491e36c044b4188b3b1846f490ba5 |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://controller:5000/v3        |
+--------------+----------------------------------+
[root@controller keystone]# openstack endpoint create --region RegionOne \
>   identity internal http://controller:5000/v3
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | d77210c36c324a9683199ebf8bb3be3e |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 41e491e36c044b4188b3b1846f490ba5 |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://controller:5000/v3        |
+--------------+----------------------------------+
[root@controller keystone]# openstack endpoint create --region RegionOne \
>   identity admin http://controller:35357/v3
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 0ac23ad795344d08a82f2fcc257d2d97 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 41e491e36c044b4188b3b1846f490ba5 |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://controller:35357/v3       |
+--------------+----------------------------------+

创建域、项目、用户和角色
[root@controller keystone]# openstack domain create --description "Default Domain" default
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Default Domain                   |
| enabled     | True                             |
| id          | eaaac1382374477dab77555bf3809732 |
| name        | default                          |
+-------------+----------------------------------+
[root@controller keystone]# openstack project create --domain default \
>   --description "Admin Project" admin
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Admin Project                    |
| domain_id   | eaaac1382374477dab77555bf3809732 |
| enabled     | True                             |
| id          | ef8f54e076e84090b349e10d1904058c |
| is_domain   | False                            |
| name        | admin                            |
| parent_id   | eaaac1382374477dab77555bf3809732 |
+-------------+----------------------------------+
[root@controller keystone]# openstack user create --domain default \
>   --password-prompt admin
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | eaaac1382374477dab77555bf3809732 |
| enabled   | True                             |
| id        | 0250bc72aa91411b82e62a48c29d9266 |
| name      | admin                            |
+-----------+----------------------------------+
[root@controller keystone]# openstack role create admin
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 005b48a4ac394756aae242f461a673ad |
| name      | admin                            |
+-----------+----------------------------------+
[root@controller keystone]# openstack role add --project admin --user admin admin
[root@controller keystone]# openstack user list
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 0250bc72aa91411b82e62a48c29d9266 | admin |
+----------------------------------+-------+
[root@controller keystone]# openstack user create --domain default   --password-prompt demo
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | eaaac1382374477dab77555bf3809732 |
| enabled   | True                             |
| id        | 7f04d6d5af22472ab94dbf681b42799e |
| name      | demo                             |
+-----------+----------------------------------+
[root@controller keystone]# openstack user list
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 0250bc72aa91411b82e62a48c29d9266 | admin |
| 7f04d6d5af22472ab94dbf681b42799e | demo  |
+----------------------------------+-------+
[root@controller keystone]# openstack project list
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| ef8f54e076e84090b349e10d1904058c | admin |
+----------------------------------+-------+
[root@controller keystone]# openstack role create user
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 4ce27424bea2410e8400c7f39f768c6c |
| name      | user                             |
+-----------+----------------------------------+
[root@controller keystone]# openstack role list
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 005b48a4ac394756aae242f461a673ad | admin |
| 4ce27424bea2410e8400c7f39f768c6c | user  |
+----------------------------------+-------+
[root@controller keystone]# openstack project list
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| ef8f54e076e84090b349e10d1904058c | admin |
+----------------------------------+-------+
[root@controller keystone]# openstack role add --project demo --user demo user
No project with a name or ID of 'demo' exists.
[root@controller keystone]# openstack project create --domain default \
>   --description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | eaaac1382374477dab77555bf3809732 |
| enabled     | True                             |
| id          | 62ccfb5dcbdc43f9b8f4aad7ce13ec43 |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | eaaac1382374477dab77555bf3809732 |
+-------------+----------------------------------+
[root@controller keystone]# openstack project create --domain default \
>   --description "Demo Project" demo
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Demo Project                     |
| domain_id   | eaaac1382374477dab77555bf3809732 |
| enabled     | True                             |
| id          | e6a579ae8ee54d6995f3998724a5c70f |
| is_domain   | False                            |
| name        | demo                             |
| parent_id   | eaaac1382374477dab77555bf3809732 |
+-------------+----------------------------------+
[root@controller keystone]#  openstack role add --project demo --user demo user
[root@controller keystone]# openstack project list
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 62ccfb5dcbdc43f9b8f4aad7ce13ec43 | service |
| e6a579ae8ee54d6995f3998724a5c70f | demo    |
| ef8f54e076e84090b349e10d1904058c | admin   |
+----------------------------------+---------+
[root@controller keystone]# openstack domain list
+----------------------------------+---------+---------+----------------+
| ID                               | Name    | Enabled | Description    |
+----------------------------------+---------+---------+----------------+
| eaaac1382374477dab77555bf3809732 | default | True    | Default Domain |
+----------------------------------+---------+---------+----------------+
[root@controller keystone]# openstack endpoint
openstack: 'endpoint' is not an openstack command. See 'openstack --help'.
Did you mean one of these?
  endpoint create
  endpoint delete
  endpoint list
  endpoint set
  endpoint show
  snapshot create
  snapshot delete
  snapshot list
  snapshot set
  snapshot show
  snapshot unset
[root@controller keystone]# 


验证操作

[root@controller keystone]# unset OS_TOKEN OS_URL
[root@controller keystone]# openstack --os-auth-url http://controller:35357/v3 \
>   --os-project-domain-name default --os-user-domain-name default \
>   --os-project-name admin --os-username admin token issue
Password: 
+------------+----------------------------------+
| Field      | Value                            |
+------------+----------------------------------+
| expires    | 2017-11-19T05:02:17.000052Z      |
| id         | 8571f0a34ce242079ff9f863d360063c |
| project_id | ef8f54e076e84090b349e10d1904058c |
| user_id    | 0250bc72aa91411b82e62a48c29d9266 |
+------------+----------------------------------+
[root@controller keystone]# openstack --os-auth-url http://controller:5000/v3   --os-project-domain-name default --os-user-domain-name default   --os-project-name demo --os-username demo token issue
Password: 
+------------+----------------------------------+
| Field      | Value                            |
+------------+----------------------------------+
| expires    | 2017-11-19T05:02:48.853447Z      |
| id         | 35102cfb17b446d9a82e47c1e0e67d97 |
| project_id | e6a579ae8ee54d6995f3998724a5c70f |
| user_id    | 7f04d6d5af22472ab94dbf681b42799e |
+------------+----------------------------------+
[root@controller keystone]#

创建 OpenStack 客户端环境脚本
[root@controller ~]# vim demo-openrc
[root@controller ~]# vim admin-openrc 
[root@controller ~]# source admin-openrc 
[root@controller ~]# openstack token issue #请求认证令牌(只能用一次)
+------------+----------------------------------+
| Field      | Value                            |
+------------+----------------------------------+
| expires    | 2017-11-19T05:53:31.592390Z      |
| id         | 57f0749668724516b96bafbd504bdd4d |
| project_id | ef8f54e076e84090b349e10d1904058c |
| user_id    | 0250bc72aa91411b82e62a48c29d9266 |
+------------+----------------------------------+
[root@controller ~]# openstack user list
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 0250bc72aa91411b82e62a48c29d9266 | admin |
| 7f04d6d5af22472ab94dbf681b42799e | demo  |
+----------------------------------+-------+
[root@controller ~]# source demo-openrc 
[root@controller ~]# openstack user list
You are not authorized to perform the requested action: identity:list_users (HTTP 403) (Request-ID: req-31c17e82-2f74-46eb-8948-3d8f0af1a3bc)
[root@controller ~]# source admin-openrc 
[root@controller ~]# openstack user list
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 0250bc72aa91411b82e62a48c29d9266 | admin |
| 7f04d6d5af22472ab94dbf681b42799e | demo  |
+----------------------------------+-------+
[root@controller ~]# 



&&镜像服务(glance)


[root@controller ~]#  openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | eaaac1382374477dab77555bf3809732 |
| enabled   | True                             |
| id        | fc155891eb8242789d7cf6af6cf45297 |
| name      | glance                           |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project service --user glance admin
[root@controller ~]# openstack service create --name glance \
>   --description "OpenStack Image" image
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Image                  |
| enabled     | True                             |
| id          | d9988de7f45748689733fb9918fd0a77 |
| name        | glance                           |
| type        | image                            |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   image public http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 27e16c40201a4b0e97c70dba955dd49d |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | d9988de7f45748689733fb9918fd0a77 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   image internal http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 8db388f59afb4cbaba28ff4b46ed7a56 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | d9988de7f45748689733fb9918fd0a77 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   image admin http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | ce088a1c4e0b4bcf8d2045033a400466 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | d9988de7f45748689733fb9918fd0a77 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+
[root@controller ~]# yum install openstack-glance -y
[root@controller ~]# vim /etc/glance/glance-api.conf   #注意修改密码
[root@controller ~]# vim /etc/glance/glance-registry.conf 
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
[root@controller ~]# systemctl enable openstack-glance-api.service \
>   openstack-glance-registry.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-registry.service to /usr/lib/systemd/system/openstack-glance-registry.service.
[root@controller ~]# systemctl start openstack-glance-api.service \
>   openstack-glance-registry.service
[root@controller ~]# openstack image create "cirros"   --file cirros-0.3.4-x86_64-disk.img   --disk-format qcow2 --container-format bare   --public        #上传镜像

+------------------+------------------------------------------------------+
| Field            | Value                                                |
+------------------+------------------------------------------------------+
| checksum         | ee1eca47dc88f4879d8a229cc70a07c6                     |
| container_format | bare                                                 |
| created_at       | 2017-11-19T06:05:26Z                                 |
| disk_format      | qcow2                                                |
| file             | /v2/images/a0df5a13-666b-494a-b75e-7d06fcdb2a71/file |
| id               | a0df5a13-666b-494a-b75e-7d06fcdb2a71                 |
| min_disk         | 0                                                    |
| min_ram          | 0                                                    |
| name             | cirros                                               |
| owner            | ef8f54e076e84090b349e10d1904058c                     |
| protected        | False                                                |
| schema           | /v2/schemas/image                                    |
| size             | 13287936                                             |
| status           | active                                               |
| tags             |                                                      |
| updated_at       | 2017-11-19T06:05:26Z                                 |
| virtual_size     | None                                                 |
| visibility       | public                                               |
+------------------+------------------------------------------------------+
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| a0df5a13-666b-494a-b75e-7d06fcdb2a71 | cirros | active |
+--------------------------------------+--------+--------+
[root@controller ~]# 








&&计算服务

nova核心计算



[root@controller ~]# openstack user create --domain default \
>   --password-prompt nova
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | eaaac1382374477dab77555bf3809732 |
| enabled   | True                             |
| id        | 576cbd1aded646fa9333cfa6930f772b |
| name      | nova                             |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project service --user nova admin
[root@controller ~]# openstack service create --name nova \
>   --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Compute                |
| enabled     | True                             |
| id          | d305ffcf57ff4c1b83cec9ce17f25560 |
| name        | nova                             |
| type        | compute                          |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   compute public http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field        | Value                                     |
+--------------+-------------------------------------------+
| enabled      | True                                      |
| id           | 5f7cafbc89d14e2bb8928e88db594137          |
| interface    | public                                    |
| region       | RegionOne                                 |
| region_id    | RegionOne                                 |
| service_id   | d305ffcf57ff4c1b83cec9ce17f25560          |
| service_name | nova                                      |
| service_type | compute                                   |
| url          | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   compute internal http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field        | Value                                     |
+--------------+-------------------------------------------+
| enabled      | True                                      |
| id           | 7f36cbad39984b0482da86b945163d2c          |
| interface    | internal                                  |
| region       | RegionOne                                 |
| region_id    | RegionOne                                 |
| service_id   | d305ffcf57ff4c1b83cec9ce17f25560          |
| service_name | nova                                      |
| service_type | compute                                   |
| url          | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   compute admin http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field        | Value                                     |
+--------------+-------------------------------------------+
| enabled      | True                                      |
| id           | b313864608a84c2ba58d2e38c8e85d1d          |
| interface    | admin                                     |
| region       | RegionOne                                 |
| region_id    | RegionOne                                 |
| service_id   | d305ffcf57ff4c1b83cec9ce17f25560          |
| service_name | nova                                      |
| service_type | compute                                   |
| url          | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor \
>   openstack-nova-console openstack-nova-novncproxy \
>   openstack-nova-scheduler -y
[root@controller ~]# vim /etc/nova/nova.conf 
[DEFAULT]
enabled_apis = osapi_compute,metadata
rpc_backend = rabbit
auth_strategy = keystone
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]
connection = mysql+pymysql://nova:nova@controller/nova_api
[database]
connection = mysql+pymysql://nova:nova@controller/nova
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack #rabbit时创建的openstack用户和openstack密码
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release.')
  result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release.')
  result = self._query(query)
[root@controller ~]# systemctl enable openstack-nova-api.service \
>   openstack-nova-consoleauth.service openstack-nova-scheduler.service \
>   openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller ~]# systemctl start openstack-nova-api.service \
>   openstack-nova-consoleauth.service openstack-nova-scheduler.service \
>   openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller ~]# openstack compute list
openstack: 'compute' is not an openstack command. See 'openstack --help'.
Did you mean one of these?
  compute agent create
  compute agent delete
  compute agent list
  compute agent set
  compute service delete
  compute service list
  compute service set
  complete
[root@controller ~]# openstack compute service list
+----+------------------+------------+----------+---------+-------+---------------------+
| Id | Binary           | Host       | Zone     | Status  | State | Updated At          |
+----+------------------+------------+----------+---------+-------+---------------------+
|  1 | nova-consoleauth | controller | internal | enabled | up    | 2017-11-19T06:52:51 |
|    |                  |            |          |         |       | .000000             |
|  2 | nova-conductor   | controller | internal | enabled | up    | 2017-11-19T06:52:51 |
|    |                  |            |          |         |       | .000000             |
|  3 | nova-scheduler   | controller | internal | enabled | up    | 2017-11-19T06:52:51 |
|    |                  |            |          |         |       | .000000             |
+----+------------------+------------+----------+---------+-------+---------------------+
[root@controller ~]#




**需要启动第二台机器
计算节点
(主机名解析|时间同步)

[root@computel ~]# cat /etc/hosts
172.25.30.1 controller
172.25.30.2 computel
172.25.30.3 block1
[root@computel ~]# yum install chrony -y
[root@computel ~]# vim /etc/chrony.conf 
.....
server 172.25.30.250 iburst
[root@computel ~]# systemctl start chronyd
[root@computel ~]# chronyc sources -v
.....
^* 172.25.30.250                 4   6    17    37   -539ns[ -510us] +/-   79
[root@computel ~]# yum install openstack-nova-compute -y
[root@computel ~]# vim /etc/nova/nova.conf 
[root@computel ~]# vim /etc/nova/nova.conf 
[root@computel ~]# systemctl enable libvirtd.service openstack-nova-compute.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service to /usr/lib/systemd/system/openstack-nova-compute.service.
[root@computel ~]# systemctl start libvirtd.service openstack-nova-compute.service
&&&此时有4个节点

[root@controller ~]# openstack compute service list
+----+-----------------+------------+----------+---------+-------+-------------------+
| Id | Binary          | Host       | Zone     | Status  | State | Updated At        |
+----+-----------------+------------+----------+---------+-------+-------------------+
|  1 | nova-           | controller | internal | enabled | up    | 2017-11-19T07:35: |
|    | consoleauth     |            |          |         |       | 16.000000         |
|  2 | nova-conductor  | controller | internal | enabled | up    | 2017-11-19T07:35: |
|    |                 |            |          |         |       | 15.000000         |
|  3 | nova-scheduler  | controller | internal | enabled | up    | 2017-11-19T07:35: |
|    |                 |            |          |         |       | 15.000000         |
|  6 | nova-compute    | computel   | nova     | enabled | up    | 2017-11-19T07:35: |
|    |                 |            |          |         |       | 20.000000         |
+----+-----------------+


&&网络服务
网络搞定就可以起云主机啦
主要是插件和代理

[root@controller ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | eaaac1382374477dab77555bf3809732 |
| enabled   | True                             |
| id        | e1f1f42fe5ec44ba8d2b1a503d1d1c63 |
| name      | neutron                          |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project service --user neutron admin
[root@controller ~]# openstack service create --name neutron \
>   --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Networking             |
| enabled     | True                             |
| id          | 9d0c1e19e6644ce3bd04a4b6e0e1a5c3 |
| name        | neutron                          |
| type        | network                          |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   network public http://controller:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 9fbaffbbe8364821bd4527f525ad3526 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 9d0c1e19e6644ce3bd04a4b6e0e1a5c3 |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   network internal http://controller:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 2c396b02b05a4e9482381166fc96ba53 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 9d0c1e19e6644ce3bd04a4b6e0e1a5c3 |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   network admin http://controller:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 873c93e8d9a64292891bc1b6bc7abc5f |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 9d0c1e19e6644ce3bd04a4b6e0e1a5c3 |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+
[root@controller ~]# 


&&选择网络选项1:公共网络

[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2   openstack-neutron-linuxbridge ebtables -y
[root@controller ~]# vim /etc/neutron/
conf.d/             l3_agent.ini        neutron.conf        policy.json
dhcp_agent.ini      metadata_agent.ini  plugins/            rootwrap.conf
[root@controller ~]# vim /etc/neutron/neutron.conf 
[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini 
[root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini 
[root@controller ~]# vim /etc/neutron/dhcp_agent.ini 
[root@controller ~]# vim /etc/neutron/metadata_agent.ini 
[DEFAULT]
nova_metadata_ip = controller
metadata_proxy_shared_secret = westos   #注意密码
[root@controller ~]# vim /etc/nova/nova.conf 
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
>   --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
[root@controller ~]# systemctl restart openstack-nova-api.service
[root@controller ~]# systemctl enable neutron-server.service \
>   neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
>   neutron-metadata-agent.service
[root@controller ~]# systemctl start neutron-server.service \
>   neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
>   neutron-metadata-agent.service
[root@controller ~]# neutron agent-list


&&&计算节点
[root@computel ~]# yum install openstack-neutron-linuxbridge ebtables ipset -y
[root@computel ~]# vim /etc/neutron/neutron.conf
[root@computel ~]# vim /etc/neutron/neutron.conf
[root@computel ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[root@computel ~]# vim /etc/nova/nova.conf
[root@computel ~]# systemctl restart openstack-nova-compute.service
[root@computel ~]# systemctl enable neutron-linuxbridge-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
[root@computel ~]# systemctl start neutron-linuxbridge-agent.service


[root@controller ~]# vim /etc/neutron/metadata_agent.ini [root@controller ~]# neutron agent-list
+------------+------------+------------+-------------------+-------+----------------+----------------+
| id         | agent_type | host       | availability_zone | alive | admin_state_up | binary         |
+------------+------------+------------+-------------------+-------+----------------+----------------+
| 9489fe53-b | Linux      | controller |                   | :-)   | True           | neutron-       |
| 61e-4367   | bridge     |            |                   |       |                | linuxbridge-   |
| -b56d-7aac | agent      |            |                   |       |                | agent          |
| 9285bf46   |            |            |                   |       |                |                |
| aab5b2df-  | Linux      | computel   |                   | :-)   | True           | neutron-       |
| 40dc-480d- | bridge     |            |                   |       |                | linuxbridge-   |
| 9097-6937b | agent      |            |                   |       |                | agent          |
| 4aa22a7    |            |            |                   |       |                |                |
| c8622dc4-8 | DHCP agent | controller | nova              | :-)   | True           | neutron-dhcp-  |
| f51-4da4-b |            |            |                   |       |                | agent          |
| cf8-f93543 |            |            |                   |       |                |                |
| e44553     |            |            |                   |       |                |                |
| fc4a122a-c | Metadata   | controller |                   | :-)   | True           | neutron-       |
| 789-4663-a | agent      |            |                   |       |                | metadata-agent |
| d49-ecb513 |            |            |                   |       |                |                |
| e11258     |            |            |                   |       |                |                |
+------------+------------+------------+-------------------+-------+----------------+----------------+

&&创建一个实例
提供者网络

[root@controller ~]# . admin-openrc
[root@controller ~]# neutron net-create --shared --provider:physical_network provider \
>   --provider:network_type flat provider
Created a new network:
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| availability_zone_hints   |                                      |
| availability_zones        |                                      |
| created_at                | 2017-11-19T09:45:03                  |
| description               |                                      |
| id                        | 27b86832-0d98-4676-9624-f781f8022418 |
| ipv4_address_scope        |                                      |
| ipv6_address_scope        |                                      |
| mtu                       | 1500                                 |
| name                      | provider                             |
| port_security_enabled     | True                                 |
| provider:network_type     | flat                                 |
| provider:physical_network | provider                             |
| provider:segmentation_id  |                                      |
| router:external           | False                                |
| shared                    | True                                 |
| status                    | ACTIVE                               |
| subnets                   |                                      |
| tags                      |                                      |
| tenant_id                 | ef8f54e076e84090b349e10d1904058c     |
| updated_at                | 2017-11-19T09:45:03                  |
+---------------------------+--------------------------------------+
  • 0
    点赞
  • 3
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值