openstack云计算平台
生活随笔
收集整理的這篇文章主要介紹了
openstack云计算平台
小編覺得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.
文章目錄
- openstack簡(jiǎn)介
- 1 openstack環(huán)境部署
- 1.1主機(jī)網(wǎng)絡(luò)和解析
- 1.2網(wǎng)絡(luò)時(shí)間協(xié)議,所有的節(jié)點(diǎn)時(shí)間一直
- 1.3OpenStack包
- 1.4 SQL數(shù)據(jù)庫(kù)
- 1.5 消息隊(duì)列
- 1.6 memcached
- 2.認(rèn)證服務(wù)
- 2.1 安裝和配置
- 1)先決條件
- 2)安全并配置組件
- 3)配置 Apache HTTP 服務(wù)器
- 2.2 創(chuàng)建服務(wù)實(shí)體和API端點(diǎn)
- 2.3 創(chuàng)建域、項(xiàng)目、用戶和角色
- 2.3 驗(yàn)證操作
- 2.4 創(chuàng)建 OpenStack 客戶端環(huán)境腳本
- 3 鏡像服務(wù)
- 3.1 安裝和配置
- 3.2 安全并配置組件
- 3.3 驗(yàn)證操作
- 4.計(jì)算服務(wù)nova
- 4.1 安裝并配置控制節(jié)點(diǎn)
- 4.2 安裝并配置計(jì)算節(jié)點(diǎn)
- 1)計(jì)算節(jié)點(diǎn)server2環(huán)境部署
- 2)安裝和配置計(jì)算節(jié)點(diǎn)
- 3)驗(yàn)證操作
- 5.Networking 服務(wù)
- 5.1 安裝并配置控制節(jié)點(diǎn)
- 5.2 網(wǎng)絡(luò)選項(xiàng)1:公共網(wǎng)絡(luò)
- 5.3 繼續(xù)配置控制節(jié)點(diǎn)
- 5.4 安裝和配置計(jì)算節(jié)點(diǎn)
- 5.5 網(wǎng)絡(luò)選項(xiàng)1:公共網(wǎng)絡(luò)
- 5.6 繼續(xù)配置計(jì)算節(jié)點(diǎn)
- 5.7 驗(yàn)證操作
- 6.啟動(dòng)一個(gè)實(shí)例
- 1)提供者網(wǎng)絡(luò)
- 2)創(chuàng)建m1.nano規(guī)格的主機(jī)
- 3)生成一個(gè)鍵值對(duì)
- 4)增加安全組規(guī)則
- 5)啟動(dòng)一個(gè)實(shí)例
- 7.dashboard可視化界面
- 7.1 安全并配置組件
- 7.2 驗(yàn)證操作
- 8 dashboard可視化界面添加私有網(wǎng)絡(luò)配置
- 8.1 控制節(jié)點(diǎn)->網(wǎng)絡(luò)選項(xiàng)2:私有網(wǎng)絡(luò)
- 8.2 計(jì)算節(jié)點(diǎn)網(wǎng)絡(luò)選項(xiàng)2:私有網(wǎng)絡(luò)
- 9.鏡像服務(wù)
- 9.1 安裝虛擬機(jī)
- 9.2 上傳鏡像
- 10.塊存儲(chǔ)服務(wù)
- 10.1 先決條件
- 10.2 安裝并配置控制節(jié)點(diǎn)
openstack簡(jiǎn)介
openstack云計(jì)算平臺(tái)官網(wǎng):https://docs.openstack.org/mitaka/zh_CN/install-guide-rdo/
- OpenStack就是一個(gè)云操作系統(tǒng),目的是簡(jiǎn)化云的部署過程,并為其帶來良好的可擴(kuò)展性。它控制整個(gè)數(shù)據(jù)中心的計(jì)算、存儲(chǔ)和網(wǎng)絡(luò)資源的大型池,所有這些都通過具有通用身份驗(yàn)證機(jī)制的api進(jìn)行管理和配置。
- 還提供了一個(gè)儀表板,允許管理員控制,同時(shí)允許用戶通過web界面提供資源
- 除了標(biāo)準(zhǔn)的基礎(chǔ)設(shè)施即服務(wù)功能外,其他組件還提供編排、故障管理和服務(wù)管理等服務(wù),以確保用戶應(yīng)用程序的高可用性。
- 整個(gè)OpenStack是由控制節(jié)點(diǎn),計(jì)算節(jié)點(diǎn),網(wǎng)絡(luò)節(jié)點(diǎn),存儲(chǔ)節(jié)點(diǎn)四大部分組成。計(jì)算服務(wù)、認(rèn)證服務(wù)、網(wǎng)絡(luò)服務(wù)、鏡像服務(wù)、塊存儲(chǔ)服務(wù)、對(duì)象存儲(chǔ)服務(wù)、計(jì)量服務(wù)、編排服務(wù)和數(shù)據(jù)庫(kù)服務(wù)。
- openstack重要集成組件:
<1> Horizon: UI服務(wù),用于管理Openstack各種服務(wù)的、基于web的管理(UI界面)接口通過圖形界面實(shí)現(xiàn)創(chuàng)建用戶、管理網(wǎng)絡(luò)、啟動(dòng)實(shí)例等操作.
<2>Keystone: 認(rèn)證服務(wù),為其他服務(wù)提供認(rèn)證和授權(quán)的集中身份管理服務(wù);
– 也提供了集中的目錄服務(wù);
– 支持多種身份認(rèn)證模式,如密碼認(rèn)證、令牌認(rèn)證、以及AWS(亞馬遜Web服務(wù))登陸;
– 為用戶和其他服務(wù)提供了SSO認(rèn)證服務(wù);
<3>Neutron: 一種軟件定義網(wǎng)絡(luò)服務(wù);
– 用于創(chuàng)建網(wǎng)絡(luò)、子網(wǎng)、路由器、管理浮動(dòng)IP地址;
– 可以實(shí)現(xiàn)虛擬交換機(jī)、虛擬路由器;
– 可用于在項(xiàng)目中創(chuàng)建VPN;
<4>Cinder: 塊存儲(chǔ)服務(wù)
– 為虛擬機(jī)管理存儲(chǔ)卷的服務(wù);
– 為運(yùn)行在Nova中的實(shí)例提供永久的塊存儲(chǔ);
– 可以通過快照進(jìn)行數(shù)據(jù)備份;
– 經(jīng)常應(yīng)用在實(shí)例存儲(chǔ)環(huán)境中,如數(shù)據(jù)庫(kù)文件;
<5>Glance: 鏡像服務(wù)
– 扮演虛擬機(jī)鏡像注冊(cè)的角色;
– 允許用戶為直接存儲(chǔ)拷貝服務(wù)器鏡像;
– 這些鏡像可以用于新建虛擬機(jī)的模板;
<6>Nova:計(jì)算服務(wù)
–在節(jié)點(diǎn)上用于管理虛擬機(jī)的服務(wù);
–Nova是一個(gè)分布式的服務(wù),能夠與Keystone交互實(shí)現(xiàn)認(rèn)證,與Glance交互實(shí)現(xiàn)鏡像管理;
–Nova被設(shè)計(jì)成在標(biāo)準(zhǔn)硬件上能夠進(jìn)行水平擴(kuò)展;
–啟動(dòng)實(shí)例時(shí),如果有則需要下載鏡像;
1 openstack環(huán)境部署
##新建一個(gè)快照server1,內(nèi)存4096,兩個(gè)虛擬網(wǎng)卡,4個(gè)CPU,模式是直通host-passthrough
##若添加的網(wǎng)卡不是eth1,就在server1中vim /boot/grub2/grubenv 添加net.ifnames=0
1.1主機(jī)網(wǎng)絡(luò)和解析
https://docs.openstack.org/mitaka/zh_CN/install-guide-rdo/environment-networking.html [root@server1 ~]# ip addr [root@server1 ~]# cd /etc/sysconfig/network-scripts/ [root@server1 network-scripts]# cp ifcfg-eth0 ifcfg-eth1 [root@server1 network-scripts]# vim ifcfg-eth1 [root@server1 network-scripts]# cat ifcfg-eth1 BOOTPROTO=none DEVICE=eth1 ONBOOT=yes [root@server1 network-scripts]# ifup eth1##啟動(dòng)eth1 [root@server1 network-scripts]# ip addr show eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 [root@server1 ~]# vim /etc/hosts 172.25.3.1 controller 172.25.3.2 compute1 172.25.3.3 block1 [root@server1 ~]# hostnamectl set-hostname controller [root@server1 ~]# logout##斷開重連server1 [root@zhenji images]# ssh 172.25.3.11.2網(wǎng)絡(luò)時(shí)間協(xié)議,所有的節(jié)點(diǎn)時(shí)間一直
宿主機(jī)(真機(jī))同步172.25.254.250,虛擬機(jī)(快照)同步宿主機(jī)(172.25.3.250)
若宿主機(jī)能聯(lián)網(wǎng),直接宿主機(jī)同步也行。所有節(jié)點(diǎn)與控制節(jié)點(diǎn)一致。
1.3OpenStack包
[root@zhenji ~]# cd /var/www/html/ [root@zhenji html]# ls##下載該目錄下rpm包 mitaka [root@zhenji html mitaka]# ls bootswatch-common-3.3.5.3-2.el7.noarch.rpm bootswatch-fonts-3.3.5.3-2.el7.noarch.rpm crudini-0.7-1.el7.noarch.rpm dibbler-client-1.0.1-0.RC1.2.el7.x86_64.rpm dnsmasq-utils-2.66-21.el7.x86_64.rpm erlang-asn1-18.3.4.4-2.el7.x86_64.rpm erlang-compiler-18.3.4.4-2.el7.x86_64.rpm erlang-crypto-18.3.4.4-2.el7.x86_64.rpm erlang-eldap-18.3.4.4-2.el7.x86_64.rpm erlang-erts-18.3.4.4-2.el7.x86_64.rpm erlang-hipe-18.3.4.4-2.el7.x86_64.rpm erlang-inets-18.3.4.4-2.el7.x86_64.rpm erlang-kernel-18.3.4.4-2.el7.x86_64.rpm erlang-mnesia-18.3.4.4-2.el7.x86_64.rpm erlang-os_mon-18.3.4.4-2.el7.x86_64.rpm erlang-otp_mibs-18.3.4.4-2.el7.x86_64.rpm erlang-public_key-18.3.4.4-2.el7.x86_64.rpm erlang-runtime_tools-18.3.4.4-2.el7.x86_64.rpm erlang-sasl-18.3.4.4-2.el7.x86_64.rpm erlang-sd_notify-0.1-9.el7.x86_64.rpm erlang-snmp-18.3.4.4-2.el7.x86_64.rpm erlang-ssl-18.3.4.4-2.el7.x86_64.rpm erlang-stdlib-18.3.4.4-2.el7.x86_64.rpm erlang-syntax_tools-18.3.4.4-2.el7.x86_64.rpm erlang-tools-18.3.4.4-2.el7.x86_64.rpm erlang-xmerl-18.3.4.4-2.el7.x86_64.rpm fontawesome-fonts-4.4.0-1.el7.noarch.rpm fontawesome-fonts-web-4.4.0-1.el7.noarch.rpm gperftools-libs-2.4-7.el7.i686.rpm gperftools-libs-2.4.91-1.el7.x86_64.rpm ipxe-roms-qemu-20160127-1.git6366fa7a.el7.noarch.rpm libimagequant-2.8.2-2.el7.x86_64.rpm libnetfilter_queue-1.0.2-2.el7.x86_64.rpm libxslt-python-1.1.28-5.el7.x86_64.rpm mariadb-10.1.20-1.el7.x86_64.rpm mariadb-common-10.1.20-1.el7.x86_64.rpm mariadb-config-10.1.20-1.el7.x86_64.rpm mariadb-errmsg-10.1.20-1.el7.x86_64.rpm mariadb-libs-10.1.20-1.el7.x86_64.rpm mariadb-server-10.1.20-1.el7.x86_64.rpm mdi-common-1.1.70.1-5.el7.noarch.rpm mdi-fonts-1.1.70.1-5.el7.noarch.rpm memcached-1.4.33-2.el7.x86_64.rpm novnc-0.5.1-2.el7.noarch.rpm openjpeg2-2.1.2-1.el7.x86_64.rpm openstack-cinder-8.1.0-1.el7.noarch.rpm openstack-dashboard-9.0.1-1.el7.noarch.rpm openstack-glance-12.0.0-1.el7.noarch.rpm openstack-keystone-9.2.0-1.el7.noarch.rpm openstack-neutron-8.3.0-1.el7.noarch.rpm openstack-neutron-common-8.3.0-1.el7.noarch.rpm openstack-neutron-linuxbridge-8.3.0-1.el7.noarch.rpm openstack-neutron-ml2-8.3.0-1.el7.noarch.rpm openstack-nova-api-13.1.2-1.el7.noarch.rpm openstack-nova-common-13.1.2-1.el7.noarch.rpm openstack-nova-compute-13.1.2-1.el7.noarch.rpm openstack-nova-conductor-13.1.2-1.el7.noarch.rpm openstack-nova-console-13.1.2-1.el7.noarch.rpm openstack-nova-novncproxy-13.1.2-1.el7.noarch.rpm openstack-nova-scheduler-13.1.2-1.el7.noarch.rpm openstack-selinux-0.7.13-2.el7.noarch.rpm openstack-utils-2016.1-1.el7.noarch.rpm pyOpenSSL-0.15.1-1.el7.noarch.rpm pyparsing-2.0.7-1.el7.noarch.rpm pysendfile-2.0.0-5.el7.x86_64.rpm python2-appdirs-1.4.0-4.el7.noarch.rpm python2-babel-2.3.4-1.el7.noarch.rpm python2-castellan-0.4.0-1.el7.noarch.rpm python2-cffi-1.5.2-1.el7.x86_64.rpm python2-cinderclient-1.6.0-2.el7.noarch.rpm python2-cryptography-1.2.1-3.el7.x86_64.rpm python2-debtcollector-1.3.0-1.el7.noarch.rpm python2-designateclient-2.1.0-1.el7.noarch.rpm python2-eventlet-0.17.4-4.el7.noarch.rpm python2-fasteners-0.14.1-6.el7.noarch.rpm python2-funcsigs-0.4-2.el7.noarch.rpm python2-futurist-0.13.0-1.el7.noarch.rpm python2-gflags-2.0-5.el7.noarch.rpm python2-glanceclient-2.0.1-2.el7.noarch.rpm python2-google-api-client-1.4.2-4.el7.noarch.rpm python2-greenlet-0.4.9-1.el7.x86_64.rpm python2-heatclient-1.1.0-2.el7.noarch.rpm python2-iso8601-0.1.11-1.el7.noarch.rpm python2-jsonpatch-1.14-1.el7.noarch.rpm python2-jsonpointer-1.10-4.el7.noarch.rpm python2-keystoneauth1-2.4.1-1.el7.noarch.rpm python2-mock-1.3.0-2.el7.noarch.rpm python2-neutronclient-4.1.2-1.el7.noarch.rpm python2-novaclient-3.3.2-1.el7.noarch.rpm python2-numpy-1.11.2-2.el7.x86_64.rpm python2-oauth2client-1.5.2-3.el7.1.noarch.rpm python2-olefile-0.44-1.el7.noarch.rpm python2-openstacksdk-0.8.3-1.el7.noarch.rpm python2-os-brick-1.1.0-1.el7.noarch.rpm python2-os-client-config-1.16.0-1.el7.noarch.rpm python2-oslo-cache-1.6.0-1.el7.noarch.rpm python2-oslo-concurrency-3.7.1-3.el7.noarch.rpm python2-oslo-config-3.9.0-1.el7.noarch.rpm python2-oslo-context-2.2.0-2.el7.noarch.rpm python2-oslo-db-4.7.1-1.el7.noarch.rpm python2-oslo-i18n-3.5.0-1.el7.noarch.rpm python2-oslo-log-3.3.0-1.el7.noarch.rpm python2-oslo-messaging-4.6.1-1.el7.noarch.rpm python2-oslo-middleware-3.8.0-1.el7.noarch.rpm python2-oslo-policy-1.6.0-1.el7.noarch.rpm python2-oslo-reports-1.7.0-1.el7.noarch.rpm python2-oslo-rootwrap-4.1.0-1.el7.noarch.rpm python2-oslo-serialization-2.4.0-2.el7.noarch.rpm python2-oslo-service-1.8.0-1.el7.noarch.rpm python2-oslo-utils-3.8.0-2.el7.noarch.rpm python2-oslo-versionedobjects-1.8.0-1.el7.noarch.rpm python2-oslo-vmware-2.5.0-1.el7.noarch.rpm python2-passlib-1.7.0-4.el7.noarch.rpm python2-pecan-1.0.2-2.el7.noarch.rpm python2-pika-0.10.0-3.el7.noarch.rpm python2-pika_pool-0.1.3-3.el7.noarch.rpm python2-pillow-4.0.0-1.el7.x86_64.rpm python2-positional-1.0.1-1.el7.noarch.rpm python2-psutil-5.0.1-2.el7.x86_64.rpm python2-pyasn1-0.1.9-6.el7.1.noarch.rpm python2-pyasn1-modules-0.1.9-6.el7.1.noarch.rpm python2-pycadf-2.2.0-1.el7.noarch.rpm python2-PyMySQL-0.7.9-2.el7.noarch.rpm python2-pysaml2-3.0.2-2.el7.noarch.rpm python2-pysocks-1.5.6-3.el7.noarch.rpm python2-rcssmin-1.0.6-2.el7.x86_64.rpm python2-requests-2.11.1-1.el7.noarch.rpm python2-requestsexceptions-1.1.3-1.el7.noarch.rpm python2-rfc3986-0.3.1-1.el7.noarch.rpm python2-rjsmin-1.0.12-2.el7.x86_64.rpm python2-rsa-3.3-2.el7.noarch.rpm python2-ryu-4.3-2.el7.noarch.rpm python2-saharaclient-0.14.1-1.el7.noarch.rpm python2-scipy-0.17.0-2.el7.x86_64.rpm python2-scss-1.3.4-6.el7.x86_64.rpm python2-setuptools-22.0.5-1.el7.noarch.rpm python2-singledispatch-3.4.0.3-4.el7.noarch.rpm python2-stevedore-1.12.0-2.el7.noarch.rpm python2-suds-0.7-0.4.94664ddd46a6.el7.noarch.rpm python2-swiftclient-3.0.0-3.el7.noarch.rpm python2-taskflow-1.30.0-3.el7.noarch.rpm python2-troveclient-2.1.2-2.el7.noarch.rpm python2-uri-templates-0.6-5.el7.noarch.rpm python2-urllib3-1.16-1.el7.noarch.rpm python2-wsme-0.8.0-1.el7.noarch.rpm python2-XStatic-1.0.1-8.el7.noarch.rpm python2-XStatic-bootswatch-3.3.5.3-2.el7.noarch.rpm python2-XStatic-mdi-1.1.70.1-5.el7.noarch.rpm python2-XStatic-roboto-fontface-0.4.3.2-8.el7.noarch.rpm python2-zake-0.2.2-2.el7.noarch.rpm python-alembic-0.8.7-1.el7.noarch.rpm python-amqp-1.4.6-1.el7.noarch.rpm python-anyjson-0.3.3-3.el7.noarch.rpm python-automaton-1.2.0-1.el7.noarch.rpm python-beautifulsoup4-4.4.1-3.el7.noarch.rpm python-boto-2.34.0-4.el7.noarch.rpm python-cachetools-1.0.3-2.el7.noarch.rpm python-ceilometerclient-2.4.0-1.el7.noarch.rpm python-cheetah-2.4.4-4.el7.x86_64.rpm python-cinder-8.1.0-1.el7.noarch.rpm python-cliff-2.0.0-1.el7.noarch.rpm python-cliff-tablib-1.1-3.el7.noarch.rpm python-cmd2-0.6.8-8.el7.noarch.rpm python-contextlib2-0.4.0-1.el7.noarch.rpm python-crypto-2.6.1-1.el7.x86_64.rpm python-dateutil-2.4.2-1.el7.noarch.rpm python-django-1.8.14-1.el7.noarch.rpm python-django-appconf-1.0.1-4.el7.noarch.rpm python-django-bash-completion-1.8.14-1.el7.noarch.rpm python-django-compressor-2.0-1.el7.noarch.rpm python-django-horizon-9.0.1-1.el7.noarch.rpm python-django-openstack-auth-2.2.1-1.el7.noarch.rpm python-django-pyscss-2.0.2-1.el7.noarch.rpm python-dogpile-cache-0.5.7-3.el7.noarch.rpm python-dogpile-core-0.4.1-2.el7.noarch.rpm python-ecdsa-0.11-3.el7.noarch.rpm python-editor-0.4-4.el7.noarch.rpm python-extras-0.0.3-2.el7.noarch.rpm python-fixtures-3.0.0-2.el7.noarch.rpm python-futures-3.0.3-1.el7.noarch.rpm python-glance-12.0.0-1.el7.noarch.rpm python-glance-store-0.13.1-1.el7.noarch.rpm python-html5lib-0.999-5.el7.noarch.rpm python-httplib2-0.9.2-1.el7.noarch.rpm python-idna-2.0-1.el7.noarch.rpm python-ipaddress-1.0.16-3.el7.noarch.rpm python-jsonschema-2.3.0-1.el7.noarch.rpm python-kazoo-2.2.1-1.el7.noarch.rpm python-keyring-5.7.1-1.el7.noarch.rpm python-keystone-9.2.0-1.el7.noarch.rpm python-keystoneclient-2.3.1-2.el7.noarch.rpm python-keystonemiddleware-4.4.1-1.el7.noarch.rpm python-kombu-3.0.32-1.el7.noarch.rpm python-ldappool-1.0-4.el7.noarch.rpm python-lesscpy-0.9j-4.el7.noarch.rpm python-linecache2-1.0.0-1.el7.noarch.rpm python-lockfile-0.9.1-4.el7.noarch.rpm python-logutils-0.3.3-3.el7.noarch.rpm python-markdown-2.4.1-1.el7.noarch.rpm python-memcached-1.54-3.el7.noarch.rpm python-migrate-0.10.0-1.el7.noarch.rpm python-mimeparse-0.1.4-1.el7.noarch.rpm python-monotonic-0.6-1.el7.noarch.rpm python-msgpack-0.4.6-3.el7.x86_64.rpm python-ncclient-0.4.2-2.el7.noarch.rpm python-netaddr-0.7.18-1.el7.noarch.rpm python-netifaces-0.10.4-1.el7.x86_64.rpm python-networkx-1.10-1.el7.noarch.rpm python-networkx-core-1.10-1.el7.noarch.rpm python-neutron-8.3.0-1.el7.noarch.rpm python-neutron-lib-0.0.3-1.el7.noarch.rpm python-nose-1.3.7-7.el7.noarch.rpm python-nova-13.1.2-1.el7.noarch.rpm python-oauthlib-0.7.2-5.20150520git514cad7.el7.noarch.rpm python-openstackclient-2.3.0-1.el7.noarch.rpm python-osprofiler-1.2.0-1.el7.noarch.rpm python-paramiko-1.15.1-1.el7.noarch.rpm python-paste-deploy-1.5.2-6.el7.noarch.rpm python-pathlib-1.0.1-1.el7.noarch.rpm python-pbr-1.8.1-2.el7.noarch.rpm python-pint-0.6-2.el7.noarch.rpm python-posix_ipc-0.9.8-1.el7.x86_64.rpm python-prettytable-0.7.2-1.el7.noarch.rpm python-pycadf-common-2.2.0-1.el7.noarch.rpm python-pygments-2.0.2-4.el7.noarch.rpm python-repoze-lru-0.4-3.el7.noarch.rpm python-repoze-who-2.1-1.el7.noarch.rpm python-retrying-1.2.3-4.el7.noarch.rpm python-routes-1.13-2.el7.noarch.rpm python-ryu-common-4.3-2.el7.noarch.rpm python-semantic_version-2.4.2-1.el7.noarch.rpm python-simplegeneric-0.8-7.el7.noarch.rpm python-simplejson-3.5.3-5.el7.x86_64.rpm python-six-1.10.0-3.el7.noarch.rpm python-sqlalchemy-1.0.11-1.el7.x86_64.rpm python-sqlparse-0.1.18-5.el7.noarch.rpm python-tablib-0.10.0-1.el7.noarch.rpm python-tempita-0.5.1-8.el7.noarch.rpm python-testtools-1.8.0-2.el7.noarch.rpm python-tooz-1.34.0-1.el7.noarch.rpm python-traceback2-1.4.0-2.el7.noarch.rpm python-unicodecsv-0.14.1-1.el7.noarch.rpm python-unittest2-1.0.1-1.el7.noarch.rpm python-versiontools-1.9.1-4.el7.noarch.rpm python-voluptuous-0.8.9-1.el7.noarch.rpm python-waitress-0.8.9-5.el7.noarch.rpm python-warlock-1.0.1-1.el7.noarch.rpm python-webob-1.4.1-2.el7.noarch.rpm python-websockify-0.8.0-1.el7.noarch.rpm python-webtest-2.0.23-1.el7.noarch.rpm python-wrapt-1.10.8-2.el7.x86_64.rpm python-XStatic-Angular-1.3.7.0-4.el7.noarch.rpm python-XStatic-Angular-Bootstrap-0.11.0.2-1.el7.noarch.rpm python-XStatic-Angular-Gettext-2.1.0.2-1.el7.noarch.rpm python-XStatic-Angular-lrdragndrop-1.0.2.2-2.el7.noarch.rpm python-XStatic-Angular-Mock-1.2.1.1-2.el7.noarch.rpm python-XStatic-Bootstrap-Datepicker-1.3.1.0-1.el7.noarch.rpm python-XStatic-Bootstrap-SCSS-3.2.0.0-1.el7.noarch.rpm python-XStatic-D3-3.1.6.2-2.el7.noarch.rpm python-XStatic-Font-Awesome-4.3.0.0-1.el7.noarch.rpm python-XStatic-Hogan-2.0.0.2-2.el7.noarch.rpm python-XStatic-Jasmine-1.3.1.1-2.el7.noarch.rpm python-XStatic-jQuery-1.10.2.1-1.el7.noarch.rpm python-XStatic-JQuery-Migrate-1.2.1.1-2.el7.noarch.rpm python-XStatic-JQuery-quicksearch-2.0.3.1-2.el7.noarch.rpm python-XStatic-JQuery-TableSorter-2.14.5.1-2.el7.noarch.rpm python-XStatic-jquery-ui-1.10.4.1-1.el7.noarch.rpm python-XStatic-JSEncrypt-2.0.0.2-2.el7.noarch.rpm python-XStatic-Magic-Search-0.2.0.1-2.el7.noarch.rpm python-XStatic-QUnit-1.14.0.2-2.el7.noarch.rpm python-XStatic-Rickshaw-1.5.0.0-4.el7.noarch.rpm python-XStatic-smart-table-1.4.5.3-5.el7.1.noarch.rpm python-XStatic-Spin-1.2.5.2-2.el7.noarch.rpm python-XStatic-termjs-0.0.4.2-2.el7.noarch.rpm python-zope-interface-4.0.5-4.el7.x86_64.rpm rabbitmq-server-3.6.5-1.el7.noarch.rpm repodata roboto-fontface-common-0.4.3.2-8.el7.noarch.rpm roboto-fontface-fonts-0.4.3.2-8.el7.noarch.rpm web-assets-filesystem-5-1.el7.noarch.rpm[root@controller ~]# vim /etc/yum.repos.d/openstack.repo [root@controller ~]# cat /etc/yum.repos.d/openstack.repo [openstack] name=mitaka baseurl=http://172.25.3.250/mitaka gpgcheck=0[root@controller ~]# yum repolist [root@controller ~]# yum upgrade [root@controller ~]# yum install python-openstackclient -y1.4 SQL數(shù)據(jù)庫(kù)
大多數(shù) OpenStack 服務(wù)使用 SQL 數(shù)據(jù)庫(kù)來存儲(chǔ)信息。 典型地,數(shù)據(jù)庫(kù)運(yùn)行在控制節(jié)點(diǎn)上。
[root@controller ~]# yum install mariadb mariadb-server python2-PyMySQL -y [root@controller ~]# vim /etc/my.cnf.d/openstack.cnf [root@controller ~]# cat /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 172.25.3.1 default-storage-engine = innodb##默認(rèn)引擎 innodb_file_per_table max_connections = 4096##最大連接數(shù) collation-server = utf8_general_ci character-set-server = utf8 [root@controller ~]# systemctl enable --now mariadb.service [root@controller ~]# mysql_secure_installation ##數(shù)據(jù)庫(kù)安全初始化,密碼之后都是y 包含選項(xiàng): 提示輸入密碼,沒有密碼就直接回車 提示設(shè)置root user密碼 Y 生產(chǎn)環(huán)境建議刪除系統(tǒng)創(chuàng)建的匿名用戶 Y 禁止root用戶遠(yuǎn)程登錄 Y 刪除test數(shù)據(jù)庫(kù) Y 重載權(quán)限表 Y1.5 消息隊(duì)列
OpenStack 使用 message queue 協(xié)調(diào)操作和各服務(wù)的狀態(tài)信息。消息隊(duì)列服務(wù)一般運(yùn)行在控制節(jié)點(diǎn)上。
[root@controller ~]# yum install rabbitmq-server -y [root@controller ~]# systemctl enable --now rabbitmq-server.service ##添加 openstack 用戶,用戶和密碼都是openstack [root@controller ~]# rabbitmqctl add_user openstack openstack ##給``openstack``用戶配置寫和讀權(quán)限 [root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*" [root@controller ~]# rabbitmq-plugins enable rabbitmq_management [root@controller ~]# netstat -antlp tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN網(wǎng)頁訪問http://172.25.3.1:15672,用戶和密碼是guest
[root@controller ~]# rabbitmqctl --help [root@controller ~]# rabbitmqctl list_users [root@controller ~]# rabbitmqctl list_user_permissions openstack Listing permissions for user "openstack" ... / .* .* .* [root@controller ~]# rabbitmqctl authenticate_user openstack openstack1.6 memcached
認(rèn)證服務(wù)認(rèn)證緩存使用Memcached緩存令牌
[root@controller ~]# yum install memcached python-memcached -y [root@controller ~]# vim /etc/sysconfig/memcached #OPTIONS="-l 127.0.0.1,::1"##注釋監(jiān)聽本機(jī),就可以監(jiān)聽所有端口 [root@controller ~]# systemctl enable --now memcached.service [root@controller ~]# netstat -antlp|grep :11211 tcp 0 0 0.0.0.0:11211 0.0.0.0:* LISTEN 17596/memcached tcp6 0 0 :::11211 :::* LISTEN 17596/memcached2.認(rèn)證服務(wù)
2.1 安裝和配置
1)先決條件
##創(chuàng)建一個(gè)數(shù)據(jù)庫(kù)
[root@controller ~]# mysql -u root -pwestos MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \-> IDENTIFIED BY 'keystone'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \-> IDENTIFIED BY 'keystone';###生成一個(gè)隨機(jī)值在初始的配置中作為管理員的令牌token
[root@controller ~]# openssl rand -hex 10 0c933701b5bf4cbc08f12)安全并配置組件
[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y [root@controller ~]# grep -v ^# /etc/keystone/keystone.conf |uniq [root@controller ~]# vim /etc/keystone/keystone.conf ##定義初始管理令牌的值 [DEFAULT] admin_token = 0c933701b5bf4cbc08f1 ##配置數(shù)據(jù)庫(kù)訪問 [database] connection = mysql+pymysql://keystone:keystone@controller/keystone ##配置Fernet UUID令牌的提供者 [token] provider = fernet##初始化身份認(rèn)證服務(wù)的數(shù)據(jù)庫(kù) [root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone##這里的keystone是系統(tǒng)用戶,還有一個(gè)mysql用戶keystone [root@controller ~]# id keystone uid=163(keystone) gid=163(keystone) groups=163(keystone)[root@controller ~]# mysql -pwestos MariaDB [(none)]> use keystone MariaDB [keystone]> show tables;##初始化Fernet keys [root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone [root@controller ~]# cd /etc/keystone/ [root@controller keystone]# ll drwx------ 2 keystone keystone 24 May 1 11:36 fernet-keys3)配置 Apache HTTP 服務(wù)器
[root@controller ~]# vim /etc/httpd/conf/httpd.conf ServerName controller [root@controller ~]# vim /etc/httpd/conf.d/wsgi-keystone.conf [root@controller ~]# cat /etc/httpd/conf.d/wsgi-keystone.conf Listen 5000##普通用戶 Listen 35357##admin<VirtualHost *:5000>WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}WSGIProcessGroup keystone-publicWSGIScriptAlias / /usr/bin/keystone-wsgi-publicWSGIApplicationGroup %{GLOBAL}WSGIPassAuthorization OnErrorLogFormat "%{cu}t %M"ErrorLog /var/log/httpd/keystone-error.logCustomLog /var/log/httpd/keystone-access.log combined<Directory /usr/bin>Require all granted</Directory> </VirtualHost><VirtualHost *:35357>WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}WSGIProcessGroup keystone-adminWSGIScriptAlias / /usr/bin/keystone-wsgi-adminWSGIApplicationGroup %{GLOBAL}WSGIPassAuthorization OnErrorLogFormat "%{cu}t %M"ErrorLog /var/log/httpd/keystone-error.logCustomLog /var/log/httpd/keystone-access.log combined<Directory /usr/bin>Require all granted</Directory> </VirtualHost>[root@controller ~]# systemctl enable --now httpd.service [root@controller ~]# netstat -antlp tcp6 0 0 :::35357 :::* LISTEN 17916/httpd2.2 創(chuàng)建服務(wù)實(shí)體和API端點(diǎn)
身份認(rèn)證服務(wù)提供服務(wù)的目錄和他們的位置。每個(gè)你添加到OpenStack環(huán)境中的服務(wù)在目錄中需要一個(gè) service 實(shí)體和一些 API endpoints 。
###api端點(diǎn)的連接:外部public、內(nèi)部internal、管理員admin
2.3 創(chuàng)建域、項(xiàng)目、用戶和角色
##創(chuàng)建域``default` [root@controller ~]# openstack domain create --description "Default Domain" default ##創(chuàng)建 admin 項(xiàng)目 [root@controller ~]# openstack project create --domain default \ > --description "Admin Project" admin ##創(chuàng)建 admin 用戶 [root@controller ~]# openstack user create --domain default --password admin admin ##創(chuàng)建 admin 角色 [root@controller ~]# openstack role create admin ##添加``admin`` 角色到 admin 項(xiàng)目和用戶上 [root@controller ~]# openstack role add --project admin --user admin admin##創(chuàng)建``service``項(xiàng)目: [root@controller ~]# openstack project create --domain default \ > --description "Service Project" service #創(chuàng)建``demo`` 項(xiàng)目 [root@controller ~]# openstack project create --domain default \ > --description "Demo Project" demo [root@controller ~]# openstack user create --domain default --password demo demo[root@controller ~]# openstack role create user [root@controller ~]# openstack role add --project demo --user demo user2.3 驗(yàn)證操作
[root@controller ~]# unset OS_TOKEN OS_URL [root@controller ~]# openstack --os-auth-url http://controller:35357/v3 \ > --os-project-domain-name default --os-user-domain-name default \ > --os-project-name admin --os-username admin token issue Password: admin [root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \ > --os-project-domain-name default --os-user-domain-name default \ > --os-project-name demo --os-username demo token issue Password: demo2.4 創(chuàng)建 OpenStack 客戶端環(huán)境腳本
[root@controller ~]# vim admin-openrc [root@controller ~]# cat admin-openrc export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=admin export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2[root@controller ~]# vim demo-openrc [root@controller ~]# cat demo-openrc export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=demo export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2[root@controller ~]# source admin-openrc [root@controller ~]# openstack user list +----------------------------------+-------+ | ID | Name | +----------------------------------+-------+ | 40f72c8ca6e849d18dc4ea61f4caff03 | demo | | 909c05b0de4e47f48edf41b547dc1058 | admin | +----------------------------------+-------+ [root@controller ~]# openstack project list +----------------------------------+---------+ | ID | Name | +----------------------------------+---------+ | 3bcddbdc48bc4de5889a9b3385e886f1 | admin | | 632e549039cc4a5d9bb68eca19807845 | service | | 7279bbbaa2cc482f8b02e879b1ffe378 | demo | +----------------------------------+---------+ [root@controller ~]# source demo-openrc##沒權(quán)限 [root@controller ~]# openstack user list You are not authorized to perform the requested action: identity:list_users (HTTP 403) (Request-ID: req-f4c91ca1-afa1-4392-a1c6-bb7db0e3467e) [root@controller ~]# openstack project list You are not authorized to perform the requested action: identity:list_projects (HTTP 403) (Request-ID: req-c0b9b96e-d430-4ea6-8701-178a7dda995c) [root@controller ~]# source admin-openrc3 鏡像服務(wù)
3.1 安裝和配置
創(chuàng)建 glance 數(shù)據(jù)庫(kù),對(duì)``glance``數(shù)據(jù)庫(kù)授予恰當(dāng)?shù)臋?quán)限 [root@controller ~]# mysql -pwestos MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \-> IDENTIFIED BY 'glance'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';創(chuàng)建 glance 用戶 [root@controller ~]# openstack user create --domain default --password glance glance 添加 admin 角色到 glance 用戶和 service 項(xiàng)目上 [root@controller ~]# openstack role add --project service --user glance admin [root@controller ~]# openstack service create --name glance \ > --description "OpenStack Image" image #創(chuàng)建鏡像服務(wù)的 API 端點(diǎn) [root@controller ~]# openstack endpoint create --region RegionOne \ > image public http://controller:9292 [root@controller ~]# openstack endpoint create --region RegionOne \ > image internal http://controller:9292 [root@controller ~]# openstack endpoint create --region RegionOne \ > image admin http://controller:92923.2 安全并配置組件
[root@controller ~]# yum install openstack-glance -y [root@controller ~]# vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:glance@controller/glance[keystone_authtoken] uth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = glance[paste_deploy] flavor = keystone[glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/[root@controller ~]# vim /etc/glance/glance-registry.conf [database] connection = mysql+pymysql://glance:glance@controller/glance[keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = glance[paste_deploy] flavor = keystone[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance [root@controller ~]# systemctl enable --now openstack-glance-api.service openstack-glance-registry.service3.3 驗(yàn)證操作
[root@controller ~]# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img [root@controller ~]# ls##下載鏡像 cirros-0.4.0-x86_64-disk.img ##使用 QCOW2 磁盤格式, bare 容器格式上傳鏡像到鏡像服務(wù)并設(shè)置公共可見,這樣所有的項(xiàng)目都可以訪問它 [root@controller ~]# openstack image create "cirros" \ > --file cirros-0.4.0-x86_64-disk.img \ > --disk-format qcow2 --container-format bare \ > --public[root@controller ~]# openstack image list +--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | b6822af6-9d93-44e9-99a2-a19017f3ad20 | cirros | active | +--------------------------------------+--------+--------+ [root@controller ~]# ls /var/lib/glance/images/ b6822af6-9d93-44e9-99a2-a19017f3ad204.計(jì)算服務(wù)nova
4.1 安裝并配置控制節(jié)點(diǎn)
[root@controller ~]# mysql -pwestos MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova'; [root@controller ~]# openstack user create --domain default --password nova nova[root@controller ~]# openstack role add --project service --user nova admin ##創(chuàng)建 nova 服務(wù)實(shí)體 [root@controller ~]# openstack service create --name nova --description "OpenStack Compute" compute##創(chuàng)建 Compute 服務(wù) API 端點(diǎn) 3個(gè) [root@controller ~]# openstack endpoint create --region RegionOne \ > compute public http://controller:8774/v2.1/%\(tenant_id\)s [root@controller ~]# openstack endpoint create --region RegionOne \ > compute internal http://controller:8774/v2.1/%\(tenant_id\)s [root@controller ~]# openstack endpoint create --region RegionOne \ > compute admin http://controller:8774/v2.1/%\(tenant_id\)s###安全并配置組件
[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor \ > openstack-nova-console openstack-nova-novncproxy \ > openstack-nova-scheduler -y[root@controller ~]# vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata rpc_backend = rabbit auth_strategy = keystone my_ip = 172.25.3.1 use_neutron = True firewall_driver = nova.virt.firewall.NoopFirewallDriver[api_database] connection = mysql+pymysql://nova:nova@controller/nova_api[database] connection = mysql+pymysql://nova:nova@controller/nova[oslo_messaging_rabbit] rabbit_host = controller rabbit_userid = openstack rabbit_password = openstack[keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = nova password = nova[vnc] vncserver_listen = $my_ip vncserver_proxyclient_address = $my_ip[glance] api_servers = http://controller:9292[oslo_concurrency] lock_path = /var/lib/nova/tmp[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova [root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova [root@controller ~]# systemctl enable openstack-nova-api.service \ > openstack-nova-consoleauth.service openstack-nova-scheduler.service \ > openstack-nova-conductor.service openstack-nova-novncproxy.service [root@controller ~]# systemctl start openstack-nova-api.service \ > openstack-nova-consoleauth.service openstack-nova-scheduler.service \ > openstack-nova-conductor.service openstack-nova-novncproxy.service4.2 安裝并配置計(jì)算節(jié)點(diǎn)
###新建一個(gè)快照server2,內(nèi)存2048,兩個(gè)虛擬網(wǎng)卡,2個(gè)CPU,模式是直通host-passthrough
1)計(jì)算節(jié)點(diǎn)server2環(huán)境部署
%%%網(wǎng)絡(luò)
[root@server2 ~]# ip addr
[root@server2 ~]# cd /etc/sysconfig/network-scripts/
[root@server2 network-scripts]# cp ifcfg-eth0 ifcfg-eth1
[root@server2 network-scripts]# vim ifcfg-eth1
[root@server2 network-scripts]# cat ifcfg-eth1
BOOTPROTO=none
DEVICE=eth1
ONBOOT=yes
[root@server2 network-scripts]# ifup eth1##啟動(dòng)eth1
[root@server2 network-scripts]# ip addr show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
[root@compute1 ~]# hosnamectl set-hostname compute1
%%%解析
[root@compute1 ~]# vim /etc/hosts
172.25.3.1 controller
172.25.3.2 compute1
172.25.3.3 block1
%%%%時(shí)間同步
[root@compute1 ~]# yum install -y chrony
[root@controller ~]# vim /etc/chrony.conf
##第三行添加
server 172.25.3.250 iburst
[root@compute1 ~]# systemctl enable --now chronyd
[root@controller ~]# scp /etc/yum.repos.d/openstack.repo compute1:/etc/yum.repos.d/openstack.repo
2)安裝和配置計(jì)算節(jié)點(diǎn)
[root@compute1 ~]# yum install openstack-nova-compute -y [root@compute1 ~]# vim /etc/nova/nova.conf [DEFAULT] rpc_backend = rabbit auth_strategy = keystone my_ip = 172.25.3.2 use_neutron = True firewall_driver = nova.virt.firewall.NoopFirewallDriver[oslo_messaging_rabbit] rabbit_host = controller rabbit_userid = openstack rabbit_password = openstack[keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = nova password = nova[vnc] enabled = True vncserver_listen = 0.0.0.0 vncserver_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html[glance] api_servers = http://controller:9292[oslo_concurrency] lock_path = /var/lib/nova/tmp3)驗(yàn)證操作
[root@compute1 ~]# egrep -c '(vmx|svm)' /proc/cpuinfo 2 [root@compute1 ~]# systemctl enable --now libvirtd.service openstack-nova-compute.service [root@controller ~]# openstack compute service list##都是up5.Networking 服務(wù)
5.1 安裝并配置控制節(jié)點(diǎn)
[root@controller ~]# mysql -pwestos MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';[root@controller ~]# openstack user create --domain default --password neutron neutron [root@controller ~]# openstack role add --project service --user neutron admin[root@controller ~]# openstack service create --name neutron \ > --description "OpenStack Networking" network##創(chuàng)建網(wǎng)絡(luò)服務(wù)API端點(diǎn) [root@controller ~]# openstack endpoint create --region RegionOne \ > network public http://controller:9696 [root@controller ~]# openstack endpoint create --region RegionOne \ > network internal http://controller:9696 [root@controller ~]# openstack endpoint create --region RegionOne \ > network admin http://controller:96965.2 網(wǎng)絡(luò)選項(xiàng)1:公共網(wǎng)絡(luò)
[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 \ > openstack-neutron-linuxbridge ebtables -y %配置服務(wù)組件 [root@controller ~]# vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:neutron@controller/neutron[DEFAULT] core_plugin = ml2 service_plugins = rpc_backend = rabbit auth_strategy = keystone notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True[oslo_messaging_rabbit] rabbit_host = controller rabbit_userid = openstack rabbit_password = openstack[keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = neutron[nova] auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = nova[oslo_concurrency] lock_path = /var/lib/neutron/tmp%配置 Modular Layer 2 (ML2) 插件
[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan tenant_network_types = mechanism_drivers = linuxbridge extension_drivers = port_security[ml2_type_flat] flat_networks = provider[securitygroup] enable_ipset = True%配置Linuxbridge代理[root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:eth1[vxlan] enable_vxlan = False[securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver%配置DHCP代理 [root@controller ~]# vim /etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = True5.3 繼續(xù)配置控制節(jié)點(diǎn)
%配置元數(shù)據(jù)代理
[root@controller ~]# vim /etc/neutron/metadata_agent.ini [DEFAULT] nova_metadata_ip = controller metadata_proxy_shared_secret = westos%為計(jì)算節(jié)點(diǎn)配置網(wǎng)絡(luò)服務(wù)
[root@controller ~]# vim /etc/nova/nova.conf [neutron] url = http://controller:9696 auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = neutronservice_metadata_proxy = True metadata_proxy_shared_secret = westos[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini 同步數(shù)據(jù)庫(kù) [root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron[root@controller ~]# systemctl restart openstack-nova-api.service [root@controller ~]# systemctl enable --now neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service5.4 安裝和配置計(jì)算節(jié)點(diǎn)
[root@compute1 ~]# yum install openstack-neutron-linuxbridge ebtables ipset -y%配置通用組件 [root@compute1 ~]# vim /etc/neutron/neutron.conf [DEFAULT] rpc_backend = rabbit auth_strategy = keystone[oslo_messaging_rabbit] rabbit_host = controller rabbit_userid = openstack rabbit_password = openstack[keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = neutron[oslo_concurrency] lock_path = /var/lib/neutron/tmp5.5 網(wǎng)絡(luò)選項(xiàng)1:公共網(wǎng)絡(luò)
%配置Linuxbridge代理
[root@compute1 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:eth1[vxlan] enable_vxlan = False[securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver5.6 繼續(xù)配置計(jì)算節(jié)點(diǎn)
%為計(jì)算節(jié)點(diǎn)配置網(wǎng)絡(luò)服務(wù)
[root@compute1 ~]# vim /etc/nova/nova.conf [neutron] url = http://controller:9696 auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = neutron[root@compute1 ~]# systemctl restart openstack-nova-compute.service [root@compute1 ~]# systemctl enable --now neutron-linuxbridge-agent.service5.7 驗(yàn)證操作
[root@controller ~]# neutron agent-list輸出結(jié)果應(yīng)該包括控制節(jié)點(diǎn)上的三個(gè)代理和每個(gè)計(jì)算節(jié)點(diǎn)上的一個(gè)代理
6.啟動(dòng)一個(gè)實(shí)例
1)提供者網(wǎng)絡(luò)
%創(chuàng)建提供者網(wǎng)絡(luò)
[root@controller ~]# neutron net-create --shared --provider:physical_network provider \ > --provider:network_type flat provider [root@controller ~]# neutron subnet-create --name provider --allocation-pool start=172.25.3.100,end=172.25.3.200 --dns-nameserver 114.114.114.114 --gateway 172.25.3.250 provider 172.25.3.0/24下面繼續(xù)啟動(dòng)一個(gè)實(shí)例
2)創(chuàng)建m1.nano規(guī)格的主機(jī)
[root@controller ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano [root@controller ~]# openstack flavor list +----+-----------+-------+------+-----------+-------+-----------+ | ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public | +----+-----------+-------+------+-----------+-------+-----------+ | 0 | m1.nano | 64 | 1 | 0 | 1 | True | | 1 | m1.tiny | 512 | 1 | 0 | 1 | True | | 2 | m1.small | 2048 | 20 | 0 | 1 | True | | 3 | m1.medium | 4096 | 40 | 0 | 2 | True | | 4 | m1.large | 8192 | 80 | 0 | 4 | True | | 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True | +----+-----------+-------+------+-----------+-------+-----------+3)生成一個(gè)鍵值對(duì)
[root@controller ~]# source demo-openrc [root@controller ~]# ssh-keygen -q -N "" [root@controller ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey## [root@controller ~]# openstack keypair list4)增加安全組規(guī)則
[root@controller ~]# openstack security group rule create --proto icmp default [root@controller ~]# openstack security group rule create --proto tcp --dst-port 22 default5)啟動(dòng)一個(gè)實(shí)例
[root@controller ~]# openstack image list +--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | b6822af6-9d93-44e9-99a2-a19017f3ad20 | cirros | active | +--------------------------------------+--------+--------+ [root@controller ~]# openstack network list +-------------------------------------+----------+--------------------------------------+ | ID | Name | Subnets | +-------------------------------------+----------+--------------------------------------+ | 3d677349-45f9-4509-a307-8477dd630d8 | provider | 0405e3ce-700f-4fe4-9606-e70aeea2a6ac | | 1 | | | +-------------------------------------+----------+--------------------------------------+ [root@controller ~]# openstack security group list +-------------------------+---------+------------------------+-------------------------+ | ID | Name | Description | Project | +-------------------------+---------+------------------------+-------------------------+ | eca05701-794e- | default | Default security group | 7279bbbaa2cc482f8b02e87 | | 41d6-bb65-fa062e1272d8 | | | 9b1ffe378 | +-------------------------+---------+------------------------+-------------------------+ [root@controller ~]# openstack server create --flavor m1.tiny --image cirros --nic net-id=3d677349-45f9-4509-a307-8477dd630d81 --security-group default --key-name mykey provider-instance檢查實(shí)例的狀態(tài) [root@controller ~]# openstack server list [root@controller ~]# openstack console url show provider-instance +-------+---------------------------------------------------------------------------------+ | Field | Value | +-------+---------------------------------------------------------------------------------+ | type | novnc | | url | http://controller:6080/vnc_auto.html?token=cbc719a4-5ea9-4502-b7c9-b9fbe2549f71 | +-------+---------------------------------------------------------------------------------+[root@zhenji ~]# vim /etc/hosts 172.25.3.1 controller網(wǎng)頁訪問http://controller:6080/vnc_auto.html?token=cbc719a4-5ea9-4502-b7c9-b9fbe2549f71
##虛擬機(jī)界面,用戶cirros,密碼gocubsgo
此時(shí)云主機(jī)框架部署成功
7.dashboard可視化界面
7.1 安全并配置組件
[root@controller ~]# yum install openstack-dashboard -y [root@controller ~]# vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = "controller" OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"ALLOWED_HOSTS = ['*', ]#CACHES = { # 'default': { # 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache', # }, #} SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = {'default': {'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache','LOCATION': 'controller:11211',} }OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True#OPENSTACK_API_VERSIONS = { # "data-processing": 1.1, # "identity": 3, # "volume": 2, # "compute": 2, #} OPENSTACK_API_VERSIONS = {"identity": 3,"image": 2,"volume": 2, }OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'default'OPENSTACK_NEUTRON_NETWORK = {'enable_router': False,'enable_quotas': False,'enable_ipv6': False,'enable_distributed_router': False,'enable_ha_router': False,'enable_lb': False,'enable_firewall': False,'enable_vpn': False,'enable_fip_topology_check': False,TIME_ZONE = "Asia/Shanghai"[root@controller ~]# systemctl restart httpd.service memcached.service7.2 驗(yàn)證操作
網(wǎng)頁訪問http://controller/dashboard
網(wǎng)頁操作:刪除、創(chuàng)建云主機(jī)步驟
- 1)Domain(域):default;user:demo;passwd:demo普通用戶登陸,先刪除云主機(jī)
- 2)設(shè)置中文
- 3)Domain(域):default;user:demo;passwd:demo,普通用戶登陸,先刪除云主機(jī)
- 4)Domain(域):default;user:admin;passwd:admin管理員登陸,刪除子網(wǎng),再刪除網(wǎng)絡(luò)
- 5)管理員登陸,創(chuàng)建網(wǎng)絡(luò),創(chuàng)建子網(wǎng)
- 6)普通用戶登陸創(chuàng)建云主機(jī)
8 dashboard可視化界面添加私有網(wǎng)絡(luò)配置
8.1 控制節(jié)點(diǎn)->網(wǎng)絡(luò)選項(xiàng)2:私有網(wǎng)絡(luò)
%配置服務(wù)組件
[root@controller ~]# vim /etc/neutron/neutron.conf [DEFAULT] service_plugins = router allow_overlapping_ips = True%配置 Modular Layer 2 (ML2) 插件
ML2插件使用Linuxbridge機(jī)制來為實(shí)例創(chuàng)建layer-2虛擬網(wǎng)絡(luò)基礎(chǔ)設(shè)施
%配置Linuxbridge代理
Linuxbridge代理為實(shí)例建立layer-2虛擬網(wǎng)絡(luò)并且處理安全組規(guī)則
%配置layer-3代理
##Layer-3代理為私有虛擬網(wǎng)絡(luò)提供路由和NAT服務(wù)
8.2 計(jì)算節(jié)點(diǎn)網(wǎng)絡(luò)選項(xiàng)2:私有網(wǎng)絡(luò)
%配置Linuxbridge代理
[root@compute1 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [vxlan] enable_vxlan = True local_ip = 172.25.3.2 l2_population = True[root@compute1 ~]# systemctl restart neutron-linuxbridge-agent.service [root@controller ~]# vim /etc/openstack-dashboard/local_settings OPENSTACK_NEUTRON_NETWORK = {'enable_router': True,'enable_quotas': True,'enable_ipv6': True,'enable_distributed_router': True,'enable_ha_router': True,'enable_lb': True,'enable_firewall': True,'enable_vpn': True,'enable_fip_topology_check': True,[root@controller ~]# systemctl restart httpd memcached網(wǎng)頁操作:
-
網(wǎng)頁訪問http://controller/dashboard,管理員admin登陸:網(wǎng)絡(luò):編輯網(wǎng)絡(luò)->勾選外部網(wǎng)絡(luò)
-
網(wǎng)頁訪問http://controller/dashboard,demo登陸:網(wǎng)絡(luò):創(chuàng)建網(wǎng)絡(luò)private
- 創(chuàng)建云主機(jī)
- 路由:新建路由
- 增加路由接口
- 控制臺(tái)查看網(wǎng)絡(luò)通不通
此時(shí)10.0.0.3能ping通172.25.3.101,但172.25.3.101不能ping通10.0.0.3,需要在vm2中管理浮動(dòng)IP:點(diǎn)+號(hào)申請(qǐng)合法ip分配ip,此時(shí)便能ping通浮動(dòng)ip,浮動(dòng)ip連接的就是10.0.0.3
點(diǎn)+號(hào)分配ip
9.鏡像服務(wù)
https://docs.openstack.org/image-guide/centos-image.html
9.1 安裝虛擬機(jī)
手動(dòng)分區(qū),全部分在根下
關(guān)掉selinux
9.2 上傳鏡像
網(wǎng)頁訪問http://controller/dashboard,管理員admin登陸:鏡像:創(chuàng)建鏡像->云主機(jī)類型:創(chuàng)建云主機(jī)類型
網(wǎng)頁訪問http://controller/dashboard,管理員demo登陸:創(chuàng)建云主機(jī)
啟動(dòng)主機(jī)->控制臺(tái):root登陸,查看ip,根被拉伸到10G
10.塊存儲(chǔ)服務(wù)
10.1 先決條件
##新建server3,hostname=block1,添加一個(gè)10G的硬盤
[root@block1 ~]# vim /etc/hosts [root@block1 ~]# cat /etc/hosts 172.25.3.1 controller 172.25.3.2 compute1 172.25.3.3 block1[root@controller ~]# scp /etc/yum.repos.d/openstack.repo block1:/etc/yum.repos.d/openstack.repo ##時(shí)間同步 [root@block1 ~]# yum install chrony -y [root@block1 ~]# vim /etc/chrony.conf server 172.25.3.250 iburst [root@block1 ~]# systemctl enable --now chronyd[root@controller ~]# mysql -pwestos MariaDB [(none)]> CREATE DATABASE cinder; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \-> IDENTIFIED BY 'cinder'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';10.2 安裝并配置控制節(jié)點(diǎn)
%要?jiǎng)?chuàng)建服務(wù)證書 [root@controller ~]# openstack user create --domain default --password cinder cinder [root@controller ~]# openstack role add --project service --user cinder admin [root@controller ~]# openstack service create --name cinder \--description "OpenStack Block Storage" volume[root@controller ~]# openstack service create --name cinderv2 \--description "OpenStack Block Storage" volumev2%創(chuàng)建塊設(shè)備存儲(chǔ)服務(wù)的 API 入口點(diǎn) [root@controller ~]# openstack endpoint create --region RegionOne \volume public http://controller:8776/v1/%\(tenant_id\)s [root@controller ~]# openstack endpoint create --region RegionOne \volume internal http://controller:8776/v1/%\(tenant_id\)s[root@controller ~]# openstack endpoint create --region RegionOne \volume admin http://controller:8776/v1/%\(tenant_id\)s[root@controller ~]# openstack endpoint create --region RegionOne \volumev2 public http://controller:8776/v2/%\(tenant_id\)s[root@controller ~]# openstack endpoint create --region RegionOne \volumev2 internal http://controller:8776/v2/%\(tenant_id\)s[root@controller ~]# openstack endpoint create --region RegionOne \volumev2 admin http://controller:8776/v2/%\(tenant_id\)s[root@controller ~]# yum install openstack-cinder -y[root@controller ~]# vim /etc/cinder/cinder.conf [database] connection = mysql+pymysql://cinder:cinder@controller/cinder[DEFAULT] rpc_backend = rabbit auth_strategy = keystone my_ip = 172.25.3.1[oslo_messaging_rabbit] rabbit_host = controller rabbit_userid = openstack rabbit_password = openstack[keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = cinder[oslo_concurrency] lock_path = /var/lib/cinder/tmp[root@controller ~]# su -s /bin/sh -c "cinder-manage db sync" cinder[root@controller ~]# vim /etc/nova/nova.conf [cinder] os_region_name = RegionOne [root@controller ~]# systemctl restart openstack-nova-api.service [root@controller ~]# systemctl enable --now openstack-cinder-api.service openstack-cinder-scheduler.service[root@block1 ~]# yum install lvm2 -y [root@block1 ~]# systemctl enable lvm2-lvmetad.service [root@block1 ~]# pvcreate /dev/vdb [root@block1 ~]# vgcreate cinder-volumes /dev/vdb[root@block1 ~]# vim /etc/lvm/lvm.conf# filter = [ "a|.*/|" ]filter = [ "a/vdb/","a/vdb/", "r/.*/"][root@block1 ~]# yum install openstack-cinder targetcli python-keystone -y[database] connection = mysql+pymysql://cinder:cinder@controller/cinder[DEFAULT] rpc_backend = rabbit auth_strategy = keystone my_ip = enabled_backends = lvm glance_api_servers = http://controller:9292[oslo_messaging_rabbit] rabbit_host = controller rabbit_userid = openstack rabbit_password = openstack[keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = cinder #最后添加 [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes iscsi_protocol = iscsi iscsi_helper = lioadm[oslo_concurrency] lock_path = /var/lib/cinder/tmp[root@block1 ~]# systemctl enable --now openstack-cinder-volume.service target.service [root@controller ~]# cinder service-list網(wǎng)頁訪問http://controller/dashboard,管理員demo登陸:創(chuàng)建云硬盤->管理以連接硬盤->vm3的控制臺(tái):
mkfs.xfs /dev/vdb
mkdir /data
mount /dev/vdb /data/
cd /data
cp /etc/* .
ls
umount /data
網(wǎng)頁訪問http://controller/dashboard,管理員demo登陸:分離剛才創(chuàng)建的云硬盤
總結(jié)
以上是生活随笔為你收集整理的openstack云计算平台的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: JAVA实例讲解:股指期货交易系统的构建
- 下一篇: 三星I9300刷入锤子ROM图文教程