您的位置:首页 > 运维架构 > Linux

CentOS 7.1结合openstack L版本详解

2015-12-15 17:29 676 查看
1-OpenStack介绍
环境准备:
#####################################################################################
[root@linux-node1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.56.11 linux-node1 linux-node1.oldboyedu.com 控制节点
192.168.56.12 linux-node2 linux-node2.oldboyedu.com 计算节点

[root@linux-node1 ~]# hostname
linux-node1

[root@linux-node1 ~]# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.56.11 netmask 255.255.255.0 broadcast 192.168.56.255
inet6 fe80::20c:29ff:fe43:cfee prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:43:cf:ee txqueuelen 1000 (Ethernet)
RX packets 103963 bytes 138766775 (132.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 57415 bytes 5927172 (5.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#####################################################################################
[root@linux-node2 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.56.11 linux-node1 linux-node1.oldboyedu.com
192.168.56.12 linux-node2 linux-node2.oldboyedu.com

[root@linux-node2 ~]# hostname
linux-node2

[root@linux-node2 ~]# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.56.12 netmask 255.255.255.0 broadcast 192.168.56.255
inet6 fe80::20c:29ff:feac:7b42 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ac:7b:42 txqueuelen 1000 (Ethernet)
RX packets 70682 bytes 93938653 (89.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 39760 bytes 4189365 (3.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
####################################################################################
理论:openstack管理三大资源:计算资源、网络资源,存储资源,就比如一台电脑需要cpu、内存
,网卡,硬盘。
------------------------------------------------------------------------------------
openstack各个服务的功能详解:
服务名称 项目名称 描述
Dashbiard Horizon 基于openstack API接口使用diango开发的web管理
compute Nova 通过虚拟化技术提供计算资源池
Networking Neutron 实现了虚拟机的网络资源管理
------------------------------------------------------------------------------------
storage(存储)
Object Storage Swift 对象存储,适用于"一次写入,多次读取"
Block Storage Cinder 块存储,提供存储资源池
------------------------------------------------------------------------------------
Shared Services(共享服务)
Identity Service Keystone 认证管理
Image Service Glance 提供虚拟镜像的注册和存储管理
Telemetry Ceilometer 提供监控和数据采集、计量服务
------------------------------------------------------------------------------------
Higher-level services(高层服务)
Orchestration Heat 自动化部署的组件
Database Service Trove 提供数据库应用服务
------------------------------------------------------------------------------------
####################################################################################
####################################################################################
####################################################################################
2-Openstack基础环境
yum install -y http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm yum install -y mariadb mariadb-server MySQL-python
yum install -y rabbitmq-server
--------------------------------------------------------------------------------------
安装及修改数据库配置文件
[root@linux-node1 ~]# yum install -y mariadb mariadb-server MySQL-python
[root@linux-node1 ~]# cp /usr/share/mysql/my-medium.cnf /etc/my.cnf
cp: overwrite ‘/etc/my.cnf’? y

[root@linux-node1 ~]# vim /etc/my.cnf
[mysqld]
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
--------------------------------------------------------------------------------------
设置开机mysql自动启动
[root@linux-node1 ~]# systemctl enable mariadb.service
[root@linux-node1 ~]# systemctl start mariadb.service
--------------------------------------------------------------------------------------
给Mysql设置密码:
[root@linux-node1 ~]# mysql_secure_installation ----第一个输入回车,下面输密码,然后全都是yes
--------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------
创建数据库
#keystone数据库
mysql -u root -p -e "CREATE DATABASE keystone;"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';"
#Glance数据库
mysql -u root -p -e "CREATE DATABASE glance;"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';"
#Nova数据库
mysql -u root -p -e "CREATE DATABASE nova;"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';"
#Neutron 数据库
mysql -u root -p -e "CREATE DATABASE neutron;"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';"
#Cinder数据库
mysql -u root -p -e "CREATE DATABASE cinder;"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';"
--------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------
[root@linux-node1 ~]# yum install -y rabbitmq-server
让rabbitmq服务开机自动启动
[root@linux-node1 ~]# systemctl enable rabbitmq-server.service
启动rabbitmq服务
[root@linux-node1 ~]# systemctl start rabbitmq-server.service
---------------------------------------------------------------------------------------
查看端口:rabbitmq的端口是5672
[root@linux-node1 ~]# netstat -lntup
tcp6 0 0 :::5672 :::* LISTEN 2899/beam.smp
-----------------------------------------------------------------------------------------
添加一个openstack的用户名和密码:
[root@linux-node1 ~]# rabbitmqctl add_user openstack openstack ----用于用户的认证
-----------------------------------------------------------------------------------------
用户授权:
[root@linux-node1 ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
-----------------------------------------------------------------------------------------
列出rabbitmq的插件:
[root@linux-node1 ~]# rabbitmq-plugins list
[ ] amqp_client 3.3.5
[ ] cowboy 0.5.0-rmq3.3.5-git4b93c2d
[ ] eldap 3.3.5-gite309de4
[ ] mochiweb 2.7.0-rmq3.3.5-git680dba8
[ ] rabbitmq_amqp1_0 3.3.5
[ ] rabbitmq_auth_backend_ldap 3.3.5
[ ] rabbitmq_auth_mechanism_ssl 3.3.5
[ ] rabbitmq_consistent_hash_exchange 3.3.5
[ ] rabbitmq_federation 3.3.5
[ ] rabbitmq_federation_management 3.3.5
[ ] rabbitmq_management 3.3.5
[ ] rabbitmq_management_agent 3.3.5
[ ] rabbitmq_management_visualiser 3.3.5
[ ] rabbitmq_mqtt 3.3.5
[ ] rabbitmq_shovel 3.3.5
[ ] rabbitmq_shovel_management 3.3.5
[ ] rabbitmq_stomp 3.3.5
[ ] rabbitmq_test 3.3.5
[ ] rabbitmq_tracing 3.3.5
[ ] rabbitmq_web_dispatch 3.3.5
[ ] rabbitmq_web_stomp 3.3.5
[ ] rabbitmq_web_stomp_examples 3.3.5
[ ] sockjs 0.3.4-rmq3.3.5-git3132eb9
[ ] webmachine 1.10.3-rmq3.3.5-gite9359c7
---------------------------------------------------------------------------------------
开机自启动rabbitmq的管理插件:
[root@linux-node1 ~]# rabbitmq-plugins enable rabbitmq_management
---------------------------------------------------------------------------------------
重新启动rabbitmq:
[root@linux-node1 ~]# systemctl restart rabbitmq-server.service
---------------------------------------------------------------------------------------
再次查看监听的端口:web管理端口:15672
[root@linux-node1 ~]# netstat -lntup
tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 3679/beam.smp
---------------------------------------------------------------------------------------
web端打开192.168.56.11:15672 用户名 guest 密码 guest
登录进去之后:
Admin------->复制administrator------->点击openstack------>Update this user-------->
Tags:粘帖administrator--------->密码都设置为openstack-------->logout
然后在登陆:用户名 openstack 密码 openstack
---------------------------------------------------------------------------------------
[root@linux-node1 ~]# yum install chrony -y
[root@linux-node1 ~]# vim /etc/chrony.conf
22 allow 192.168/16 ---将注释去掉,允许192.168网段的来连接
[root@linux-node1 ~]# systemctl enable chronyd.service 设置开机自动启动时间同步服务
[root@linux-node1 ~]# systemctl start chronyd.service 启动时间同步服务
[root@linux-node1 ~]# timedatectl set-timezone Asia/Shanghai 设置时区为东八时区
-----------------------------------------------------------------------------------
####################################################################################
####################################################################################
####################################################################################
3-Keystone(上)
---------------------------------------------------------------------------------------
Keystone作用:用户与认证:用户权限与用户行为跟踪:
服务目录:提供一个服务目录,包括所有服务项与相关Api的端点
User:用户 Tenant:租户 项目 Token:令牌 Role:角色 Service:服务 Endpoint:端点
----------------------------------------------------------------------------------------
keystone安装:
[root@linux-node1 ~]# yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached
[root@linux-node1 ~]# openssl rand -hex 10 ----生成随机码
aca97a2a1733e9848ab0
[root@linux-node1 ~]# grep -n '^[a-z]' /etc/keystone/keystone.conf
12:admin_token = aca97a2a1733e9848ab0
107:verbose = true
495:connection = mysql://keystone:keystone@192.168.56.11/keystone
1305:servers = 192.168.56.11:11211
1710:driver = sql
1903:provider = uuid
1908:driver = memcache
-----------------------------------------------------------------------------------------------
同步数据库:注意权限,所以要用su -s 切换到keystone用户下执行:
[root@linux-node1 config]# su -s /bin/sh -c "keystone-manage db_sync" keystone
[root@linux-node1 ~]# mysql -ukeystone -pkeystone
MariaDB [(none)]> use keystone;
Database changed
MariaDB [keystone]> show tables;
+------------------------+
| Tables_in_keystone |
+------------------------+
| access_token |
| assignment |
| config_register |
| consumer |
| credential |
| domain |
| endpoint |
| endpoint_group |
| federation_protocol |
| group |
| id_mapping |
| identity_provider |
| idp_remote_ids |
| mapping |
| migrate_version |
| policy |
| policy_association |
| project |
| project_endpoint |
| project_endpoint_group |
| region |
| request_token |
| revocation_event |
| role |
| sensitive_config |
| service |
| service_provider |
| token |
| trust |
| trust_role |
| user |
| user_group_membership |
| whitelisted_config |
+------------------------+
33 rows in set (0.00 sec)
表已创建完毕,OK
#################################################################################################
#################################################################################################
#################################################################################################
4-Keystone(下)
列出keystone修改的配置:
[root@linux-node1 ~]# grep -n '^[a-z]' /etc/keystone/keystone.conf
12:admin_token = aca97a2a1733e9848ab0
107:verbose = true
495:connection = mysql://keystone:keystone@192.168.56.11/keystone
1305:servers = 192.168.56.11:11211
1710:driver = sql
1903:provider = uuid
1908:driver = memcache
----------------------------------------------------------------------------------
启动memcache服务:
[root@linux-node1 ~]# systemctl start memcached.service
---------------------------------------------------------------------------------
新建keystone配置文件,并用apache来代理它:5000 正常的api来访问 35357 管理访问的端口
[root@linux-node1 ~]# vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357

<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined

<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>

<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined

<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
----------------------------------------------------------------------------------------------------
必须要配置httpd的ServerName,否则keystone服务不能起来
[root@linux-node1 ~]# grep -n '^ServerName' /etc/httpd/conf/httpd.conf
95:ServerName 192.168.56.11:80
---------------------------------------------------------------------------------------------------
启动memcache与httpd服务:
[root@linux-node1 ~]# systemctl enable memcached
[root@linux-node1 ~]# systemctl enable httpd
[root@linux-node1 ~]# systemctl start httpd
---------------------------------------------------------------------------------------------------
查看端口:
[root@linux-node1 ~]# netstat -lntup|grep httpd
tcp6 0 0 :::5000 :::* LISTEN 3177/httpd
tcp6 0 0 :::80 :::* LISTEN 3177/httpd
tcp6 0 0 :::35357 :::* LISTEN 3177/httpd
---------------------------------------------------------------------------------------------------
创建验证用户及地址版本信息:
[root@linux-node1 ~]# grep -n '^admin_token' /etc/keystone/keystone.conf
12:admin_token = aca97a2a1733e9848ab0
[root@linux-node1 ~]# export OS_TOKEN=aca97a2a1733e9848ab0 -------设置环境变量
[root@linux-node1 ~]# export OS_URL=http://192.168.56.11:35357/v3
[root@linux-node1 ~]# export OS_IDENTITY_API_VERSION=3
-------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------
创建租户用户:
[root@linux-node1 ~]# openstack project create --domain default --description "Admin Project" admin
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Admin Project |
| domain_id | default |
| enabled | True |
| id | 2b2e397b924b40a788a99fa249240d01 |
| is_domain | False |
| name | admin |
| parent_id | None |
+-------------+----------------------------------+
-------------------------------------------------------------------------------------------------
创建admin的用户:
[root@linux-node1 ~]# openstack user create --domain default --password-prompt admin
User Password:admin
Repeat User Password:admin
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | dca51d2e3e5d4f5188114b62e675f319 |
| name | admin |
+-----------+----------------------------------+
-------------------------------------------------------------------------------------------------
创建admin的角色:
[root@linux-node1 ~]# openstack role create admin
+-------+----------------------------------+
| Field | Value |
+-------+----------------------------------+
| id | f5ebf68a66074987873a83687f4feed6 |
| name | admin |
+-------+----------------------------------+
-------------------------------------------------------------------------------------------------
把admin用户加入到admin项目,并赋予admin的角色:
[root@linux-node1 ~]# openstack role add --project admin --user admin admin --此处无输出
-------------------------------------------------------------------------------------------------
创建普通用户密码及角色:
[root@linux-node1 ~]# openstack project create --domain default --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 96a11a35c28e4af38a04653b9998d70b |
| is_domain | False |
| name | demo |
| parent_id | None |
+-------------+----------------------------------+
[root@linux-node1 ~]# openstack user create --domain default --password=demo demo
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | fc13041ee41045a886f809b28219191f |
| name | demo |
+-----------+----------------------------------+
[root@linux-node1 ~]# openstack role create user
+-------+----------------------------------+
| Field | Value |
+-------+----------------------------------+
| id | a46598d44a5a4e27a0fa293d9b545ed7 |
| name | user |
+-------+----------------------------------+
[root@linux-node1 ~]# openstack role add --project demo --user demo user
-------------------------------------------------------------------------------------------------
[root@linux-node1 ~]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 762bdec34b3745cda2589173cbabcc02 |
| is_domain | False |
| name | service |
| parent_id | None |
+-------------+----------------------------------+
--------------------------------------------------------------------------------------------------
查看创建的用户及角色:
[root@linux-node1 ~]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| dca51d2e3e5d4f5188114b62e675f319 | admin |
| fc13041ee41045a886f809b28219191f | demo |
+----------------------------------+-------+
[root@linux-node1 ~]# openstack role list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| a46598d44a5a4e27a0fa293d9b545ed7 | user |
| f5ebf68a66074987873a83687f4feed6 | admin |
+----------------------------------+-------+
[root@linux-node1 ~]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 2b2e397b924b40a788a99fa249240d01 | admin |
| 762bdec34b3745cda2589173cbabcc02 | service |
| 96a11a35c28e4af38a04653b9998d70b | demo |
+----------------------------------+---------+
-------------------------------------------------------------------------------------------------
keystone本身也需要注册:
[root@linux-node1 ~]# openstack service create --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | 56a41007e4494c508dddbf1117615a8b |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
[root@linux-node1 ~]# openstack endpoint create --region RegionOne identity public http://192.168.56.11:5000/v2.0 公共的api接口
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 57f2bc72a6cd4959b90b289d8204fc08 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 56a41007e4494c508dddbf1117615a8b |
| service_name | keystone |
| service_type | identity |
| url | http://192.168.56.11:5000/v2.0 |
+--------------+----------------------------------+
[root@linux-node1 ~]# openstack endpoint create --region RegionOne identity internal http://192.168.56.11:5000/v2.0 内部的api接口
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 7363d3656d1a491695ea5ea930585010 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 56a41007e4494c508dddbf1117615a8b |
| service_name | keystone |
| service_type | identity |
| url | http://192.168.56.11:5000/v2.0 |
+--------------+----------------------------------+
[root@linux-node1 ~]# openstack endpoint create --region RegionOne identity admin http://192.168.56.11:35357/v2.0 管理的api接口
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | bde3034291ab41489764fbb42356faf7 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 56a41007e4494c508dddbf1117615a8b |
| service_name | keystone |
| service_type | identity |
| url | http://192.168.56.11:35357/v2.0 |
+--------------+----------------------------------+
[root@linux-node1 ~]# openstack endpoint list -----查看api接口
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------+
| 57f2bc72a6cd4959b90b289d8204fc08 | RegionOne | keystone | identity | True | public | http://192.168.56.11:5000/v2.0 |
| 7363d3656d1a491695ea5ea930585010 | RegionOne | keystone | identity | True | internal | http://192.168.56.11:5000/v2.0 |
| bde3034291ab41489764fbb42356faf7 | RegionOne | keystone | identity | True | admin | http://192.168.56.11:35357/v2.0 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------+
-------------------------------------------------------------------------------------------------
使用用户名密码的方式登录:必须要先取消环境变量
[root@linux-node1 ~]# unset OS_TOKEN
[root@linux-node1 ~]# unset OS_URL
[root@linux-node1 ~]# openstack --os-auth-url http://192.168.56.11:35357/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name admin --os-username admin --os-auth-type password token issue
Password: admin
+------------+----------------------------------+
| Field | Value |
+------------+----------------------------------+
| expires | 2015-12-15T02:44:37.922398Z |
| id | 9b5081ce376642d2ad6f73b7f497fc1c |
| project_id | 2b2e397b924b40a788a99fa249240d01 |
| user_id | dca51d2e3e5d4f5188114b62e675f319 |
+------------+----------------------------------+
到此处说明keystone已经成功了
--------------------------------------------------------------------------------------------------
为了方便快捷的使用keystone,我们需要设置两个环境变量:
[root@linux-node1 ~]# vim admin-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://192.168.56.11:35357/v3
export OS_IDENTITY_API_VERSION=3
--------------------------------------------------------------------------------------------------
[root@linux-node1 ~]# vim demo-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://192.168.56.11:5000/v3
export OS_IDENTITY_API_VERSION=3
--------------------------------------------------------------------------------------------------
[root@linux-node1 ~]# chmod +x *.sh
[root@linux-node1 ~]# source admin-openrc.sh ----此时只需要source环境变量,获取token即可
[root@linux-node1 ~]# openstack token issue
+------------+----------------------------------+
| Field | Value |
+------------+----------------------------------+
| expires | 2015-12-15T02:54:13.260607Z |
| id | 6bc9f30f1e2541218c94805c22bf9f5e |
| project_id | 2b2e397b924b40a788a99fa249240d01 |
| user_id | dca51d2e3e5d4f5188114b62e675f319 |
+------------+----------------------------------+
--------------------------------------------------------------------------------------------------
#################################################################################################
#################################################################################################
#################################################################################################
5-Glance部署(镜像服务)
glance主要由三个部分组成:glance-api、glance-registry以及image store
glance-api:接受云系统镜像的创建、删除、读取请求
glance-registry:云系统的镜像注册服务
glance的安装:
[root@linux-node1 ~]# yum install -y openstack-glance python-glance python-glanceclient
修改配置文件glance-api.conf与glance-registry.conf:
[root@linux-node1 ~]# grep -n '^connection' /etc/glance/glance-api.conf
538:connection=mysql://glance:glance@192.168.56.11/glance
[root@linux-node1 ~]# grep -n '^connection' /etc/glance/glance-registry.conf
363:connection=mysql://glance:glance@192.168.56.11/glance
同步数据库:
[root@linux-node1 ~]# su -s /bin/sh -c "glance-manage db_sync" glance
检查数据库是否同步:
[root@linux-node1 ~]# mysql -uglance -pglance -h 192.168.56.11
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 8
Server version: 5.5.44-MariaDB-log MariaDB Server

Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> use glance;
Database changed
MariaDB [glance]> show tables;
+----------------------------------+
| Tables_in_glance |
+----------------------------------+
| artifact_blob_locations |
| artifact_blobs |
| artifact_dependencies |
| artifact_properties |
| artifact_tags |
| artifacts |
| image_locations |
| image_members |
| image_properties |
| image_tags |
| images |
| metadef_namespace_resource_types |
| metadef_namespaces |
| metadef_objects |
| metadef_properties |
| metadef_resource_types |
| metadef_tags |
| migrate_version |
| task_info |
| tasks |
+----------------------------------+
20 rows in set (0.00 sec)
此处用glance用户和密码是为了检查是否同步以及权限是否正确。
------------------------------------------------------------------------------------------------
创建glance用户:
[root@linux-node1 ~]# openstack user create --domain default --password=glance glance
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 4b1caac7771d452e87804152c4d3ba72 |
| name | glance |
+-----------+----------------------------------+
将此用户加入到项目里面并给它赋予admin的权限:
[root@linux-node1 ~]# openstack role add --project service --user glance admin
-------------------------------------------------------------------------------------------------
配置keystone与glance-api.conf的链接:
[root@linux-node1 ~]# grep -n '^[a-z]' /etc/glance/glance-api.conf
363:verbose=True
491:notification_driver = noop
538:connection=mysql://glance:glance@192.168.56.11/glance
642:default_store=file
701:filesystem_store_datadir=/var/lib/glance/images/
[keystone_authtoken]
974:auth_uri = http://192.168.56.11:5000 975:auth_url = http://192.168.56.11:35357 976:auth_plugin = password
977:project_domain_id = default
978:user_domain_id = default
979:project_name = service
980:username = glance
981:password = glance
1485:flavor=keystone
----------------------------------------------------------------------------------------------
配置keystone与glance-registry.conf的链接:
[root@linux-node1 ~]# grep -n '^[a-z]' /etc/glance/glance-registry.conf
363:connection=mysql://glance:glance@192.168.56.11/glance
[keystone_authtoken]
763:auth_uri = http://192.168.56.11:5000 764:auth_url = http://192.168.56.11:35357 765:auth_plugin = password
766:project_domain_id = default
767:user_domain_id = default
768:project_name = service
769:username = glance
770:password = glance
1256:flavor=keystone
-------------------------------------------------------------------------------------------
启动glance服务并设置开机启动:
[root@linux-node1 ~]# systemctl enable openstack-glance-api
[root@linux-node1 ~]# systemctl enable openstack-glance-registry
[root@linux-node1 ~]# systemctl start openstack-glance-api
[root@linux-node1 ~]# systemctl start openstack-glance-registry
-------------------------------------------------------------------------------------------
监听端口: registry:9191 api:9292
[root@linux-node1 ~]# netstat -antup
tcp 0 0 0.0.0.0:9191 0.0.0.0:* LISTEN 5850/python2
tcp 0 0 0.0.0.0:9292 0.0.0.0:* LISTEN 5833/python2
-------------------------------------------------------------------------------------------
glance服务创建:
[root@linux-node1 ~]# source admin-openrc.sh
[root@linux-node1 ~]# openstack service create --name glance --description "OpenStack Image service" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image service |
| enabled | True |
| id | 44b68faa5d1640769bff406454e78101 |
| name | glance |
| type | image |
+-------------+----------------------------------+
[root@linux-node1 ~]# openstack endpoint create --region RegionOne image public http://192.168.56.11:9292 +--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 9c6832e415fd427b923fa4018beeea92 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 44b68faa5d1640769bff406454e78101 |
| service_name | glance |
| service_type | image |
| url | http://192.168.56.11:9292 |
+--------------+----------------------------------+
[root@linux-node1 ~]# openstack endpoint create --region RegionOne image internal http://192.168.56.11:9292 +--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 2f5408b7f76b44299ae86e3d2ff77007 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 44b68faa5d1640769bff406454e78101 |
| service_name | glance |
| service_type | image |
| url | http://192.168.56.11:9292 |
+--------------+----------------------------------+
[root@linux-node1 ~]# openstack endpoint create --region RegionOne image admin http://192.168.56.11:9292 +--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 6ded860cfce8422c8605cecfe458f712 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 44b68faa5d1640769bff406454e78101 |
| service_name | glance |
| service_type | image |
| url | http://192.168.56.11:9292 |
+--------------+----------------------------------+
[root@linux-node1 ~]# source admin-openrc.sh
[root@linux-node1 ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------+
| 2f5408b7f76b44299ae86e3d2ff77007 | RegionOne | glance | image | True | internal | http://192.168.56.11:9292 |
| 57f2bc72a6cd4959b90b289d8204fc08 | RegionOne | keystone | identity | True | public | http://192.168.56.11:5000/v2.0 |
| 6ded860cfce8422c8605cecfe458f712 | RegionOne | glance | image | True | admin | http://192.168.56.11:9292 |
| 7363d3656d1a491695ea5ea930585010 | RegionOne | keystone | identity | True | internal | http://192.168.56.11:5000/v2.0 |
| 9c6832e415fd427b923fa4018beeea92 | RegionOne | glance | image | True | public | http://192.168.56.11:9292 |
| bde3034291ab41489764fbb42356faf7 | RegionOne | keystone | identity | True | admin | http://192.168.56.11:35357/v2.0 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------+
[root@linux-node1 ~]# glance image-list
+----+------+
| ID | Name |
+----+------+
+----+------+
如果执行glance image-list命令出现以上画面则表示glance安装成功了。
---------------------------------------------------------------------------------------------------
上传镜像:
[root@linux-node1 images]# glance image-create --name "cirros" \
> --file cirros-0.3.4-x86_64-disk.img \
> --disk-format qcow2 --container-format bare \
> --visibility public --progress
[=============================>] 100%
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2015-12-15T03:13:34Z |
| disk_format | qcow2 |
| id | 0afee92d-99ed-432b-b250-fd207acb3023 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | 2b2e397b924b40a788a99fa249240d01 |
| protected | False |
| size | 13287936 |
| status | active |
| tags | [] |
| updated_at | 2015-12-15T03:13:35Z |
| virtual_size | None |
| visibility | public |
+------------------+--------------------------------------+
------------------------------------------------------------------------------------------------
查看镜像:
[root@linux-node1 images]# glance image-list
+--------------------------------------+--------+
| ID | Name |
+--------------------------------------+--------+
| 0afee92d-99ed-432b-b250-fd207acb3023 | cirros |
+--------------------------------------+--------+
------------------------------------------------------------------------------------------------
#################################################################################################
#################################################################################################
#################################################################################################
6-Nova控制节点(openstack虚拟机必备组件:keystone,glance,nova,neutron)
------------------------------------------------------------------------------------------------
API:负责接收和响应外部请求,支持openstack API,EC2API
Cert:负责身份认证
Scheduler:用于云主机调度
Conductor:计算节点访问数据的中间件
Consoleleauth:用于控制台的授权验证
Novncproxy:VNC代理
Nova API组件实现了RESTful API功能,是外部访问Nova的唯一途径。
接收外部请求并通过Message Queue将请求发送给其他的服务组件,同时也兼容EC2 API,所以也可以用EC2的管理
工具对nova进行日常管理。
Nova Scheduler模块在openstack中的作用就是决策虚拟机创建在哪个主机(计算节点)上。
决策一个虚机应该调度到某物理节点,需要分两个步骤:
过滤(Fliter) 计算权值(Weight)
Fliter Scheduler首先得到未经过滤的主机列表,然后根据过滤属性,选择符合条件的计算节点主机。
经过主机过滤后,需要对主机进行权值的计算,根据策略选择相应的某一台主机(对于每一个要创建的虚拟机而言)
------------------------------------------------------------------------------------------------
安装nova控制节点:
[root@linux-node1 images]# yum install openstack-nova-api openstack-nova-cert
openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler
python-novaclient
------------------------------------------------------------------------------------------------
配置nova.conf文件
[root@linux-node1 images]# vim /etc/nova/nova.conf
[root@linux-node1 ~]# grep -n '^[a-z]' /etc/nova/nova.conf
61:rpc_backend=rabbit
124:my_ip=192.168.56.11
268:enabled_apis=osapi_compute,metadata
425:auth_strategy=keystone
1053:network_api_class=nova.network.neutronv2.api.API
1171:linuxnet_interface_driver=nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
1331:security_group_api=neutron
1370:debug=true
1374:verbose=True
1760:firewall_driver = nova.virt.firewall.NoopFirewallDriver
1828:vncserver_listen= $my_ip
1832:vncserver_proxyclient_address= $my_ip
2213:connection=mysql://nova:nova@192.168.56.11/nova
2334:host=$my_ip
2546:auth_uri = http://192.168.56.11:5000 2547:auth_url = http://192.168.56.11:35357 2548:auth_plugin = password
2549:project_domain_id = default
2550:user_domain_id = default
2551:project_name = service
2552:username = nova
2553:password = nova
3033:url = http://192.168.56.11:9696 3034:auth_url = http://192.168.56.11:35357 3035:auth_plugin = password
3036:project_domain_id = default
3037:user_domain_id = default
3038:region_name = RegionOne
3039:project_name = service
3040:username = neutron
3041:password = neutron
3043:service_metadata_proxy = True
3044:metadata_proxy_shared_secret = neutron
3052:service_metadata_proxy=true
3056:metadata_proxy_shared_secret=neutron
3807:lock_path=/var/lib/nova/tmp
3970:rabbit_host=192.168.56.11
3974:rabbit_port=5672
3986:rabbit_userid=openstack
3990:rabbit_password=openstack
--------------------------------------------------------------------------------------------------
[root@linux-node1 images]# su -s /bin/sh -c "nova-manage db sync" nova ---同步数据库
[root@linux-node1 images]# mysql -unova -pnova -h 192.168.56.11
.....................
| virtual_interfaces |
| volume_id_mappings |
| volume_usage_cache |
+--------------------------------------------+
105 rows in set (0.00 sec)
已同步成功
--------------------------------------------------------------------------------------------------
[root@linux-node1 ~]# source admin-openrc.sh
[root@linux-node1 ~]# openstack user create --domain default --password=nova nova
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 73c3ef252ae5453f85ba7e2d6ea4ada0 |
| name | nova |
+-----------+----------------------------------+
--------------------------------------------------------------------------------------------------
[root@linux-node1 ~]# openstack role add --project service --user nova admin
设置开机自启动:
systemctl enable openstack-nova-api.service \
openstack-nova-cert.service openstack-nova-consoleauth.service \
openstack-nova-scheduler.service openstack-nova-conductor.service \
openstack-nova-novncproxy.service
启动全部服务:
systemctl start openstack-nova-api.service \
openstack-nova-cert.service openstack-nova-consoleauth.service \
openstack-nova-scheduler.service openstack-nova-conductor.service \
openstack-nova-novncproxy.service
--------------------------------------------------------------------------------------------------
注册服务:
[root@linux-node1 neutronv2]# openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 7edfc5eca79a40398d469ae42b5b424c |
| name | nova |
| type | compute |
+-------------+----------------------------------+
[root@linux-node1 neutronv2]# openstack endpoint create --region RegionOne compute public http://192.168.56.11:8774/v2/%\(tenant_id\)s +--------------+--------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------+
| enabled | True |
| id | f29c7af80c1c45d48abead9b44cf6548 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 7edfc5eca79a40398d469ae42b5b424c |
| service_name | nova |
| service_type | compute |
| url | http://192.168.56.11:8774/v2/%(tenant_id)s |
+--------------+--------------------------------------------+
[root@linux-node1 neutronv2]# openstack endpoint create --region RegionOne compute internal http://192.168.56.11:8774/v2/%\(tenant_id\)s +--------------+--------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------+
| enabled | True |
| id | 154e03a4810849398f44b57a3841d3eb |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 7edfc5eca79a40398d469ae42b5b424c |
| service_name | nova |
| service_type | compute |
| url | http://192.168.56.11:8774/v2/%(tenant_id)s |
+--------------+--------------------------------------------+
[root@linux-node1 neutronv2]# openstack endpoint create --region RegionOne compute admin http://192.168.56.11:8774/v2/%\(tenant_id\)s +--------------+--------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------+
| enabled | True |
| id | c18c787430c1408db9afc8a7a6d5140f |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 7edfc5eca79a40398d469ae42b5b424c |
| service_name | nova |
| service_type | compute |
| url | http://192.168.56.11:8774/v2/%(tenant_id)s |
+--------------+--------------------------------------------+
--------------------------------------------------------------------------------------------------
验证是否成功:
[root@linux-node1 neutronv2]# openstack host list
+-------------+-------------+----------+
| Host Name | Service | Zone |
+-------------+-------------+----------+
| linux-node1 | conductor | internal |
| linux-node1 | scheduler | internal |
| linux-node1 | cert | internal |
| linux-node1 | consoleauth | internal |
+-------------+-------------+----------+
如果出现此四个服务则代表nova创建成功了
#################################################################################################
#################################################################################################
#################################################################################################
7-Nova计算节点
nova-compute一般运行在计算节点上,通过message queue接收并管理VM的生命周期
nova-compute通过libvirt管理KVM,通过XenAPI管理Xen
--------------------------------------------------------------------------------------------------
环境配置:
yum install -y http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm yum install centos-release-openstack-liberty
yum install python-openstackclient
yum install openstack-nova-compute sysfsutils
yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset
--------------------------------------------------------------------------------------------------
[root@linux-node2 ~]# yum install chrony -y
[root@linux-node2 ~]# cat /etc/chrony.conf
server 192.168.56.11 iburst
[root@linux-node2 ~]# timedatectl set-timezone Asia/Shanghai ---设置时区
[root@linux-node2 ~]# systemctl enable chronyd.service
[root@linux-node2 ~]# systemctl start chronyd.service
[root@linux-node2 ~]# chronyc sources
210 Number of sources = 3
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^- dns1.synet.edu.cn 2 6 377 15 -38ms[ -38ms] +/- 57ms
^- dns.sjtu.edu.cn 3 6 177 14 -61ms[ -61ms] +/- 130ms
^* news.neu.edu.cn 2 7 377 11 -82us[ -151us] +/- 19ms
----------------------------------------------------------------------------------------------------
计算节点上nova.conf的配置:
[root@linux-node2 ~]# grep -n '^[a-z]' /etc/nova/nova.conf
61:rpc_backend=rabbit
124:my_ip=192.168.56.12
268:enabled_apis=osapi_compute,metadata
425:auth_strategy=keystone
1053:network_api_class=nova.network.neutronv2.api.API
1171:linuxnet_interface_driver=nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
1331:security_group_api=neutron
1370:debug=true
1374:verbose=True
1760:firewall_driver = nova.virt.firewall.NoopFirewallDriver
1820:novncproxy_base_url=http://192.168.56.11:6080/vnc_auto.html
1828:vncserver_listen= 0.0.0.0
1832:vncserver_proxyclient_address= 192.168.56.12
1835:vnc_enabled=true
1838:vnc_keymap=en-us
2213:connection=mysql://nova:nova@192.168.56.11/nova
2334:host=192.168.56.11
2546:auth_uri = http://192.168.56.11:5000 2547:auth_url = http://192.168.56.11:35357 2548:auth_plugin = password
2549:project_domain_id = default
2550:user_domain_id = default
2551:project_name = service
2552:username = nova
2553:password = nova
2727:virt_type=kvm
3033:url = http://192.168.56.11:9696 3034:auth_url = http://192.168.56.11:35357 3035:auth_plugin = password
3036:project_domain_id = default
3037:user_domain_id = default
3038:region_name = RegionOne
3039:project_name = service
3040:username = neutron
3041:password = neutron
3043:service_metadata_proxy = True
3044:metadata_proxy_shared_secret = neutron
3807:lock_path=/var/lib/nova/tmp
3970:rabbit_host=192.168.56.11
3974:rabbit_port=5672
3986:rabbit_userid=openstack
3990:rabbit_password=openstack
----------------------------------------------------------------------------------------------------
[root@linux-node2 ~]# systemctl enable libvirtd openstack-nova-compute
[root@linux-node2 ~]# systemctl start libvirtd openstack-nova-compute
然后在linux-node1上面查看注册状态:
[root@linux-node1 ~]# openstack host list
+-------------+-------------+----------+
| Host Name | Service | Zone |
+-------------+-------------+----------+
| linux-node1 | conductor | internal |
| linux-node1 | scheduler | internal |
| linux-node1 | cert | internal |
| linux-node1 | consoleauth | internal |
| linux-node2 | compute | nova |<-----------------计算节点上nova安装成功并注册成功
+-------------+-------------+----------+
[root@linux-node1 ~]# nova image-list <---------------镜像出于活动的状态
+--------------------------------------+--------+--------+--------+
| ID | Name | Status | Server |
+--------------------------------------+--------+--------+--------+
| 0afee92d-99ed-432b-b250-fd207acb3023 | cirros | ACTIVE | |
+--------------------------------------+--------+--------+--------+
---------------------------------------------------------------------------------------------------
验证nova与keystone的连接,如下说明成功
[root@linux-node1 ~]# nova endpoints
WARNING: glance has no endpoint in ! Available endpoints for this service:
+-----------+----------------------------------+
| glance | Value |
+-----------+----------------------------------+
| id | 2f5408b7f76b44299ae86e3d2ff77007 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| url | http://192.168.56.11:9292 |
+-----------+----------------------------------+
+-----------+----------------------------------+
| glance | Value |
+-----------+----------------------------------+
| id | 6ded860cfce8422c8605cecfe458f712 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| url | http://192.168.56.11:9292 |
+-----------+----------------------------------+
+-----------+----------------------------------+
| glance | Value |
+-----------+----------------------------------+
| id | 9c6832e415fd427b923fa4018beeea92 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| url | http://192.168.56.11:9292 |
+-----------+----------------------------------+
WARNING: keystone has no endpoint in ! Available endpoints for this service:
+-----------+----------------------------------+
| keystone | Value |
+-----------+----------------------------------+
| id | 57f2bc72a6cd4959b90b289d8204fc08 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| url | http://192.168.56.11:5000/v2.0 |
+-----------+----------------------------------+
+-----------+----------------------------------+
| keystone | Value |
+-----------+----------------------------------+
| id | 7363d3656d1a491695ea5ea930585010 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| url | http://192.168.56.11:5000/v2.0 |
+-----------+----------------------------------+
+-----------+----------------------------------+
| keystone | Value |
+-----------+----------------------------------+
| id | bde3034291ab41489764fbb42356faf7 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| url | http://192.168.56.11:35357/v2.0 |
+-----------+----------------------------------+
WARNING: nova has no endpoint in ! Available endpoints for this service:
+-----------+---------------------------------------------------------------+
| nova | Value |
+-----------+---------------------------------------------------------------+
| id | 154e03a4810849398f44b57a3841d3eb |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| url | http://192.168.56.11:8774/v2/2b2e397b924b40a788a99fa249240d01 |
+-----------+---------------------------------------------------------------+
+-----------+---------------------------------------------------------------+
| nova | Value |
+-----------+---------------------------------------------------------------+
| id | c18c787430c1408db9afc8a7a6d5140f |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| url | http://192.168.56.11:8774/v2/2b2e397b924b40a788a99fa249240d01 |
+-----------+---------------------------------------------------------------+
+-----------+---------------------------------------------------------------+
| nova | Value |
+-----------+---------------------------------------------------------------+
| id | f29c7af80c1c45d48abead9b44cf6548 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| url | http://192.168.56.11:8774/v2/2b2e397b924b40a788a99fa249240d01 |
+-----------+---------------------------------------------------------------+
#################################################################################################
#################################################################################################
#################################################################################################
8-Neutron部署
注册网络服务:
[root@linux-node1 ~]# source admin-openrc.sh
[root@linux-node1 ~]# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 8dc306916aab45eb9149d0ca26c34115 |
| name | neutron |
| type | network |
+-------------+----------------------------------+
[root@linux-node1 ~]# openstack endpoint create --region RegionOne network public http://192.168.56.11:9696 +--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 6af3752dca234536b27ab527a6d1ff84 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8dc306916aab45eb9149d0ca26c34115 |
| service_name | neutron |
| service_type | network |
| url | http://192.168.56.11:9696 |
+--------------+----------------------------------+
[root@linux-node1 ~]# openstack endpoint create --region RegionOne network internal http://192.168.56.11:9696 +--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 52243378a157499dbc69eda7fa56019d |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8dc306916aab45eb9149d0ca26c34115 |
| service_name | neutron |
| service_type | network |
| url | http://192.168.56.11:9696 |
+--------------+----------------------------------+
[root@linux-node1 ~]# openstack endpoint create --region RegionOne network admin http://192.168.56.11:9696 +--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 855a3c978840410884a78e6b22580767 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8dc306916aab45eb9149d0ca26c34115 |
| service_name | neutron |
| service_type | network |
| url | http://192.168.56.11:9696 |
+--------------+----------------------------------+
---------------------------------------------------------------------------------------------------
[root@linux-node1 ~]# grep '^[a-z]' /etc/neutron/dhcp_agent.ini
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
---------------------------------------------------------------------------------------------------
替换配置文件:
cp /opt/config/neutron.conf /etc/neutron/
cp /opt/config/ml2_conf.ini /etc/neutron/plugins/ml2/
cp /opt/config/linuxbridge_agent.ini /etc/neutron/plugins/ml2/
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
----------------------------------------------------------------------------------------------------
[root@linux-node1 ~]# source admin-openrc.sh
[root@linux-node1 ~]# openstack user create --domain default --password=neutron neutron
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 0b4e27758dc64155b486cea708428d04 |
| name | neutron |
+-----------+----------------------------------+
[root@linux-node1 ~]# openstack role add --project service --user neutron admin
----------------------------------------------------------------------------------------------------
更新数据库:
[root@linux-node1 ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
----------------------------------------------------------------------------------------------------
重新驱动下服务:
[root@linux-node1 ~]# systemctl restart openstack-nova-api
开机自动加载neutron及启动neutron服务:
[root@linux-node1 ~]# systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
[root@linux-node1 ~]# systemctl restart neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
----------------------------------------------------------------------------------------------------
查看网卡的配置:
[root@linux-node1 ~]# neutron agent-list
+--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+
| id | agent_type | host | alive | admin_state_up | binary |
+--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+
| 3f59a584-903d-4e69-8d1e-4c8cbde8bc6f | Metadata agent | linux-node1 | :-) | True | neutron-metadata-agent |
| dd27f8b6-2b52-4bfd-8afd-01e0a3154b8f | Linux bridge agent | linux-node1 | :-) | True | neutron-linuxbridge-agent |
| e81177fe-bd1d-46d1-a4bb-e5e30be1e831 | DHCP agent | linux-node1 | :-) | True | neutron-dhcp-agent |
+--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+
------------------------------------------------------------------------------------------------------
计算节点:(将neutron的配置文件拷贝到计算节点)
[root@linux-node2 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@linux-node2 ~]# systemctl enable neutron-linuxbridge-agent.service
[root@linux-node2 ~]# systemctl restart neutron-linuxbridge-agent.service
----------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------
计算节点上的配置文件:(linuxbridge_agent.ini,)
[root@linux-node2 ml2]# grep -n '^[a-z]' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
9:physical_interface_mappings = physnet1:eth0
16:enable_vxlan = false
51:prevent_arp_spoofing = True
57:firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
61:enable_security_group = True
----------------------------------------------------------------------------------------------------
[root@linux-node2 ml2]# grep -n '^[a-z]' /etc/neutron/plugins/ml2/ml2_conf.ini
5:type_drivers = flat,vlan,gre,vxlan,geneve
12:tenant_network_types = vlan,gre,vxlan,geneve
18:mechanism_drivers = openvswitch,linuxbridge
27:extension_drivers = port_security
67:flat_networks = physnet1
120:enable_ipset = True
----------------------------------------------------------------------------------------------------
[root@linux-node2 ml2]# grep -n '^[a-z]' /etc/neutron/neutron.conf
20:state_path = /var/lib/neutron
60:core_plugin = ml2
77:service_plugins = router
92:auth_strategy = keystone
360:notify_nova_on_port_status_changes = True
364:notify_nova_on_port_data_changes = True
367:nova_url = http://192.168.56.11:8774/v2 573:rpc_backend=rabbit
717:auth_uri = http://192.168.56.11:5000 718:auth_url = http://192.168.56.11:35357 719:auth_plugin = password
720:project_domain_id = default
721:user_domain_id = default
722:project_name = service
723:username = neutron
724:password = neutron
737:connection = mysql://neutron:neutron@192.168.56.11:3306/neutron
780:auth_url = http://192.168.56.11:35357 781:auth_plugin = password
782:project_domain_id = default
783:user_domain_id = default
784:region_name = RegionOne
785:project_name = service
786:username = nova
787:password = nova
818:lock_path = $state_path/lock
998:rabbit_host = 192.168.56.11
1002:rabbit_port = 5672
1014:rabbit_userid = openstack
1018:rabbit_password = openstack
----------------------------------------------------------------------------------------------------
[root@linux-node2 ml2]# grep -n '^[a-z]' /etc/nova/nova.conf
61:rpc_backend=rabbit
124:my_ip=192.168.56.12
268:enabled_apis=osapi_compute,metadata
425:auth_strategy=keystone
1053:network_api_class=nova.network.neutronv2.api.API
1171:linuxnet_interface_driver=nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
1331:security_group_api=neutron
1370:debug=true
1374:verbose=True
1760:firewall_driver = nova.virt.firewall.NoopFirewallDriver
1820:novncproxy_base_url=http://192.168.56.11:6080/vnc_auto.html
1828:vncserver_listen= 0.0.0.0
1832:vncserver_proxyclient_address= 192.168.56.12
1835:vnc_enabled=true
1838:vnc_keymap=en-us
2213:connection=mysql://nova:nova@192.168.56.11/nova
2334:host=192.168.56.11
2546:auth_uri = http://192.168.56.11:5000 2547:auth_url = http://192.168.56.11:35357 2548:auth_plugin = password
2549:project_domain_id = default
2550:user_domain_id = default
2551:project_name = service
2552:username = nova
2553:password = nova
2727:virt_type=kvm
3033:url = http://192.168.56.11:9696 3034:auth_url = http://192.168.56.11:35357 3035:auth_plugin = password
3036:project_domain_id = default
3037:user_domain_id = default
3038:region_name = RegionOne
3039:project_name = service
3040:username = neutron
3041:password = neutron
3043:service_metadata_proxy = True
3044:metadata_proxy_shared_secret = neutron
3807:lock_path=/var/lib/nova/tmp
3970:rabbit_host=192.168.56.11
3974:rabbit_port=5672
3986:rabbit_userid=openstack
3990:rabbit_password=openstack
----------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------
在控制节点查看:
[root@linux-node1 ~]# neutron agent-list
+--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+
| id | agent_type | host | alive | admin_state_up | binary |
+--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+
| 3f59a584-903d-4e69-8d1e-4c8cbde8bc6f | Metadata agent | linux-node1 | :-) | True | neutron-metadata-agent |
| 8a0a4bd6-82c8-4ff2-adfa-b1bf6e796de7 | Linux bridge agent | linux-node2 | :-) | True | neutron-linuxbridge-agent |
| dd27f8b6-2b52-4bfd-8afd-01e0a3154b8f | Linux bridge agent | linux-node1 | :-) | True | neutron-linuxbridge-agent |
| e81177fe-bd1d-46d1-a4bb-e5e30be1e831 | DHCP agent | linux-node1 | :-) | True | neutron-dhcp-agent |
+--------------------------------------+--------------------+-------------+-------+----------------+---------------------------+
代表计算节点的Linux bridge agent已成功连接到控制节点。
----------------------------------------------------------------------------------------------------
#################################################################################################
#################################################################################################
#################################################################################################
9-创建第一台虚拟机
1、创建一个网络:
[root@linux-node1 ~]# neutron net-create flat --shared --provider:physical_network physnet1 --provider:network_type flat
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | fed225a3-68af-4e8c-9780-3f88c3892c0b |
| mtu | 0 |
| name | flat |
| port_security_enabled | True |
| provider:network_type | flat |
| provider:physical_network | physnet1 |
| provider:segmentation_id | |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | |
| tenant_id | 2b2e397b924b40a788a99fa249240d01 |
+---------------------------+--------------------------------------+
----------------------------------------------------------------------------------------------------
创建一个子网:
[root@linux-node1 ~]# neutron subnet-create flat 192.168.56.0/24 --name flat-subnet
--allocation-pool start=192.168.56.100,end=192.168.56.200 --dns-nameserver 192.168.56.2
--gateway 192.168.56.2
[root@linux-node1 ~]# neutron subnet-list ----查看网络和子网
+--------------------------------------+-------------+-----------------+------------------------------------------------------+
| id | name | cidr | allocation_pools |
+--------------------------------------+-------------+-----------------+------------------------------------------------------+
| b1d733bf-a698-4f0c-9226-f6f20fcee4e6 | flat-subnet | 192.168.56.0/24 | {"start": "192.168.56.100", "end": "192.168.56.200"} |
+--------------------------------------+-------------+-----------------+------------------------------------------------------+
[root@linux-node1 ~]# source demo-openrc.sh
[root@linux-node1 ~]# ssh-keygen -q -N ""
Enter file in which to save the key (/root/.ssh/id_rsa):
[root@linux-node1 ~]# nova keypair-add --pub-key .ssh/id_rsa.pub mykey
[root@linux-node1 ~]# nova keypair-list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | cb:26:da:59:c2:28:1d:7e:a9:f6:66:73:2f:21:99:da |
+-------+-------------------------------------------------+
#####加2个安全组
[root@linux-node1 ~]# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | -1 | -1 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
[root@linux-node1 ~]# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 22 | 22 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
--------------------------------------------------------------------------------------------------
查看虚拟机类型:
[root@linux-node1 ~]# nova flavor-list
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
| ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
| 1 | m1.tiny | 512 | 1 | 0 | | 1 | 1.0 | True |
| 2 | m1.small | 2048 | 20 | 0 | | 1 | 1.0 | True |
| 3 | m1.medium | 4096 | 40 | 0 | | 2 | 1.0 | True |
| 4 | m1.large | 8192 | 80 | 0 | | 4 | 1.0 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | | 8 | 1.0 | True |
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
-------------------------------------------------------------------------------------------------
需要什么镜像:
[root@linux-node1 ~]# nova image-list
+--------------------------------------+--------+--------+--------+
| ID | Name | Status | Server |
+--------------------------------------+--------+--------+--------+
| 0afee92d-99ed-432b-b250-fd207acb3023 | cirros | ACTIVE | |
+--------------------------------------+--------+--------+--------+
-------------------------------------------------------------------------------------------------
需要什么网络:
[root@linux-node1 ~]# neutron net-list
+--------------------------------------+------+------------------------------------------------------+
| id | name | subnets |
+--------------------------------------+------+------------------------------------------------------+
| fed225a3-68af-4e8c-9780-3f88c3892c0b | flat | b1d733bf-a698-4f0c-9226-f6f20fcee4e6 192.168.56.0/24 |
+--------------------------------------+------+------------------------------------------------------+
-------------------------------------------------------------------------------------------------
需要什么安全组:
[root@linux-node1 ~]# nova secgroup-list
+--------------------------------------+---------+------------------------+
| Id | Name | Description |
+--------------------------------------+---------+------------------------+
| 4b96e5bb-b287-4ebe-8ea6-f3092fb7ae7d | default | Default security group |
+--------------------------------------+---------+------------------------+
-------------------------------------------------------------------------------------------------
创建虚拟机:
[root@linux-node1 ~]# nova boot --flavor m1.tiny --image cirros --nic net-id=fed225a3-68af-4e8c-9780-3f88c3892c0b --security-group default --key-name mykey hello-instance
+--------------------------------------+-----------------------------------------------+
| Property | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | uL6bgAzrZLQt |
| config_drive | |
| created | 2015-12-15T08:56:38Z |
| flavor | m1.tiny (1) |
| hostId | |
| id | 284ce124-6cb6-4254-a23e-222a32bdb595 |
| image | cirros (0afee92d-99ed-432b-b250-fd207acb3023) |
| key_name | mykey |
| metadata | {} |
| name | hello-instance |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | default |
| status | BUILD |
| tenant_id | 96a11a35c28e4af38a04653b9998d70b |
| updated | 2015-12-15T08:56:38Z |
| user_id | fc13041ee41045a886f809b28219191f |
+--------------------------------------+-----------------------------------------------+
--------------------------------------------------------------------------------------------------
查看创建的虚拟机状态:
[root@linux-node1 ~]# nova list
+--------------------------------------+----------------+--------+------------+-------------+---------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+----------------+--------+------------+-------------+---------------------+
| 284ce124-6cb6-4254-a23e-222a32bdb595 | hello-instance | ACTIVE | - | Running | flat=192.168.56.101 |
+--------------------------------------+----------------+--------+------------+-------------+---------------------+
[root@linux-node1 ~]# ssh cirros@192.168.56.101
$ whoami
cirros
已创建成功并且可以登录了
----------------------------------------------------------------------------------------------------
用命令获取虚拟机的url地址:
[root@linux-node1 ~]# nova get-vnc-console hello-instance novnc
+-------+------------------------------------------------------------------------------------+
| Type | Url |
+-------+------------------------------------------------------------------------------------+
| novnc | http://192.168.56.11:6080/vnc_auto.html?token=b0313c09-b471-4f36-8a0c-60cfc4de17af |
+-------+------------------------------------------------------------------------------------+
----------------------------------------------------------------------------------------------------
在浏览器中输入:http://192.168.56.11:6080/vnc_auto.html?token=b0313c09-b471-4f36-8a0c-60cfc4de17af
则可以登录到虚拟机。
交流网站:www.etiantian.org
QQ:406564728
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签:  openstack   L新版
相关文章推荐
新的分享
章节导航