OpenStack基础云平台搭建详细步骤

已于 2024-01-24 16:41:43 修改
阅读量3.6k 收藏 50
点赞数 14
分类专栏: linux企业 文章标签: openstack
于 2024-01-12 17:55:01 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/m0_57282668/article/details/135511052
版权

        OpenStack是一个云操作系统,它控制整个数据中心的计算、存储和网络资源的大型池,所有这些都通过具有通用身份验证机制的api进行管理和配置。

        还提供了一个仪表板,允许管理员控制,同时允许用户通过web界面提供资源。除了标准的基础设施即服务功能外,其他组件还提供编排、故障管理和服务管理等服务,以确保用户应用程序的高可用性。

        搭建流程跟着文档走即可,本文仅作参考,适合新手去了解云平台的搭建流程,搭建好平台之后,更易上手Liberty或更高版本。

参考文档网址:

docs.openstack.org

选择Mitaka 版本版本开始了解,建议使用mitaka版本之后再上手Liberty版本

环境搭建:

全新rehl7.6,配置7.6参考:

http://t.csdnimg.cn/6zAwj

需要添加第二块网卡eth1以及更改网卡名称,需要创建eth1

BOOTPROTO=none
DEVICE=eth1
ONBOOT=yes
NAME=eth1

ifup eth1    #启用第二块网卡但不分配ip

激活不用给IP,不能down掉

控制节点: 1 处理器, 4 GB 内存, 及10GB 存储

计算节点: 1 处理器, 2 GB 内存, 及10GB 存储

禁掉防火墙,禁掉selinux

需要在虚拟机中设置cpu支持虚拟化

注意需要将每一个组件的密码和用户名保持一致防止出错

修改主机名

hostnamectl set-hostname controller

修改解析,注意修改controller

vim /etc/hosts

172.25.0.11 controller    
172.25.0.12 compute1    计算节点
172.25.0.13 block1       存储节点

设置时间同步

yum install -y chrony

vim /etc/chrony.conf

server ntp1.aliyun.com iburst

记得开机自启

查看时间是否同步

chronyc sources -v

下载mitaka的压缩包,解压缩,移动到根目录下

链接:https://pan.baidu.com/s/1uM7Eaa7qs8eDdwRqVEHj1w?pwd=231J 
提取码:231J

mv mitaka/ /

解压mitaka,将解压后的mitaka移动至根目录下

写入mitaka的源

vim /etc/yum.repos.d/ops.repo

[openstack]
name=mitaka
baseurl=file:///mitaka
gpgcheck=0

yum repolist

升级:

yum upgrade

安装 OpenStack 客户端:

 yum install python-openstackclient -y

安装SQL数据库:

yum install mariadb mariadb-server python2-PyMySQL -y    (装的是openstack源中的数据库)

编辑配置文件:

vim /etc/my.cnf.d/openstack.cnf

[mysqld]
bind-address = 172.25.0.11
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

开机自启:

systemctl enable --now mariadb

mysql_secure_installation   
##设置密码

 参考长截图


mysql -p    测试能否成功进入sql

NoSQL 数据库跳过:

用于计算流量使用情况,本实验不涉及

安装消息队列:

(消息队列掌握其中一种即可)

yum install rabbitmq-server -y

开机自启:

systemctl enable --now rabbitmq-server.service

添加openstack用户,密码与用户名保持一致:

rabbitmqctl add_user openstack openstack

给``openstack``用户配置写和读权限:

rabbitmqctl set_permissions openstack ".*" ".*" ".*"

开启rabbitmq_management:

rabbitmq-plugins list
rabbitmq-plugins enable rabbitmq_management    (提供一个web界面)

此时登录:

http://172.25.0.11:15672

用户名和密码: guest

点击 admin - guest

可以查看guest用户的权限,在后面的实验连接消息队列是使用openstack用户连接,如果连接不上,问题可能出现在用户(密码,权限)

安装Memcached:

yum install memcached python-memcached -y

禁掉仅监听本机:

vim /etc/sysconfig/memcached

PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
#OPTIONS="-l 127.0.0.1,::1"

开机自启:

systemctl enable --now memcached.service

Keystone认证服务:

主要提供两大功能:授权管理和目录服务

keystone介绍:

https://www.cnblogs.com/yuki-lau/archive/2013/01/04/2843918.html#:~:text=Keystone%EF%BC%88OpenStack%20Identity,Service%EF%BC%89%E6%98%AFOpenStack%E6%A1%86%E6%9E%B6%E4%B8%AD%EF%BC%8C%E8%B4%9F%E8%B4%A3%E8%BA%AB%E4%BB%BD%E9%AA%8C%E8%AF%81%E3%80%81%E6%9C%8D%E5%8A%A1%E8%A7%84%E5%88%99%E5%92%8C%E6%9C%8D%E5%8A%A1%E4%BB%A4%E7%89%8C%E7%9A%84%E5%8A%9F%E8%83%BD%EF%BC%8C%20%E5%AE%83%E5%AE%9E%E7%8E%B0%E4%BA%86OpenStack%E7%9A%84Identity%20API%E3%80%82

连接数据库并创建数据库:

mysql -u root -p

CREATE DATABASE keystone;    创建keystone数据库

授予合适的权限:
(本地远程都可以登录)
这里的KEYSTONE_DBPASS建议和keystone保持一致

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
  IDENTIFIED BY 'KEYSTONE_DBPASS';
##这里分两步执行
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
  IDENTIFIED BY 'KEYSTONE_DBPASS';
##除了localhost可以访问,还可以从any访问

CTRL+D退出后台

生成令牌:
(初始化token)

openssl rand -hex 10

生成令牌之后可以使用keystone用户登录keystone数据库:

mysql -u keystone -p
keystone

show databases;

能成功登录和查看数据库即可

安装ketstone组件:

 yum install openstack-keystone httpd mod_wsgi -y

编辑配置文件:

vim /etc/keystone/keystone.conf

这里的token是刚刚使用openssl生成的token

文档介绍如下:

初始化身份认证服务的数据库:

su -s /bin/sh -c "keystone-manage db_sync" keystone

能成功登录数据库展示表结构即可:

初始化Fernet keys:

[root@controller ~]# cd /etc/keystone/
[root@controller keystone]#
[root@controller keystone]# ls
default_catalog.templates  keystone.conf  keystone-paste.ini  logging.conf  policy.json  sso_callback_template.html
[root@controller keystone]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller keystone]# ls
default_catalog.templates  fernet-keys  keystone.conf  keystone-paste.ini  logging.conf  policy.json  sso_callback_template.html

配置 Apache HTTP 服务器:

/etc/httpd/conf/httpd.conf中做解析:

ServerName controller

创建/etc/httpd/conf.d/wsgi-keystone.conf,写入以下配置文件:

Listen 5000
Listen 35357

<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

开机自启httpd:

systemctl enable --now httpd.service

查看端口:

使用环境变量以缩短命令行的长度:

[root@controller keystone]# head /etc/keystone/keystone.conf    #调出刚刚生成的token
[DEFAULT]
admin_token = 0d19bff1318846209794

#
# From keystone
#

# A "shared secret" that can be used to bootstrap Keystone. This "token" does
# not represent a user, and carries no explicit authorization. If set to
# `None`, the value is ignored and the `admin_token` log in mechanism is
[root@controller keystone]# export OS_TOKEN=0d19bff1318846209794    #导入token

[root@controller keystone]# export OS_URL=http://controller:35357/v3    #配置端点URL

[root@controller keystone]# export OS_IDENTITY_API_VERSION=3        #配置认证 API 版本

创建服务实体和身份认证服务:

[root@controller keystone]# openstack service create \
>   --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Identity               |
| enabled     | True                             |
| id          | df21aed0841f4362b4f56f20f3ce647b |
| name        | keystone                         |
| type        | identity                         |
+-------------+----------------------------------+

##创建三个endpoint(端点)
[root@controller keystone]# openstack endpoint create --region RegionOne \
>   identity public http://controller:5000/v3
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 596ff91fd7b5448baed395d75ef2c673 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | df21aed0841f4362b4f56f20f3ce647b |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://controller:5000/v3        |
+--------------+----------------------------------+
[root@controller keystone]# openstack endpoint create --region RegionOne \
>   identity internal http://controller:5000/v3
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 815e18b6e17c4b4db1675f951bbdd849 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | df21aed0841f4362b4f56f20f3ce647b |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://controller:5000/v3        |
+--------------+----------------------------------+
[root@controller keystone]# openstack endpoint create --region RegionOne \
>   identity admin http://controller:35357/v3
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 79d457d6e16a4be7a01a9c736ebb29be |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | df21aed0841f4362b4f56f20f3ce647b |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://controller:35357/v3       |
+--------------+----------------------------------+
[root@controller keystone]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+
| ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                        |
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+
| 596ff91fd7b5448baed395d75ef2c673 | RegionOne | keystone     | identity     | True    | public    | http://controller:5000/v3  |
| 79d457d6e16a4be7a01a9c736ebb29be | RegionOne | keystone     | identity     | True    | admin     | http://controller:35357/v3 |
| 815e18b6e17c4b4db1675f951bbdd849 | RegionOne | keystone     | identity     | True    | internal  | http://controller:5000/v3  |
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+
创建域default:
[root@controller keystone]# openstack domain create --description "Default Domain" default
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Default Domain                   |
| enabled     | True                             |
| id          | 65ba4832694740dc9c562168dd0c025c |
| name        | default                          |
+-------------+----------------------------------+
在域中创建项目admin:
[root@controller keystone]# openstack project create --domain default \
>   --description "Admin Project" admin
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Admin Project                    |
| domain_id   | 65ba4832694740dc9c562168dd0c025c |
| enabled     | True                             |
| id          | f3937a6ce863477bbeedaec2cc583828 |
| is_domain   | False                            |
| name        | admin                            |
| parent_id   | 65ba4832694740dc9c562168dd0c025c |
+-------------+----------------------------------+
创建 admin 用户:
[root@controller keystone]# openstack user create --domain default \
>   --password admin admin
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | 65ba4832694740dc9c562168dd0c025c |
| enabled   | True                             |
| id        | ea703e47663d43d5849a05c1b910dcbf |
| name      | admin                            |
+-----------+----------------------------------+

创建角色“admin”:
[root@controller keystone]# openstack role create admin
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | a55da766be4f4316aa229b43d8471493 |
| name      | admin                            |
+-----------+----------------------------------+
添加``admin`` 角色到 admin 项目和用户上:
openstack role add --project admin --user admin admin
创建service项目:
[root@controller keystone]# openstack project create --domain default \
>   --description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | 65ba4832694740dc9c562168dd0c025c |
| enabled     | True                             |
| id          | da78608395934f789acd19d0bff36d8c |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | 65ba4832694740dc9c562168dd0c025c |
+-------------+----------------------------------+
创建demo项目:
[root@controller keystone]# openstack project create --domain default \
>   --description "Demo Project" demo
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Demo Project                     |
| domain_id   | 65ba4832694740dc9c562168dd0c025c |
| enabled     | True                             |
| id          | 3bb8c1df79bb409f97bae7488b8be06b |
| is_domain   | False                            |
| name        | demo                             |
| parent_id   | 65ba4832694740dc9c562168dd0c025c |
+-------------+----------------------------------+
创建demo用户:
[root@controller keystone]# openstack user create --domain default \
>   --password demo demo
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | 65ba4832694740dc9c562168dd0c025c |
| enabled   | True                             |
| id        | bfa5312532544551b351881c708fe1c4 |
| name      | demo                             |
+-----------+----------------------------------+
创建user角色(role):
[root@controller keystone]# openstack role create user
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 44ec48aee42943e68cdfd0025c4b47fc |
| name      | user                             |
+-----------+----------------------------------+
添加 user``角色到 ``demo 项目和用户:
openstack role add --project demo --user demo user

下图表示以上过程,防止混乱:

我们可以重复此过程来创建额外的项目和用户。

取消临时token:

unset OS_TOKEN OS_URL

作为 admin 用户,请求认证令牌:

[root@controller keystone]# openstack --os-auth-url http://controller:35357/v3 \
>   --os-project-domain-name default --os-user-domain-name default \
>   --os-project-name admin --os-username admin token issue
Password:
+------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                    |
+------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2024-01-10T14:50:55.433958Z                                                                                                                              |
| id         | gAAAAABlnqC_AoN_VYoT5NEUbjknxSqUvde-QHMmk9dCeS8EYUlf-mPVnPANJlTHoJXNoy5nVmCWrkObDraFLJel8xubKzVJDv8OtHsmKGWlHcz77KJfjpw-                                 |
|            | 0WrD8vc_UCLKgh5pnVjGdX21DGgWsXoHf14R1tJE5ucsEZyEuCk4aihAAbMSohg                                                                                          |
| project_id | f3937a6ce863477bbeedaec2cc583828                                                                                                                         |
| user_id    | ea703e47663d43d5849a05c1b910dcbf                                                                                                                         |
+------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+

作为``demo`` 用户,请求认证令牌:

[root@controller keystone]# openstack --os-auth-url http://controller:5000/v3   --os-project-domain-name default --os-user-domain-name default   --os-project-name demo --os-username demo token issue
Password:
+------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                    |
+------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2024-01-10T14:53:55.535554Z                                                                                                                              |
| id         | gAAAAABlnqFzF_CzuIC8m4aG6-uZJut9-MrNL14HoQSs0aIKEsH84I_eM3RoG4NMd-                                                                                       |
|            | M9HYc3fGmMfg3wlf22J64D_UAkr40fY9Ps5WkZklqF80CzC0VfKYIeUJTEK68i_zUxQemJRVtcXslIWIxVREbG1pcksDQiPMhAl-ByK3aBwyXAiWQ5uc8                                    |
| project_id | 3bb8c1df79bb409f97bae7488b8be06b                                                                                                                         |
| user_id    | bfa5312532544551b351881c708fe1c4                                                                                                                         |
+------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+

由于命令行不方便,创建脚本

admin脚本:

vim admin-openrc

export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

demo脚本:

vim demo-openrc

export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

此时我们切换到管理员admin用户查看:

[root@controller ~]# source admin-openrc
[root@controller ~]# openstack user list
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| bfa5312532544551b351881c708fe1c4 | demo  |
| ea703e47663d43d5849a05c1b910dcbf | admin |
+----------------------------------+-------+
[root@controller ~]# openstack project list
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 3bb8c1df79bb409f97bae7488b8be06b | demo    |
| da78608395934f789acd19d0bff36d8c | service |
| f3937a6ce863477bbeedaec2cc583828 | admin   |
+----------------------------------+---------+
[root@controller ~]# openstack service list
+----------------------------------+----------+----------+
| ID                               | Name     | Type     |
+----------------------------------+----------+----------+
| df21aed0841f4362b4f56f20f3ce647b | keystone | identity |
+----------------------------------+----------+----------+
[root@controller ~]# openstack role list
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 44ec48aee42943e68cdfd0025c4b47fc | user  |
| a55da766be4f4316aa229b43d8471493 | admin |
+----------------------------------+-------+

切换至普通用户demo查看时无权限:

[root@controller ~]# source demo-openrc
(reverse-i-search)`': openstack ^Cer create --domain default   --password demo demo                                                                                      [root@controller ~]# openstack user list
You are not authorized to perform the requested action: identity:list_users (HTTP 403) (Request-ID: req-b57de3be-9a24-42c4-89d9-052cf01418b3)
[root@controller ~]#

问题:怎么判断用户是管理员还是普通用户?

Glance镜像服务:

创建数据库:

[root@controller ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 26
Server version: 10.1.20-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE glance;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| glance             |
| information_schema |
| keystone           |
| mysql              |
| performance_schema |
+--------------------+
5 rows in set (0.00 sec)

MySQL创建Glance用户:

仍然需要将密码保持一致

MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
    ->   IDENTIFIED BY 'glance';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
    ->   IDENTIFIED BY 'glance';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> ^DBye

文档指出需要执行脚本,如果接着前面做实验则跳过该步骤,直接创建glance用户:

[root@controller ~]# openstack user create --domain default --password glance glance
Missing parameter(s):
Set a username with --os-username, OS_USERNAME, or auth.username
Set an authentication URL, with --os-auth-url, OS_AUTH_URL or auth.auth_url
Set a scope, such as a project or domain, set a project scope with --os-project-name, OS_PROJECT_NAME or auth.project_name, set a domain scope with --os-domain-name, OS_DOMAIN_NAME or auth.domain_name
    ##此时为未获得权限,无法创建

[root@controller ~]# source admin-openrc
[root@controller ~]# openstack user create --domain default --password glance glance
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | 65ba4832694740dc9c562168dd0c025c |
| enabled   | True                             |
| id        | 6004e4e2141c42429bb02ace02988b70 |
| name      | glance                           |
+-----------+----------------------------------+

添加 admin 角色到 glance 用户和 service 项目上

 openstack role add --project service --user glance admin

创建镜像服务:

[root@controller ~]# openstack service create --name glance \
>   --description "OpenStack Image" image
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Image                  |
| enabled     | True                             |
| id          | 77413786e5634ef1ad5e375f18548823 |
| name        | glance                           |
| type        | image                            |
+-------------+----------------------------------+

创建三个endpoint

[root@controller ~]# openstack endpoint create --region RegionOne \
>   image public http://controller:9292
Missing parameter(s):
Set a username with --os-username, OS_USERNAME, or auth.username
Set an authentication URL, with --os-auth-url, OS_AUTH_URL or auth.auth_url
Set a scope, such as a project or domain, set a project scope with --os-project-name, OS_PROJECT_NAME or auth.project_name, set a domain scope with --os-domain-name, OS_DOMAIN_NAME or auth.domain_name
[root@controller ~]# source admin-openrc
[root@controller ~]# openstack endpoint create --region RegionOne   image public http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 4d2023e4a05443eea449afc535caec37 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 77413786e5634ef1ad5e375f18548823 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   image internal http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 6a1fed275d014860b48fb1b3fd3e2b0b |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 77413786e5634ef1ad5e375f18548823 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   image admin http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 42d358bce5354ddeadff5af3847786d8 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 77413786e5634ef1ad5e375f18548823 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+

查看
[root@controller ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+
| ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                        |
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+
| 42d358bce5354ddeadff5af3847786d8 | RegionOne | glance       | image        | True    | admin     | http://controller:9292     |
| 4d2023e4a05443eea449afc535caec37 | RegionOne | glance       | image        | True    | public    | http://controller:9292     |
| 596ff91fd7b5448baed395d75ef2c673 | RegionOne | keystone     | identity     | True    | public    | http://controller:5000/v3  |
| 6a1fed275d014860b48fb1b3fd3e2b0b | RegionOne | glance       | image        | True    | internal  | http://controller:9292     |
| 79d457d6e16a4be7a01a9c736ebb29be | RegionOne | keystone     | identity     | True    | admin     | http://controller:35357/v3 |
| 815e18b6e17c4b4db1675f951bbdd849 | RegionOne | keystone     | identity     | True    | internal  | http://controller:5000/v3  |
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+

安装软件包:

yum install openstack-glance -y

在/etc/glance/glance-api.conf中编辑配置文件:

文档中的passwd已经和用户名保持一致

[database]
connection = mysql+pymysql://glance:glance@controller/glance
#mysql+pymysql模块 此时的密码为数据库中的密码

这里为keystone创建的glance用户,在 [keystone_authtoken] 和 [paste_deploy] 部分

配置认证服务访问:

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance

[paste_deploy]
flavor = keystone

在 [glance_store] 部分

配置本地文件系统存储和镜像文件位置:

[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

编辑文件 /etc/glance/glance-registry.conf:

在 [database] 部分

配置数据库访问:

[database]
connection = mysql+pymysql://glance:glance@controller/glance

在 [keystone_authtoken] 和 [paste_deploy] 部分

配置认证服务访问:

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance

[paste_deploy]
flavor = keystone

写入镜像服务数据库:

su -s /bin/sh -c "glance-manage db_sync" glance

开机自启:

# systemctl enable openstack-glance-api.service \
  openstack-glance-registry.service
# systemctl start openstack-glance-api.service \
  openstack-glance-registry.service

验证操作:

查看端口号9292:

日志:/var/log/

下载测试镜像:

wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img

如果进不去就需要科学上网

上传镜像:

openstack image create "cirros" \
>   --file cirros-0.3.4-x86_64-disk.img \
>   --disk-format qcow2 --container-format bare \
>   --public

此时可以列出镜像:

[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| 7b8b8238-3196-4b09-b01e-30e88eaeb5ce | cirros | active |
+--------------------------------------+--------+--------+

做到这里之后,我们需要加一台计算节点,2核2G即可

计算节点:

端口:8774

首先我们在虚拟机的配置上需要做出如下设置:

然后修改hostname,以及域名解析,以及时间同步,做好这些之后在controller上

创建 nova_api 和 nova 两个数据库:

CREATE DATABASE nova_api;
CREATE DATABASE nova;

两个库给nova授权:

GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
  IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
  IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
  IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
  IDENTIFIED BY 'nova';

创建 nova 用户:

(非交互式)

openstack user create --domain default \
  --password nova nova

添加 admin 角色到 glance 用户和 service 项目上:

 openstack role add --project service --user nova admin

创建 nova 服务组件:

[root@controller ~]# openstack service create --name nova   --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Compute                |
| enabled     | True                             |
| id          | 5fe8407d861143d6b1eccd9e9e808a4c |
| name        | nova                             |
| type        | compute                          |
+-------------+----------------------------------+

创建 Compute 服务 API 端点 :

[root@controller ~]# openstack endpoint create --region RegionOne \
>   compute public http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field        | Value                                     |
+--------------+-------------------------------------------+
| enabled      | True                                      |
| id           | bdb6121e0405453c938a8703b73847ca          |
| interface    | public                                    |
| region       | RegionOne                                 |
| region_id    | RegionOne                                 |
| service_id   | 5fe8407d861143d6b1eccd9e9e808a4c          |
| service_name | nova                                      |
| service_type | compute                                   |
| url          | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   compute internal http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field        | Value                                     |
+--------------+-------------------------------------------+
| enabled      | True                                      |
| id           | 7c2f34eef2764d539540cf0e482747ea          |
| interface    | internal                                  |
| region       | RegionOne                                 |
| region_id    | RegionOne                                 |
| service_id   | 5fe8407d861143d6b1eccd9e9e808a4c          |
| service_name | nova                                      |
| service_type | compute                                   |
| url          | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   compute admin http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field        | Value                                     |
+--------------+-------------------------------------------+
| enabled      | True                                      |
| id           | 05acbb3f94e54e5b94977dc579570a7a          |
| interface    | admin                                     |
| region       | RegionOne                                 |
| region_id    | RegionOne                                 |
| service_id   | 5fe8407d861143d6b1eccd9e9e808a4c          |
| service_name | nova                                      |
| service_type | compute                                   |
| url          | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+

安装软件包:

[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor \
>   openstack-nova-console openstack-nova-novncproxy \
>   openstack-nova-scheduler -y

在/etc/nova/nova.conf`下进行配置:

在``[DEFAULT]``部分,只启用计算和元数据API:
[DEFAULT]
enabled_apis = osapi_compute,metadata
在``[api_database]``和``[database]``部分,配置数据库的连接:
[api_database]
connection = mysql+pymysql://nova:nova@controller/nova_api

[database]
connection = mysql+pymysql://nova:nova@controller/nova
在 “[DEFAULT]” 和 “[oslo_messaging_rabbit]”部分,配置 “RabbitMQ” 消息队列访问:
[DEFAULT]
rpc_backend = rabbit

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
在 “[DEFAULT]” 和 “[keystone_authtoken]” 部分,配置认证服务访问:
[DEFAULT]
auth_strategy = keystone

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
在 [DEFAULT 部分,配置``my_ip`` 来使用控制节点的管理接口的IP 地址:
[DEFAULT]
my_ip = 172.25.0.11    #这里的IP是controller的IP

[DEFAULT]
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
在``[vnc]``部分,配置VNC代理使用控制节点的管理接口IP地址 :
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
在 [glance] 区域,配置镜像服务 API 的位置:
[glance]
api_servers = http://controller:9292
在 [oslo_concurrency] 部分,配置锁路径:

关于锁参考分布式锁及在OpenStack上的应用_coordination.synchronized-CSDN博客

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

同步Compute 数据库:

# su -s /bin/sh -c "nova-manage api_db sync" nova
# su -s /bin/sh -c "nova-manage db sync" nova

同步执行结果如下:

注意:提示信息为警告,根据文档忽略即可

[root@controller nova]# su -s /bin/sh -c "nova-manage api_db sync" nova
[root@controller nova]# su -s /bin/sh -c "nova-manage db sync" nova
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release.')
  result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release.')
  result = self._query(query)
开机自启:
[root@controller nova]# systemctl enable openstack-nova-api.service \
>   openstack-nova-consoleauth.service openstack-nova-scheduler.service \
>   openstack-nova-conductor.service openstack-nova-novncproxy.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-api.service to /usr/lib/systemd/system/openstack-nova-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-consoleauth.service to /usr/lib/systemd/system/openstack-nova-consoleauth.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-scheduler.service to /usr/lib/systemd/system/openstack-nova-scheduler.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-conductor.service to /usr/lib/systemd/system/openstack-nova-conductor.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-novncproxy.service to /usr/lib/systemd/system/openstack-nova-novncproxy.service.
[root@controller nova]# systemctl start openstack-nova-api.service \
>   openstack-nova-consoleauth.service openstack-nova-scheduler.service \
>   openstack-nova-conductor.service openstack-nova-novncproxy.service

成功启动之后查看计算服务:

[root@controller nova]# openstack compute service list
+----+------------------+------------+----------+---------+-------+----------------------------+
| Id | Binary           | Host       | Zone     | Status  | State | Updated At                 |
+----+------------------+------------+----------+---------+-------+----------------------------+
|  1 | nova-consoleauth | controller | internal | enabled | up    | 2024-01-11T08:40:34.000000 |
|  2 | nova-scheduler   | controller | internal | enabled | up    | 2024-01-11T08:40:34.000000 |
|  3 | nova-conductor   | controller | internal | enabled | up    | 2024-01-11T08:40:37.000000 |
+----+------------------+------------+----------+---------+-------+----------------------------+

此时只有controller

计算节点:

之后复制controller上的文件到compute1上:

##这两步在controller上执行
scp -r /mitaka/ compute1:/

scp -r /etc/yum.repos.d/ops.repo compute1:/etc/yum.repos.d/

升级软件包:

yum upgrade

根据文档安装:

yum install openstack-nova-compute -y

在/etc/nova/nova.conf中编辑配置文件:

在[DEFAULT] 和 [oslo_messaging_rabbit]部分,配置RabbitMQ消息队列的连接:
[DEFAULT]
rpc_backend = rabbit

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
在 “[DEFAULT]” 和 “[keystone_authtoken]” 部分,配置认证服务访问:
[DEFAULT]
auth_strategy = keystone

[keystone_authtoken]
uth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
在 [DEFAULT] 部分,配置 my_ip 选项(计算节点):
DEFAULT
my_ip = 172.25.0.12
在 [DEFAULT] 部分,使能 Networking 服务(自带的功能不够强大):
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
在[vnc]部分,启用并配置远程控制台访问(在控制节点):
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
在 [glance] 区域,配置镜像服务 API 的位置:
[glance]
api_servers = http://controller:9292
在 [oslo_concurrency] 部分,配置锁路径:
[oslo_concurrency]
lock_path = /var/lib/nova/tmp

确定计算节点是否支持虚拟机的硬件加速

[root@compulte1 yum.repos.d]# egrep -c '(vmx|svm)' /proc/cpuinfo
2

在编辑虚拟化是文档中选择的是qemu,但配置文件中默认的是kvm虚拟化

开机自启:
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
验证操作:
[root@controller nova]# openstack compute service list
+----+------------------+------------+----------+---------+-------+----------------------------+
| Id | Binary           | Host       | Zone     | Status  | State | Updated At                 |
+----+------------------+------------+----------+---------+-------+----------------------------+
|  1 | nova-consoleauth | controller | internal | enabled | up    | 2024-01-11T09:02:14.000000 |
|  2 | nova-scheduler   | controller | internal | enabled | up    | 2024-01-11T09:02:14.000000 |
|  3 | nova-conductor   | controller | internal | enabled | up    | 2024-01-11T09:02:07.000000 |
|  6 | nova-compute     | compulte1  | nova     | enabled | up    | 2024-01-11T09:02:14.000000 |
+----+------------------+------------+----------+---------+-------+----------------------------+

Nutron网络服务:

创建``neutron`` 数据库:

CREATE DATABASE neutron;

授权:

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
  IDENTIFIED BY 'neutron';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
  IDENTIFIED BY 'neutron';

使用 admin证来获取只有管理员能执行的命令的访问权限:

source admin-openrc

在keystone中创建neutron用户,针对keystone认证:

openstack user create --domain default --password neutron neutron

添加``admin`` 角色到``neutron`` 用户:

openstack role add --project service --user neutron admin

创建``neutron``服务实体:

openstack service create --name neutron   --description "OpenStack Networking" network

创建网络服务API端点(9696):

openstack endpoint create --region RegionOne   network public http://controller:9696

openstack endpoint create --region RegionOne   network internal http://controller:9696

openstack endpoint create --region RegionOne   network admin http://controller:9696

配置公共网络:

安装网络组件:
yum install openstack-neutron openstack-neutron-ml2 \
  openstack-neutron-linuxbridge ebtables -y

编辑/etc/neutron/neutron.conf文件

在 [database] 部分,配置数据库访问:
[database]
connection = mysql+pymysql://neutron:neutron@controller/neutron
在[DEFAULT]部分,启用ML2插件并禁用其他插件:

文档下方还有关于[default]的配置,为了方便整理,这里全部展示

[DEFAULT]
core_plugin = ml2
service_plugins =
rpc_backend = rabbit        ##启用消息队列
auth_strategy = keystone    ##keystone认证
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
在 “[DEFAULT]” 和 “[oslo_messaging_rabbit]”部分,配置 “RabbitMQ” 消息队列的连接:
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
在 “[DEFAULT]” 和 “[keystone_authtoken]” 部分,配置认证服务访问:
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
在``[DEFAULT]``和``[nova]``部分,配置网络服务来通知计算节点的网络拓扑变化:
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
在 [oslo_concurrency] 部分,配置锁路径:
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

配置ML2插件:

编辑``/etc/neutron/plugins/ml2/ml2_conf.ini``文件

在``[ml2]``部分, 启用flat和VLAN网络:

                            禁用私有网络:

                            启用Linuxbridge机制:

                            启用端口安全扩展驱动:

[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
在``[ml2_type_flat]``部分,配置公共虚拟网络为flat网络:
[ml2_type_flat]
flat_networks = provider
在 ``[securitygroup]``部分,启用 ipset 增加安全组规则的高效性:
[securitygroup]
enable_ipset = True

控制节点:

配置Linuxbridge代理:

编辑``/etc/neutron/plugins/ml2/linuxbridge_agent.ini``文件

在``[linux_bridge]``部分,将公共虚拟网络和公共物理网络接口对应起来:

[linux_bridge]
physical_interface_mappings = provider:eth1

##需要注意的是,eth1是第二块网卡的名字,如果没有进行更改,则需要根据自己网卡名字来填写
在``[vxlan]``部分,禁止VXLAN覆盖网络:
[vxlan]
enable_vxlan = False
在 ``[securitygroup]``部分,启用安全组并配置 Linuxbridge iptables firewall driver:
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置DHCP代理:
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True

配置完之后点击红色部分返回,本实验暂不设计私有网络

配置元数据代理:

编辑``/etc/neutron/metadata_agent.ini``文件

在``[DEFAULT]`` 部分,配置元数据主机以及共享密码:

[DEFAULT]
nova_metadata_ip = controller
metadata_proxy_shared_secret = westos

这里在设置共享密码时,可以自定义

为计算节点配置网络服务:

编辑``/etc/nova/nova.conf``文件并完成以下操作:

在``[neutron]``部分,配置访问参数,启用元数据代理并设置密码:

[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron

service_metadata_proxy = True
metadata_proxy_shared_secret = westos
##westos即为上方设置的共享密码

做软链接:

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

同步数据库:

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
  699    --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

重启计算API 服务:

systemctl restart openstack-nova-api.service

开机自启一个server和三个agent:

systemctl enable neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service
systemctl start neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service

验证操作查看neutron是否部署成功:

(compute1忽略,已成功部署)

[root@controller ~]# neutron agent-list
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| id                                   | agent_type         | host       | availability_zone | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| 04e3c56b-2040-4da2-a0ef-1a138bcafc6e | Linux bridge agent | compulte1  |                   | :-)   | True           | neutron-linuxbridge-agent |
| 556eb562-4779-4470-8fe1-1a457af71e56 | DHCP agent         | controller | nova              | :-)   | True           | neutron-dhcp-agent        |
| 665d7e22-4d80-436b-954d-5967e41e9f72 | Linux bridge agent | controller |                   | :-)   | True           | neutron-linuxbridge-agent |
| 699e0237-7915-495e-9b5d-16544923e816 | Metadata agent     | controller |                   | :-)   | True           | neutron-metadata-agent    |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+

以下在计算节点配置:

安装组件:
yum install openstack-neutron-linuxbridge ebtables ipset -y
编辑``/etc/neutron/neutron.conf`` 文件并完成如下操作:

在``[database]`` 部分,注释所有``connection`` 项,因为计算节点不直接访问数据库。

在 “[DEFAULT]” 和 “[oslo_messaging_rabbit]”部分,配置 “RabbitMQ” 消息队列的连接

[DEFAULT]
rpc_backend = rabbit

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
在 “[DEFAULT]” 和 “[keystone_authtoken]” 部分,配置认证服务访问:
[DEFAULT]

auth_strategy = keystone

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
在 [oslo_concurrency] 部分,配置锁路径:
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

继续配置公共网络:

配置Linuxbridge代理:

编辑``/etc/neutron/plugins/ml2/linuxbridge_agent.ini``文件并且完成以下操作:

  • 在``[linux_bridge]``部分,将公共虚拟网络和公共物理网络接口对应起来:

[linux_bridge]
physical_interface_mappings = provider:eth1
在``[vxlan]``部分,禁止VXLAN覆盖网络:
[vxlan]
enable_vxlan = False
在 ``[securitygroup]``部分,启用安全组并配置 Linuxbridge iptables firewall driver:
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

此时在文档中返回,不涉及私有网络

为计算节点配置网络服务:
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron

重启计算服务:

systemctl restart openstack-nova-compute.service

开机自启Linuxbridge代理:

systemctl enable neutron-linuxbridge-agent.service

systemctl start neutron-linuxbridge-agent.service

此时查看agent,发现compute1状态为True

[root@controller ~]# neutron agent-list
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| id                                   | agent_type         | host       | availability_zone | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| 04e3c56b-2040-4da2-a0ef-1a138bcafc6e | Linux bridge agent | compulte1  |                   | :-)   | True           | neutron-linuxbridge-agent |
| 556eb562-4779-4470-8fe1-1a457af71e56 | DHCP agent         | controller | nova              | :-)   | True           | neutron-dhcp-agent        |
| 665d7e22-4d80-436b-954d-5967e41e9f72 | Linux bridge agent | controller |                   | :-)   | True           | neutron-linuxbridge-agent |
| 699e0237-7915-495e-9b5d-16544923e816 | Metadata agent     | controller |                   | :-)   | True           | neutron-metadata-agent    |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+

如果出现错误,在/var/log/下进行查看

启动云主机:

点击提供者网络:

使用admin凭证:

source admin-openrc

创建网络:

neutron net-create --shared --provider:physical_network provider   --provider:network_type flat provider

在网络上创建一个子网:

neutron subnet-create --name provider --allocation-pool start=172.25.0.100,end=172.25.0.200 --dns-nameserver 114.114.114.114 --gateway 172.25.0.2 provider 172.25.0.0/24

##在使用网段时应该和宿主机使用同一网段
##DNS 114.114.114.114
##网关 和宿主机保持一致

创建m1.nano规格的主机

openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano

##id 为0
##虚拟化cpu1个
##内存64MB
##磁盘1G

切换至普通用户凭证

source demo-openrc

生成和添加秘钥对:

ssh-keygen -q -N ""

openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey

##用于免密访问云主机

验证公钥的添加:

openstack keypair list
##查看key有没有就绪

增加安全组规则:

openstack security group rule create --proto icmp default    #允许 ICMP (ping)


openstack security group rule create --proto tcp --dst-port 22 default    允许安全 shell (SSH) 的访问

在公有网络创建实例,列出可用类型:

[root@controller ~]# source demo-openrc
[root@controller ~]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name      |   RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 0  | m1.nano   |    64 |    1 |         0 |     1 | True      |
| 1  | m1.tiny   |   512 |    1 |         0 |     1 | True      |
| 2  | m1.small  |  2048 |   20 |         0 |     1 | True      |
| 3  | m1.medium |  4096 |   40 |         0 |     2 | True      |
| 4  | m1.large  |  8192 |   80 |         0 |     4 | True      |
| 5  | m1.xlarge | 16384 |  160 |         0 |     8 | True      |
+----+-----------+-------+------+-----------+-------+-----------+

列出可用镜像:

[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| 7b8b8238-3196-4b09-b01e-30e88eaeb5ce | cirros | active |
+--------------------------------------+--------+--------+

列出可用网络:

[root@controller ~]# openstack network list
+--------------------------------------+----------+--------------------------------------+
| ID                                   | Name     | Subnets                              |
+--------------------------------------+----------+--------------------------------------+
| 81536e7b-5921-47ff-8501-5f37ff01a6af | provider | 042afb98-c733-4b26-9c8c-463a2cccb520 |
+--------------------------------------+----------+--------------------------------------+

列出可用的安全组:

[root@controller ~]# openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+
| ID                                   | Name    | Description            | Project                          |
+--------------------------------------+---------+------------------------+----------------------------------+
| 3ccf0d46-999e-40a3-a32f-4c60eb378411 | default | Default security group | 3bb8c1df79bb409f97bae7488b8be06b |
+--------------------------------------+---------+------------------------+----------------------------------+

启动实例:

在创建实例时需要用demo凭证,否则报错

openstack server create --flavor m1.nano --image cirros --nic net-id=81536e7b-5921-47ff-8501-5f37ff01a6af --security-group default --key-name mykey provider-instance

## --net 使用的id是列出的可用网络的id
## --flavor 规格
## --image 镜像
## -security-group 安全组
## --key-name mykey key的名字
## provider-instance 云主机名字

实例:

[root@controller ~]# openstack server create --flavor m1.nano --image cirros --nic net-id=bc3cae92-9338-4f61-b6c2-0dd8c03262b6 --security-group default --key-name mykey provider-instance
+--------------------------------------+-----------------------------------------------+
| Field                                | Value                                         |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig                    | MANUAL                                        |
| OS-EXT-AZ:availability_zone          |                                               |
| OS-EXT-STS:power_state               | 0                                             |
| OS-EXT-STS:task_state                | scheduling                                    |
| OS-EXT-STS:vm_state                  | building                                      |
| OS-SRV-USG:launched_at               | None                                          |
| OS-SRV-USG:terminated_at             | None                                          |
| accessIPv4                           |                                               |
| accessIPv6                           |                                               |
| addresses                            |                                               |
| adminPass                            | 9FxZDKmcEpSB                                  |
| config_drive                         |                                               |
| created                              | 2024-01-12T06:45:00Z                          |
| flavor                               | m1.nano (0)                                   |
| hostId                               |                                               |
| id                                   | d58d11a0-4a6d-42cd-818a-4a12a1543183          |
| image                                | cirros (7b8b8238-3196-4b09-b01e-30e88eaeb5ce) |
| key_name                             | mykey                                         |
| name                                 | provider-instance                             |
| os-extended-volumes:volumes_attached | []                                            |
| progress                             | 0                                             |
| project_id                           | 3bb8c1df79bb409f97bae7488b8be06b              |
| properties                           |                                               |
| security_groups                      | [{u'name': u'default'}]                       |
| status                               | BUILD                                         |
| updated                              | 2024-01-12T06:45:00Z                          |
| user_id                              | bfa5312532544551b351881c708fe1c4              |
+--------------------------------------+-----------------------------------------------+

检查实例状态:

[root@controller ~]# openstack server list
+--------------------------------------+-------------------+--------+---------------------+
| ID                                   | Name              | Status | Networks            |
+--------------------------------------+-------------------+--------+---------------------+
| d58d11a0-4a6d-42cd-818a-4a12a1543183 | provider-instance | ACTIVE | public=172.25.0.103 |
| 3bf3460c-1563-4c94-8d70-24021c50a669 | vm1-2             | ACTIVE | public=172.25.0.101 |
+--------------------------------------+-------------------+--------+---------------------+
##第一个为命令行创建,第二个vm2为图形化创建

使用虚拟控制台来访问云主机:

[root@controller ~]# openstack console url show provider-instance
+-------+---------------------------------------------------------------------------------+
| Field | Value                                                                           |
+-------+---------------------------------------------------------------------------------+
| type  | novnc                                                                           |
| url   | http://controller:6080/vnc_auto.html?token=f50ceafe-1ad8-4240-b613-90f7de1106ea |
+-------+---------------------------------------------------------------------------------+

注意:edge浏览器如果无法访问则使用chrome浏览器

用户名:cirros
密码:cubswin:)

验证能否ping通:

验证是否能被远程连接:

至此Openstack基本搭建完成,有不足之处敬请指出。

小发demo
关注
  • 14
    点赞
  • 50
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
专栏目录
基于openstack安装部署私有云详细图文教程
01-10
本文主要分享的是云计算、openstack的使用、私有云平台建设、云服务器云硬盘的构建和使用。从基本概念入手到私有云建设,信息量非常大。对于openstack的安装部署都是从官方文档中一步步的介绍,内容非常详细。 一、云计算 基本概念 云计算(cloud computing)是基于互联网的相关服务的增加、使用和交付模式,通常涉及通过互联网来提供动态易扩展且经常是虚拟化的资源。云是网络、互联网的一种比喻说法。过去在图中往往用云来表示电信网,后来也用来表示互联网和底层基础设施的抽象。因此,云计算甚至可以让你体验每秒10万亿次的运算能力,拥有这么强大的计算能力可以模拟核爆炸、预测气候变化和市场发展趋
openstack云计算平台搭建
12-02
Fuel 是一个为openstack 端到端”一键部署“设计的工具,其功能含盖自动的PXE方式的操作系统安装,DHCP服务,Orchestration服务 和puppet 配置管理相关服务等,此外还有openstack 关键业务健康检查和log 实时查看等非常好用的服务
OpenStack开源虚拟化平台(一)
最新发布
Morse_Chen的博客
07-01 1742
本文讲解OpenStack开源虚拟化平台,介绍OpenStack背景和计算服务Nova。
OpenStack云平台搭建
Orietta的博客
03-06 2021
1、提交RDO一体化部署OpenStack的成果 (1) (2) 2、提交手动分步安装配置OpenStack的成果 (1) (2)
Openstack云平台搭建与管理
08-06
openstack搭建流程,虽然版本有点老,但可以借鉴参考;
openstack云平台搭建指南
yi5414289的专栏
11-06 850
openstack云平台搭建指南:见附件
Openstack云平台搭建.docx
03-23
4. OpenStack 组件安装:OpenStack 组件安装是 OpenStack 云平台搭建的第四步,主要包括安装 OpenStack 组件、配置 OpenStack 组件、启动 OpenStack 服务等步骤。OpenStack 组件安装是 OpenStack 云平台搭建的核心...
搭建openstack私有云-一键部署
10-29
五、OpenStack私有云平台搭建完成 通过以上步骤,您已经成功搭建openstack私有云平台,可以使用私有云平台提供的强大功能。OpenStack私有云平台可以为用户提供强大的计算、存储和网络资源,可以满足企业和个人对...
openstack搭建详细步骤
11-26
本PDF文档详细介绍了如何搭建OpenStack环境,这对于理解云计算基础架构以及进行相关开发和运维工作至关重要。 在搭建OpenStack之前,首先需要确保硬件环境满足最低需求,通常包括多核CPU、足够的内存(至少8GB)、...
云平台搭建过程-第一章.
06-04
云平台搭建过程-第一章. 云平台 hadoop 搭建 过程 环境
云平台搭建过程-第三章
06-04
云平台搭建过程-第三章 云平台 hadoop 搭建 过程 操作系统
基于openstack搭建云平台
11-18
教你如何基于openstack搭建云平台
openstack私有云搭建.doc
09-23
搭建 OpenStack 私有云平台需要完成多个步骤,包括修改主机名、清除防火墙规则、上传镜像、创建目录、挂载镜像文件、配置 YUM 源、安装 IaaS-Xiandian 软件包、安装 OpenStack 组件、创建镜像、创建磁盘、创建外网和...
云计算部署与管理----Openstack(一)
weixin_34303897的博客
03-08 226
一 云计算介绍基于互联网的相关服务的增加、使用和交付模式;这种模式提供可用的、便捷的、按需的网络访问,进入可配置的计算资源共享池(资源包括网络,服务器,存储,应用软件,服务);这些资源能够被快速提供,只需投入很少的管理工作,或与服务供应商进行很少的交互;通常涉及通过互联网来提供动态易扩展且经常是虚拟化的资源。1 IaaSIaaS(Infrastructure as a Ser...
搭建OpenStack云平台
顺其自然~专栏
11-03 6349
OpenStack云平台搭建需要两个节点,一个是controller(控制节点),另一个是compute(计算节点)。
云计算基础架构平台搭建,云计算平台开发与运维,搭建openstack平台
m0_74100112的博客
11-03 6467
云计算技术应用开发,云计算平台搭建与维护,与教材同步完成openstack平台搭建,云计算技术应用实训内容,云计算实操。该操作需要提前准备好镜像Centos-7-x86_64-2009.qcow2和cirros-0.3.3-x86_64-disk.img云计算22321.云计算基础架构概述; 2.基础设施环境搭建; 【使用vmware workstation pro安装centos 命令行虚拟机】 【使用mobaxterm连接centos虚拟机】 【在centos中安装docker】 3.容器化部署实例
怎么搭建云平台的服务
lier4650的博客
12-30 2769
公司要实现一个部署在云平台的服务,要能够支持Web访问+APP访问(IOS和Android都要支持), 并且这个服务是面向用户的,就是要能支持一定数量用户(例如1w个)的并发访问。 个么我想到自己曾经开发的那些系统服务。开发好TCP连接、数据库存取,exe文件做出来,然后把exe拷贝到服务器注册成系统服务。理论上这也能解决,但可能在负荷以及并发处理方面不行,潜意识里觉得这方法可能不可取。
openstack企业云平台搭建步骤
05-13
搭建OpenStack企业云平台的步骤如下: 1. 确定服务器硬件配置,包括CPU、内存、硬盘等。 2. 安装操作系统,建议使用CentOS或Ubuntu。 3. 安装并配置数据库(如MySQL或MariaDB)和消息队列(如RabbitMQ)。 4. 安装并配置Keystone身份认证服务,用于管理用户、角色和权限。 5. 安装并配置Glance镜像服务,用于管理镜像。 6. 安装并配置Nova计算服务,用于管理虚拟机。 7. 安装并配置Neutron网络服务,用于管理网络。 8. 安装并配置Horizon面板,用于Web管理OpenStack。 9. 部署Cinder存储服务,用于管理存储卷。 10. 部署Swift对象存储服务,用于管理对象存储。 11. 部署Heat编排服务,用于自动化部署和管理资源。 12. 部署Ceilometer监控服务,用于监控OpenStack资源。 13. 部署中央日志服务,用于集中管理OpenStack日志。 14. 配置防火墙和网络安全策略,确保OpenStack平台的安全性。 以上就是OpenStack企业云平台搭建的主要步骤。需要注意的是,由于OpenStack平台包含多个服务,搭建过程可能会比较复杂,需要有一定的技术背景和经验。建议在搭建前仔细阅读官方文档,并根据实际情况进行调整和优化。
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值