Centos7 搭建openstack ocata 版

作者: print("") 分类: linux 发布时间: 2018-05-12 19:57


一、openstack 介绍

OpenStack是一个由NASA(美国国家航空航天局)和Rackspace合作研发并发起的,以Apache许可证授权的自由软件和开放源代码项目。

OpenStack是一个开源的云计算管理平台项目,由几个主要的组件组合起来完成具体工作。OpenStack支持几乎所有类型的云环境,

项目目标是提供实施简单、可大规模扩展、丰富、标准统一的云计算管理平台。OpenStack通过各种互补的服务提供了基础设施即服务(IaaS)的解决方案,

每个服务提供API以进行集成。

OpenStack是一个旨在为公共及私有云的建设与管理提供软件的开源项目。它的社区拥有超过130家企业及1350位开发者,

这些机构与个人都将OpenStack作为基础设施即服务(IaaS)资源的通用前端。OpenStack项目的首要任务是简化云的部署过程并为其带来良好的可扩展性。

本文希望通过提供必要的指导信息,帮助大家利用OpenStack前端来设置及管理自己的公共云或私有云。

OpenStack云计算平台,帮助服务商和企业内部实现类似于 Amazon EC2 和 S3 的云基础架构服务(Infrastructure as a Service, IaaS)。

OpenStack 包含两个主要模块:Nova 和 Swift,前者是 NASA 开发的虚拟服务器部署和业务计算模块;后者是 Rackspace开发的分布式云存储模块,

两者可以一起用,也可以分开单独用。OpenStack除了有 Rackspace 和 NASA 的大力支持外,还有包括 Dell、Citrix、 Cisco、 Canonical等重量级公司的贡献和支持,

发展速度非常快,有取代另一个业界领先开源云平台 Eucalyptus 的态势。

https://docs.openstack.org/ocata/install-guide-rdo/glance-install.html

官方文档地址

二、基础环境

系统版本: Centos7.3  两块网卡(eth0,eth1)

机器的配置: 4G 50G硬盘(两块) 4个CPU

机器名: linux-node1(计算节点)

机器名: linux-node2(控制节点)

Node2 IP:eth0 192.168.57.145, eth1:192.168.57.146

Node1IP:  eth0: 192.168.57.142  eth1:192.168.57.143

主控制节点主要安装如下:(keystone、Glance、nova、networking、Dashboard)

计算节点主要安装如下:(nova、networking)


2.1 时间同步(node1 +node2 操作)

https://docs.openstack.org/ocata/install-guide-rdo/glance-install.html

node1 
# yum install chrony
vim /etc/chrony.conf
设置
allow 192.168.57.0/24
####启动
[root@linux-node2 ~]# systemctl enable chronyd.service
[root@linux-node2 ~]#systemctl start chronyd.service
########node1 的时间先同步一下标准时间
[root@linux-node2 ~]# ntpdate pool.ntp.org
# chronyc sources
node2 
修改主配置文件
vim /etc/chrony.conf
把所有行去掉
添加一行
Server 192.168.57.145 iburst
[root@linux-node2 ~]#systemctl start chronyd.service
# chronyc sources

2.2 安装mysqlnode2主控制节点操作)

*配置一下mysql

添加文件/etc/my.cnf.d/openstack.cnf 内容如下:

 [mysqld]
bind-address = 192.168.57.145
default-storage-engine = innodb
innodb_file_per_table
collation-server =utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8

重启一下mysql

[root@linux-node2 ~]# systemctl enable mariadb.service
[root@linux-node2 ~]# systemctl start mariadb.service

设置root密码

[root@linux-node2 ~]# mysql_secure_installation

创建数据库

[root@linux-node2 ~]# mysql -uroot -p123456 -e "Create database keystone;"
[root@linux-node2 ~]# mysql -uroot -p123456 -e "grant all privileges on keystone.* to 'keystone'@'%' identified by 'keystone'"
[root@linux-node2 ~]# mysql -uroot -p123456 -e "grant all privileges on keystone.* to 'keystone'@'localhost' identified by 'keystone'"

2.3 安装消息队列(node2控制节点操作)

# yum install rabbitmq-server

启动

# systemctl enable rabbitmq-server.service
# systemctl start rabbitmq-server.service

新建用户

# rabbitmqctl add_user openstack openstack

对用户授权

rabbitmqctl set_permissions openstack ".*" ".*" ".*"

查看插件

[root@linux-node2 ~]# rabbitmq-plugins list
[ ] amqp_client                       3.3.5
[ ] cowboy                            0.5.0-rmq3.3.5-git4b93c2d
[ ] eldap                             3.3.5-gite309de4
[ ] mochiweb                          2.7.0-rmq3.3.5-git680dba8
[ ] rabbitmq_amqp1_0                  3.3.5
[ ] rabbitmq_auth_backend_ldap        3.3.5
[ ] rabbitmq_auth_mechanism_ssl       3.3.5
[ ] rabbitmq_consistent_hash_exchange 3.3.5
[ ] rabbitmq_federation               3.3.5
[ ] rabbitmq_federation_management    3.3.5
[ ] rabbitmq_management               3.3.5
[ ] rabbitmq_management_agent         3.3.5
[ ] rabbitmq_management_visualiser    3.3.5
[ ] rabbitmq_mqtt                     3.3.5
[ ] rabbitmq_shovel                   3.3.5
[ ] rabbitmq_shovel_management        3.3.5
[ ] rabbitmq_stomp                    3.3.5
[ ] rabbitmq_test                     3.3.5
[ ] rabbitmq_tracing                  3.3.5
[ ] rabbitmq_web_dispatch             3.3.5
[ ] rabbitmq_web_stomp                3.3.5
[ ] rabbitmq_web_stomp_examples       3.3.5
[ ] sockjs                            0.3.4-rmq3.3.5-git3132eb9
[ ] webmachine                        1.10.3-rmq3.3.5-gite9359c7

启用web插件

 [root@linux-node2 ~]# rabbitmq-plugins enable rabbitmq_management

重启一下

[root@linux-node2 ~]# systemctl restart rabbitmq-server.service

检查是否启动成功

[root@linux-node2 ~]# netstat -nltp |grep 5672
tcp        0      0 0.0.0.0:15672           0.0.0.0:*               LISTEN      16686/beam.smp      
tcp        0      0 0.0.0.0:25672           0.0.0.0:*               LISTEN      16686/beam.smp      
tcp6       0      0 :::5672                 :::*                    LISTEN      16686/beam.smp      
[root@linux-node2 ~]#

Web访问

http://192.168.57.138:15672/#/

用户名密码为guest

三、搭建openstack

3.1 安装keystone 组件介绍

Keystone功能:

1. 用户与认证: 用户权限与用户行为跟踪

2. 服务目录:提供一个服务目录、包括所有服务项与相关API的端点

Keystone名词:
User: 用户
Tenant: 租户/项目
Token: 令牌
Role: 角色
Service: 服务
Endpoint: 端点

3.2 安装keystone 组件(node2 主控制节点操作)

安装openstack最新的源:
    #yum install centos-release-openstack-ocata 
    #yum install https://rdoproject.org/repos/rdo-release.rpm 
    #yum upgrade                                               (在主机上升级包)
    #yum install python-openstackclient            (安装opentack必须的插件)
    #yum install openstack-selinux                    (可选则安装这个插件,我直接关闭了selinux,因为不熟,对后续不会有影响)
 [root@linux-node1 home]# yum install openstack-keystone httpd mod_wsgi 

3.2.1修改配置文件

vim /etc/keystone/keystone.conf
[database]
connection = mysql://keystone:keystone@192.168.57.145/keystone 
[token]
provider = fernet

3.2.2同步数据库

su -s /bin/sh -c "keystone-manage db_sync" keystone
###为什么需要su 一下呢?因为在写日志的时候文件是放在/var/log/keystone 这个下面如果是root用户执行的话。那么写日志的时候就会写不进去。
验证一下是否成功。进入数据库查看有没有表的建立。
MariaDB [keystone]> show tables;
+------------------------+
| Tables_in_keystone     |

初始化

# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

引导身份信息

keystone-manage bootstrap --bootstrap-password admin \
  --bootstrap-admin-url http://linux-node2:35357/v3/ \
  --bootstrap-internal-url http://linux-node2:5000/v3/ \
  --bootstrap-public-url http://linux-node2:5000/v3/ \
  --bootstrap-region-id RegionOne

3.2.3配置memcache的配置 (/etc/sysconfig/memcached

vim /etc/sysconfig/memcached
OPTIONS="-l 127.0.0.1,::1,192.168.57.145"

3.2.4启动memcache

[root@linux-node2 ~]# systemctl start memcached.service
 [root@linux-node2 ~]# netstat -nltp|grep 121
tcp        0      0 0.0.0.0:11211           0.0.0.0:*               LISTEN      20054/memcached     
tcp6       0      0 :::11211                :::*                    LISTEN      20054/memcached     

3.2.5设置apache

ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

3.2.6修改主apache的主配置文件

vim /etc/httpd/conf/httpd.conf
配置一下Servername
ServerName 192.168.57.145:80

3.2.7启动apache

systemctl enable httpd.service
systemctl start httpd.service

3.2.8检查一下是否启动成功了

[root@linux-node2 conf.d]# netstat -nltp|grep httpd
tcp6       0      0 :::80                   :::*                    LISTEN      20253/httpd         
tcp6       0      0 :::35357                :::*                    LISTEN      20253/httpd         
tcp6       0      0 :::5000                 :::*                    LISTEN      20253/httpd         
[root@linux-node2 conf.d]#

3.3   keystone 用户权限

3.3.1 设置环境变量

$ export OS_USERNAME=admin
$ export OS_PASSWORD=admin
$ export OS_PROJECT_NAME=admin
$ export OS_USER_DOMAIN_NAME=Default
$ export OS_PROJECT_DOMAIN_NAME=Default
$ export OS_AUTH_URL=http://linux-node2:35357/v3
$ export OS_IDENTITY_API_VERSION=3

3.3.2创建域、项目、用户和角色

创建服务
[root@linux-node2 ~]# openstack project create --domain default --description "Service Project" service
创建demo项目
 [root@linux-node2 ~]# openstack project create --domain default \
> --description "Demo Project" demo
设置demo密码
[root@linux-node2 ~]# openstack user create --domain default \
> --password-prompt demo
创建用户组
 [root@linux-node2 ~]# openstack role create user
加入用户组
 [root@linux-node2 ~]# openstack role add --project demo --user demo user

3.3.3验证操作

1. 出于安全原因,请禁用临时身份验证令牌机制:  ( 这个可以不操作)

编辑/etc/keystone/keystone-paste.ini 文件并删除admin_token_auth从 [pipeline:public_api],[pipeline:admin_api]和[pipeline:api_v3]段。

2取消设置临时 变量OS_AUTH_URLOS_PASSWORD环境变量:

[root@linux-node2 ~]#  unset OS_AUTH_URL OS_PASSWORD

3、作为admin 、请求身份验证令牌

$ openstack --os-auth-url http://linux-node2:35357/v3 \
  --os-project-domain-name default --os-user-domain-name default \
  --os-project-name admin --os-username admin token issue
Password:
+------------+-----------------------------------------------------------------+
| Field      | Value                                                           |
+------------+-----------------------------------------------------------------+
| expires    | 2016-02-12T20:14:07.056119Z                                     |
| id         | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
|            | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
|            | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws       |
| project_id | 343d245e850143a096806dfaefa9afdc                                |
| user_id    | ac3377633149401296f6c0d92d79dc16                                |
+------------+-----------------------------------------------------------------+

4、用demo用户、请求验证令牌

$ openstack --os-auth-url http://linux-node2:5000/v3 \
  --os-project-domain-name default --os-user-domain-name default \
  --os-project-name demo --os-username demo token issue
Password:
+------------+-----------------------------------------------------------------+
| Field      | Value                                                           |
+------------+-----------------------------------------------------------------+
| expires    | 2016-02-12T20:15:39.014479Z                                     |
| id         | gAAAAABWvi9bsh7vkiby5BpCCnc-JkbGhm9wH3fabS_cY7uabOubesi-Me6IGWW |
|            | yQqNegDDZ5jw7grI26vvgy1J5nCVwZ_zFRqPiz_qhbq29mgbQLglbkq6FQvzBRQ |
|            | JcOzq3uwhzNxszJWmzGC7rJE_H0A_a3UFhqv8M4zMRYSbS2YF0MyFmp_U       |
| project_id | ed0b60bf607743088218b0a533d5943f                                |
| user_id    | 58126687cbcc4888bfa9ab73a2256f27                                |

3.3.4创建 OpenStack 客户端环境脚本

vi admin-openrc 加入如下:

export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://linux-node2:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

#vi demo-openrc 加入:

[root@linux-node2 ~]# cat demo-openrc 
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://linux-node2:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

:镜像服务Glancenode2 主控制节点操作)

4.1 Glance 介绍

Glance 主要由三个部分构成: glance-apiglance-registry image stroe

   Glance-api:接受云系统镜像创建、删除、读取请求

   Glance-Registry: 云系统镜像注册服务

4.2 mysql 配置

$ mysql -u root –p
MariaDB [(none)]> CREATE DATABASE glance;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
  IDENTIFIED BY 'glance';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
  IDENTIFIED BY 'glance';

4.3 Glance安装

# yum install openstack-glance

4.4修改主配置文件/etc/glance/glance-api.conf 

[database]
# ...
connection = mysql://glance:glance@192.168.57.145/glance




在[keystone_authtoken]和[paste_deploy]部分中,配置身份服务访问:
[keystone_authtoken] 
auth_uri  =  http://linux-node2:5000
auth_url  =  http://linux-node2:35357
memcached_servers  =  linux-node2:11211
auth_type  =  password
project_domain_name  =  default
user_domain_name  =  default
project_name  =  service
username  =  glance
password  =  glance    #########这里的密码就是下面的新建 API  glance用户的密码
#... 
[paste_deploy]
flavor  =  keystone
[glance_store]
# ...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

4.5 修改主配置文件/etc/glance/glance-registry.conf

[database]
# ...
connection = mysql://glance:glance@192.168.57.145/glance

[keystone_authtoken][paste_deploy]部分中,配置身份服务访问:

[keystone_authtoken] 
auth_uri  =  http://linux-node2:5000
auth_url  =  http://linux-node2:35357
memcached_servers  =  linux-node2:11211
auth_type  =  password
project_domain_name  =  default
user_domain_name  =  default
project_name  =  service
username  =  glance
password  =  glance  #########这里的密码就是下面的新建 API  glance用户的密码
#... 
[paste_deploy]
flavor  =  keystone

4.6 设置数据库

# su -s /bin/sh -c "glance-manage db_sync" glance

4.7创建镜像服务的API服务

$ openstack user create --domain default --password-prompt glance
$ openstack role add --project service --user glance admin
$ openstack service create --name glance \
  --description "OpenStack Image" image
$ openstack endpoint create --region RegionOne \
  image public http://linux-node2:9292
$ openstack endpoint create --region RegionOne \
  image internal http://linux-node2:9292
$ openstack endpoint create --region RegionOne \
  image admin http://linux-node2:9292

4.8 启动服务

# systemctl enable openstack-glance-api.service \
  openstack-glance-registry.service
# systemctl start openstack-glance-api.service \
  openstack-glance-registry.service

4.9验证

运行环境变量:
  #. admin-openrc
  下载一个比较小的镜像:
  #wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img

一、上传文件

$ openstack image create "cirros" \
  --file cirros-0.3.5-x86_64-disk.img \
  --disk-format qcow2 --container-format bare \
  --public
+------------------+------------------------------------------------------+
| Field            | Value                                                |
+------------------+------------------------------------------------------+
| checksum         | 133eae9fb1c98f45894a4e60d8736619                     |
| container_format | bare                                                 |
| created_at       | 2015-03-26T16:52:10Z                                 |
| disk_format      | qcow2                                                |
| file             | /v2/images/cc5c6982-4910-471e-b864-1098015901b5/file |
| id               | cc5c6982-4910-471e-b864-1098015901b5                 |
| min_disk         | 0                                                    |
| min_ram          | 0                                                    |
| name             | cirros                                               |
| owner            | ae7a98326b9c455588edd2656d723b9d                     |
| protected        | False                                                |
| schema           | /v2/schemas/image                                    |
| size             | 13200896                                             |
| status           | active                                               |
| tags             |                                                      |
| updated_at       | 2015-03-26T16:52:10Z                                 |
| virtual_size     | None                                                 |
| visibility       | public                                               |
+------------------+------------------------------------------------------+

二、查看

$ openstack image list

+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| 38047887-61a7-41ea-9b49-27987d5e8bb9 | cirros | active |
+--------------------------------------+--------+--------+

有输出证明glance配置正确

五、计算服务一 novanode2控制节点操作)

5 .Nova 作用

1. API :负责接收和相应外部请求、支持 openstack API Ec2API

2. Cert:负责身份认证

3. Scheduler:用于云主机调度

4. Conductor: 计算节点访问数据的中间件

5. Consoleaut:用于控制台的授权验证

6. NovncProxyVNC代理

5.1 新建数据库

$ mysql -u root –p
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
新建用户
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
  IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
  IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
  IDENTIFIED BY 'nova';

5.2创建nova用户:

# . admin-openrc

openstack user create --domain default --password-prompt nova
User Password: nova
Repeat User Password: nova
The passwords entered were not the same
User Password: nova
Repeat User Password:  nova
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | b9878680c70a4a678fd9a7a580706ccf |
| name                | nova                             |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@linux-node2 ~]#

加入组

[root@linux-node2 ~]#  openstack role add --project service --user nova admin

5.3创建nova服务实体

$ openstack service create --name nova \
  --description "OpenStack Compute" compute

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Compute                |
| enabled     | True                             |
| id          | 060d59eac51b4594815603d75a00aba2 |
| name        | nova                             |
| type        | compute                          |
+-------------+----------------------------------+

5.4创建服务API

[root@linux-node2 ~]# openstack endpoint create --region RegionOne \
>   compute public http://linux-node2:8774/v2.1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | b6ebf975780344a597a65650eafdf67a |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | d6a1591a15944bea85ab1e203af6732c |
| service_name | nova                             |
| service_type | compute                          |
| url          | http://linux-node2:8774/v2.1     |
+--------------+----------------------------------+
[root@linux-node2 ~]# openstack endpoint create --region RegionOne \
>   compute internal http://linux-node2:8774/v2.1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | a2c1af804a31484cb3d82017b15fa47f |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | d6a1591a15944bea85ab1e203af6732c |
| service_name | nova                             |
| service_type | compute                          |
| url          | http://linux-node2:8774/v2.1     |
+--------------+----------------------------------+
[root@linux-node2 ~]# openstack endpoint create --region RegionOne \
>   compute admin http://linux-node2:8774/v2.1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 0304b6e92bf049d09e7d28bacfb1ed16 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | d6a1591a15944bea85ab1e203af6732c |
| service_name | nova                             |
| service_type | compute                          |
| url          | http://linux-node2:8774/v2.1     |
+--------------+----------------------------------+

5.5新建另一个用户

[root@linux-node2 ~]# openstack user create --domain default --password-prompt placement
User Password: nova 
Repeat User Password: nova
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 1654b6d199bf4fc582d1e70db802a31a |
| name                | placement                        |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@linux-node2 ~]#

加入管理员组

[root@linux-node2 ~]# openstack role add --project service --user placement admin

5.6在服务目录中创建Placement API条目:

$ openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Placement API                    |
| enabled     | True                             |
| id          | 2d1a27022e6e4185b86adac4444c495f |
| name        | placement                        |
| type        | placement                        |
+-------------+----------------------------------+

5.7创建Placement API服务端点:

[root@linux-node2 ~]#  openstack endpoint create --region RegionOne placement public http://linux-node2:8778
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 4b82fb4b30de4228982dea8c663f6d26 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | ba2a8b23524a4635af583cbfc80abd91 |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://linux-node2:8778          |
+--------------+----------------------------------+
[root@linux-node2 ~]# openstack endpoint create --region RegionOne placement internal http://linux-node2:8778
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | bea3dbb6003d4cea802527de411f8cde |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | ba2a8b23524a4635af583cbfc80abd91 |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://linux-node2:8778          |
+--------------+----------------------------------+
[root@linux-node2 ~]# openstack endpoint create --region RegionOne placement admin http://linux-node2:8778
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | b5d6d62d8f3f4e7c9ee2d6241b832bc5 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | ba2a8b23524a4635af583cbfc80abd91 |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://linux-node2:8778          |
+--------------+----------------------------------+

5.8安装和配置的部件

# yum install openstack-nova-api openstack-nova-conductor \
  openstack-nova-console openstack-nova-novncproxy \
  openstack-nova-scheduler openstack-nova-placement-api

5.9修改配置文件 /etc/nova/nova.conf

[DEFAULT]
# ...
enabled_apis = osapi_compute,metadata
 [api_database]
connection=mysql://nova:nova@192.168.57.145/nova_api
[database]
connection=connection=mysql://nova:nova@192.168.57.145/nova
[DEFAULT]
# ...
transport_url = rabbit://openstack:openstack@192.168.57.145

5.10设置api和连接信息

[api]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
auth_uri = http://linux-node2:5000
auth_url = http://linux-node2:35357
memcached_servers = linux-node2:11211 
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova

设置IP
[DEFAULT]
# ...
my_ip = 192.168.57.145
[DEFAULT]
# ...
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
enabled = true
# ...
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip

5.11设置glance

[glance]
# ...
api_servers = http://linux-node2:9292

5.12设置[oslo_concurrency]

[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp

5.13设置[placement] 

[placement]
# ...
 os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://linux-node2:35357/v3
username = placement
password = nova

5.14设置apache

vim  /etc/httpd/conf.d/00-nova-placement-api.conf:

<Directory /usr/bin>
   <IfVersion >= 2.4>
      Require all granted
   </IfVersion>
   <IfVersion < 2.4>
      Order allow,deny
      Allow from all
   </IfVersion>
</Directory>

5.15重启apache 

# systemctl restart httpd

填充nova-api数据库:

# su -s /bin/sh -c "nova-manage api_db sync" nova

注册cell0数据库:

# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova

创建cell1单元格:

# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
109e1d4b-536a-40d0-83c6-5f121b82b650

填充nova数据库:

# su -s /bin/sh -c "nova-manage db sync" nova

5.17验证

验证nova cell0cell1是否正确注册:

# nova-manage cell_v2 list_cells
 + ------- + ----------------------------------- --- + 
| 名称| UUID | 
+ ------- + -------------------------------------- + 
| cell1 | 109e1d4b-536a-40d0-83c6-5f121b82b650 | 
| cell0 | 00000000-0000-0000-0000-000000000000 | 
+ ------- + -------------------------------------- +
设置开机自启动
[root@linux-node2 nova]# systemctl enable openstack-nova-api.service
[root@linux-node2 nova]# systemctl enable openstack-nova-consoleauth.service
[root@linux-node2 nova]# systemctl enable openstack-nova-scheduler.service
[root@linux-node2 nova]# systemctl enable openstack-nova-conductor.service 
[root@linux-node2 nova]# systemctl enable openstack-nova-novncproxy.service
[root@linux-node2 nova]#
启动服务
[root@linux-node2 nova]# systemctl start openstack-nova-api.service
[root@linux-node2 nova]# systemctl start openstack-nova-consoleauth.service
[root@linux-node2 nova]# systemctl start openstack-nova-scheduler.service
[root@linux-node2 nova]# systemctl start openstack-nova-conductor.service 
[root@linux-node2 nova]# systemctl start openstack-nova-novncproxy.service

六、计算服务二  novanode1计算节点操作)

6.1安装nova-compute

# yum install openstack-nova-compute

6.2配置主配置文件(/etc/nova/nova.conf

[DEFAULT]
# ...
enabled_apis = osapi_compute,metadata
[DEFAULT]
# ...
transport_url = rabbit://openstack:openstack@192.168.57.145
[api]
# ...
auth_strategy = keystone

[keystone_authtoken]
# ...
auth_uri = http://linux-node2:5000
auth_url = http://linux-node2:35357
memcached_servers = linux-node2:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
[DEFAULT]
# ...
my_ip = 192.168.57.142  ########这个是本机IP
[DEFAULT]
# ...
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
# ...
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://linux-node2:6080/vnc_auto.html
[glance]
# ...
api_servers = http://linux-node2:9292
[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp
[placement]
# ...
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://linux-node2:35357/v3
username = placement
password = nova

6.3检查是否需要硬件加速

$ egrep -c '(vmx|svm)' /proc/cpuinfo

如果为0则需要修改#vi /etc/nova/nova.conf

[libvirt]
# ...
virt_type = qemu

6.4启动服务

# systemctl enable libvirtd.service openstack-nova-compute.service
# systemctl start libvirtd.service openstack-nova-compute.service

6.5验证(node2 主节点操作)

将计算节点添加到单元数据库(在主节点操作)

su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova

Found 2 cell mappings.
Skipping cell0 since it does not contain hosts.
Getting compute nodes from cell 'cell1': ad5a5985-a719-4567-98d8-8d148aaae4bc
Found 1 computes in cell: ad5a5985-a719-4567-98d8-8d148aaae4bc
Checking host mapping for compute host 'linux-node1': fe58ddc1-1d65-4f87-9456-bc040dc106b3
Creating host mapping for compute host 'linux-node1': fe58ddc1-1d65-4f87-9456-bc040dc106b3

查看comput节点

$ openstack compute service list

+----+--------------------+------------+----------+---------+-------+----------------------------+
| Id | Binary             | Host       | Zone     | Status  | State | Updated At                 |
+----+--------------------+------------+----------+---------+-------+----------------------------+
|  1 | nova-consoleauth   | controller | internal | enabled | up    | 2016-02-09T23:11:15.000000 |
|  2 | nova-scheduler     | controller | internal | enabled | up    | 2016-02-09T23:11:15.000000 |
|  3 | nova-conductor     | controller | internal | enabled | up    | 2016-02-09T23:11:16.000000 |
|  4 | nova-compute       | compute1   | nova     | enabled | up    | 2016-02-09T23:11:20.000000 |
+----+--------------------+------------+----------+---------+-------+----------------------------+
查看catalog
$ openstack catalog list
+-----------+-----------+-----------------------------------------+
| Name      | Type      | Endpoints                               |
+-----------+-----------+-----------------------------------------+
| keystone  | identity  | RegionOne                               |
|           |           |   public: http://linux-node2:5000/v3/    |
|           |           | RegionOne                               |
|           |           |   internal: http://linux-node2:5000/v3/  |
|           |           | RegionOne                               |
|           |           |   admin: http://linux-node2:35357/v3/    |
|           |           |                                         |
| glance    | image     | RegionOne                               |
|           |           |   admin: http://linux-node2:9292         |
|           |           | RegionOne                               |
|           |           |   public: http://linux-node2:9292        |
|           |           | RegionOne                               |
|           |           |   internal: http://linux-node2:9292      |
|           |           |                                         |
| nova      | compute   | RegionOne                               |
|           |           |   admin: h http://linux-node2:8774/v2.1    |
|           |           | RegionOne                               |
|           |           |   internal: http://linux-node2:8774/v2.1 |
|           |           | RegionOne                               |
|           |           |   public: http://linux-node2:8774/v2.1   |
|           |           |                                         |
| placement | placement | RegionOne                               |
|           |           |   public: http://linux-node2:8778        |
|           |           | RegionOne                               |
|           |           |   admin: http://linux-node2:8778         |
|           |           | RegionOne                               |
|           |           |   internal: http://linux-node2:8778      |
|           |           |                                         |
+-----------+-----------+-----------------------------------------+

列出Image服务中的图像以验证与Image服务的连接性:

$ openstack image list

+--------------------------------------+-------------+-------------+
| ID                                   | Name        | Status      |
+--------------------------------------+-------------+-------------+
| 9a76d9f9-9620-4f2e-8c69-6c5691fae163 | cirros      | active      |
+--------------------------------------+-------------+-------------+

检查单元格和放置API正在成功工作:

# nova-status upgrade check

+---------------------------+
| Upgrade Check Results     |
+---------------------------+
| Check: Cells v2           |
| Result: Success           |
| Details: None             |
+---------------------------+
| Check: Placement API      |
| Result: Success           |
| Details: None             |
+---------------------------+
| Check: Resource Providers |
| Result: Success           |
| Details: None             |
+---------------------------+

七、网络节点一(node2 主控制节点操作)

7.1 设置mysql

$ mysql -u root –p
MariaDB [(none)] CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
  IDENTIFIED BY 'neutron';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
  IDENTIFIED BY 'neutron';

7.2创建服务凭据

admin的环境下

$ . admin-openrc
$ openstack user create --domain default --password-prompt neutron

User Password: neutron  #密码
Repeat User Password: neutron  #密码
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | fdb0f541e28141719b6a43c8944bf1fb |
| name                | neutron                          |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

加入到admin

$ openstack role add --project service --user neutron admin

创建neutron 服务实体

$ openstack service create --name neutron \
  --description "OpenStack Networking" network

创建neutron API

$ openstack endpoint create --region RegionOne \
  network public http://linux-node2:9696
$ openstack endpoint create --region RegionOne \
  network internal http://linux-node2:9696
$ openstack endpoint create --region RegionOne \
  network admin http://linux-node2:9696

7.3配置网络选项(这里我选用的是网络1 的配置)

您可以使用选项12所代表的两种体系结构之一来部署网络服务。

选项1部署了最简单的架构,只支持将实例连接到提供者(外部)网络。没有自助服务(专用)网络,

路由器或浮动IP地址。只有admin或其他特权用户才能管理提供商网络。

选项2增加了选项1,其中第三层服务支持将实例附加到自助服务网络。这个demo或其他非特权用户可以管理自助服务网络,

包括在自助服务和提供商网络之间提供连接的路由器。此外,浮动IP地址还提供与使用来自外部网络(如Internet)的自助服务网络的实例的连接。

自助服务网络通常使用覆盖网络。覆盖网络协议(如VXLAN)包含额外的标头,这些标头会增加开销并减少有效负载或用户数据的可用空间。

在不了解虚拟网络基础架构的情况下,实例将尝试使用1500字节的默认以太网最大传输单元(MTU发送数据包。

网络服务通过DHCP自动为实例提供正确的MTU值。但是,某些云图像不使用DHCP或忽略DHCP MTU选项并需要使用元数据或脚本进行配置。

7.4 安装网络openstack-neutron

# yum install openstack-neutron openstack-neutron-ml2 \
  openstack-neutron-linuxbridge ebtables

7.5 编辑/etc/neutron/neutron.conf

[database]
# ...
connection = mysql://neutron:neutron@linux-node2/neutron
[DEFAULT]
# ...
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:openstack@linux-node2
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[keystone_authtoken]
# ...
auth_uri = http://linux-node2:5000
auth_url = http://linux-node2:35357
memcached_servers = linux-node2:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron  ######这个密码是上面设置的密码
[nova]
# ...
auth_url = http://linux-node2:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova  ####注意这个是nova设置的密码
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp

7.6配置模块化层2ML2)插件/etc/neutron/plugins/ml2/ml2_conf.ini

编辑配置文件设置如下:

[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
[ml2_type_flat]
flat_networks = provider
[securitygroup]
enable_ipset = true

7.7配置Linux网桥代理/etc/neutron/plugins/ml2/linuxbridge_agent.ini

编辑配置文件设置如下:

[linux_bridge]
physical_interface_mappings = provider:eth1  ####这个是为底层实现网络的网络接口(我这里用了eth1)
[vxlan]
enable_vxlan = false
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

7.8配置DHCP代理/etc/neutron/dhcp_agent.ini

[DEFAULT] 
#... 
interface_driver  =  linuxbridge 
dhcp_driver  =  neutron.agent.linux.dhcp.Dnsmasq 
enable_isolated_metadata  =  true

7.9配置计算服务以使用网络服务/etc/nova/nova.conf

在该[neutron]部分中,配置访问参数,启用元数据代理并配置密钥:

[neutron] 
#... 
url  =  http://linux-node2:9696 
auth_url  =  http://linux-node2:35357 
auth_type  =  password 
project_domain_name  =  default 
user_domain_name  =  default 
region_name  =  RegionOne 
project_name  =  service 
username  =  neutron 
password  = neutron      ###在身份识别服务中为用户选择的密码。
service_metadata_proxy  =  true 
metadata_proxy_shared_secret  =  neutron     #  #为元数据代理选择的密码。

创建扩展链接

# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

7.10同步数据库

# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

7.10 启动服务

重新启动计算API服务:

重新启动计算API服务:
# systemctl restart openstack-nova-api.service

启动网络服务并将其配置为在系统引导时启动。

# systemctl enable neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service
# systemctl start neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service

八、网络节点二、(node1 计算节点操作)

8.1 安装openstack-neutron

# yum install openstack-neutron-linuxbridge ebtables ipset

8.2配置通用组件/etc/neutron/neutron.conf

修改如下配置文件:

[DEFAULT]
transport_url = rabbit://openstack:openstack@linux-node2
auth_strategy = keystone
[keystone_authtoken]
# ...
auth_uri = http://linux-node2:5000
auth_url = http://linux-node2:35357
memcached_servers =linux-node2:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp

8.3配置计算服务以使用网络服务/etc/nova/nova.conf

在该[neutron]部分中,配置访问参数:

[neutron] 
#... 
url  =  http://linux-node2:9696 
auth_url  =  http://linux-node2:35357 
auth_type  =  password 
project_domain_name  =  default 
user_domain_name  =  default 
region_name  =  RegionOne 
project_name  =  service 
username  =  neutron 
password  =  neutron

8.4配置Linux网桥代理/etc/neutron/plugins/ml2/linuxbridge_agent.ini

编辑文件修改如下配置:

[linux_bridge]
physical_interface_mappings = provider:eht1 #这里是为底层服务的网卡名称
[vxlan]
enable_vxlan = false
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

8.5 启动服务

重启一下openstack-nova-compute

# systemctl restart openstack-nova-compute.service

启动Linux桥代理并将其配置为在系统引导时启动:

# systemctl enable neutron-linuxbridge-agent.service
# systemctl start neutron-linuxbridge-agent.service

8.6 验证操作

1.运行管理员环境

$ . admin-openrc

2.查看网络

$ openstack extension list --network

+---------------------------+---------------------------+----------------------------+
| Name                      | Alias                     | Description                |
+---------------------------+---------------------------+----------------------------+
| Default Subnetpools       | default-subnetpools       | Provides ability to mark   |
|                           |                           | and use a subnetpool as    |
|                           |                           | the default                |
| Availability Zone         | availability_zone         | The availability zone      |
|                           |                           | extension.                 |
| Network Availability Zone | network_availability_zone | Availability zone support  |
|                           |                           | for network.               |
| Port Binding              | binding                   | Expose port bindings of a  |
|                           |                           | virtual port to external   |
|                           |                           | application                |
| agent                     | agent                     | The agent management       |
|                           |                           | extension.                 |
| Subnet Allocation         | subnet_allocation         | Enables allocation of      |
|                           |                           | subnets from a subnet pool |
| DHCP Agent Scheduler      | dhcp_agent_scheduler      | Schedule networks among    |
|                           |                           | dhcp agents                |
| Tag support               | tag                       | Enables to set tag on      |
|                           |                           | resources.                 |
| Neutron external network  | external-net              | Adds external network      |
|                           |                           | attribute to network       |
|                           |                           | resource.                  |
| Neutron Service Flavors   | flavors                   | Flavor specification for   |
|                           |                           | Neutron advanced services  |
| Network MTU               | net-mtu                   | Provides MTU attribute for |
|                           |                           | a network resource.        |
| Network IP Availability   | network-ip-availability   | Provides IP availability   |
|                           |                           | data for each network and  |
|                           |                           | subnet.                    |
| Quota management support  | quotas                    | Expose functions for       |
|                           |                           | quotas management per      |
|                           |                           | tenant                     |
| Provider Network          | provider                  | Expose mapping of virtual  |
|                           |                           | networks to physical       |
|                           |                           | networks                   |
| Multi Provider Network    | multi-provider            | Expose mapping of virtual  |
|                           |                           | networks to multiple       |
|                           |                           | physical networks          |
| Address scope             | address-scope             | Address scopes extension.  |
| Subnet service types      | subnet-service-types      | Provides ability to set    |
|                           |                           | the subnet service_types   |
|                           |                           | field                      |
| Resource timestamps       | standard-attr-timestamp   | Adds created_at and        |
|                           |                           | updated_at fields to all   |
|                           |                           | Neutron resources that     |
|                           |                           | have Neutron standard      |
|                           |                           | attributes.                |
| Neutron Service Type      | service-type              | API for retrieving service |
| Management                |                           | providers for Neutron      |
|                           |                           | advanced services          |
| Tag support for           | tag-ext                   | Extends tag support to     |
| resources: subnet,        |                           | more L2 and L3 resources.  |
| subnetpool, port, router  |                           |                            |
| Neutron Extra DHCP opts   | extra_dhcp_opt            | Extra options              |
|                           |                           | configuration for DHCP.    |
|                           |                           | For example PXE boot       |
|                           |                           | options to DHCP clients    |
|                           |                           | can be specified (e.g.     |
|                           |                           | tftp-server, server-ip-    |
|                           |                           | address, bootfile-name)    |
| Resource revision numbers | standard-attr-revisions   | This extension will        |
|                           |                           | display the revision       |
|                           |                           | number of neutron          |
|                           |                           | resources.                 |
| Pagination support        | pagination                | Extension that indicates   |
|                           |                           | that pagination is         |
|                           |                           | enabled.                   |
| Sorting support           | sorting                   | Extension that indicates   |
|                           |                           | that sorting is enabled.   |
| security-group            | security-group            | The security groups        |
|                           |                           | extension.                 |
| RBAC Policies             | rbac-policies             | Allows creation and        |
|                           |                           | modification of policies   |
|                           |                           | that control tenant access |
|                           |                           | to resources.              |
| standard-attr-description | standard-attr-description | Extension to add           |
|                           |                           | descriptions to standard   |
|                           |                           | attributes                 |
| Port Security             | port-security             | Provides port security     |
| Allowed Address Pairs     | allowed-address-pairs     | Provides allowed address   |
|                           |                           | pairs                      |
| project_id field enabled  | project-id                | Extension that indicates   |
|                           |                           | that project_id field is   |
|                           |                           | enabled.                   |
+---------------------------+---------------------------+----------------------------+

1. 查看网络

3.$ openstack network agent list
4.
5.+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
6.| ID                                   | Agent Type         | Host       | Availability Zone | Alive | State | Binary                    |
7.+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
8.| 0400c2f6-4d3b-44bc-89fa-99093432f3bf | Metadata agent     | controller | None              | True  | UP    | neutron-metadata-agent    |
9.| 83cf853d-a2f2-450a-99d7-e9c6fc08f4c3 | DHCP agent         | controller | nova              | True  | UP    | neutron-dhcp-agent        |
10.| ec302e51-6101-43cf-9f19-88a78613cbee | Linux bridge agent | compute    | None              | True  | UP    | neutron-linuxbridge-agent |
11.| fcb9bc6e-22b1-43bc-9054-272dd517d025 | Linux bridge agent | controller | None              | True  | UP    | neutron-linuxbridge-agent |
12.+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+

九、Dashboardnode2控制节点操作)

9.1 安装

# yum install openstack-dashboard

9.2配置主配置文件(/etc/openstack-dashboard/local_settings

OPENSTACK_HOST = "linux-node2"
ALLOWED_HOSTS = ['*']
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'controller:11211',
    }
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True



OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
    ...
    'enable_router': False,
    'enable_quotas': False,
    'enable_distributed_router': False,
    'enable_ha_router': False,
    'enable_lb': False,
    'enable_firewall': False,
    'enable_vpn': False,
    'enable_fip_topology_check': False,
}
TIME_ZONE = "Asia/Shanghai "

9.4重启服务

# systemctl restart httpd.service memcached.service

9.5 访问openstack

http://192.168.57.145/dashboard/auth/login/


十、启动第一个实例

10.1 创建第一个实例

首先是我选用的网络类型是提供商网络()

创建一个环境

openstack flavor create --id 0 --vcpus 1 --ram 1024 --disk 10 m1.nano
##########
ID表示为唯一识别的标志
--ram 表示内存的大小
--disk 10 代表存储空间为10G
M1.nano 为名字

10.2生成一个密钥对

$ . demo-openrc
$ ssh-keygen -q -N ""
$ openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field       | Value                                           |
+-------------+-------------------------------------------------+
| fingerprint | ee:3d:2e:97:d4:e2:6a:54:6d:0d:ce:43:39:2c:ba:4d |
| name        | mykey                                           |
| user_id     | 58126687cbcc4888bfa9ab73a2256f27                |
+-------------+-------------------------------------------------+

查看

$ openstack keypair list

+-------+-------------------------------------------------+
| Name  | Fingerprint                                     |
+-------+-------------------------------------------------+
| mykey | ee:3d:2e:97:d4:e2:6a:54:6d:0d:ce:43:39:2c:ba:4d |
+-------+-------------------------------------------------+

10.3创建一个icmp

$ openstack security group rule create --proto icmp default

添加规则

$ openstack security group rule create --proto tcp --dst-port 22 default

10.4创建网络

$ . admin-openrc
$ openstack network create  --share --external \
  --provider-physical-network provider \
  --provider-network-type flat provider
该--share选项允许所有项目使用虚拟网络。
该--external选项将虚拟网络定义为外部。如果你想创建一个内部网络,你可以使用--internal。默认值是internal。

10.5创建子网

$ openstack subnet create --network provider \
  --allocation-pool start=192.168.57.100,end=192.168.57.200 \
  --dns-nameserver 202.101.224.68 --gateway 192.168.57.2 \
  --subnet-range 192.168.57.0/24 provider

10.6创建虚拟机

查看有那些配置选项

[root@linux-node2 ~]# openstack flavor list
+----+------------+------+------+-----------+-------+-----------+
| ID | Name       |  RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+------------+------+------+-----------+-------+-----------+
| 0  | m1.nano    | 1024 |    1 |         0 |     1 | True      |
| 10 | liang.nano | 1024 |    5 |         0 |     1 | True      |
| 2  | m.nano     | 1024 |   10 |         0 |    10 | True      |
| 3  | m2.nano    | 1024 |   10 |         0 |     1 | True      |
| 4  | m4.nano    | 1024 |   10 |         0 |     1 | True      |
+----+------------+------+------+-----------+-------+-----------+

查看可以用的镜像

[root@linux-node2 ~]# openstack image list
+--------------------------------------+--------------------+--------+
| ID                                   | Name               | Status |
+--------------------------------------+--------------------+--------+
| 470802c8-3385-4e08-b069-ace2d3f8e914 | Centos7            | active |
| 984e73aa-1faf-40c6-88ee-5532ab7cf41f | cirros             | active |
| 742c7273-56f2-43e2-8816-98f980fd97d7 | windows Server2003 | active |
+--------------------------------------+--------------------+--------+

查看可用网络

[root@linux-node2 ~]# openstack network list
+--------------------------------------+----------+--------------------------------------+
| ID                                   | Name     | Subnets                              |
+--------------------------------------+----------+--------------------------------------+
| 161a2f1e-5c2d-418a-91a3-7a1d9aa35200 | provider | 80695e60-cd51-4385-8af3-cd792f3a77ef |
+--------------------------------------+----------+--------------------------------------+
[root@linux-node2 ~]# openstack security group list
+--------------------------------------+---------+-------------+----------------------------------+
| ID                                   | Name    | Description | Project                          |
+--------------------------------------+---------+-------------+----------------------------------+
| 593ef5a3-b48b-483e-8753-aabd81afae8a | default | 缺省安全组  | 2534c30f191a40038947f238c534c20d |
| 73b40ecf-1bfb-49d1-9382-05e3a2d0f577 | liang   | adasd       | 497f3c89978641479a56bb6954b6da7d |
+--------------------------------------+---------+-------------+----------------------------------+

创建虚拟机

[root@linux-node2 ~]# openstack server create --flavor m1.nano --image cirros \
> --nic net-id=3de76652-72aa-4638-9c31-7465055db1f3 --security-group default \
> --key-name mykey provider-instance
+-----------------------------+-----------------------------------------------+
| Field                       | Value                                         |
+-----------------------------+-----------------------------------------------+
| OS-DCF:diskConfig           | MANUAL                                        |
| OS-EXT-AZ:availability_zone |                                               |
| OS-EXT-STS:power_state      | NOSTATE                                       |
| OS-EXT-STS:task_state       | scheduling                                    |
| OS-EXT-STS:vm_state         | building                                      |
| OS-SRV-USG:launched_at      | None                                          |
| OS-SRV-USG:terminated_at    | None                                          |
| accessIPv4                  |                                               |
| accessIPv6                  |                                               |
| addresses                   |                                               |
| adminPass                   | LYFNpN5rHRnx                                  |
| config_drive                |                                               |
| created                     | 2018-01-03T07:39:13Z                          |
| flavor                      | m1.nano (0)                                   |
| hostId                      |                                               |
| id                          | 00d4afc5-266f-4852-9c7f-b86c2a5ec3f3          |
| image                       | cirros (984e73aa-1faf-40c6-88ee-5532ab7cf41f) |
| key_name                    | mykey                                         |
| name                        | provider-instance                             |
| progress                    | 0                                             |
| project_id                  | 497f3c89978641479a56bb6954b6da7d              |
| properties                  |                                               |
| security_groups             | name='ff0181e2-596b-4e1b-87d9-90647674194b'   |
| status                      | BUILD                                         |
| updated                     | 2018-01-03T07:39:13Z                          |
| user_id                     | 1df20bd306664a498a6c9d6af66263a8              |
| volumes_attached            |                                               |
+-----------------------------+-----------------------------------------------+

查看虚拟机(状态从改变BUILDACTIVE时构建过程成功完成。

[root@linux-node2 ~]# openstack server list
+--------------------------------------+-------------------+--------+----------+--------+---------+
| ID                                   | Name              | Status | Networks | Image  | Flavor  |
+--------------------------------------+-------------------+--------+----------+--------+---------+
| 00d4afc5-266f-4852-9c7f-b86c2a5ec3f3 | provider-instance | BUILD  |          | cirros | m1.nano |
+--------------------------------------+-------------------+--------+----------+--------+---------+
[root@linux-node2 ~]# openstack server list
+--------------------------------------+-------------------+--------+-------------------------+--------+---------+
| ID                                   | Name              | Status | Networks                | Image  | Flavor  |
+--------------------------------------+-------------------+--------+-------------------------+--------+---------+
| 00d4afc5-266f-4852-9c7f-b86c2a5ec3f3 | provider-instance | ACTIVE | provider=192.168.57.105 | cirros | m1.nano |
+--------------------------------------+-------------------+--------+-------------------------+--------+---------+
查看虚拟机的VNC的URL
[root@linux-node2 ~]# openstack console url show provider-instance
+-------+----------------------------------------------------------------------------------+
| Field | Value                                                                            |
+-------+----------------------------------------------------------------------------------+
| type  | novnc                                                                            |
| url   | http://linux-node2:6080/vnc_auto.html?token=2d0363d8-dcc7-4048-a3e8-38ad0551bc18 |
+-------+----------------------------------------------------------------------------------+

10.7网页查看

10.8 测试网络连通性

openstack server list中查看的IP地址为192.168.57.105

现在在node1 node2 进行测试

Node2 测试结果

[root@linux-node2 ~]# ping -c 4 192.168.57.105
PING 192.168.57.105 (192.168.57.105) 56(84) bytes of data.
64 bytes from 192.168.57.105: icmp_seq=1 ttl=64 time=2.48 ms
64 bytes from 192.168.57.105: icmp_seq=2 ttl=64 time=2.23 ms
64 bytes from 192.168.57.105: icmp_seq=3 ttl=64 time=1.84 ms
64 bytes from 192.168.57.105: icmp_seq=4 ttl=64 time=2.64 ms

--- 192.168.57.105 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 1.841/2.299/2.642/0.305 ms

node1 测试结果

[root@linux-node1 neutron]#  ping -c 4 192.168.57.105
PING 192.168.57.105 (192.168.57.105) 56(84) bytes of data.
64 bytes from 192.168.57.105: icmp_seq=1 ttl=64 time=1.33 ms
64 bytes from 192.168.57.105: icmp_seq=2 ttl=64 time=0.873 ms
64 bytes from 192.168.57.105: icmp_seq=3 ttl=64 time=1.22 ms
64 bytes from 192.168.57.105: icmp_seq=4 ttl=64 time=2.47 ms

--- 192.168.57.105 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 0.873/1.478/2.476/0.602 ms

10.9 Ssh连接测试一下

[root@linux-node2 ~]# ssh cirros@192.168.57.105
The authenticity of host '192.168.57.105 (192.168.57.105)' can't be established.
RSA key fingerprint is SHA256:7Qa9JtqTy/3uqoJKw7doB6hC93pHEuHbv+e6xpgPGD8.
RSA key fingerprint is MD5:61:64:aa:1a:94:f7:dc:26:58:f5:cf:fd:ba:48:66:b5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.57.105' (RSA) to the list of known hosts.

$ ifconfig
eth0      Link encap:Ethernet  HWaddr FA:16:3E:27:D7:37  
          inet addr:192.168.57.105  Bcast:192.168.57.255  Mask:255.255.255.0
          inet6 addr: fe80::f816:3eff:fe27:d737/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:364 errors:0 dropped:0 overruns:0 frame:0
          TX packets:249 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:33991 (33.1 KiB)  TX bytes:26215 (25.6 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

十一、块存储服务(控制节点node2 操作)

11.1 数据库操作

$ mysql -u root –p
MariaDB [(none)]> CREATE DATABASE cinder;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \
  IDENTIFIED BY 'cinder';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \
  IDENTIFIED BY 'cinder';

11.2创建服务凭据

$ openstack user create --domain default --password-prompt cinder

User Password: cinder  ###密码
Repeat User Password: cinder 
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 9d7e33de3e1a498390353819bc7d245d |
| name                | cinder                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

添加到admin

$ openstack role add --project service --user cinder admin

11.3 创建cinderv2cinderv3服务实体:

$ openstack service create --name cinderv2 \
  --description "OpenStack Block Storage" volumev2

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Block Storage          |
| enabled     | True                             |
| id          | eb9fd245bdbc414695952e93f29fe3ac |
| name        | cinderv2                         |
| type        | volumev2                         |
+-------------+----------------------------------+
$ openstack service create --name cinderv3 \
  --description "OpenStack Block Storage" volumev3

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Block Storage          |
| enabled     | True                             |
| id          | ab3bbbef780845a1a283490d281e7fda |
| name        | cinderv3                         |
| type        | volumev3                         |
+-------------+----------------------------------+

11.4建立快存储API

$ openstack endpoint create --region RegionOne \
  volumev2 public http://linux-node2:8776/v2/%\(project_id\)s

$ openstack endpoint create --region RegionOne \
  volumev2 internal http://linux-node2:8776/v2/%\(project_id\)s

$ openstack endpoint create --region RegionOne \
  volumev2 admin http://linux-node2:8776/v2/%\(project_id\)s

openstack endpoint create --region RegionOne \
  volumev3 public http://linux-node2:8776/v3/%\(project_id\)s

openstack endpoint create --region RegionOne \
  volumev3 internal http://linux-node2:8776/v3/%\(project_id\)s

openstack endpoint create --region RegionOne \
  volumev3 admin http://linux-node2:8776/v3/%\(project_id\)s

11.5 安装cinder

# yum install openstack-cinder

11.6配置cinder/etc/cinder/cinder.conf

[database]
connection = mysql://cinder:cinder @linux-node2/cinder

default部分

[DEFAULT] # ...
transport_url = rabbit://openstack:openstack@linux-node2
auth_strategy = keystone
my_ip = 192.168.57.145
[keystone_authtoken]
# ...
auth_uri = http://linux-node2:5000
auth_url = http://linux-node2:35357
memcached_servers = linux-node2:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = cinder
[oslo_concurrency]
# ...
lock_path = /var/lib/cinder/tmp

配置计算使用块存储

编辑/etc/nova/nova.conf文件并添加以下内容:

[cinder] 
os_region_name  =  RegionOne

11.7 填充数据库

# su -s /bin/sh -c "cinder-manage db sync" cinder

11.8完成安装

重新启动计算API服务:

# systemctl restart openstack-nova-api.service

启动块存储服务并将其配置为在系统引导时启动:

# systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
# systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service

十二、块存储服务(可以新开一台机器也可以使用计算节点,我这里使用的计算节点node1

首先添加一块硬盘50G吧。使用LVM的方式

12.1 安装lvm

# yum install lvm2
# systemctl enable lvm2-lvmetad.service
# systemctl start lvm2-lvmetad.service

12.2配置lvm

创建LVM物理卷/dev/sdb

# pvcreate /dev/sdb

Physical volume "/dev/sdb" successfully created

创建LVM卷组cinder-volumes

# vgcreate cinder-volumes /dev/sdb

Volume group "cinder-volumes" successfully created

编辑 /etc/lvm/lvm.conf

devices {
...
filter = [ "a/sdb/", "r/.*/"]

#################################其他方式

如果您的存储节点在操作系统磁盘上使用LVM,则还必须将关联的设备添加到过滤器。例如,如果/dev/sda设备包含操作系统:

filter  =  [“a / sda /”,“a / sdb /”,“r /.*/”]

同样,如果计算节点在操作系统磁盘上使用LVM,则还必须修改/etc/lvm/lvm.conf这些节点上的文件中的筛选器, 使其只包含操作系统磁盘。例如,如果/dev/sda 设备包含操作系统:

filter  =  [“a / sda /”,“r /.*/”]

12.3安装和配置的部件

yum install openstack-cinder targetcli python-keystone

12.4配置主配置文件(/etc/cinder/cinder.conf

[DEFAULT]
# ...
transport_url = rabbit://openstack:openstack@linux-node2
auth_strategy = keystone
my_ip = 192.168.57.142
enabled_backends = lvm
glance_api_servers = http://linux-node2:9292
[database]
# ...
connection = mysql://cinder:cinder@linux-node2/cinder
[keystone_authtoken]
# ...
auth_uri = http://linux-node2:5000
auth_url = http://linux-node2:35357
memcached_servers = linux-node2:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = cinder
########【lvm】在最后面添加###############
[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm
[oslo_concurrency]
# ...
lock_path = /var/lib/cinder/tmp

12.5 启动

# systemctl enable openstack-cinder-volume.service target.service
# systemctl start openstack-cinder-volume.service target.service

12.6 检查

[root@linux-node2 cinder]# admin-openrc
[root@linux-node2 cinder]# openstack volume service list
+------------------+-----------------+------+---------+-------+----------------------------+
| Binary           | Host            | Zone | Status  | State | Updated At                 |
+------------------+-----------------+------+---------+-------+----------------------------+
| cinder-scheduler | linux-node2     | nova | enabled | up    | 2018-01-02T16:11:10.000000 |
| cinder-volume    | linux-node1@lvm | nova | enabled | up    | 2018-01-02T16:11:05.000000 |
+------------------+-----------------+------+---------+-------+----------------------------+

12.7 创建块存储

创建一个10G的存储

[root@linux-node2 cinder]# openstack volume create --size 10 volume1
+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| attachments         | []                                   |
| availability_zone   | nova                                 |
| bootable            | false                                |
| consistencygroup_id | None                                 |
| created_at          | 2018-01-02T15:46:13.269273           |
| description         | None                                 |
| encrypted           | False                                |
| id                  | d1b2e03b-c80a-4cde-ad25-65abab621b0c |
| migration_status    | None                                 |
| multiattach         | False                                |
| name                | volume1                              |
| properties          |                                      |
| replication_status  | None                                 |
| size                | 10                                   |
| snapshot_id         | None                                 |
| source_volid        | None                                 |
| status              | creating                             |
| type                | None                                 |
| updated_at          | None                                 |
| user_id             | 40a299a16064488facc16764cb635c12     |
+---------------------+--------------------------------------+

查看

[root@linux-node2 cinder]# openstack volume list
+--------------------------------------+---------+-----------+------+-------------+
| ID                                   | Name    | Status    | Size | Attached to |
+--------------------------------------+---------+-----------+------+-------------+
| d1b2e03b-c80a-4cde-ad25-65abab621b0c | volume1 | available |   10 |             |
+--------------------------------------+---------+-----------+------+-------------+

12.7将卷附加到实例

[root@linux-node2 cinder]# openstack server add volume provider-instance volume1

查看

[root@linux-node2 cinder]# openstack volume list
+--------------------------------------+---------+--------+------+--------------------------------------------+
| ID                                   | Name    | Status | Size | Attached to                                |
+--------------------------------------+---------+--------+------+--------------------------------------------+
| d1b2e03b-c80a-4cde-ad25-65abab621b0c | volume1 | in-use |   10 | Attached to provider-instance on /dev/vdb  |
+--------------------------------------+---------+--------+------+--------------------------------------------+
[root@linux-node2 cinder]#

十三、安装虚拟机

这里我是自己上传了一个Centos7 的镜像。像上面创建实例一样创建的。后面把硬盘添加到这个实例里面。后面启动。就有了下面的画面



已经显示有10G硬盘了。现在可以安装系统了。我笔记本配置比较渣渣。弄起来太慢了

VNC连接node1 KVM就可以操作了。网页不好操作

Node1 中有一个5901的进程。我们用VNC的客户端连接一下就够了

只要等它安装完就够了。


如果觉得我的文章对您有用,请随意打赏。您的支持将鼓励我继续创作!

说点什么

avatar
  Subscribe  
提醒