Openstack实验笔记
制作人:全心全意
Openstack:提供可靠的云部署方案及良好的扩展性
Openstack简单的说就是云操作系统,或者说是云管理平台,自身并不提供云服务,只是提供部署和管理平台
架构图:
http://m.qpic.cn/psb?/V12uCjhD3ATBKt/Mf6rnJXoRGXLpebCzPTUfETy68mVidyW.VTA2AbQxE0!/b/dDUBAAAAAAAA&bo=swFuAQAAAAARB.0!&rf=viewer_4
Keystone作为Openstack的核心模块,为Nova(计算),Glance(镜像),Swift(对象存储),Cinder(块存储),Neutron(网络)以及Horizon(Dashboard)提供认证服务
Glance:openstack的镜像服务组件,主要提供了一个虚拟机镜像文件的存储、查询和检索服务,通过提供一个虚拟磁盘映像目录和存储库,为Nova的虚拟机提供镜像服务,现在有v1和v2两个版本
物理硬件配置(最低)
控制节点:
1-2个cpu
8G内存
2个网卡
计算节点:
2-4个cpu
8G内存
2个网卡
块节点:
1-2个cpu
4G内存
1个网卡
最少2个磁盘
对象节点:
1-2个cpu
4G内存
1个网卡
最少2个磁盘
网络拓扑图:(实验中,管理、存储和本地网络合并)
http://m.qpic.cn/psb?/V12uCjhD3ATBKt/r30ELjijnHAaYX*RMZe4vhwVNcix4zUb2pNnovlYZ7E!/b/dL8AAAAAAAAA&bo=xgKqAQAAAAADB00!&rf=viewer_4
安装
控制节点:quan 172.16.1.211 172.16.1.221
计算节点:quan1 172.16.1.212 172.16.1.222
存储节点:storage 172.16.1.213 172.16.1.223
对象存储节点1:object01 172.16.1.214 172.16.1.224
对象存储节点2:object02 172.16.1.215 172.16.1.225
准备工作:
关闭防火墙
关闭selinux
关闭NetworkManager
安装ntp服务:
yum -y install chrony(所有主机)
修改配置文件:允许网段中的主机访问
allow 172.16.1.0/24
systemctl enable chronyd.service
systemctl start chronyd.service
其它节点:
vi /etc/chrony.conf
server quan iburst
#注意:使用原始的centos网络源
yum install epel-release
yum install centos-release-openstack-queens
yum install openstack-selinux
yum install python-openstackclient
安装数据库
控制(quan)节点安装数据库
yum install -y mariadb mariadb-server python2-PyMySQL
vi /etc/my.cnf.d/openstack.cnf
bind-address=172.16.1.211
default-storage-engine=innodb
innodb_file_per_table=on
max_connections=4096
collation-server=utf8_general_ci
character-set-server=utf8
启动数据库,并设置开机启动
systemctl enable mariadb.service && systemctl start mariadb.service
初始化数据库
mysql_secure_installation
控制节点(quan)安装消息队列(端口:5672)
yum install rabbitmq-server -y
服务启动,并设置开机启动
systemctl enable rabbitmq-server.service && systemctl start rabbitmq-server.service
添加openstack用户
rabbitmqctl add openstack openstack
为openstack用户添加读写权限
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
控制节点(quan)安装memcached缓存(端口:11211)
yum -y install memcached python-memcached
vi /etc/sysconfig/memcached
OPTIONS="-l 127.0.0.1,::1,quan"
服务启动,并设置开机启动
systemctl enable memcached.service && systemctl start memcached.service
控制节点(quan)安装etcd服务(key-value存储系统)
yum -y install etcd
vi /etc/etcd/etcd.conf
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://quan:2380"
ETCD_LISTEN_CLIENT_URLS="http://quan:2379"
ETCD_NAME="quan"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://quan:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://quan:2379"
ETCD_INITIAL_CLUSTER="quan=http://quan:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
服务启动,并设置开机启动
systemctl enable etcd.service && systemctl start etcd.service
Keystone组件
Keystone作为Openstack的核心模块,为Nova(计算),Glance(镜像),Swift(对象存储),Cinder(块存储),Neutron(网络)以及Horizon(Dashboard)提供认证服务
基本概念:
User:用户,代表可以通过keystone进行访问的人或程序。User通过认证信息(credentials,如密码,API Keys等)进行验证。
Tenant:租户,各个服务中的一些可以访问的资源集合。例如,在Nova中一个tenant可以是一些机器,在Swift和Glance中一个tenant可以是一些镜像存储,在Neutron中一个tenant可以是一些网络资源。Users默认的总是绑定到某些tenant上。
Role:角色,Roles代表一组用户可以访问的资源权限,例如Nova中的虚拟机、Glance中的镜像。Users可以被添加到任意一个全局的或租户的角色中。在全局的role中,用户的role权限作用于所有的租户,即可以对所有的租户执行role规定的权限,在租户内的role中,用户仅能在当前租户内执行role规定的权限。
Service:服务,如Nove、Glance、Swift。根据User、Tenant和Role三个概念,一个服务可以确定当前用户是否具有访问其资源的权限,但是当一个user尝试着访问其租户内的service时,他必须知道这个service是否存在以及如何访问这个service,这里通常使用一些不同的名称表示不同的服务。
Endpoint:端点,可以理解为是一个服务暴露出的访问点
Token:访问资源的钥匙。通过Keystone验证后的返回值,在之后与其它服务器交互中只需要携带Token值即可,每个Token都有一个有效期。
各概念之间的关系
http://m.qpic.cn/psb?/V12uCjhD3ATBKt/PJAecZuZ1C44VKDjcsKLYotu5KOz3RNZwumR07nBIug!/b/dDUBAAAAAAAA&bo=BAIsAQAAAAADBwk!&rf=viewer_4
1、租户下,管理者一堆用户(人,或程序)
2、每个用户都有自己的credentials(凭证)用户名+密码或者用户名+API key,或其它凭证
3、用户在访问其他资源(计算、存储)之前,需要用自己的credential去请求keystone服务,获得验证信息(主要是Token信息)和服务信息(服务目录和它们的endpoint)
4、用户拿着Token信息,就可以去访问资源了
keystone在Openstack中的工作流程图
http://m.qpic.cn/psb?/V12uCjhD3ATBKt/ptROtuhyzh7Mq3vSVz3Ut1TtGDXuBbYf*WbN8UZdWDE!/b/dLgAAAAAAAAA&bo=igIRAgAAAAADB7k!&rf=viewer_4
搭建keystone
创建数据库
mysql -uroot -popenstack
create database keystone;
grant all privileges on keystone.* to 'keystone'@'localhost' identified by 'openstack';
grant all privileges on keystone.* to 'keystone'@'%' identified by 'openstack';
安装
yum -y install openstack-keystone httpd mod_wsgi
vi /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:openstack@quan/keystone #数据库连接 用户名:密码@主机名/数据库名
[token]
provider=fernet
初始化keystone数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化femet密钥存储库
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
创建keystone的服务端口(会在endpoint中生成数据)
keystone-manage bootstrap --bootstrap-password openstack --bootstrap-admin-url http://quan:35357/v3/ --bootstrap_internal-url http://quan:5000/v3/ --bootstrap-public-url http://quan:5000/v3/ --bootstrap-region-id RegionOne
配置http服务
vi /etc/httpd/conf/httpd.conf
ServerName quan
创建软链接
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
服务启动,并设置开机启动
systemctl enable httpd.service && systemctl start httpd.service
创建管理员账号
vim admin-openrc
export OS_USERNAME=admin
export OS_PASSWORD=openstack
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://quan:35357/v3
export OS_IDENTITY_API_VERSION=3
导入管理员账号
source admin-openrc
创建域/项目/用户/和角色
创建项目
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" demo
创建用户(demo),并指定其密码
openstack user create --domain default --password-prompt demo
创建角色(user)
openstack role create user
将demo添加的user角色中
openstack role add --project demo --user demo user
验证
解除之前的环境变量
unset OS_AUTH_URL OS_PASSWORD
执行下面的命令,输入admin的密码
openstack --os-auth-url http://quan:35357/v3 \
--os-project-domain-name Default \
--os-user-domain-name Default \
--os-project-name admin \
--os-username admin token issue
执行下面的命令,输入demo用户的密码
openstack --os-auth-url http://quan:5000/v3 \
--os-project-domain-name Default \
--os-user-domain-name Default \
--os-project-name demo \
--os-username demo token issue
创建openstack客户端脚本环境
创建管理员账号
vim admin-openrc
export OS_USERNAME=admin
export OS_PASSWORD=openstack
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://quan:35357/v3
export OS_IDENTITY_API_VERSION=3 #指定认证服务版本
export OS_IMAGE_API_VERSION=2 #指定镜像服务版本
创建demo用户账号
vim demo-openrc
export OS_USERNAME=demo
export OS_PASSWORD=openstack
export OS_PROJECT_NAME=demo
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://quan:35357/v3
export OS_IDENTITY_API_VERSION=3 #指定认证服务版本
export OS_IMAGE_API_VERSION=2 #指定镜像服务版本
导入管理员账号
source admin-openrc
验证管理员
openstack token issue
导入demo用户
source demo-openrc
验证demo用户
openstack token issue
glance组件
Glance:openstack的镜像服务组件,主要提供了一个虚拟机镜像文件的存储、查询和检索服务,通过提供一个虚拟磁盘映像目录和存储库,为Nova的虚拟机提供镜像服务,现在有v1和v2两个版本
Glance的架构图:
http://m.qpic.cn/psb?/V12uCjhD3ATBKt/mkXPMrNM9RL.NizLwc22Vm*FHkAc2NWh9668JHk4zS0!/b/dLYAAAAAAAAA&bo=RQHZAAAAAAADB78!&rf=viewer_4
镜像服务组件
Glance-api:是一个对外的API接口,能够接受外部的API镜像请求。默认端口是9292
glance-registry:用于存储、处理、获取Image Metadate。默认端口的9191
glance-db:在Openstack中使用MySQL来支撑,用于存放Image Metadate。通过glance-registry保存在MySQL Database
Image Store:用于存储镜像文件。通过Strore Backend后端存储接口来与glance-api联系。通过这个接口,glance可以从Image Store获取镜像文件再交由Nove用于创建虚拟机
Glance通过Store Adapter(存储适配器)支持多种Image Store方案,支持swift、file system、s3、sheepdog、rbd、cinder等。
Glance支持的Image格式
raw:非结构化的镜像格式
vhd:一种通用的虚拟机磁盘格式,可用于Vmware、Xen、VirtualBox等
vmdk:Vmware的虚拟机磁盘格式
vdi:VirtualBox、QEMU等支持的虚拟机磁盘格式
qcow2:一种支持QEMU并且可以动态扩展的磁盘格式(默认使用)
aki:Amazon Kernel镜像
ari:Amazon Ramdisk镜像
ami:Amazon虚拟机镜像
Glance的访问权限
public:公共的,可以被所有的Tenant使用
Private:私有的/项目的,只能被Image Owner所在的Tenant使用
Shared:共享的,一个非公共的Image可以共享给指定的Tenant,通过member-*操作来实现
Protected:受保护的,不能被删除
状态类型
Queued:没有上传Image数据,只存有该镜像的元数据
Saving:正在上传Image
Active:正常状态
Deleted/pending_delete:已删除/等待删除的Image
Killed:Image元数据不正确,等待被删除
搭建glance
创建数据库
mysql -uroot -popenstack
create database glance;
grant all privileges on glance.* to 'glance'@'localhost' identified by 'openstack';
grant all privileges on glance.* to 'glance'@'%' identified by 'openstack';
创建glance用户,并在service项目中添加管理员角色
source admin_openrc
openstack user create --domain default --password-prompt glance #输入其密码
openstack role add --project service --user glance admin
openstack user list #可查看创建的用户
创建glance服务
openstack service create --name glance --description "OpenStack Image" image
openstack endpoint create --region RegionOne image public http://quan:9292
openstack endpoint create --region RegionOne image internal http://quan:9292
openstack endpoint create --region RegionOne image admin http://quan:9292
安装相关包并配置
yum -y install openstack-glance
vi /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:openstack@quan/glance
[keystone_authtoken]
auth_uri=http://quan:5000
auth-url=http://quan:35357
memcached_servers=quan:11211
auth_type=password
project_domain_name=default
user_domain_name=default
project_name=service
username = glance
password = openstack
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
vi /etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:openstack@quan/glance
[keystone_authtoken]
auth_uri=http://quan:5000
auth-url=http://quan:35357
memcached_servers=quan:11211
auth_type=password
project_domain_name=default
user_domain_name=default
project_name=service
username = glance
password = openstack
[paste_deploy]
flavor = keystone
初始化数据库
su -s /bin/sh -c "glance-manage db_sync" glance
服务启动,并设置开机启动
systemctl enable openstack-glance-api.service openstack-glance-registry.service && systemctl start openstack-glance-api.service openstack-glance-registry.service
验证
source admin-openrc
下载实验镜像
wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
创建镜像:
openstack image create "cirros" --file cirros-0.3.5-x86_64-disk.img --disk-format qcow2 --container-format bare --public
查看已存在的镜像
openstack image list
查看镜像的详细信息
openstack image show (#镜像id)
Nova组件
Nova:openstack中最核心的组件。openstack的其它组件归根结底是为Nova组件服务的,基于用户需求为VM提供计算资源管理
Nova架构图:
http://m.qpic.cn/psb?/V12uCjhD3ATBKt/bKTJmZis5k..ds6fjUYXv8KDu9EzeaB4WYyV883uAq8!/b/dL8AAAAAAAAA&bo=*QE1AQAAAAADB.o!&rf=viewer_4
目前的Nova主要由API、Compute、Conductor、Scheduler四个核心服务组成,它们之间通过AMQP通信,API是进入Nova的HTTP接口。Compute是VMM(虚拟机管理器)交互来运行虚拟机并管理虚拟机的生命周期(通常一个主机一个Compute服务)。Scheduler从可用池中选择最合适的节点来创建虚拟机实例。Conductor主要用于和数据库进行交互。
Nova逻辑模块
Nova API:HTTP服务,用于接收和处理客户端发送的HTTP请求
Nova Cell:Nova Cell子服务的目的是为了便于实现横向扩展和大规模的部署,同时不增加数据库和RPC消息中间件的复杂度。在Nova Scheduler服务的主机调度基础上实现了区域调度
Nova Cert:用于管理证书,为了兼容AWS,AWS提供了一整套的基础设施和应用程序服务,使得几乎所有的应用程序在云上运行。
Nova Comput:Nova组件中最核心的服务,实现虚拟机管理的功能。实现了在计算节点上创建、启动、暂停、关闭和删除虚拟机、虚拟机在不同的计算节点间迁移、虚拟机安全控制、管理虚拟机磁盘镜像以及快照等功能。
Nova Conductor:RPC服务,主要提供数据库查询功能,以前的openstack版本中,Nova Compute子服务中定义了许多的数据库查询方法。但是,由于Nova Compute子服务需要在每个计算节点上启动,一旦某个计算节点被攻击,就将完全获得数据库的访问权限。有了Nova Compute子服务之后,便可在其中实现数据库访问权限的控制
Nova Scheduler:Nova调度子服务。当客户端向Nova服务器发起创建虚拟机的请求时,决定将虚拟机创建在哪个节点上。
Nova Console、Nova Consoleauth、Nova VNCProxy,Nova控制台子服务。功能是实现客户端通过代理服务器远程访问虚拟机实例的控制界面。
nova启动虚拟机的过程图:
http://m.qpic.cn/psb?/V12uCjhD3ATBKt/iy2efxOLLowl3RvoIcZ6d7KNZ3jcdOI7zY5XroEBPVM!/b/dDQBAAAAAAAA&bo=xQJnAgAAAAADJ6A!&rf=viewer_4
Nova Scheduler Filter的类型
选择一个虚拟机在哪个主机运行的方式有多种,nova支持的方式主要由以下三种:
ChanceScheduler(随机调度器):从所有nova-compute服务正常运行的节点中随机选择
FilterScheduler(过滤调度器):根据指定的过滤条件以及权重挑选最佳节点
CachingScheduler:FilterScheduler的一种,在FilterScheduler的基础上,将主机资源的信息存到本地的内存中,然后通过后台的定时任务从数据库中获取最新的主机资源信息。
Nova Scheduler的工作流程图:
http://m.qpic.cn/psb?/V12uCjhD3ATBKt/LpB5fYBuLUgMASXWrH*Emw5qwkWHKM7slpof.lF21DY!/b/dEYBAAAAAAAA&bo=OQODAQAAAAADB5o!&rf=viewer_4
FilterScheduler首先使用指定的Filters(过滤器)得到符合条件的主机,比如内存小于50%,然后对得到的主机重新计算权重并且排列,获取最佳的一个。具体的Filter有以下几种:
1)RetryFilter:重试过滤,假设Host1、Host2、Host3过滤筛选出来了,Host1权重最高,被选中,由于某些原因VM在Host1上落地失败,nova-scheduler会重新筛选新的host,Host1因为失败不会入选。可通过scheduler_max_attempts=3设置重试的次数
2)AvalilabilityZoneFilter可选域过滤,可以提供容灾行和隔离服务,计算节点可以纳入一个创建好的AZ中,创建VM的时候可以指定AZ,这样虚拟机会落到指定的host中
3)RamFilter:内存过滤,创建VM时会选择flavor,不满足flavor中内存要求的host会过滤掉。超量使用的设置:ram_allocation_ratio=3(如果计算节点有16G内存,那么openstack会认为有48G内存)
4)CoreFilter:CPU core过滤,创建VM时会选择flavor,不满足flavor中core要求的host会过滤掉。CPU的超量设置:cpu_allocation_ratio=16.0(若计算节点为24core,那么openstack会认为348core)
5)DiskFilter:磁盘容量过滤,创建VM时会选择flavor,不满足flavor中磁盘要求的host会过滤掉。Disk超量设置:disk_allocation_ratio=1.0(硬盘容量不建议调大)
6)ComputeFilter:nova-compute服务过滤,创建VM时,若host的nova-compute服务不正常,就会被筛选掉
7)ComputeCababilitiesFilter:根据计算节点的特性来筛选,例如x86_64
8)ImagePropertiesFilter:根据所选的image的属性来匹配计算节点,例如希望某个image只能运行在KVM的hypervisor上,可以通过"Hypervisor Type"属性来指定。
9)ServerGroupAntiAffinityFilter:尽量将Instance部署到不同的节点上。例如vm1,vm2,vm3,计算节点有Host1,Host2,Host3
创建一个anti-affinity策略server group “group-1”
nova server-group-create-policy anti-affinity group-1
nova boot-image IMAGE_ID -flavor 1 -hint group-group1 vm1
nova boot-image IMAGE_ID -flavor 1 -hint group-group1 vm2
nova boot-image IMAGE_ID -flavor 1 -hint group-group1 vm3
10)ServerGroupAffinityFilter:尽量将Instance部署到同一节点上。例如vm1,vm2,vm3,计算节点有Host1,Host2,Host3
创建一个group-affinity策略server group “group-2”
nova server-group-create-policy anti-affinity group-2
nova boot-image IMAGE_ID -flavor 1 -hint group-group2 vm1
nova boot-image IMAGE_ID -flavor 1 -hint group-group2 vm2
nova boot-image IMAGE_ID -flavor 1 -hint group-group2 vm3
搭建nova组件
搭建nova控制节点
数据库相关操作
mysql -uroot -popenstack
create database nova_api;
create database nova;
create database nova_cell0;
grant all privileges on nova_api.* to 'nova'@'localhost' identified by 'openstack';
grant all privileges on nova_api.* to 'nova'@'%' identified by 'openstack';
grant all privileges on nova.* to 'nova'@'localhost' identified by 'openstack';
grant all privileges on nova.* to 'nova'@'%' identified by 'openstack';
grant all privileges on nova_cell0.* to 'nova'@'localhost' identified by 'openstack';
grant all privileges on nova_cell0.* to 'nova'@'%' identified by 'openstack';
创建nova用户,并在service项目中添加管理员角色
source admin-openrc
openstack user create --domain default --password-prompt nova #创建nova用户
openstack role --project service --user nova admin #将nova用户加入到service项目管理员角色
创建nova服务及端口
openstack service create --name nova --description "OpenStack Compute" conpute
openstack endpoint create --region RegionOne compute public http://quan:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://quan:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://quan:8774/v2.1
创建placement用户,并在service项目中添加管理员角色
source admin-openrc
openstack user create --domain default --password-prompt placement #创建placement用户
openstack role --project service --user placement admin #将placement用户加入到service项目管理员角色
创建placement服务及端口
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://quan:8778
openstack endpoint create --region RegionOne placement internal http://quan:8778
openstack endpoint create --region RegionOne placement admin http://quan:8778
删除端口的方法:
查看端口:
openstack endpoint list | grep placement
根据id删除端口
openstack endpoint delete 端口id
安装相关包,并配置
yum -y install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api
vi /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:openstack@quan
my_ip = 172.16.1.221
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]
connection = mysql+pymysql://nova:openstack@quan/nova_api
[database]
connection = mysql+pymysql://nova:openstack@quan/nova
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://quan:5000
auth_url = http://quan:35357
memcached_servers = quan:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = openstack
[vnc]
enabled = true
vncserver_listen = 172.16.1.221
vncserver_proxyclient_address = 172.16.1.221
[glance]
api_servers = http://quan:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://quan:35357/v3
username = placement
password = openstack
vim /etc/httpd/conf.d/00-nova-placement-api.conf #添加至末尾
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
重启httpd服务
systemctl restart httpd
修改配置文件(解决初始化nova_api数据库表结构的bug)
vi /usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py
在175行中加入"use_tpool"
初始化nova_api数据库表结构
su -s /bin/sh -c "nova-manage api_db sync" nova
注册cell0数据库
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
创建cell1
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell --verbose" nova
初始化nova数据库
su -s /bin/sh -c "nova-manage db sync" nova
验证cell0和cell1是否注册
nova-manage cell_v2 list_cells
服务启动,并设置开机启动
systemctl enable openstack-nova-api openstack-nova-consoleauth openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy
systemctl start openstack-nova-api openstack-nova-consoleauth openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy
验证
openstack compute service list
搭建nova计算节点
安装相关包并配置
yum -y install openstack-nova-compute
vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:openstack@quan
my_ip = 172.16.1.222
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://quan:5000
auth_url = http://quan:35357
memcached_servers = quan:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = openstack
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = 172.16.1.222
novncproxy_base_url = http://172.16.1.221:6080/vnc_auto.html
[glance]
api_servers = http://quan:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://quan:35357/v3
username = placement
password = openstack
查看机器是否支持虚拟化
egrep -c '(vmx|svm)' /proc/cpuinfo
若返回0,修改/etc/nova/nova.conf
vi /etc/nova/nova.conf
[libvirt]
virt_type = qemu
服务启动,并设置开机启动
systemctl enable libvirt openstack-nova-compute && systemctl start libvirt openstack-nova-compute
将compute节点添加到cell数据库(控制节点操作)
source admin-openrc
openstack compute service list --service nova-compute
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
vi /etc/nova/nova.conf
[scheduler]
discover_hosts_in_cells_interval = 300
验证
source admin-openrc
openstack compute service list
openstack catalog list
openstack image list
nova-status upgrade check
neutron组件
Neutron是Openstack中的一个项目,在各接口设备之间提供网络服务,而且受其它openstack服务管理,如Nova。Neutron为openstack云提供了更灵活的划分物理网络,在多租户的环境下提供给每个租户独立的网络环境。另外,Neutron提供API来实现这种目标。Neutron中的“网络”是一个可以被用户创建的对象,如果要和物理环境下的概念映射的话,这个对象相当于一个巨大的交换机,可以拥有无限多个动态可创建和销毁的虚拟端口。
Neutron提供的网络虚拟化能力有:
(1)二层到七层网络的虚拟化:L2(virtual switch)、L3(virtual Router和LB)、L4-L7(virtual Firewall)等
(2)网络连通性:二层网络和三层网络
(3)租户隔离性
(4)网络安全性
(5)网络扩展性
(6)REST API
(7)跟高级的服务:如LBaas
Neutron的架构图:
http://m.qpic.cn/psb?/V12uCjhD3ATBKt/Ei6CaKeBs.55JXz9GIW8xuGBeMGe*rVaB*3D3cGQDsY!/b/dFIBAAAAAAAA&bo=vQLoAQAAAAADB3Q!&rf=viewer_4
总的来说,创建一个Neutron网络的过程如下:
1、管理员拿到一组可在互联网上寻址的IP地址,并且创建一个外部网络和子网
2、租户创建一个网络和子网
3、租户创建一个路由器并且连接租户子网和外部网络
4、租户创建虚拟机
Neutron中的各种概念
network:network是一个隔离的二层广播域。Neutron支持多种类型的network,包括local,flat,VLAN,VxLAN和GRE
local:local网络与其它网络和节点隔离。local网络中的instance只能与同一节点上同一网络的instance通信,local网络主要用于单机测试
flat:flat网络是无vlan tagging的网络。flat网络中的instance能与位于同一网络的instance通信,并且可以跨多个节点。
vlan:vlan网络是具有802.1q tagging的网络。vlan是一个二层的广播域,同一vlan中的instance可以通信,不同vlan只能通过router通信。vlan网络可以跨节点,是应用最广泛的网络类型
vxlan:vxlan是基于隧道技术的overlay网络。vxlan网络通过唯一的segmentation ID(也叫VNI)与其它vxlan网络区分。vxlan中数据包会通过VNI封装成UDP包进行传输。因为二层的包通过封装在三层传输,能够克服vlan和物理网络基础设施的限制。
gre:gre是vxlan类似的一种overlay网络。主要区别在于使用IP包而非UDP进行封装。不同network之间在二层上是隔离的。
network必须属于某个Project(Tenant租户),Project中可以创建多个network。network与Project之间是1对多的关系
subnet:subject是一个IPv4或者IPv6地址段。instance的IP从subnet中分配。每个subnet需要定义IP地址的范围和掩码。
subnet与network是1对多的关系。一个subnet只能属于某个network;一个network可以有多个subnet,这些subnet可以是不同的IP段,但不能重叠。
例:有效的配置
network A
subnet A-a:10.10.1.0/24 {"start":"10.10.1.1","end":"10.10.1.50"}
subnet A-b:10.10.2.0/24 {"start":"10.10.2.1","end":"10.10.2.50"}
无效的配置(因为subnet有重叠)
network A
subnet A-a:10.10.1.0/24 {"start":"10.10.1.1","end":"10.10.1.50"}
subnet A-b:10.10.1.0/24 {"start":"10.10.1.51","end":"10.10.1.100"}
注:这里判断的不是IP地址是否重叠,而是子网是否重叠(10.10.1.0/24)
port:port可以看做是虚拟交换机上的一个端口,port上定义了MAC地址和IP地址,当instance的虚拟网卡VIF(Virtual Interface)绑定到port时,port会将MAC和IP分配给VIF。port与subnet是1对多的关系。一个port必须属于某个subnet,一个subnet可以有多个port。
Neutron中的Plugin和agent
http://m.qpic.cn/psb?/V12uCjhD3ATBKt/Gm3J*.Vh27nLny6oXfuZlh.yXNYx.YE3I*Mwoea.MH4!/b/dL4AAAAAAAAA&bo=pAKJAQAAAAADBww!&rf=viewer_4
搭建neutron
linuxbridge+vxlan模式
控制节点:
数据库相关操作
mysql -uroot -popenstack
create database neutron;
grant all privileges on neutron.* to 'neutron'@'localhost' identified by 'openstack';
grant all privileges on neutron.* to 'neutron'@'%' identified by 'openstack';
创建neutron用户,并在service项目中添加管理员角色
source admin_openrc
openstack user create --domain default --password-prompt neutron
openstack role add --project service --user neutron admin
创建网络服务及端口
openstack service create --name neutron --description "Openstack Networking" network
openstack endpoint create --region RegionOne network public http://quan:9696
openstack endpoint create --region RegionOne network internal http://quan:9696
openstack endpoint create --region RegionOne network admin http://quan:9696
安装相关包并配置
yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
vi /etc/neutron/neutron.conf
[database]
connection = mysql+pymysql://neutron:openstack@quan/neutron
[DEFAULT]
core_plugin=ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:openstack@quan
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[keystone_authtoken]
auth_uri = http://quan:5000
auth_url = http://quan:35357
memcached_servers = quan:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = openstack
[nova]
auth_url = http://quan:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = openstack
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
vi /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = true
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens34 #外部网卡设备
[vxlan]
enable_vxlan = true
local_ip = 172.16.1.221
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
确认操作系统内核支持桥接
echo "net.bridge.vridge-nf-call-iptables = 1" >> /etc/sysctl.conf
echo "net.bridge.vridge-nf-call-ip6tables = 1" >> /etc/sysctl.conf
sysctl -p #若出现“No such file or directory”错误,执行下面的操作
modinfo by_netfilter #查看内核模块信息
modprobe by_netfilter #加载内核模块
再次执行sysctl -p
vi /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = linuxbridge
vi /etc/neutron/dhcp.agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
vi /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = 172.16.1.221
metadata_proxy_shared_secret = openstack
vi /etc/nova/nova.conf
[neutron]
url = http://quan:9696
auth_url = http://quan:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = openstack
service_metadata_proxy = true
metadata_proxy_shared_secret = openstack
#ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
初始化neutron数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin/ml2/ml2_conf.ini upgrade head" neutron
重启nova服务
systemctl restart openstack-nova-api
服务启动,并设置开机启动
systemctl enable neutron-server neutron-linuxbridge neutron-dhcp-agent neutron-metadata-agent
systemctl start neutron-server neutron-linuxbridge neutron-dhcp-agent neutron-metadata-agent
systemctl enable neutron-l3-agent && systemctl start neutron-l3-agent
计算节点:
安装相关包并配置
yum -y install openstack-neutron-linuxbridge ebtables ipset
vi /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:openstack@quan
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://quan:5000
auth_url = http://quan:35357
memcached_servers = quan:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = openstack
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
vi /etc/neutron/plugin/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens34
[vxlan]
enable_vxlan = true
local_ip = 172.16.1.222
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
vi /etc/nova/nova.conf
[neutron]
url = http://quan:9696
auth_url = http://quan:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = openstack
重启nova-compute服务
systemctl restart openstack-nova-compute
服务启动,并设置开机启动
systemctl enable neutron-linuxbridge-agent && systemctl strat neutron-linuxbridge-agent
验证(控制节点)
source admin-openrc
openstack extension list --network
openstack network agent list
horizon组件
horizon:UI界面 (Dashboard)。OpenStack中各种服务的Web管理门户,用于简化用户对服务的操作
搭建horizon
安装相关包并配置
yum -y install openstack-dashboard
vim /etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "quan"
ALLOWED_HOSTS = ['*']
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default':{
'BACKEND':'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION':'quan:11211',
}
}
#注释掉其它的cache
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" %OPENSTACK_HOST
OPENSTACK_kEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity":3,
"image":2,
"volume":2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE= 'user'
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_quotas':True,
'enable_distributed_router':True,
'enable_ha_router':True,
'enable_lb':True,
'enable_firewall':True,
'enable_vpn':Flase,
'enable_fip_topology_check':True,
}
TIME_ZONE = "Asia/Chongqing"
vi /etc/httpd/conf.d/openstack-dashboard.conf
WSGIApplicationGroup %{GLOBAL}
重启相关服务
systemctl restart httpd.service memcached.service
访问地址:http://172.16.1.221/dashboard/
关闭domain验证
vi /etc/openstack-dashboard/local_settings
#OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True #注释此行
重启相关服务
systemctl restart httpd.service memcached.service
用户名:admin 密码:openstack
通过命令行创建一个虚拟机的实例
创建provider网络(外部网络)
source admin-openrc
openstack network create --share --external \
--provider-physical-network provider \
--provider-network-type flat provider
openstack network create --network provider \ #创建外部子网(和物理网络位于同一网络)
--allocation-pool start 172.16.1.231,end 172.16.1.240 \
--dns-nameserver 8.8.4.4 --gateway 172.16.1.1 \
--subnet-range 172.16.1.1/24 provider
创建私有网络self-services
source demo-openrc
openstack network create selfservice #创建私有网络
openstack subnet create --network selfservice \ #创建私有网络子网
--dns-nameserver 8.8.4.4 --gateway 192.168.0.1 \
--subnet-range 192.168.0.0/24 selfservice
openstack router create router #创建虚拟路由
openstack router add subnet selfservice #为路由添加子网
openstack router set router --extemal-gateway provider #设置路由的外部网关
验证
source admin-openrc
ip netns
openstack port list --router router
ping -c 网关ip
创建flavor(启动虚拟机的模板,cpu是几个,内存是多少)
openstack flavor --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
查看创建的flavor
source demo-openrc
openstack flavor list
生成秘钥对
source demo-openrc
ssh-keygen -q -N ""
openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
openstack keypair list
添加安全组规则
openstack security group rule create --proto icmp default #允许ping通
openstack security group rule create --proto tcp --dst-port 22 default #允许连接tcp22号端口
查看验证
source demo-openrc
openstack flavor list
openstack image list
openstack network list
openstack security group list
openstack security group rule list
启动一个实例
创建一个虚拟机
openstack server create --flavor m1.nano --image cirros(可以是id也可以是名称) \
--nic net-id SELFSERVICE_NET_ID --security-group default \
--key-name mykey selfservice-instance(虚拟机名称)
查看虚拟机
openstack server list #查看拥有的虚拟机
openstack server show (虚拟机id) #查看虚拟机详细信息
通过界面绑定ip
查看虚拟机控制台信息
openstack console log show (虚拟机id)
cinder组件
cinder:提供REST_API使用户能够查询和管理volume、volume snapshot以及volume type,
提供scheduler调度volume创建请求,合理优化存储资源的分配
通过driver架构支持多种back-end(后端)存储方式,包括LVM,NFS,Ceph和其它诸如EMC、IBM等商业存储产品方案
cinder的架构图:
http://m.qpic.cn/psb?/V12uCjhD3ATBKt/FpuhoZP0gP2rwhfFn*1Q1BXUZlHCtEvh7xmNRgJYqiw!/b/dL8AAAAAAAAA&bo=CQIYAQAAAAARByI!&rf=viewer_4
cinder包含的组件:
cinder-api:接收API请求,调用cinder-volume执行操作
cinder-volume:管理volume的服务,与volume provider协调工作,管理volume的生命周期。运行cinder-volume服务的节点被称作为存储节点
cinder-scheduler:scheduler通过调度算法选择最合适的存储节点创建volume
volume provider:数据的存储设备,为volume提供物理存储空间。cinder-volume支持多种volume provider,每种volume provider通过自己的driver与cinder-volume协调工作
Message Queue:cinder各个子服务通过消息队列实现进程间通信和相互协作。因为有了消息队列,子服务之间实现了解耦,这种松散的结构也是分布式系统的重要特征
Database cinder:有一些数据需要存放到数据库中,一般使用MySQL。数据库是安装在控制节点上的。
搭建cinder组件
控制节点
数据库相关操作
mysql -uroot -popenstack
create database cinder;
grant all privileges on cinder.* to 'cinder'@'localhost' identified by 'openstack';
grant all privileges on cinder.* to 'cinder'@'%' identified by 'openstack';
创建cinder用户,并在service项目中添加管理员角色
source admin_openrc
openstack user create --domain default --password-prompt cinder
openstack role add --project service --user cinder admin
创建cinder服务及端口
openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3
openstack endpoint create --region RegionOne volumev2 public http://quan:8776/v2/%\{project_id\}s
openstack endpoint create --region RegionOne volumev2 internal http://quan:8776/v2/%\{project_id\}s
openstack endpoint create --region RegionOne volumev2 admin http://quan:8776/v2/%\{project_id\}s
openstack endpoint create --region RegionOne volumev3 public http://quan:8776/v3/%\{project_id\}s
openstack endpoint create --region RegionOne volumev3 internal http://quan:8776/v3/%\{project_id\}s
openstack endpoint create --region RegionOne volumev3 admin http://quan:8776/v3/%\{project_id\}s
安装相关包并配置
yum -y install openstack-cinder
vim /etc/cinder/cinder.conf
[database]
connection = mysql+pymysql://cinder:openstack@quan/cinder
[DEFAULT]
transport_url = rabbit://openstack:openstack@quan
auth_strategy = keystone
my_ip = 172.16.1.221
[keystone_authtoken]
auth_uri = http://quan:5000
auth_url = http://quan:35357
memcached_servers = quan:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = openstack
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
初始化数据库
su -s /bin/sh -c "cinder-manage db sync" cinder
配置计算服务使用cinder
vi /etc/nova/nova.conf
[cinder]
os_region_name = RegionOne
计算服务重启
systemctl restart openstack-nova-api
服务启动,并设置开机启动
systemctl enable openstack-cinder-api openstack-cinder-scheduler && systemctl start openstack-cinder-api openstack-cinder-scheduler
验证
openstack volume service list #state状态为up即为启动成功
存储节点(除系统盘外要有磁盘)
安装相关包并配置
yum -y install lvm2 device-mapper-persistent-data
systemctl enable lvm2-lvmetad && systemctl start lvm2-lvmetad
pvcreate /dev/sdb #创建pv
vgcreate cinder-volume /dev/sdb #创建vg
vi /etc/lvm/lvm.conf
devices{"a/dev/sda/","a/dev/sdb/","r/.*/"}
#a表示接收,r表示拒绝
可通过命令lsblk查看系统安装是否使用lvm,若sda磁盘没有使用lvm可不添加"a/dev/sda/"
yum -y install openstack-cinder targetcli python-keystone
vi /etc/cinder/cinder.conf
[database]
connection = mysql+pymysql://cinder:openstack@quan/cinder
[DEFAULT]
transport_url = rabbit://openstack:openstack@quan
auth_strategy = keystone
my_ip = 172.16.1.223
enabled_backends = lvm
glance_api_servers = http://quan:9292
[keystone_authtoken]
auth_uri = http://quan:5000
auth_url = http://quan:35357
memcached_servers = quan:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = openstack
[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes #vg的名称
iscsi_protocol = iscsi
iscsi_helper = lioadm
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
服务启动,并设置开机启动
system enable openstack-cinder-volume target && system start openstack-cinder-volume target
验证
source admin-openrc
openstack volume service list
为虚拟机分配虚拟磁盘
命令:
source demo-openrc
openstack volume create --size 2 volume2 #--size指定虚拟机磁盘大小2G
openstack volume list #状态为available可用的
openstack server add volume selfservice-instance volume2 #为虚拟机挂载磁盘
openstack volume list #状态为in-use
可登录虚拟机通过fdisk -l 查看挂载磁盘
Swift组件
swift:被称为对象存储,提供了强大的扩展性、冗余和持久性。对象存储,用于永久类型的静态数据的长期存储
搭建swift组件
控制节点
创建swift用户,并在service项目中添加管理员角色
source admin-openrc
openstack user create --domain default --password-prompt swift
openstack role add --project service --user swift admin
创建swift服务及端口
openstack service create --name swift --description "OpenStack Object Stroage" object-store
openstack endpoint create --region RegionOne object-store public http://quan:8080/v1/AUTH_%\{project_id\}s
openstack endpoint create --region RegionOne object-store internal http://quan:8080/v1/AUTH_%\{project_id\}s
openstack endpoint create --region RegionOne object-store admin http://quan:8080/v1
安装相关包
yum -y install openstack-swift-proxy python-swiftclient python-keystoneclient python-keystonemiddleware memcached
下载swift-proxy.conf的配置文件,并配置
curl -o /etc/swift/proxy-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/proxy-server.conf-sample?h=stable/queens
vi /etc/swift/proxy-server.conf
[DEFAULT]
bind_port = 8080
swift_dir = /etc/swift
user = swift
[pipeline:main]
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server
[app:proxy-server]
use = egg:swift#proxy
account_autocreate = True
[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = admin,user
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
www_authenticate_uri = http://quan:5000
auth_url = http://quan:35357
memcached_servers = quan:11211
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = swift
password = openstack
delay_auth_decision = True
[filter:cache]
memcache_servers = quan:11211
存储节点(所有的)
安装相关包
yum install xfsprogs rsync
格式化磁盘
mkfs.xfs /dev/sdb
mkfs.xfs /dev/sdc
mkdir -p /srv/node/sdb
mkdir -p /src/node/sdc
配置自动挂载
vi /etc/fstab
/dev/sdb /srv/node/sdb xfs noatime,nodiratime,nobarrier,logbufs=8 0 2
/dev/sdc /srv/node/sdc xfs noatime,nodiratime,nobarrier,logbufs=8 0 2
mount /srv/node/sdb
mount /srv/node/sdc
或者
mount -a
vi /etc/rsyncd.conf
uid = swift
gid = swift
log_file = /var/log/rsyncd.log
pid_file = /var/run/rsyncd.pid
address = 172.16.1.224 #多个节点请自行调整
[account]
max_connections = 2
path = /srv/node/
read only = False
locak file = /var/lock/account.lock
[container]
max_connections = 2
path = /srv/node/
read only = False
locak file = /var/lock/container.lock
[object]
max_connections = 2
path = /srv/node/
read only = False
locak file = /var/lock/object.lock
服务启动,并设置开机启动
systemctl enable rsyncd && systemctl start rsyncd
安装相关包
yum -y install openstack-swift-account openstack-swift-container openstack-swift-object
下载相关配置文件,并配置
curl -o /etc/swift/account-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/account-server.conf-sample?h=stable/queens
curl -o /etc/swift/container-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/container-server.conf-sample?h=stable/queens
curl -o /etc/swift/object-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/object-server.conf-sample?h=stable/queens
vi /etc/swift/account-server.conf
[DEFAULT]
bind_ip = 172.16.1.224
bind_prot = 6202
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True
[pipeline:main]
pipeline = healthcheck recon account-server
[filter:recon]
recon_cache_path = /var/cache/swift
vi /etc/swift/container-server.conf
[DEFAULT]
bind_ip = 172.16.1.224
bind_prot = 6201
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True
[filter:recon]
recon_cache_path = /var/cache/swift
vi /etc/swift/object-server.conf
[DEFAULT]
bind_ip = 172.16.1.224
bind_prot = 6200
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True
[pipeline:main]
pipeline = healthcheck recon object-server
[filter:recon]
recon_cache_path = /var/cache/swift
recon_lock_path = /var/lock
修改文件权限
chown -R swfit:swift /srv/node
mkdir -p /var/cache/swift
chown -R root:swift /var/cache/swift
chmod -R 755 /var/cache/swift
终止存储节点操作,上述操作全部在所有存储节点中操作
控制节点操作
cd /etc/swift
swift-ring-builder account.builder create 10 3 1
创建第一存储节点
swift-ring-builder account.builder add \
--region 1 --zone 1 --ip 172.16.1.224 --port 6202 --device sdb --weight 100
swift-ring-builder account.builder add \
--region 1 --zone 1 --ip 172.16.1.224 --port 6202 --device sdc --weight 100
创建第二存储节点
swift-ring-builder account.builder add \
--region 1 --zone 2 --ip 172.16.1.225 --port 6202 --device sdb --weight 100
swift-ring-builder account.builder add \
--region 1 --zone 2 --ip 172.16.1.225 --port 6202 --device sdc --weight 100
swift-ring-builder account.builder
swift-ring-builder account.builder rebalance
swift-ring-builder container.builder create 10 3 1
创建第一存储节点
swift-ring-builder container.builder add \
--region 1 --zone 1 --ip 172.16.1.224 --port 6202 --device sdb --weight 100
swift-ring-builder container.builder add \
--region 1 --zone 1 --ip 172.16.1.224 --port 6202 --device sdc --weight 100
创建第二存储节点
swift-ring-builder container.builder add \
--region 1 --zone 2 --ip 172.16.1.225 --port 6202 --device sdb --weight 100
swift-ring-builder container.builder add \
--region 1 --zone 2 --ip 172.16.1.225 --port 6202 --device sdc --weight 100
swift-ring-builder container.builder
swift-ring-builder container.builder rebalance
swift-ring-builder object.builder create 10 3 1
创建第一存储节点
swift-ring-builder object.builder add \
--region 1 --zone 1 --ip 172.16.1.224 --port 6202 --device sdb --weight 100
swift-ring-builder object.builder add \
--region 1 --zone 1 --ip 172.16.1.224 --port 6202 --device sdc --weight 100
创建第二存储节点
swift-ring-builder object.builder add \
--region 1 --zone 2 --ip 172.16.1.225 --port 6202 --device sdb --weight 100
swift-ring-builder object.builder add \
--region 1 --zone 2 --ip 172.16.1.225 --port 6202 --device sdc --weight 100
swift-ring-builder object.builder
swift-ring-builder object.builder rebalance
将生成文件放到对象存储节点中
scp account.ring.gz container.ring.gz object.ring.gz object01:/etc/swift/
scp account.ring.gz container.ring.gz object.ring.gz object02:/etc/swift/
获取swift.conf配置文件
curl -o /etc/swift/swift.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/swift.conf-sample?h=stable/queens
vi /etc/swift/swift.conf
[swift-hash]
swift_hash_path_suffix = HASH_PATH_SUFFIX
swift_hash_path_prefix = HASH_PATH_PREFIX
[storage-policy:0]
name = Policy-0
default = yes
将swift.conf配置文件分发到对象存储节点
scp /etc/swift/swift.conf object01:/etc/swift/
scp /etc/swift/swift.conf object02:/etc/swift/
控制节点和所有对象存储节点执行
chown -R root:swift /etc/swift
控制节点
systemctl enable openstack-swift-proxy memcached && systemctl start openstack-swift-proxy memcached
对象存储节点(所有)
systemctl enable openstack-swift-account openstack-swift-account-auditor openstack-swift-account-reaper openstack-swift-account-replicator
systemctl start openstack-swift-account openstack-swift-account-auditor openstack-swift-account-reaper openstack-swift-account-replicator
systemctl enable openstack-swift-container openstack-swift-container-auditor openstack-swift-container-replicator openstack-swift-container-updater
systemctl start openstack-swift-container openstack-swift-container-auditor openstack-swift-container-replicator openstack-swift-container-updater
systemctl enable openstack-swift-object openstack-swift-object-auditor openstack-swift-object-replicator openstack-swift-object-updater
systemctl start openstack-swift-object openstack-swift-object-auditor openstack-swift-object-replicator openstack-swift-object-updater
验证(控制节点)
备注:首先检查/var/log/audit/audit.log,若存在selinux的信息,使得swift进程无法访问,做如下修改:
chcon -R system_u:object_r:swift_data_t:s0 /srv/node
source demo-openrc
swift stat #查看swift状态
openstack container create container1
openstack object create container1 FILE #上传文件到容器中
openstack container list #查看所有的container(容器)
openstack object list container1 #查看container1容器中的文件
openstack object save container1 FILE #从容器中下载文件
763
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
