5.1 OpenStack
作者:互联网
(草稿)
虚拟机
CPU模式
双网卡
内存4096
第一块网卡正常配置
一、配置openstack环境
控制节点
1网卡:虚拟机通信
(ifnames=0:以太网方式、真机)
1:
1网卡:3行(激活)ifup enth1
配置文件
hostname
[root@server31 network-scripts]# cp ifcfg-eth0 ifcfg-eth1
[root@server31 network-scripts]# vim ifcfg-eth1
BOOTPROTO=none
DEVICE=eth1
ONBOOT=yes
[root@server31 network-scripts]# ip addr
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 52:54:00:f0:54:aa brd ff:ff:ff:ff:ff:ff
[root@server31 network-scripts]# ifup eth1
[root@server31 network-scripts]# ip addr
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:f0:54:aa brd ff:ff:ff:ff:ff:ff
inet6 fe80::5054:ff:fef0:54aa/64 scope link
valid_lft forever preferred_lft forever
[root@server31 network-scripts]# vim /etc/hosts
172.25.21.250 foundation21.ilt.example.com
172.25.21.31 controller
172.25.21.32 compute1
172.25.21.33 block1
[root@server31 network-scripts]# hostnamectl set-hostname controller
[root@controller ~]#
时间同步
1:
安装时间同步
[root@controller ~]# yum install -y chrony
21:
同步时间同步和254。250同步时间
[root@foundation21 ~]# vim /etc/chrony.conf
server 172.25.254.250 iburst
# Allow NTP client access from local network.
allow 172.25.21/24
[root@foundation21 ~]# chronyc sources -v
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* foundation0.ilt.example.> 3 6 377 10 -175us[ -55us] +/- 30ms
1:
vim
真机的私有网段
(所有节点和cortonllor时间一致)
重启enbaled
chrony
-v验证
(所有主机和宿主主机同步时间)
关防火墙
[root@controller ~]# vim /etc/chrony.conf
server 172.25.21.250 iburst
[root@controller ~]# systemctl enable --now chronyd
[root@controller ~]# chronyc sources -v
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* foundation21.ilt.example> 4 6 17 17 -11us[ -77us] +/- 33ms
[root@controller ~]# date
Sat May 1 10:27:07 CST 2021
openstack包
1:
搭建仓库
openstack
安装upgarad
安黄客户端
(不用装selinux)
[root@foundation21 html]# pwd
/var/www/html
[root@foundation21 html]# mkdir openstack
[root@foundation21 html]# mv mitaka openstack
[root@foundation21 html]# ls openstack/
mitaka
[root@foundation21 html]# cd /etc/yum.repos.d/
[root@foundation21 yum.repos.d]# vim openstack.repo
[openstack]
name=mitaka
baseurl=http://172.25.21.250/openstack/mitaka
gpgcheck=0
[root@foundation21 yum.repos.d]# scp openstack.repo root@172.25.21.31:/etc/yum.repos.d/
[root@controller ~]# cd /etc/yum.repos.d/
[root@controller yum.repos.d]# ls
openstack.repo redhat.repo westos.repo
[root@controller yum.repos.d]# yum install -y
[root@controller yum.repos.d]# yum repolist
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
openstack | 2.9 kB 00:00:00
openstack/primary_db | 141 kB 00:00:00
repo id repo name status
openstack mitaka 279
rhel7.6 rhel7.6 5,152
repolist: 5,431
[root@controller yum.repos.d]# yum upgrade
[root@controller yum.repos.d]# yum install -y python-openstackclient
SQL数据库(安装并配置安全插件)
1:
安装
配置
address(本纪)
4096
utf8
启动,开机自其
安装初始化脚本
[root@controller yum.repos.d]# yum install -y mariadb mariadb-server python2-PyMySQL
[root@controller yum.repos.d]# cd /etc/my.cnf.d/
[root@controller my.cnf.d]# ls
auth_gssapi.cnf enable_encryption.preset mysql-clients.cnf
client.cnf mariadb-server.cnf tokudb.cnf
[root@controller my.cnf.d]# vim openstack.cnf
[mysqld]
bind-address = 172.25.21.31
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
[root@controller my.cnf.d]# systemctl enable --now mariadb.service
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@controller my.cnf.d]# mysql_secure_installation
消息队列
1:
安装
开机紫气
[root@controller my.cnf.d]# yum install -y rabbitmq-server
[root@controller my.cnf.d]# systemctl enable --now rabbitmq-server.service
Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.
创建用户
openstack openstack
[root@controller my.cnf.d]# rabbitmqctl add_user openstack openstack
Creating user "openstack" ...
[root@controller my.cnf.d]# rabbitmq-plugins enable rabbitmq_management
The following plugins have been enabled:
mochiweb
webmachine
rabbitmq_web_dispatch
amqp_client
rabbitmq_management_agent
rabbitmq_management
Applying plugin configuration to rabbit@controller... started 6 plugins.
授权
。*的解释
[root@controller my.cnf.d]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...
火狐测试:web借口
使用15270
[root@controller my.cnf.d]# netstat -antpl
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 15358/beam.smp
tcp 0 0 172.25.21.31:3306 0.0.0.0:* LISTEN 15162/mysqld
tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3533/sshd
tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 15358/beam.smp
校验密码
[root@controller my.cnf.d]# rabbitmqctl authenticate_user openstack openstack
Authenticating user "openstack" ...
Success
认证服务(memcached)
vim配置(注释,监听所有主机)
enbaled
端口11211
[root@controller my.cnf.d]# yum install -y memcached python-memcached
[root@controller my.cnf.d]# vim /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
#OPTIONS="-l 127.0.0.1,::1"
[root@controller my.cnf.d]# systemctl enable --now memcached.service
Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.
[root@controller my.cnf.d]# netstat -antpl | grep 11211
tcp 0 0 0.0.0.0:11211 0.0.0.0:* LISTEN 17066/memcached
tcp6 0 0 :::11211 :::* LISTEN 17066/memcached
二、认证服务keystone
安装部署
登陆数据库
create keystone
ganrt
密码是keystone
[root@controller my.cnf.d]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database keystone;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on keystone.* to 'keystone'@'localhost' identified by 'keystone';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on keystone.* to 'keystone'@'%' identified by 'keystone';
Query OK, 0 rows affected (0.00 sec)
生成随机密钥
[root@controller my.cnf.d]# openssl rand -hex 10
0209002d923217a23dc9
安装http等等
[root@controller my.cnf.d]# yum install -y openstack-keystone httpd mod_wsgi
配置keystone
admin = 随机密钥
database:keystone被告知如何连接数据库(用户密码,函数块,数据库的名字)
token:如何提供令牌
(3处内容)
[root@controller my.cnf.d]# vim /etc/keystone/keystone.conf
[DEFAULT]
dmin_token = 0209002d923217a23dc9
[database]
connection = mysql+pymysql://keystone:keystone@controller/keystone
[token]
provider = fernet
su
(以keystone同步数据库)
用su切换用户,实现同步数据库
(id)
[root@controller my.cnf.d]# su -s /bin/sh -c "keystone-manage db_sync" keystone
[root@controller my.cnf.d]# mysql -pwestos
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 12
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| keystone |
| mysql |
| performance_schema |
+--------------------+
4 rows in set (0.00 sec)
MariaDB [(none)]> show tables from keystone;
+------------------------+
| Tables_in_keystone |
+------------------------+
| access_token |
| assignment |
| config_register |
| consumer |
| credential |
| domain |
| endpoint |
| endpoint_group |
| federated_user |
| federation_protocol |
| group |
| id_mapping |
| identity_provider |
| idp_remote_ids |
| implied_role |
| local_user |
| mapping |
| migrate_version |
| password |
| policy |
| policy_association |
| project |
| project_endpoint |
| project_endpoint_group |
| region |
| request_token |
| revocation_event |
| role |
| sensitive_config |
| service |
| service_provider |
| token |
| trust |
| trust_role |
| user |
| user_group_membership |
| whitelisted_config |
+------------------------+
37 rows in set (0.00 sec)
[root@controller my.cnf.d]# id keystone
uid=163(keystone) gid=163(keystone) groups=163(keystone)
[root@controller my.cnf.d]# mysql -u keystone -p keystone
Enter password:
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 13
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [keystone]>
密码是keystone
初始化token
[root@controller my.cnf.d]# cd /etc/keystone/
[root@controller keystone]# ls
default_catalog.templates keystone-paste.ini policy.json
keystone.conf logging.conf sso_callback_template.html
[root@controller keystone]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller keystone]# ls
default_catalog.templates keystone.conf logging.conf sso_callback_template.html
fernet-keys keystone-paste.ini policy.json
配置http
vim
servername 主机名
创建文件
[root@controller keystone]# vim /etc/httpd/conf/httpd.conf
ServerName controller
[root@controller keystone]# vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
启动http
5000
35357
(成功)
[root@controller keystone]# systemctl enable --now httpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
head
export
export
export
[root@controller keystone]# export OS_TOKEN=0209002d923217a23dc9
[root@controller keystone]# export OS_URL=http://controller:35357/v3
[root@controller keystone]# export OS_IDENTITY_API_VERSION=3
创建服务
create
二、
2、
创建与
创建项目
创建admin用户
创建admin角色
添加admin和角色到admin项目和用户上
[root@controller keystone]# openstack service create --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | 4f788be85ddb4cac91b331c19ff613f2 |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
[root@controller keystone]# openstack endpoint create --region RegionOne \
> identity public http://controller:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 76834544195a499a8464281d06f2d772 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 4f788be85ddb4cac91b331c19ff613f2 |
| service_name | keystone |
| service_type | identity |
| url | http://controller:5000/v3 |
+--------------+----------------------------------+
[root@controller keystone]# openstack endpoint create --region RegionOne \
> identity internal http://controller:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | c3126bde43ca44d589237318d2afb280 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 4f788be85ddb4cac91b331c19ff613f2 |
| service_name | keystone |
| service_type | identity |
| url | http://controller:5000/v3 |
+--------------+----------------------------------+
[root@controller keystone]# openstack endpoint create --region RegionOne \
> identity admin http://controller:35357/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3e65ea0ae95a4b188a7e6f6d2fcbc26b |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 4f788be85ddb4cac91b331c19ff613f2 |
| service_name | keystone |
| service_type | identity |
| url | http://controller:35357/v3 |
+--------------+----------------------------------+
[root@controller keystone]# openstack service list
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| 4f788be85ddb4cac91b331c19ff613f2 | keystone | identity |
+----------------------------------+----------+----------+
[root@controller keystone]# openstack domain create --description "Default Domain" default
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Default Domain |
| enabled | True |
| id | 95c51e1bbf9e42fb88bec5c31012f386 |
| name | default |
+-------------+----------------------------------+
[root@controller keystone]# openstack project create --domain default \
> --description "Admin Project" admin
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Admin Project |
| domain_id | 95c51e1bbf9e42fb88bec5c31012f386 |
| enabled | True |
| id | a87041c5d3044a4ca8068359c4b81e9f |
| is_domain | False |
| name | admin |
| parent_id | 95c51e1bbf9e42fb88bec5c31012f386 |
+-------------+----------------------------------+
创建service
创建demo
创建demo用户和密码
创建user角色(普通用户)
添加
[root@controller keystone]# openstack user create --domain default \
> --password admin admin
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 95c51e1bbf9e42fb88bec5c31012f386 |
| enabled | True |
| id | b9274f9ffda848419b3baabf973a4218 |
| name | admin |
+-----------+----------------------------------+
[root@controller keystone]# openstack role create admin
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 8b305efdf0ed48e3b378a58c16dc1406 |
| name | admin |
+-----------+----------------------------------+
[root@controller keystone]# openstack role add --project admin --user admin admin
[root@controller keystone]# openstack project create --domain default \
> --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | 95c51e1bbf9e42fb88bec5c31012f386 |
| enabled | True |
| id | 5ae69fc711d94344b309da485e47674a |
| is_domain | False |
| name | service |
| parent_id | 95c51e1bbf9e42fb88bec5c31012f386 |
+-------------+----------------------------------+
[root@controller keystone]# openstack project create --domain default \
> --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | 95c51e1bbf9e42fb88bec5c31012f386 |
| enabled | True |
| id | 747f8ee7d8664938ba65deaf0a456583 |
| is_domain | False |
| name | demo |
| parent_id | 95c51e1bbf9e42fb88bec5c31012f386 |
+-------------+----------------------------------+
[root@controller keystone]# openstack user create --domain default \
> --password demo demo
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 95c51e1bbf9e42fb88bec5c31012f386 |
| enabled | True |
| id | bd59fb422dce4d72a855ea7fe3baa7ef |
| name | demo |
+-----------+----------------------------------+
[root@controller keystone]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | bc73e28263f5416697e125be061d5d28 |
| name | user |
+-----------+----------------------------------+
[root@controller keystone]# openstack role add --project demo --user demo user
二、
3、验证操作
unset
openstasck admin
openstack demo
[root@controller keystone]# unset OS_TOKEN OS_URL
[root@controller keystone]# openstack --os-auth-url http://controller:35357/v3 \
> --os-project-domain-name default --os-user-domain-name default \
> --os-project-name admin --os-username admin token issue
Password:
+------------+--------------------------------------------------------------------------------+
| Field | Value |
+------------+--------------------------------------------------------------------------------+
| expires | 2021-05-01T06:28:39.168446Z |
| id | gAAAAABgjOcHXwVCMWrNvLtA8UWzAAVYjmSbv-d-Eb9oTKBAiC3cimr-dLCKEULUn5m2ztIti1AOpt |
| | WgeKUmn5u5fB_DDB8EuPpAmKWAfeLY6eEYqxgPWaincTGMSWygBcbb7WIdTjMeTMS74Yt8iqdWP8u4 |
| | 37_8fRw1pogmDQ72I5l9OQb6F1s |
| project_id | a87041c5d3044a4ca8068359c4b81e9f |
| user_id | b9274f9ffda848419b3baabf973a4218 |
+------------+--------------------------------------------------------------------------------+
[root@controller keystone]# openstack --os-auth-url http://controller:5000/v3 \
> --os-project-domain-name default --os-user-domain-name default \
> --os-project-name demo --os-username demo token issue
Password:
+------------+--------------------------------------------------------------------------------+
| Field | Value |
+------------+--------------------------------------------------------------------------------+
| expires | 2021-05-01T06:29:11.595075Z |
| id | gAAAAABgjOcnh_dPA7d1_mRr2GIwfKWR891w_3FDJE4H1m9M2P4Q_Gk5Kr3L4OAwOSU9wXlrUmqveY |
| | 2yp6LnleZi_uMA0MFVOx8RybJAn3XxdkJXuJXBxw9Z6ulKKpJ- |
| | vnNZqArPM_sqzzMseDLMtSFPgiLbvGbuFaHcCAF939YEeHH3viBV1cM |
| project_id | 747f8ee7d8664938ba65deaf0a456583 |
| user_id | bd59fb422dce4d72a855ea7fe3baa7ef |
+------------+--------------------------------------------------------------------------------+
4、
家目录/root
创建脚本admin
demo(普通用户)
source admin
openstack user list
projetc list
endpoint(admin 外 内)
切换用户直接source demo
普通用户看不到user list
[root@controller ~]# vim admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@controller ~]# vim demo-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@controller ~]# source admin-openrc
[root@controller ~]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| b9274f9ffda848419b3baabf973a4218 | admin |
| bd59fb422dce4d72a855ea7fe3baa7ef | demo |
+----------------------------------+-------+
[root@controller ~]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 5ae69fc711d94344b309da485e47674a | service |
| 747f8ee7d8664938ba65deaf0a456583 | demo |
| a87041c5d3044a4ca8068359c4b81e9f | admin |
+----------------------------------+---------+
[root@controller ~]# openstack endpoint list
+--------------+-----------+--------------+--------------+---------+-----------+--------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+--------------+-----------+--------------+--------------+---------+-----------+--------------+
| 3e65ea0ae95a | RegionOne | keystone | identity | True | admin | http://contr |
| 4b188a7e6f6d | | | | | | oller:35357/ |
| 2fcbc26b | | | | | | v3 |
| 76834544195a | RegionOne | keystone | identity | True | public | http://contr |
| 499a8464281d | | | | | | oller:5000/v |
| 06f2d772 | | | | | | 3 |
| c3126bde43ca | RegionOne | keystone | identity | True | internal | http://contr |
| 44d589237318 | | | | | | oller:5000/v |
| d2afb280 | | | | | | 3 |
+--------------+-----------+--------------+--------------+---------+-----------+--------------+
[root@controller ~]# source demo-openrc
[root@controller ~]# openstack user list
You are not authorized to perform the requested action: identity:list_users (HTTP 403) (Request-ID: req-47a5adba-ae88-4dfe-892a-cd1aeed6dcac)
[root@controller ~]# openstack server list
publicURL endpoint for compute service not found
[root@controller ~]# source admin-openrc
三、景象服务
1、先诀条件(每个组件都有自己的用户)
创建数据库和数据库用户
mysql -pwestos
gatne
garnt
create glance
做景象create
9292:镜像
9292
9292
[root@controller ~]# source admin-openrc
[root@controller ~]# mysql -pwestos
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 22
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE glance;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
-> IDENTIFIED BY 'glance';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
Query OK, 0 rows affected (0.00 sec)
[root@controller ~]# openstack user create --domain default --password glance glance
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 95c51e1bbf9e42fb88bec5c31012f386 |
| enabled | True |
| id | 454d17b733d34f88b23a9374a3463f18 |
| name | glance |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project service --user glance admin
[root@controller ~]# openstack service create --name glance \
> --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 44b92bf21a9f4965a2d40013657f3fc4 |
| name | glance |
| type | image |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 2d233f7291f84a4fb658e37a9b679046 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 44b92bf21a9f4965a2d40013657f3fc4 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | a462c26677764a8ca2e5314da0636f6b |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 44b92bf21a9f4965a2d40013657f3fc4 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 08036ed719a0478ea32f474e27240a49 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 44b92bf21a9f4965a2d40013657f3fc4 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
2、安装glance服务
修改配置文件
database:连接数据库
keystone_authtoken
paste
glance
编辑register文件
database:连接数据库
keystone认证
初始化数据库(有问题,但是葫芦)
start
[root@controller ~]# yum install openstack-glance -y
[root@controller ~]# vim /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:glance@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[root@controller ~]# vim /etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:glance@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
Option "verbose" from group "DEFAULT" is deprecated for removal. Its value may be silently ignored in the future.
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1056: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade
expire_on_commit=expire_on_commit, _conf=conf)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `ix_image_properties_image_id_name`. This is deprecated and will be disallowed in a future release.')
result = self._query(query)
[root@controller ~]# systemctl start openstack-glance-api.service \
> openstack-glance-registry.service
[root@controller ~]# systemctl enable --now openstack-glance-api.service openstack-glance-registry.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-registry.service to /usr/lib/systemd/system/openstack-glance-registry.service.
[root@controller ~]# netstat -antpl | grep 9292
tcp 0 0 0.0.0.0:9292 0.0.0.0:* LISTEN 20290/python2
3、验证操作
下载景象
ciris
在root
通过指令传递景象
list(active激活)
ls存在景象
[root@controller ~]# ls cirros-0.4.0-x86_64-disk.img
cirros-0.4.0-x86_64-disk.img
[root@controller ~]# ll /var/lib/glance/images/
total 0
[root@controller ~]# openstack image create "cirros" \
> --file cirros-0.4.0-x86_64-disk.img \
> --disk-format qcow2 --container-format bare \
> --public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | 443b7623e27ecf03dc9e01ee93f67afe |
| container_format | bare |
| created_at | 2021-05-01T06:39:34Z |
| disk_format | qcow2 |
| file | /v2/images/9a8e5ce2-41b6-4257-8b5c-4f7ea75cdec3/file |
| id | 9a8e5ce2-41b6-4257-8b5c-4f7ea75cdec3 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | a87041c5d3044a4ca8068359c4b81e9f |
| protected | False |
| schema | /v2/schemas/image |
| size | 12716032 |
| status | active |
| tags | |
| updated_at | 2021-05-01T06:39:34Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 9a8e5ce2-41b6-4257-8b5c-4f7ea75cdec3 | cirros | active |
+--------------------------------------+--------+--------+
[root@controller ~]# ll /var/lib/glance/images/
total 12420
-rw-r----- 1 glance glance 12716032 May 1 14:39 9a8e5ce2-41b6-4257-8b5c-4f7ea75cdec3
四、Nova计算服务
PPT截图
1、
mysql
创建2个库
grant
grant
grant
grant
(1个用户要有本地和远程的权限)
[root@controller ~]# mysql -pwestos
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 28
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE nova_api;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE nova;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
-> IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)
create
role
[root@controller ~]# openstack user create --domain default \
> --password nova nova
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 95c51e1bbf9e42fb88bec5c31012f386 |
| enabled | True |
| id | ab68baddff0b4b5abf6fa9c2ad78e68a |
| name | nova |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project service --user nova admin
创建计算实体
[root@controller ~]# openstack service create --name nova \
> --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 1b11185a0b704bdf81aae8cc7fb7a33b |
| name | nova |
| type | compute |
+-------------+----------------------------------+
8774
8774
8774
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute public http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 85a126ce57ed4600b3b8a507d4485387 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 1b11185a0b704bdf81aae8cc7fb7a33b |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute internal http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | b733c6fec86142ecab38b974a15ebb0c |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 1b11185a0b704bdf81aae8cc7fb7a33b |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute admin http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 5c9809344fd84804a00073fad3e301bc |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 1b11185a0b704bdf81aae8cc7fb7a33b |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
安装服务端软件包
[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor \
> openstack-nova-console openstack-nova-novncproxy \
> openstack-nova-scheduler
配置文件
DEF
api_database
database
启用消息队列rabbit
oslo 密码是openstack
keystone
keystone-auth
my_ip
use_neutron网络功能
firewall
vnc(控制终端,控制虚拟机)
glance(创建虚拟机景象)9292
oslo(锁路径)
[root@controller ~]# vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 172.25.21.31
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]
connection = mysql+pymysql://nova:nova@controller/nova_api
[database]
connection = mysql+pymysql://nova:nova@controller/nova
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
同步api数据库(真正的操作系统用户)
同步nava数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release.')
result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release.')
result = self._query(query)
enable(开机紫气)
start
问题查看:日志/var/log/keystone或者nova
[root@controller ~]# systemctl enable --now openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller ~]# systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller ~]# cd /var/log
[root@controller log]# ls
anaconda chrony glance mariadb rhsm
audit cron httpd messages secure
boot.log cron-20210501 keystone messages-20210501 secure-20210501
boot.log-20210501 dmesg lastlog nova tuned
btmp dmesg.old maillog qemu-ga wtmp
btmp-20210501 firewalld maillog-20210501 rabbitmq yum.log
五、安装和配置计算节点(不是控制节点)
虚拟机
compute1
解析
网络eth1
yum scp
chrony
vim 时间
enable hronyd
[root@compute1 ~]# vim /etc/hosts
172.25.21.250 foundation21.ilt.example.com
172.25.21.31 controller
172.25.21.32 compute1
172.25.21.33 block1
[root@compute1 ~]# cd /etc/sysconfig/network-scripts/
[root@compute1 network-scripts]# ls
ifcfg-eth0 ifdown-isdn ifdown-tunnel ifup-isdn ifup-Team
ifcfg-lo ifdown-post ifup ifup-plip ifup-TeamPort
ifdown ifdown-ppp ifup-aliases ifup-plusb ifup-tunnel
ifdown-bnep ifdown-routes ifup-bnep ifup-post ifup-wireless
ifdown-eth ifdown-sit ifup-eth ifup-ppp init.ipv6-global
ifdown-ippp ifdown-Team ifup-ippp ifup-routes network-functions
ifdown-ipv6 ifdown-TeamPort ifup-ipv6 ifup-sit network-functions-ipv6
[root@compute1 network-scripts]# cp ifcfg-eth0 ifcfg-eth1
[root@compute1 network-scripts]# vim ifcfg-eth1
BOOTPROTO=none
DEVICE=eth1
ONBOOT=yes
[root@compute1 yum.repos.d]# ifup eth1
[root@compute1 yum.repos.d]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:06:82:06 brd ff:ff:ff:ff:ff:ff
inet 172.25.21.32/24 brd 172.25.21.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe06:8206/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:13:86:cb brd ff:ff:ff:ff:ff:ff
inet6 fe80::5054:ff:fe13:86cb/64 scope link
valid_lft forever preferred_lft forever
[root@controller ~]# scp /etc/yum.repos.d/openstack.repo root@172.25.21.32:/etc/yum.repos.d/
root@172.25.21.32's password:
openstack.repo 100% 81 107.9KB/s 00:00
[root@compute1 network-scripts]# cd /etc/yum.repos.d/
[root@compute1 yum.repos.d]# ls
openstack.repo redhat.repo westos.repo
[root@compute1 yum.repos.d]# yum repolist
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
openstack | 2.9 kB 00:00:00
rhel7.6 | 4.3 kB 00:00:00
(1/3): openstack/primary_db | 141 kB 00:00:00
(2/3): rhel7.6/group_gz | 146 kB 00:00:00
(3/3): rhel7.6/primary_db | 4.2 MB 00:00:00
repo id repo name status
openstack mitaka 279
rhel7.6 rhel7.6 5,152
repolist: 5,431
[root@compute1 yum.repos.d]# yum install -y chrony
[root@compute1 yum.repos.d]# vim /etc/chrony.conf
server 172.25.21.250 iburst
[root@compute1 yum.repos.d]# systemctl enable --now chronyd
安装nova-compute
vim nova
DEFA
消息队列oslo (openstack)
斯用认证auth
keystone
myip(自己)
网络
vnc(在控制节点上)
9292
锁路径
[root@compute1 yum.repos.d]# yum install openstack-nova-compute -y
[root@compute1 yum.repos.d]# vim /etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 172.25.21.32
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
vmx:支持硬件虚拟化
libvirt(kvm)
enable --now
(可控制虚拟机,。。)
[root@compute1 yum.repos.d]# egrep -c '(vmx|svm)' /proc/cpuinfo
1
[root@compute1 yum.repos.d]# vim /etc/nova/nova.conf
[libvirt]
virt_type = kvm
[root@compute1 yum.repos.d]# systemctl enable --now libvirtd.service openstack-nova-compute.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service to /usr/lib/systemd/system/openstack-nova-compute.service.
[root@compute1 yum.repos.d]# systemctl start libvirtd.service openstack-nova-compute.service
1:
compute list
[root@controller ~]# openstack compute service list
+----+------------------+------------+----------+---------+-------+----------------------+
| Id | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+------------+----------+---------+-------+----------------------+
| 1 | nova-scheduler | controller | internal | enabled | up | 2021-05-01T07:45:32. |
| | | | | | | 000000 |
| 2 | nova-conductor | controller | internal | enabled | up | 2021-05-01T07:45:32. |
| | | | | | | 000000 |
| 3 | nova-consoleauth | controller | internal | enabled | up | 2021-05-01T07:45:33. |
| | | | | | | 000000 |
| 6 | nova-compute | compute1 | nova | enabled | up | 2021-05-01T07:45:27. |
| | | | | | | 000000 |
+----+------------------+------------+----------+---------+-------+----------------------+
五、Neutron网络服务
1:
mysql
创建数据库
grant
创建用户
授权
9696
9696
9696
[root@controller ~]# mysql -pwestos
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 46
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE neutron;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
-> IDENTIFIED BY 'neutron';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
Query OK, 0 rows affected (0.00 sec)
[root@controller ~]# openstack user create --domain default --password neutron neutron
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 95c51e1bbf9e42fb88bec5c31012f386 |
| enabled | True |
| id | f52cc7ad535f4c889d456bc158ed830a |
| name | neutron |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project service --user neutron admin
[root@controller ~]# openstack service create --name neutron \
> --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | ed72d13221614d4c8464559e0dc8af14 |
| name | neutron |
| type | network |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 41424a61ae5048b499d7139536acae14 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ed72d13221614d4c8464559e0dc8af14 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 1df78e02340941808af672d98112163e |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ed72d13221614d4c8464559e0dc8af14 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | d1281d98a241465ab87962762369d60c |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ed72d13221614d4c8464559e0dc8af14 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
公共网络
安装
配置文件
DEFAYLT(使用什么服务插件)
缓冲tabit
消息队列的缓冲(openstack)
配置ml2
配置
配置DHCP代理
[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 \
> openstack-neutron-linuxbridge ebtables
[root@controller ~]# vim /etc/neutron/neutron.conf
[database]
connection = mysql+pymysql://neutron:neutron@controller/neutron
[DEFAULT]
core_plugin = ml2
service_plugins =
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[securitygroup]
enable_ipset = True
[root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1
[vxlan]
enable_vxlan = False
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[root@controller ~]# vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
元数据代理
配置
连接密码(westos)
[root@controller ~]# vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_ip = controller
metadata_proxy_shared_secret = westos
配置计算节点
nova(westos)
[root@controller ~]# vim /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = westos
软链接
ml2的身份同步数据库
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
> --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
restart nova-api
enable --now netru
start
[root@controller ~]# systemctl restart openstack-nova-api.service
[root@controller ~]# systemctl enable --now neutron-server.service \
> neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
> neutron-metadata-agent.service
[root@controller ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
[root@controller ~]# systemctl enable --now neutron-l3-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-l3-agent.service to /usr/lib/systemd/system/neutron-l3-agent.service.
[root@controller ~]# systemctl start neutron-l3-agent.service
验证netrun操作
[root@controller ~]# neutron agent-list
+-------------+-------------+------------+-------------------+-------+----------------+---------------+
| id | agent_type | host | availability_zone | alive | admin_state_up | binary |
+-------------+-------------+------------+-------------------+-------+----------------+---------------+
| 6986dc5b-f8 | DHCP agent | controller | nova | :-) | True | neutron-dhcp- |
| 87-4ed0 | | | | | | agent |
| -9c4b-fb023 | | | | | | |
| 16f61bb | | | | | | |
| 99832d4c- | Linux | controller | | :-) | True | neutron- |
| 1e78-4d05 | bridge | | | | | linuxbridge- |
| -a6ba-5526d | agent | | | | | agent |
| bef1548 | | | | | | |
| ac99e504-b4 | Metadata | controller | | :-) | True | neutron- |
| 49-4c7d-b68 | agent | | | | | metadata- |
| 1-7f570662b | | | | | | agent |
| f4b | | | | | | |
+-------------+-------------+------------+-------------------+-------+----------------+---------------+
2:
安装
vim
[root@compute1 yum.repos.d]# yum install openstack-neutron-linuxbridge ebtables ipset -y
[root@compute1 yum.repos.d]# vim /etc/neutron/neutron.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
vim
桥接
eth1
[root@compute1 yum.repos.d]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1
[vxlan]
enable_vxlan = False
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
回到计算节点
vim nova
neutron
[root@compute1 yum.repos.d]# vim /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
retsart nova
enable --now
[root@compute1 yum.repos.d]# systemctl restart openstack-nova-compute.service
[root@compute1 yum.repos.d]# systemctl enable --now neutron-linuxbridge-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
1:
neutron agent-list
[root@controller ~]# neutron agent-list
+----------------------+--------------------+------------+-------------------+-------+----------------+-----------------------+
| id | agent_type | host | availability_zone | alive | admin_state_up | binary |
+----------------------+--------------------+------------+-------------------+-------+----------------+-----------------------+
| 6986dc5b-f887-4ed0 | DHCP agent | controller | nova | :-) | True | neutron-dhcp-agent |
| -9c4b-fb02316f61bb | | | | | | |
| 99832d4c-1e78-4d05 | Linux bridge agent | controller | | :-) | True | neutron-linuxbridge- |
| -a6ba-5526dbef1548 | | | | | | agent |
| ac99e504-b449-4c7d-b | Metadata agent | controller | | :-) | True | neutron-metadata- |
| 681-7f570662bf4b | | | | | | agent |
| edef715c-5024-4ecf-9 | Linux bridge agent | compute1 | | :-) | True | neutron-linuxbridge- |
| 887-37e5d08ed806 | | | | | | agent |
+----------------------+--------------------+------------+-------------------+-------+----------------+-----------------------+
六、起服务
1、提供者网络
privodr保持一致
[root@controller ~]# neutron net-create --shared --provider:physical_network provider \
> --provider:network_type flat provider
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2021-05-01T08:39:39 |
| description | |
| id | 5ff0a618-4ff0-4a0c-8d66-ab51ed63f93e |
| ipv4_address_scope | |
| ipv6_address_scope | |
| mtu | 1500 |
| name | provider |
| port_security_enabled | True |
| provider:network_type | flat |
| provider:physical_network | provider |
| provider:segmentation_id | |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | a87041c5d3044a4ca8068359c4b81e9f |
| updated_at | 2021-05-01T08:39:39 |
+---------------------------+--------------------------------------+
创建子网
100~200
[root@controller ~]# neutron subnet-create --name provider --allocation-pool start=172.25.21.100,end=172.25.21.200 --dns-nameserver 114.114.114.114 --gateway 172.25.21.250 provider 172.25.21.0/24
Created a new subnet:
+-------------------+----------------------------------------------------+
| Field | Value |
+-------------------+----------------------------------------------------+
| allocation_pools | {"start": "172.25.21.100", "end": "172.25.21.200"} |
| cidr | 172.25.21.0/24 |
| created_at | 2021-05-01T08:42:20 |
| description | |
| dns_nameservers | 114.114.114.114 |
| enable_dhcp | True |
| gateway_ip | 172.25.21.250 |
| host_routes | |
| id | e1eae4e4-4205-436f-b052-6e0a7b28d328 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | provider |
| network_id | 5ff0a618-4ff0-4a0c-8d66-ab51ed63f93e |
| subnetpool_id | |
| tenant_id | a87041c5d3044a4ca8068359c4b81e9f |
| updated_at | 2021-05-01T08:42:20 |
+-------------------+----------------------------------------------------+
2、create
1核 64M内存磁盘1G 名字m1.nano
list
[root@controller ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
+----------------------------+---------+
| Field | Value |
+----------------------------+---------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 1 |
| id | 0 |
| name | m1.nano |
| os-flavor-access:is_public | True |
| ram | 64 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+---------+
[root@controller ~]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
+----+-----------+-------+------+-----------+-------+-----------+
source demo-
普通用户
生成密钥对
上传公钥
允许ping
ssh 22
普通用户可以查看镜像
[root@controller ~]# source demo-openrc
[root@controller ~]# ssh-keygen -q -N ""
Enter file in which to save the key (/root/.ssh/id_rsa):
[root@controller ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | 5f:50:b3:3e:a7:28:1b:39:54:71:2a:48:80:64:3f:c8 |
| name | mykey |
| user_id | bd59fb422dce4d72a855ea7fe3baa7ef |
+-------------+-------------------------------------------------+
[root@controller ~]# openstack keypair list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | 5f:50:b3:3e:a7:28:1b:39:54:71:2a:48:80:64:3f:c8 |
+-------+-------------------------------------------------+
[root@controller ~]# openstack security group rule create --proto icmp default
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| id | 47c4a03b-35f1-441c-921a-d1993805c427 |
| ip_protocol | icmp |
| ip_range | 0.0.0.0/0 |
| parent_group_id | 0786c8e6-7aab-4af5-985c-d9311493a1be |
| port_range | |
| remote_security_group | |
+-----------------------+--------------------------------------+
[root@controller ~]# openstack security group rule create --proto tcp --dst-port 22 default
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| id | f824f015-5e92-4743-b135-af6d6a365cb4 |
| ip_protocol | tcp |
| ip_range | 0.0.0.0/0 |
| parent_group_id | 0786c8e6-7aab-4af5-985c-d9311493a1be |
| port_range | 22:22 |
| remote_security_group | |
+-----------------------+--------------------------------------+
[root@controller ~]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
+----+-----------+-------+------+-----------+-------+-----------+
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 9a8e5ce2-41b6-4257-8b5c-4f7ea75cdec3 | cirros | active |
+--------------------------------------+--------+--------+
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 9a8e5ce2-41b6-4257-8b5c-4f7ea75cdec3 | cirros | active |
+--------------------------------------+--------+--------+
[root@controller ~]# openstack network list
+--------------------------------------+----------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+----------+--------------------------------------+
| 5ff0a618-4ff0-4a0c-8d66-ab51ed63f93e | provider | e1eae4e4-4205-436f-b052-6e0a7b28d328 |
+--------------------------------------+----------+--------------------------------------+
[root@controller ~]# openstack security group list
+--------------------------+---------+------------------------+----------------------------+
| ID | Name | Description | Project |
+--------------------------+---------+------------------------+----------------------------+
| 0786c8e6-7aab-4af5-985c- | default | Default security group | 747f8ee7d8664938ba65deaf0a |
| d9311493a1be | | | 456583 |
+--------------------------+---------+------------------------+----------------------------+
[root@controller ~]# openstack server create --flavor m1.nano --image cirros --nic net-id=5ff0a618-4ff0-4a0c-8d66-ab51ed63f93e --security-group default --key-name mykey provider-instance
+--------------------------------------+-----------------------------------------------+
| Field | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | gs9SPbWo3Zpv |
| config_drive | |
| created | 2021-05-01T08:51:49Z |
| flavor | m1.nano (0) |
| hostId | |
| id | 26f8c5f6-8f68-4834-b898-e450251dce49 |
| image | cirros (9a8e5ce2-41b6-4257-8b5c-4f7ea75cdec3) |
| key_name | mykey |
| name | provider-instance |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | 747f8ee7d8664938ba65deaf0a456583 |
| properties | |
| security_groups | [{u'name': u'default'}] |
| status | BUILD |
| updated | 2021-05-01T08:51:49Z |
| user_id | bd59fb422dce4d72a855ea7fe3baa7ef |
+--------------------------------------+-----------------------------------------------+
[root@controller ~]# openstack server list
+------------------------------+-------------------+--------+------------------------+
| ID | Name | Status | Networks |
+------------------------------+-------------------+--------+------------------------+
| 26f8c5f6-8f68-4834-b898-e450 | provider-instance | ACTIVE | provider=172.25.21.101 |
| 251dce49 | | | |
+------------------------------+-------------------+--------+------------------------+
[root@controller ~]# openstack console url show provider-instance
+-------+---------------------------------------------------------------------------------+
| Field | Value |
+-------+---------------------------------------------------------------------------------+
| type | novnc |
| url | http://controller:6080/vnc_auto.html?token=edd44a04-54bd-4267-a5d2-29386abf7d6d |
+-------+---------------------------------------------------------------------------------+
[root@controller ~]# openstack server list
+------------------------------+-------------------+--------+------------------------+
| ID | Name | Status | Networks |
+------------------------------+-------------------+--------+------------------------+
| 26f8c5f6-8f68-4834-b898-e450 | provider-instance | ACTIVE | provider=172.25.21.101 |
| 251dce49 | | | |
+------------------------------+-------------------+--------+------------------------+
七、图形化
user
*
v3
CACHES默认本地缓存
true
Flase
时区
restart httpd
memcached
验证操作
fefault
admin
admin
demo
demo
标签:5.1,service,controller,keystone,OpenStack,openstack,root,id 来源: https://blog.csdn.net/weixin_47133613/article/details/116332984