實(shí)驗(yàn)環(huán)境
洪山ssl適用于網(wǎng)站、小程序/APP、API接口等需要進(jìn)行數(shù)據(jù)傳輸應(yīng)用場(chǎng)景,ssl證書未來(lái)市場(chǎng)廣闊!成為創(chuàng)新互聯(lián)公司的ssl證書銷售渠道,可以享受市場(chǎng)價(jià)格4-6折優(yōu)惠!如果有意向歡迎電話聯(lián)系或者加微信:18980820575(備注:SSL證書合作)期待與您的合作!
系統(tǒng):CentOS-7-x86_64-DVD-1804
實(shí)驗(yàn)環(huán)境:vmware
hostname ip 功能
node1.heleicool.cn 172.16.175.11 管理節(jié)點(diǎn)
node2.heleicool.cn 172.16.175.12 計(jì)算節(jié)點(diǎn)
環(huán)境設(shè)置
安裝必要軟件:
yum install -y vim net-tools wget telnet
分別配置/etc/hosts文件:
172.16.175.11 node1.heleicool.cn
172.16.175.12 node2.heleicool.cn
分別配置/etc/resolv.conf文件:
nameserver 8.8.8.8
關(guān)閉防火墻:
systemctl disable firewalld?
systemctl stop firewalld?
關(guān)閉selinux:(應(yīng)該可以省略)
setenforce 0
vim /etc/selinux/config
SELINUX=disabled
安裝openstack包
安裝對(duì)應(yīng)版本的epel庫(kù):
yum install centos-release-openstack-rocky -y
安裝openstack客戶端:
yum install python-openstackclient -y
RHEL和CentOS 默認(rèn)啟用SELinux。安裝 openstack-selinux軟件包以自動(dòng)管理OpenStack服務(wù)的安全策略:
yum install openstack-selinux -y
數(shù)據(jù)庫(kù)安裝
安裝包:
yum install mariadb mariadb-server python2-PyMySQL -y
創(chuàng)建和編輯配置文件/etc/my.cnf.d/openstack.cnf:
[mysqld]
bind-address = 172.16.175.11
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
啟動(dòng)數(shù)據(jù)庫(kù):
systemctl enable mariadb.service
systemctl start mariadb.service
通過(guò)運(yùn)行mysql_secure_installation 腳本來(lái)保護(hù)數(shù)據(jù)庫(kù)服務(wù)。特別是,為數(shù)據(jù)庫(kù)root帳戶選擇合適的密碼 :
mysql_secure_installation
NOTE:?RUNNING?ALL?PARTS?OF?THIS?SCRIPT?IS?RECOMMENDED?FOR?ALL?MariaDB ??????SERVERS?IN?PRODUCTION?USE!??PLEASE?READ?EACH?STEP?CAREFULLY! In?order?to?log?into?MariaDB?to?secure?it,?we'll?need?the?current password?for?the?root?user.??If?you've?just?installed?MariaDB,?and you?haven't?set?the?root?password?yet,?the?password?will?be?blank, so?you?should?just?press?enter?here. Enter?current?password?for?root?(enter?for?none): OK,?successfully?used?password,?moving?on... Setting?the?root?password?ensures?that?nobody?can?log?into?the?MariaDB root?user?without?the?proper?authorisation. Set?root?password??[Y/n]?y??#?是否設(shè)置root密碼 New?password: #?輸入兩次root密碼 Re-enter?new?password: Password?updated?successfully! Reloading?privilege?tables.. ?...?Success! By?default,?a?MariaDB?installation?has?an?anonymous?user,?allowing?anyone to?log?into?MariaDB?without?having?to?have?a?user?account?created?for them.??This?is?intended?only?for?testing,?and?to?make?the?installation go?a?bit?smoother.??You?should?remove?them?before?moving?into?a production?environment. Remove?anonymous?users??[Y/n]?y??#?是否刪除匿名用戶 ?...?Success! Normally,?root?should?only?be?allowed?to?connect?from?'localhost'.??This ensures?that?someone?cannot?guess?at?the?root?password?from?the?network. Disallow?root?login?remotely??[Y/n]?y?#?是否禁止root遠(yuǎn)程登陸 ?...?Success! By?default,?MariaDB?comes?with?a?database?named?'test'?that?anyone?can access.??This?is?also?intended?only?for?testing,?and?should?be?removed before?moving?into?a?production?environment. Remove?test?database?and?access?to?it??[Y/n]?y?#?是否刪除test庫(kù) ▽ ?-?Dropping?test?database... ▽ ?...?Success! ?-?Removing?privileges?on?test?database... ?...?Success! Reloading?the?privilege?tables?will?ensure?that?all?changes?made?so?far will?take?effect?immediately. Reload?privilege?tables?now??[Y/n]?y??#?加載權(quán)限表 ?...?Success! Cleaning?up... All?done!??If?you've?completed?all?of?the?above?steps,?your?MariaDB installation?should?now?be?secure. Thanks?for?using?MariaDB!
安裝消息隊(duì)列
安裝rabbitmq
yum install rabbitmq-server -y
啟動(dòng)rabbitmy
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
添加openstack用戶
# 我 添加的用戶名為openstack,密碼也是。
rabbitmqctl add_user openstack openstack
對(duì)openstack用戶進(jìn)行讀寫授權(quán):
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
###安裝Memcached
安裝Memacached
yum install memcached python-memcached -y
編輯/etc/sysconfig/memcached,修改配置
OPTIONS="-l 127.0.0.1,::1,172.16.175.11"
啟動(dòng)memcached
systemctl enable memcached.service
systemctl start memcached.service
目前為止端口信息如下
#?rabbitmq?端口 tcp????????0??????0?0.0.0.0:25672???????????0.0.0.0:*???????????????LISTEN??????1690/beam #?mariadb-server?端口 tcp????????0??????0?172.16.175.11:3306??????0.0.0.0:*???????????????LISTEN??????1506/mysqld #?memcached?端口 tcp????????0??????0?172.16.175.11:11211?????0.0.0.0:*???????????????LISTEN??????2236/memcached tcp????????0??????0?127.0.0.1:11211?????????0.0.0.0:*???????????????LISTEN??????2236/memcached tcp????????0??????0?0.0.0.0:4369????????????0.0.0.0:*???????????????LISTEN??????1/systemd tcp????????0??????0?0.0.0.0:22??????????????0.0.0.0:*???????????????LISTEN??????766/sshd tcp????????0??????0?127.0.0.1:25????????????0.0.0.0:*???????????????LISTEN??????1050/master tcp6???????0??????0?:::5672?????????????????:::*????????????????????LISTEN??????1690/beam tcp6???????0??????0?::1:11211???????????????:::*????????????????????LISTEN??????2236/memcached tcp6???????0??????0?:::22???????????????????:::*????????????????????LISTEN??????766/sshd tcp6???????0??????0?::1:25??????????????????:::*????????????????????LISTEN??????1050/master
開始安裝openstack服務(wù)
keystone服務(wù)安裝
配置keystone數(shù)據(jù)庫(kù):
使用數(shù)據(jù)庫(kù)訪問(wèn)客戶端以root用戶身份連接到數(shù)據(jù)庫(kù)服務(wù)器:
mysql -u root -p
創(chuàng)建keystone數(shù)據(jù)庫(kù),授予對(duì)keystone數(shù)據(jù)庫(kù)的適當(dāng)訪問(wèn)權(quán)限:
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
安裝配置keystone
運(yùn)行以下命令以安裝軟件包:
yum install openstack-keystone httpd mod_wsgi -y
編輯/etc/keystone/keystone.conf文件并完成以下操作:
[database]
connection = mysql+pymysql://keystone:keystone@172.16.175.11/keystone
[token]
provider = fernet
填充Identity服務(wù)數(shù)據(jù)庫(kù):
su -s /bin/sh -c "keystone-manage db_sync" keystone
# 驗(yàn)證數(shù)據(jù)庫(kù)表
mysql -ukeystone -pkeystone -e "use keystone; show tables;"
初始化Fernet密鑰存儲(chǔ)庫(kù):
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
引導(dǎo)身份服務(wù):
# ADMIN_PASS為管理用戶的密碼,這里是設(shè)置密碼。
keystone-manage bootstrap --bootstrap-password admin \
? --bootstrap-admin-url http://172.16.175.11:5000/v3/ \
? --bootstrap-internal-url http://172.16.175.11:5000/v3/ \
? --bootstrap-public-url http://172.16.175.11:5000/v3/ \
? --bootstrap-region-id RegionOne
配置Apache HTTP服務(wù)
編輯/etc/httpd/conf/httpd.conf
ServerName 172.16.175.11
創(chuàng)建/usr/share/keystone/wsgi-keystone.conf文件的鏈接:
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
啟動(dòng)服務(wù)
啟動(dòng)Apache HTTP服務(wù)并將其配置為在系統(tǒng)引導(dǎo)時(shí)啟動(dòng):
systemctl enable httpd.service
systemctl start httpd.service
配置管理帳戶
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://172.16.175.11:5000/v3
export OS_IDENTITY_API_VERSION=3
創(chuàng)建domain,projects,users and roles
雖然本指南中的keystone-manage bootstrap步驟中已存在“默認(rèn)”域,但創(chuàng)建新域的正式方法是:
# openstack domain create --description "An Example Domain" example
使用默認(rèn)的domain,創(chuàng)建service project:用做服務(wù)。
openstack project create --domain default \
? --description "Service Project" service
創(chuàng)建myproject項(xiàng)目:用做常規(guī)(非管理員)任務(wù)應(yīng)使用非特權(quán)項(xiàng)目和用戶。
openstack project create --domain default \
? --description "Demo Project" myproject
創(chuàng)建myuser用戶:
# 創(chuàng)建用戶需要輸入密碼
openstack user create --domain default \
? --password-prompt myuser
創(chuàng)建myrole角色:
openstack role create myrole
將myuser添加到myproject項(xiàng)目中并賦予myrole的角色:
openstack role add --project myproject --user myuser myrole
驗(yàn)證用戶
取消設(shè)置臨時(shí) 變量OS_AUTH_URL和OS_PASSWORD環(huán)境變量:
unset OS_AUTH_URL OS_PASSWORD
作為admin用戶,請(qǐng)求身份驗(yàn)證令牌:
# 執(zhí)行后需要輸入admin密碼
openstack --os-auth-url http://172.16.175.11:5000/v3 \
? --os-project-domain-name Default --os-user-domain-name Default \
? --os-project-name admin --os-username admin token issue
作為myuser用戶,請(qǐng)求身份驗(yàn)證令牌:
# 執(zhí)行后需要輸入admin密碼
openstack --os-auth-url http://172.16.175.11:5000/v3 \
? --os-project-domain-name Default --os-user-domain-name Default \
? --os-project-name myproject --os-username myuser token issue
創(chuàng)建openstack 客戶端環(huán)境腳本
openstack客戶端通過(guò)添加參數(shù)或使用環(huán)境變量的方式來(lái)與Identity服務(wù)進(jìn)行交互,為了提高效率,創(chuàng)建環(huán)境腳本:
創(chuàng)建admin用戶環(huán)境腳本:admin-openstack.sh
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://172.16.175.11:5000/v3
export OS_IDENTITY_API_VERSION=3
創(chuàng)建myuser用戶環(huán)境腳本:demo-openstack.sh
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=myuser
export OS_AUTH_URL=http://172.16.175.11:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
使用腳本
source admin-openstack.sh
openstack token issue
glance服務(wù)安裝
配置glance數(shù)據(jù)庫(kù):
root用戶登陸數(shù)據(jù)庫(kù):
mysql -u root -p
創(chuàng)建glance數(shù)據(jù)庫(kù)和用戶授權(quán):
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
創(chuàng)建glance服務(wù)憑證,使用admin用戶:
source admin-openstack.sh
創(chuàng)建glance用戶:
# 需要輸入glance用戶密碼,我的是 glance
openstack user create --domain default --password-prompt glance
將glance用戶添加到service項(xiàng)目中,并賦予admin角色:
openstack role add --project service --user glance admin
創(chuàng)建glance服務(wù)實(shí)體:
openstack service create --name glance \
? --description "OpenStack Image" image
創(chuàng)建Image服務(wù)API端點(diǎn):
openstack endpoint create --region RegionOne image public http://172.16.175.11:9292
openstack endpoint create --region RegionOne image internal http://172.16.175.11:9292
openstack endpoint create --region RegionOne image admin http://172.16.175.11:9292
安裝和配置glance
安裝包:
yum install openstack-glance -y?
編輯/etc/glance/glance-api.conf文件并完成以下操作:
# 配置數(shù)據(jù)庫(kù)訪問(wèn):
[database]
connection = mysql+pymysql://glance:glance@172.16.175.11/glance
# 配置身份服務(wù)訪問(wèn):
[keystone_authtoken]
www_authenticate_uri? = http://172.16.175.11:5000
auth_url = http://172.16.175.11:5000
memcached_servers = 172.16.175.11:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
# 配置本地文件系統(tǒng)存儲(chǔ)和映像文件的位置:
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
編輯/etc/glance/glance-registry.conf文件并完成以下操作:
# 配置數(shù)據(jù)庫(kù)訪問(wèn):
[database]
connection = mysql+pymysql://glance:glance@172.16.175.11/glance
# 配置身份服務(wù)訪問(wèn):
[keystone_authtoken]
www_authenticate_uri = http://172.16.175.11:5000
auth_url = http://172.16.175.11:5000
memcached_servers = 172.16.175.11:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
填充Image服務(wù)數(shù)據(jù)庫(kù),并驗(yàn)證:
su -s /bin/sh -c "glance-manage db_sync" glance
mysql -uglance -pglance -e "use glance; show tables;"
啟動(dòng)服務(wù):
systemctl enable openstack-glance-api.service \
? openstack-glance-registry.service
systemctl start openstack-glance-api.service \
? openstack-glance-registry.service
驗(yàn)證服務(wù)
來(lái)源admin憑據(jù)來(lái)訪問(wèn)僅管理員CLI命令:
source admin-openstack.sh
下載源圖像:
wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
使用QCOW2磁盤格式,bare容器格式和公共可見性將圖像上載到Image服務(wù) ,以便所有項(xiàng)目都可以訪問(wèn)它:
# 確保cirros-0.4.0-x86_64-disk.img 文件在當(dāng)前目錄下
openstack image create "cirros" \
? --file cirros-0.4.0-x86_64-disk.img \
? --disk-format qcow2 --container-format bare \
? --public
確認(rèn)上傳圖像并驗(yàn)證屬性:
openstack image list
nova服務(wù)安裝
Nova控制節(jié)點(diǎn)安裝
建立nova數(shù)據(jù)庫(kù)信息:
mysql -u root -p
創(chuàng)建nova_api,nova,nova_cell0,和placement數(shù)據(jù)庫(kù):
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'placement';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'placement';
使用admin權(quán)限訪問(wèn):
source admin-openstack.sh
創(chuàng)建nova用戶:
openstack user create --domain default --password-prompt nova
將admin角色添加到nova用戶:
openstack role add --project service --user nova admin
創(chuàng)建nova服務(wù)實(shí)體:
openstack service create --name nova --description "OpenStack Compute" compute
創(chuàng)建Compute API服務(wù)端點(diǎn):
openstack endpoint create --region RegionOne compute public http://172.16.175.11:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://172.16.175.11:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://172.16.175.11:8774/v2.1
創(chuàng)建placement用戶:
# 需要設(shè)置用戶名的密碼,我的密碼是 placement
openstack user create --domain default --password-prompt placement
使用admin角色將Placement用戶添加到服務(wù)項(xiàng)目:
openstack role add --project service --user placement admin
創(chuàng)建placement服務(wù)實(shí)體:
openstack service create --name placement --description "Placement API" placement
創(chuàng)建Placement API服務(wù)端點(diǎn):
openstack endpoint create --region RegionOne placement public http://172.16.175.11:8778
openstack endpoint create --region RegionOne placement internal http://172.16.175.11:8778
openstack endpoint create --region RegionOne placement admin http://172.16.175.11:8778
#####安裝nova
yum install openstack-nova-api openstack-nova-conductor \
? openstack-nova-console openstack-nova-novncproxy \
? openstack-nova-scheduler openstack-nova-placement-api -y
編輯/etc/nova/nova.conf文件并完成以下操作:
# 僅啟用計(jì)算和元數(shù)據(jù)API
[DEFAULT]
enabled_apis = osapi_compute,metadata
# 配置數(shù)據(jù)庫(kù)訪問(wèn)
[api_database]
connection = mysql+pymysql://nova:nova@172.16.175.11/nova_api
[database]
connection = mysql+pymysql://nova:nova@172.16.175.11/nova
[placement_database]
connection = mysql+pymysql://placement:placement@172.16.175.11/placement
# 配置RabbitMQ消息隊(duì)列訪問(wèn)
[DEFAULT]
transport_url = rabbit://openstack:openstack@172.16.175.11
# 配置身份服務(wù)訪問(wèn)
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_url = http://172.16.175.11:5000/v3
memcached_servers = 172.16.175.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
# 啟用對(duì)網(wǎng)絡(luò)服務(wù)的支持
[DEFAULT]
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
# 配置VNC代理以使用控制器節(jié)點(diǎn)的管理接口IP地址
[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = 172.16.175.11
# 配置Image服務(wù)API的位置
[glance]
api_servers = http://172.16.175.11:9292
# 配置鎖定路徑
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
# 配置Placement API
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://172.16.175.11:5000/v3
username = placement
password = placement
配置添加到以下內(nèi)容來(lái)啟用對(duì)Placement API的訪問(wèn) /etc/httpd/conf.d/00-nova-placement-api.conf:
添加到配置文件最后
<Directory /usr/bin>
? ?<IfVersion >= 2.4>
? ? ? Require all granted
? ?</IfVersion>
? ?<IfVersion < 2.4>
? ? ? Order allow,deny
? ? ? Allow from all
? ?</IfVersion>
</Directory>
重啟httpd服務(wù)
systemctl restart httpd
填充nova-api和placement數(shù)據(jù)庫(kù):
su -s /bin/sh -c "nova-manage api_db sync" nova
注冊(cè)cell0數(shù)據(jù)庫(kù):
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
創(chuàng)建cell1單元格:
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
填充nova數(shù)據(jù)庫(kù):
su -s /bin/sh -c "nova-manage db sync" nova
驗(yàn)證nova cell0和cell1是否正確注冊(cè):
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
驗(yàn)證數(shù)據(jù)庫(kù):
mysql -unova -pnova -e "use nova ; show tables;"
mysql -unova -pnova -e "use nova_api ; show tables;"
mysql -unova -pnova -e "use nova_cell0 ; show tables;"
mysql -uplacement -pplacement -e "use placement ; show tables;"
啟動(dòng)nova 控制節(jié)點(diǎn)服務(wù)
systemctl enable openstack-nova-api.service \
? openstack-nova-scheduler.service openstack-nova-conductor.service \
? openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service \
? openstack-nova-scheduler.service openstack-nova-conductor.service \
? openstack-nova-novncproxy.service
Nova計(jì)算節(jié)點(diǎn)安裝
安裝包
yum install openstack-nova-compute -y
編輯/etc/nova/nova.conf文件并完成以下操作:
# 拉取控制節(jié)點(diǎn)配置進(jìn)行修改。刪除以下配置即可,這些是數(shù)據(jù)庫(kù)訪問(wèn)的配置。
[api_database]
connection = mysql+pymysql://nova:nova@172.16.175.11/nova_api
[database]
connection = mysql+pymysql://nova:nova@172.16.175.11/nova
[placement_database]
connection = mysql+pymysql://placement:placement@172.16.175.11/placement
# 添加內(nèi)容如下:
[vnc]
# 修改為計(jì)算節(jié)點(diǎn)的IP
server_proxyclient_address = 172.16.175.12
novncproxy_base_url = http://172.16.175.11:6080/vnc_auto.html
確定您的計(jì)算節(jié)點(diǎn)是否支持虛擬機(jī)的硬件加速:
egrep -c '(vmx|svm)' /proc/cpuinfo
如果此命令返回值大于1,則計(jì)算節(jié)點(diǎn)支持硬件加速,通常不需要其他配置。
如果此命令返回值z(mì)ero,則您的計(jì)算節(jié)點(diǎn)不支持硬件加速,您必須配置libvirt為使用QEMU而不是KVM。
編輯文件中的[libvirt]部分,/etc/nova/nova.conf如下所示:
[libvirt]
# ...
virt_type = kvm
# 我這里的返回值雖然大于1,但是配置為kvm導(dǎo)致虛擬機(jī)不能啟動(dòng),修改為qemu正常,求大神赤腳。
啟動(dòng)nova計(jì)算節(jié)點(diǎn)服務(wù)
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
將計(jì)算節(jié)點(diǎn)添加到單元數(shù)據(jù)庫(kù)(在管理節(jié)點(diǎn)執(zhí)行)
source admin-openstack.sh
# 確認(rèn)數(shù)據(jù)庫(kù)中有主機(jī)
openstack compute service list --service nova-compute
# 發(fā)現(xiàn)計(jì)算主機(jī)
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
添加新計(jì)算節(jié)點(diǎn)時(shí),必須在控制器節(jié)點(diǎn)上運(yùn)行以注冊(cè)這些新計(jì)算節(jié)點(diǎn)。或者,您可以在以下位置設(shè)置適當(dāng)?shù)拈g隔 :/etc/nova/nova.conf
[scheduler]
discover_hosts_in_cells_interval = 300
驗(yàn)證操作
source admin-openstack.sh
# 列出服務(wù)組件以驗(yàn)證每個(gè)進(jìn)程的成功啟動(dòng)和注冊(cè):state為up 狀態(tài)
openstack compute service list
# 列出Identity服務(wù)中的API端點(diǎn)以驗(yàn)證與Identity服務(wù)的連接
openstack catalog list
# 列出Image服務(wù)中的圖像以驗(yàn)證與Image服務(wù)的連接:
openstack image list
# 檢查單元格和放置API是否成功運(yùn)行:
nova-status upgrade check
這里說(shuō)明一下,在openstack compute service list命令進(jìn)行查看時(shí)官方文檔比你多啟動(dòng)一個(gè)服務(wù)器,你啟動(dòng)它就行了。
這個(gè)服務(wù)是控制臺(tái)遠(yuǎn)程連接認(rèn)證服務(wù)器,不安裝不能進(jìn)行vnc遠(yuǎn)程登錄。
systemctl enable openstack-nova-consoleauth
systemctl start openstack-nova-consoleauth
neutron 服務(wù)安裝
neutron控制節(jié)點(diǎn)安裝
為neutron服務(wù)創(chuàng)建數(shù)據(jù)庫(kù)相關(guān):
mysql -uroot -p
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
創(chuàng)建neutron管理用戶
openstack user create --domain default --password-prompt neutron
將neutron用戶添加到 neutron 服務(wù)中,并賦予admin的角色
openstack role add --project service --user neutron admin
創(chuàng)建neutron服務(wù)實(shí)體:
openstack service create --name neutron --description "OpenStack Networking" network
創(chuàng)建網(wǎng)絡(luò)服務(wù)API端點(diǎn):
openstack endpoint create --region RegionOne network public http://172.16.175.11:9696
openstack endpoint create --region RegionOne network internal http://172.16.175.11:9696
openstack endpoint create --region RegionOne network admin http://172.16.175.11:9696
配置網(wǎng)絡(luò)選項(xiàng)
您可以使用選項(xiàng)1(Procider)、2(Self-service)表示的兩種體系結(jié)構(gòu)之一來(lái)部署網(wǎng)絡(luò)服務(wù)。
選項(xiàng)1部署了最簡(jiǎn)單的架構(gòu),該架構(gòu)僅支持將實(shí)例附加到提供商(外部)網(wǎng)絡(luò)。沒有自助(私有)網(wǎng)絡(luò),路由器或浮動(dòng)IP地址。只有該admin特權(quán)用戶或其他特權(quán)用戶才能管理提供商網(wǎng)絡(luò)。
Procider Network
安裝插件
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
配置服務(wù)器組件
編輯/etc/neutron/neutron.conf文件并完成以下操作
[DEFAULT]
# 啟用模塊化第2層(ML2)插件并禁用其他插件
core_plugin = ml2
service_plugins =
# 通知Compute網(wǎng)絡(luò)拓?fù)涓?/p>
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
# 配置RabbitMQ 消息隊(duì)列訪問(wèn)
transport_url = rabbit://openstack:openstack@172.16.175.11
auth_strategy = keystone
[database]
# 配置數(shù)據(jù)庫(kù)訪問(wèn)
connection = mysql+pymysql://neutron:neutron@172.16.175.11/neutron
[keystone_authtoken]
# 配置身份服務(wù)訪問(wèn)
www_authenticate_uri = http://172.16.175.11:5000
auth_url = http://172.16.175.11:5000
memcached_servers = 172.16.175.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
# 配置網(wǎng)絡(luò)以通知Compute網(wǎng)絡(luò)拓?fù)涓?/p>
[nova]
auth_url = http://172.16.175.11:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
# 配置鎖定路徑
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
配置模塊化第2層(ML2)插件
ML2插件使用Linux橋接機(jī)制為實(shí)例構(gòu)建第2層(橋接和交換)虛擬網(wǎng)絡(luò)基礎(chǔ)架構(gòu)。
編輯/etc/neutron/plugins/ml2/ml2_conf.ini文件并完成以下操作:
[ml2]
# 啟用平面和VLAN網(wǎng)絡(luò)
type_drivers = flat,vlan
# 禁用自助服務(wù)網(wǎng)絡(luò)
tenant_network_types =
# 啟用Linux橋接機(jī)制
mechanism_drivers = linuxbridge
# 啟用端口安全性擴(kuò)展驅(qū)動(dòng)程序
extension_drivers = port_security
[ml2_type_flat]
# 將提供商虛擬網(wǎng)絡(luò)配置為扁平網(wǎng)絡(luò)
flat_networks = provider
[securitygroup]
# 啟用ipset以提高安全組規(guī)則的效率
enable_ipset = true
配置linux網(wǎng)橋代理
Linux網(wǎng)橋代理為實(shí)例構(gòu)建第2層(橋接和交換)虛擬網(wǎng)絡(luò)基礎(chǔ)架構(gòu)并處理安全組。
編輯/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件并完成以下操作:
[linux_bridge]
# 提供者虛擬網(wǎng)絡(luò)映射到提供者物理網(wǎng)絡(luò)接口,這里的eth-0為映射的網(wǎng)卡
physical_interface_mappings = provider:eth-0
[vxlan]
# 禁用VXLAN覆蓋網(wǎng)絡(luò)
enable_vxlan = false
[securitygroup]
# 啟用安全組并配置Linux橋接iptables防火墻驅(qū)動(dòng)程序:
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
驗(yàn)證以下所有sysctl值設(shè)置為1:確保您的Linux操作系統(tǒng)內(nèi)核支持網(wǎng)橋過(guò)濾器:
modprobe br_netfilter
ls /proc/sys/net/bridge
在/etc/sysctl.conf中添加:
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
執(zhí)行生效
sysctl -p
配置DHCP代理
DHCP代理為虛擬網(wǎng)絡(luò)提供DHCP服務(wù)。
編輯/etc/neutron/dhcp_agent.ini文件并完成以下操作:
[DEFAULT]
# 配置Linux橋接接口驅(qū)動(dòng)程序,DNSmasq DHCP驅(qū)動(dòng)程序,并啟用隔離的元數(shù)據(jù),以便提供商網(wǎng)絡(luò)上的實(shí)例可以通過(guò)網(wǎng)絡(luò)訪問(wèn)元數(shù)據(jù):
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
Self-service networks
安裝組件
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
配置服務(wù)組件
編輯/etc/neutron/neutron.conf文件并完成以下操作:
[DEFAULT]
# 啟用模塊化第2層(ML2)插件,路由器服務(wù)和重疊的IP地址
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
# 配置RabbitMQ 消息隊(duì)列訪問(wèn)
transport_url = rabbit://openstack:openstack@172.16.175.11
auth_strategy = keystone
# 通知Compute網(wǎng)絡(luò)拓?fù)涓?/p>
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[database]
# 配置數(shù)據(jù)庫(kù)訪問(wèn)
connection = mysql+pymysql://neutron:neutron@172.16.175.11/neutron
[keystone_authtoken]
# 配置身份服務(wù)訪問(wèn)
www_authenticate_uri = http://172.16.175.11:5000
auth_url = http://172.16.175.11:5000
memcached_servers = 172.16.175.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
# 配置網(wǎng)絡(luò)以通知Compute網(wǎng)絡(luò)拓?fù)涓?/p>
[nova]
auth_url = http://172.16.175.11:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
# 配置鎖定路徑
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
配置模塊化第2層(ML2)插件
ML2插件使用Linux橋接機(jī)制為實(shí)例構(gòu)建第2層(橋接和交換)虛擬網(wǎng)絡(luò)基礎(chǔ)架構(gòu)。
編輯/etc/neutron/plugins/ml2/ml2_conf.ini文件并完成以下操作:
[ml2]
# 啟用flat,VLAN和VXLAN網(wǎng)絡(luò)
type_drivers = flat,vlan,vxlan
# 啟用VXLAN自助服務(wù)網(wǎng)絡(luò)
tenant_network_types = vxlan
# 啟用Linux橋和第2層填充機(jī)制
mechanism_drivers = linuxbridge,l2population
# 啟用端口安全性擴(kuò)展驅(qū)動(dòng)程序
extension_drivers = port_security
[ml2_type_flat]
# 將提供商虛擬網(wǎng)絡(luò)配置為扁平網(wǎng)絡(luò)
flat_networks = provider
[ml2_type_vxlan]
# 自助服務(wù)網(wǎng)絡(luò)配置VXLAN網(wǎng)絡(luò)標(biāo)識(shí)符范圍
vni_ranges = 1:1000
[securitygroup]
# 啟用ipset以提高安全組規(guī)則的效率
enable_ipset = true
配置Linux橋代理
Linux網(wǎng)橋代理為實(shí)例構(gòu)建第2層(橋接和交換)虛擬網(wǎng)絡(luò)基礎(chǔ)架構(gòu)并處理安全組。
編輯/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件并完成以下操作:
[linux_bridge]
# 提供者虛擬網(wǎng)絡(luò)映射到提供者物理網(wǎng)絡(luò)接口,這里的eth0為映射的網(wǎng)卡
physical_interface_mappings = provider:eth0
[vxlan]
# 啟用VXLAN重疊網(wǎng)絡(luò),配置處理覆蓋網(wǎng)絡(luò)的物理網(wǎng)絡(luò)接口的IP地址,并啟用第2層填充
enable_vxlan = true
local_ip = 172.16.175.11
l2_population = true
[securitygroup]
# 啟用安全組并配置Linux橋接iptables防火墻驅(qū)動(dòng)程序:
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
通過(guò)驗(yàn)證以下所有sysctl值設(shè)置為1:確保您的Linux操作系統(tǒng)內(nèi)核支持網(wǎng)橋過(guò)濾器:
modprobe br_netfilter
ls /proc/sys/net/bridge
在/etc/sysctl.conf中添加:
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
執(zhí)行生效
sysctl -p
配置第三層代理
第3層(L3)代理為自助虛擬網(wǎng)絡(luò)提供路由和NAT服務(wù)。
編輯/etc/neutron/l3_agent.ini文件并完成以下操作:
[DEFAULT]
# 配置Linux橋接接口驅(qū)動(dòng)程序和外部網(wǎng)橋
interface_driver = linuxbridge
配置DHCP代理
DHCP代理為虛擬網(wǎng)絡(luò)提供DHCP服務(wù)。
編輯/etc/neutron/dhcp_agent.ini文件并完成以下操作:
[DEFAULT]
# 配置Linux橋接接口驅(qū)動(dòng)程序,Dnsmasq DHCP驅(qū)動(dòng)程序,并啟用隔離的元數(shù)據(jù),以便提供商網(wǎng)絡(luò)上的實(shí)例可以通過(guò)網(wǎng)絡(luò)訪問(wèn)元數(shù)據(jù)
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
配置metadata 客戶端
metadata數(shù)據(jù)為虛擬機(jī)提供配置信息。
編輯/etc/neutron/metadata_agent.ini文件并完成以下操作
[DEFAULT]
# 配置metadata主機(jī)和共享密鑰
nova_metadata_host = controller
metadata_proxy_shared_secret = heleicool
# heleicool 為neutron和nova之間通信的密碼
配置計(jì)算服務(wù)(nova計(jì)算服務(wù))使用網(wǎng)絡(luò)服務(wù)
編輯/etc/nova/nova.conf文件并執(zhí)行以下操作
[neutron]
# 配置訪問(wèn)參數(shù),啟用metadata代理并配置密碼:
url = http://172.16.175.11:9696
auth_url = http://172.16.175.11:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = true
metadata_proxy_shared_secret = heleicool
安裝完成
網(wǎng)絡(luò)服務(wù)初始化腳本需要一個(gè)/etc/neutron/plugin.ini指向ML2插件配置文件的符號(hào)鏈接/etc/neutron/plugins/ml2/ml2_conf.ini。如果此符號(hào)鏈接不存在,請(qǐng)使用以下命令創(chuàng)建它
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
填充數(shù)據(jù)庫(kù),這里需要用到neutron.conf和ml2_conf.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
? --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
重啟nova 計(jì)算服務(wù),因?yàn)樾薷牧怂呐渲梦募?/p>
systemctl restart openstack-nova-api.service
啟動(dòng)網(wǎng)絡(luò)服務(wù)并將其配置為在系統(tǒng)引導(dǎo)時(shí)啟動(dòng)
systemctl enable neutron-server.service \
? neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
? neutron-metadata-agent.service
systemctl start neutron-server.service \
? neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
? neutron-metadata-agent.service
neutron 計(jì)算節(jié)點(diǎn)安裝
安裝組件
yum install openstack-neutron-linuxbridge ebtables ipset -y
配置公共組件
Networking公共組件配置包括身份驗(yàn)證機(jī)制,消息隊(duì)列和插件。
編輯/etc/neutron/neutron.conf文件并完成以下操作:
注釋掉任何connection選項(xiàng),因?yàn)橛?jì)算節(jié)點(diǎn)不直接訪問(wèn)數(shù)據(jù)庫(kù)
[DEFAULT]
# 配置RabbitMQ 消息隊(duì)列訪問(wèn)
transport_url = rabbit://openstack:openstack@172.16.175.11
# 配置身份服務(wù)訪問(wèn)
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://172.16.175.11:5000
auth_url = http://172.16.175.11:5000
memcached_servers = 172.16.175.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[oslo_concurrency]
# 配置鎖定路徑
lock_path = /var/lib/neutron/tmp
配置網(wǎng)絡(luò)選項(xiàng)
選擇為控制器節(jié)點(diǎn)選擇的相同網(wǎng)絡(luò)選項(xiàng),以配置特定于其的服務(wù)
Procider Network
配置網(wǎng)橋代理
Linux網(wǎng)橋代理為實(shí)例構(gòu)建第2層(橋接和交換)虛擬網(wǎng)絡(luò)基礎(chǔ)架構(gòu)并處理安全組。
編輯/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件并完成以下操作:
[linux_bridge]
# 將提供者虛擬網(wǎng)絡(luò)映射到提供者物理網(wǎng)絡(luò)接口
physical_interface_mappings = provider:eth0
[vxlan]
# 禁用VXLAN覆蓋網(wǎng)絡(luò)
enable_vxlan = false
[securitygroup]
# 啟用安全組并配置Linux橋接iptables防火墻驅(qū)動(dòng)程序
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
通過(guò)驗(yàn)證以下所有sysctl值設(shè)置為1:確保您的Linux操作系統(tǒng)內(nèi)核支持網(wǎng)橋過(guò)濾器:
modprobe br_netfilter
ls /proc/sys/net/bridge
在/etc/sysctl.conf中添加:
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
執(zhí)行生效
sysctl -p
Self-service networks
配置網(wǎng)橋代理
Linux網(wǎng)橋代理為實(shí)例構(gòu)建第2層(橋接和交換)虛擬網(wǎng)絡(luò)基礎(chǔ)架構(gòu)并處理安全組。
編輯/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件并完成以下操作:
[linux_bridge]
# 將提供者虛擬網(wǎng)絡(luò)映射到提供者物理網(wǎng)絡(luò)接口
physical_interface_mappings = provider:eth0
[vxlan]
# 啟用VXLAN重疊網(wǎng)絡(luò),配置處理覆蓋網(wǎng)絡(luò)的物理網(wǎng)絡(luò)接口的IP地址,并啟用第2層填充
enable_vxlan = true
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = true
[securitygroup]
# 啟用安全組并配置Linux橋接iptables防火墻驅(qū)動(dòng)程序
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
通過(guò)驗(yàn)證以下所有sysctl值設(shè)置為1:確保您的Linux操作系統(tǒng)內(nèi)核支持網(wǎng)橋過(guò)濾器:
modprobe br_netfilter
ls /proc/sys/net/bridge
在/etc/sysctl.conf中添加:
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
執(zhí)行生效
sysctl -p
配置計(jì)算(nova計(jì)算服務(wù))服務(wù)使用網(wǎng)絡(luò)服務(wù)
編輯/etc/nova/nova.conf文件并完成以下操作
[neutron]
# ...
url = http://172.16.175.11:9696
auth_url = http://172.16.175.11:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
完成安裝
重啟Compute服務(wù)
systemctl restart openstack-nova-compute.service
啟動(dòng)Linux網(wǎng)橋代理并將其配置為在系統(tǒng)引導(dǎo)時(shí)啟動(dòng)
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
驗(yàn)證操作
Provider networks
列出驗(yàn)證成功連接neutron的代理
openstack network agent list
Self-service networks
列出驗(yàn)證成功連接neutron的代理
# Metadata agent/Linux brideg agent/L3 agent/DHCP agent四個(gè)代理程序
openstack network agent list
啟動(dòng)實(shí)例
以上服務(wù)都沒有問(wèn)題后就可以進(jìn)行創(chuàng)建啟動(dòng)虛擬機(jī)。
創(chuàng)建虛擬網(wǎng)絡(luò)
首先需要?jiǎng)?chuàng)建一個(gè)虛擬網(wǎng)絡(luò),根據(jù)配置Neutron時(shí)選擇的網(wǎng)絡(luò)選項(xiàng)進(jìn)行虛擬網(wǎng)絡(luò)的配置。
Provider networks
創(chuàng)建網(wǎng)絡(luò)
source admin-openstack.sh
openstack network create? --share --external \
? --provider-physical-network provider \
? --provider-network-type flat public
# --share 選項(xiàng)允許所有的項(xiàng)目使用虛擬網(wǎng)絡(luò)
# --external 選項(xiàng)將虛擬網(wǎng)絡(luò)定義為外部,如果你希望創(chuàng)建內(nèi)部網(wǎng)絡(luò),則可以使用--internal。默認(rèn)時(shí)internal
# --provider-physical-network為在ml2_conf.ini中配置的flat_networks。
# --provider-network-type flat 是網(wǎng)絡(luò)名稱
在網(wǎng)絡(luò)上創(chuàng)建子網(wǎng)
openstack subnet create --network public \
? --allocation-pool start=172.16.175.100,end=172.16.175.250 \
? --dns-nameserver 172.16.175.2 --gateway 172.16.175.2 \
? --subnet-range 172.16.175.0/24 public
# --subnet-range 使用CIDR表示法表示提供IP的子網(wǎng)
# start和end分別為要為實(shí)例分配IP的范圍
# --dns-nameserver 指定DNS解析的IP地址
# --gateway 網(wǎng)關(guān)地址
Self-service networks
創(chuàng)建自有網(wǎng)絡(luò)
source admin-openstack.sh
openstack network create selfservice
在網(wǎng)絡(luò)上創(chuàng)建子網(wǎng)
openstack subnet create --network selfservice \
? --dns-nameserver 8.8.8.8 --gateway 192.168.1.1 \
? --subnet-range 192.168.1.0/24 selfservice
創(chuàng)建路由
source demo-openstack.sh
openstack router create router
將自助網(wǎng)絡(luò)子網(wǎng)添加為路由器上的接口
openstack router add subnet router selfservice
在路由器上的提供商網(wǎng)絡(luò)上設(shè)置網(wǎng)關(guān)
openstack router set router --external-gateway public
驗(yàn)證操作
列出網(wǎng)絡(luò)命名空間。您應(yīng)該看到一個(gè)qrouter名稱空間和兩個(gè) qdhcp名稱空間
source demo-openstack.sh
ip netns
列出路由器上的端口以確定提供商網(wǎng)絡(luò)上的網(wǎng)關(guān)IP地址
openstack port list --router router
創(chuàng)建實(shí)例配置類型
# 為虛擬機(jī)分配資源為1C64M 名為m1.nano的資源類型
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
配置秘鑰對(duì)
# 生成秘鑰文件
ssh-keygen -q -N ""
# openstack創(chuàng)建名為mykey的秘鑰
openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
# 查看秘鑰
openstack keypair list
添加安全策略
默認(rèn)情況下,default安全組適用于所有實(shí)例。
# 允許icmp
openstack security group rule create --proto icmp default
# 允許22端口
openstack security group rule create --proto tcp --dst-port 22 default
啟動(dòng)實(shí)例
Provider networks
確定實(shí)例選項(xiàng)
查看可用的配置類型
source? demo-openstack.sh
openstack flavor list
查看可用的鏡像
openstack image list
查看可用的網(wǎng)絡(luò)
openstack network list
查看可用的安全組
openstack security group list
啟動(dòng)實(shí)例
openstack server create --flavor m1.nano --image cirros \
? --nic net-id=PROVIDER_NET_ID --security-group default \
? --key-name mykey provider-instance
# PROVIDER_NET_ID 為public網(wǎng)絡(luò)ID,如果選擇環(huán)境只包含一個(gè)網(wǎng)絡(luò),則可以省略該--nic選項(xiàng),因?yàn)镺penStack會(huì)自動(dòng)選擇唯一可用的網(wǎng)絡(luò)。
檢查實(shí)例的狀態(tài)
openstack server list
使用虛擬控制臺(tái)訪問(wèn)實(shí)例
openstack console url show provider-instance
Self-service networks
確定實(shí)例選項(xiàng)
查看可用的配置類型
source? demo-openstack.sh
openstack flavor list
查看可用的鏡像
openstack image list
查看可用的網(wǎng)絡(luò)
openstack network list
查看可用的安全組
openstack security group list
啟動(dòng)實(shí)例
# 替換SELFSERVICE_NET_ID為selfservice網(wǎng)絡(luò)ID 。
openstack server create --flavor m1.nano --image cirros \
? --nic net-id=SELFSERVICE_NET_ID --security-group default \
? --key-name mykey selfservice-instance
檢查實(shí)例的狀態(tài)
openstack server list
使用虛擬控制臺(tái)訪問(wèn)實(shí)例
openstack console url show provider-instance
horizon服務(wù)安裝
horizon服務(wù)需要基于 Apache HTTP服務(wù)和Memcached服務(wù),我把這個(gè)服務(wù)安裝在控制節(jié)點(diǎn),所以免去了這些服務(wù)的安裝,如果你要單獨(dú)部署,則需要安裝這些服務(wù)。
安裝和配置組件
安裝包
yum install openstack-dashboard -y
編輯 /etc/openstack-dashboard/local_settings 文件并完成以下操作
# 配置儀表板以在controller節(jié)點(diǎn)上使用OpenStack服務(wù)
OPENSTACK_HOST = "172.16.175.11"
# 配置允許訪問(wèn)的主機(jī)列表
ALLOWED_HOSTS = ['*', 'two.example.com']
# 配置memcached會(huì)話存儲(chǔ)服務(wù)
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
? ? 'default': {
? ? ? ? ?'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
? ? ? ? ?'LOCATION': '172.16.175.11:11211',
? ? }
}
# 啟用Identity API版本3
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
# 啟用對(duì)域的支持
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
# 配置API版本
OPENSTACK_API_VERSIONS = {
? ? "identity": 3,
? ? "image": 2,
? ? "volume": 2,
}
# 配置Default為通過(guò)儀表板創(chuàng)建的用戶的默認(rèn)域
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
# 配置user為您通過(guò)儀表板創(chuàng)建的用戶的默認(rèn)角色
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "myrole"
# 如果選擇網(wǎng)絡(luò)選項(xiàng)1,請(qǐng)禁用對(duì)第3層網(wǎng)絡(luò)服務(wù)的支持
OPENSTACK_NEUTRON_NETWORK = {
? ? ...
? ? 'enable_router': False,
? ? 'enable_quotas': False,
? ? 'enable_distributed_router': False,
? ? 'enable_ha_router': False,
? ? 'enable_lb': False,
? ? 'enable_firewall': False,
? ? 'enable_***': False,
? ? 'enable_fip_topology_check': False,
}
# 配置時(shí)區(qū)
TIME_ZONE = "Asia/Shanghai"
/etc/httpd/conf.d/openstack-dashboard.conf如果未包含,請(qǐng)?zhí)砑右韵滦?。
WSGIApplicationGroup %{GLOBAL}
安裝完成
重新啟動(dòng)Web服務(wù)器和memcached存儲(chǔ)服務(wù):
systemctl restart httpd.service memcached.service
完成
本文名稱:openstackrocky版詳細(xì)搭建
文章位置:http://muchs.cn/article48/jcghep.html
成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián),為您提供企業(yè)建站、建站公司、網(wǎng)站改版、商城網(wǎng)站、網(wǎng)站制作、App開發(fā)
聲明:本網(wǎng)站發(fā)布的內(nèi)容(圖片、視頻和文字)以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主,如果涉及侵權(quán)請(qǐng)盡快告知,我們將會(huì)在第一時(shí)間刪除。文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如需處理請(qǐng)聯(lián)系客服。電話:028-86922220;郵箱:631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載,或轉(zhuǎn)載時(shí)需注明來(lái)源: 創(chuàng)新互聯(lián)