0


最全openstack部署教程

简单讲讲这个鬼东西

简单点来说就是一个云,一个属于自己的云平台,openstack的原版是亚马逊云,可以说openstack就是Rackspace和NASA的抄袭产物。
官方点说一个云平台管理的项目,它不是一个软件。这个项目由几个主要的组件组合起来完成一些具体的工作。帮助服务商和企业内部实现类似于 Amazon ec2和S3的云基础架构服务(Infrastructure as a Service)。 Openstack包括两个主要模块:Nova和 Swift。前者是NASA开发的虚拟服务器部署和业务计算模块;后者是 Backpack开发的分布式云存储模块,两者可以一起用,也可以分开单独用。 Openstack是开源项目,除了有 Rackspace和NASA的大力支持外,后面还有包括Dell、 Citrix、 Cisco Canonical这些重量级公司的贡献和支持,发展速度非常快,有取代另一个业界领先开源云台 Eucalyptus的态势。
抄袭的还能这么火,我也是醉了,没办法谁火就写谁… 嘻嘻~

食用成分

OpenStack覆盖了网络、虚拟化、操作系统、服务器等各个方面。它是一个正在开发中的云计算平台项目,根据成熟及重要程度的不同,被分解成核心项目、孵化项目,以及支持项目和相关项目。每个项目都有自己的委员会和项目技术主管,而且每个项目都不是一成不变的,孵化项目可以根据发展的成熟度和重要性,转变为核心项目。
概念性架构
逻辑体系结构

  1. 身份服务(Identity Service):Keystone。为OpenStack其他服务提供身份验证、服务规则和服务令牌的功能,管理Domains、Projects、Users、Groups、Roles。自Essex版本集成到项目中。
  2. 计算(Compute):Nova。一套控制器,用于为单个用户或使用群组管理虚拟机实例的整个生命周期,根据用户需求来提供虚拟服务。负责虚拟机创建、开机、关机、挂起、暂停、调整、迁移、重启、销毁等操作,配置CPU、内存等信息规格。自Austin版本集成到项目中。
  3. 网络&地址管理(Network):Neutron。提供云计算的网络虚拟化技术,为OpenStack其他服务提供网络连接服务。为用户提供接口,可以定义Network、Subnet、Router,配置DHCP、DNS、负载均衡、L3服务,网络支持GRE、VLAN。插件架构支持许多主流的网络厂家和技术,如OpenvSwitch。自Folsom版本集成到项目中。
  4. 对象存储(Object Storage):Swift。一套用于在大规模可扩展系统中通过内置冗余及高容错机制实现对象存储的系统,允许进行存储或者检索文件。可为Glance提供镜像存储,为Cinder提供卷备份服务。自Austin版本集成到项目中。
  5. 镜像服务(Image Service):Glance。一套虚拟机镜像查找及检索系统,支持多种虚拟机镜像格式(AKI、AMI、ARI、ISO、QCOW2、Raw、VDI、VHD、VMDK),有创建上传镜像、删除镜像、编辑镜像基本信息的功能。自Bexar版本集成到项目中。
  6. 块存储 (Block Storage):Cinder。为运行实例提供稳定的数据块存储服务,它的插件驱动架构有利于块设备的创建和管理,如创建卷、删除卷,在实例上挂载和卸载卷。自Folsom版本集成到项目中。
  7. UI 界面(Dashboard):Horizon。OpenStack中各种服务的Web管理门户,用于简化用户对服务的操作,例如:启动实例、分配IP地址、配置访问控制等。自Essex版本集成到项目中。
  8. 测量 (Metering):Ceilometer。像一个漏斗一样,能把OpenStack内部发生的几乎所有的事件都收集起来,然后为计费和监控以及其它服务提供数据支撑。自Havana版本集成到项目中。
  9. 部署编排 (Orchestration):Heat。提供了一种通过模板定义的协同部署方式,实现云基础设施软件运行环境(计算、存储和网络资源)的自动化部署。自Havana版本集成到项目中。
  10. 数据库服务(Database Service):Trove。为用户在OpenStack的环境提供可扩展和可靠的关系和非关系数据库引擎服务。自Icehouse版本集成到项目中。

其中最重要的是Keystone、Nova、Neutron,当然还有其他的辅助如:MySQL、RabbitMQ等

云主机的创建流程

为了更好的理解整个OpenStack的框架,理解好一台云主机的诞生过程是极其重要的,这里展开说说

流程

第一阶段

  1. 用户通过Dashboard UI界面或者命令行(CLI)进行对Openstack操控,但是在操控之前需要向Keystone进行验证,验证成功之后Keystone将返回一个auth_token给用户,用户将拿着auth_token进行下一步操作
  2. 用户拿着auth_token请求nova_api创建云主机
  3. nova_api将收到的用户auth_token发送到Keystone进行验证,确保有效,待Keystone验证此令牌有效之后才会进行下一步操作

第二阶段

  1. nova_api将受到的创建云主机请求记录到nova数据库中,其中包含云主机的信息,如实例CPU大小、内存大小、磁盘空间、镜像的使用等等
  2. nova_api以rpc_call的方式向RabbitMQ消息队列传递信息,进行队列请求
  3. nova_scheduler将监听到RabbitMQ消息队列中的nova_api请求
  4. nova_scheduler接收到RabbitMQ消息队列中的nova_api请求后,将去nova数据库中进行查询相关信息,然后进行调度
  5. nova_scheduler调度信息确认后,信息会明确哪台nova_compute负责,会将信息发送到RabbitMQ
  6. nova_compute将监听到RabbitMQ消息队列中的nova_scheduler调度信息
  7. nova_compute将到nova_conductor询问云主机相关信息,等待回复
  8. nova_conductor去nova数据库中进行查询相关信息,将信息返回RabbitMQ消息队列中
  9. nova_compute在RabbitMQ消息队列中获取到nova_conductor的回复消息

第三阶段

  1. nova_compute向Glance发起api请求,拿取镜像
  2. Glance将收到的api请求拿去Keystone进行验证,验证完成后将返回镜像信息
  3. nova_compute向Neutron发起api请求,拿取网络接口
  4. Neutron将收到的api请求拿去Keystone进行验证,验证完成后将返回接口信息
  5. nova_compute向Cinder发起api请求,拿取云盘
  6. Cinder将收到的api请求拿去Keystone进行验证,验证完成后将返回云盘信息
  7. nova_compute拿取到资源后将调用底层hypervisor生成云主机
  8. nova_api将在nova_compute创建云主机的时候不断的轮询状态,直至云主机完成

*注:为了防止nova_compute直接访问数据库,所以需要nova_conductor帮忙进行查询

食用教程—环境准备

本教程食用的是Openstack Queens版本,其他版本也大致与之相同

配置控制节点域名解析

[root@openstack ~]# vim /etc/hosts

[root@openstack ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.31.4       openstack.if010.com
192.168.31.5       openstack-node01.if010.com

配置计算节点域名解析

[root@openstack-node01 ~]# vim /etc/hosts

[root@openstack-node01 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.31.4       openstack.if010.com
192.168.31.5       openstack-node01.if010.com

关闭控制节点selinux和防火墙

[root@openstack ~]# vim /etc/sysconfig/selinux 
SELINUX=disabled
SELINUXTYPE=targeted

[root@openstack ~]# systemctl stop firewalld.service

关闭计算节点selinux和防火墙

[root@openstack-node01 ~]# vim /etc/sysconfig/selinux 
SELINUX=disabled
SELINUXTYPE=targeted

[root@openstack-node01 ~]# systemctl stop firewalld.service

安装与配置控制节点的时间同步服务

[root@openstack ~]# yum install -y chrony

[root@openstack ~]# vim /etc/chrony.conf

[root@openstack ~]# cat /etc/chrony.conf | grep -v "#" | grep -v "^$"
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
allow 192.168.31.0/24
logdir /var/log/chrony

[root@openstack ~]# systemctl enable chronyd.service
[root@openstack ~]# systemctl start chronyd.service

[root@openstack ~]# timedatectl set-timezone Asia/Shanghai

[root@openstack ~]# date
2022年 06月 04日 星期六 21:51:55 CST

安装与配置计算节点的时间同步服务

[root@openstack-node01 ~]# yum install -y chrony

[root@openstack-node01 ~]# vim /etc/chrony.conf

[root@openstack-node01 ~]# cat /etc/chrony.conf | grep -v "#" | grep -v "^$"
server openstack.if010.com

[root@openstack-node01 ~]# systemctl enable chronyd.service
[root@openstack-node01 ~]# systemctl start chronyd.service

[root@openstack-node01 ~]# timedatectl set-timezone Asia/Shanghai

[root@openstack-node01 ~]# date
2022年 06月 04日 星期六 21:51:55 CST

在控制节点上执行这个命令验证时间同步服务

[root@openstack ~]# chronyc sources
210 Number of sources = 4
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 139.199.215.251               2  10   375   994  +2175us[+2316us] +/-   18ms
^- time.cloudflare.com           3  10   377  170m  +9674us[  +10ms] +/-   75ms
^- a.chl.la                      2  10   377  1059   -884us[ -743us] +/-  123ms
^+ time.neu.edu.cn               1  10   377   289    +17ms[  +17ms] +/-   50ms

在计算节点执行命令验证时间同步服务

[root@openstack-node01 ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* openstack.if010.com      3    9   377   421    +15us[  -87us] +/-   15ms

添加yum源

#计算节点
[root@openstack ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[root@openstack ~]# yum install -y centos-release-openstack-queens.noarch

#控制节点
[root@openstack-node01 ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[root@openstack-node01 ~]# yum install -y centos-release-openstack-queens.noarch

安装MySQL数据库服务并配置

[root@openstack ~]# yum install -y mariadb  mariadb-server MySQL-python

[root@openstack ~]# cp /usr/share/mysql/my-medium.cnf /etc/my.cnf

[root@openstack ~]# cat /etc/my.cnf | grep -v "#" | grep -v "^$"
[client]
port            = 3306
socket          = /var/lib/mysql/mysql.sock

[mysqld]
default-storage-engine = innodb        #使用innodb引擎
innodb_file_per_table                  #使用独享的表空间
max_connections = 4096                 #设置最大连接数
collation-server = utf8_general_ci     #设置校对字符集
init-connect = 'SET NAMES utf8'        #设置连接初始化的字符集
character-set-server = utf8            #设置数据库的字符集
port            = 3306
socket          = /var/lib/mysql/mysql.sock
skip-external-locking
key_buffer_size = 16M
max_allowed_packet = 1M
table_open_cache = 64
sort_buffer_size = 512K
net_buffer_length = 8K
read_buffer_size = 256K
read_rnd_buffer_size = 512K
myisam_sort_buffer_size = 8M
log-bin=mysql-bin
binlog_format=mixed
server-id       = 1

[mysqldump]
quick
max_allowed_packet = 16M
[mysql]
no-auto-rehash
[myisamchk]
key_buffer_size = 20M
sort_buffer_size = 20M
read_buffer = 2M
write_buffer = 2M
[mysqlhotcopy]
interactive-timeout

[root@openstack ~]# systemctl enable mariadb.service
[root@openstack ~]# systemctl start mariadb.service

为了保证数据库服务的安全性,运行

mysql_secure_installation

脚本。特别需要说明的是,为数据库的root用户设置一个适当的密码,可以使用

openssl rand -hex 10

生成一个10位的密码

[root@openstack ~]# openssl rand -hex 10
38ad89f42d765b1eb3b0

[root@openstack ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):      #输入root密码,刚刚安装是没有密码的,所以直接回车即可
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] Y      #设置root密码
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y   #是否移除匿名用户
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y   #是否禁止root远程登录
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y    #是否移除test数据库
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y   #是否刷新权限表
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

安装RabbitMQ消息队列并配置

[root@openstack ~]# yum install -y rabbitmq-server

[root@openstack ~]# systemctl enable rabbitmq-server.service
[root@openstack ~]# systemctl start rabbitmq-server.service

[root@openstack ~]# rabbitmqctl add_user openstack 1735e32955b2ef18362e
Creating user "openstack" ...
...done.

[root@openstack ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...
...done.

#启用web管理模块
[root@openstack ~]# rabbitmq-plugins enable rabbitmq_management
The following plugins have been enabled:
  mochiweb
  webmachine
  rabbitmq_web_dispatch
  amqp_client
  rabbitmq_management_agent
  rabbitmq_management
Plugin configuration has changed. Restart RabbitMQ for changes to take effect.

[root@openstack ~]# systemctl restart rabbitmq-server.service

浏览器访问配置,Admin->Update this user,将openstack用户打上Administrator组标签
http://192.168.31.4:15672
默认管理账号密码: guest/guest
RabbitMQ Web管理配置页面

食用教程—KeyStone

创建KeyStone数据库并授权

[root@openstack ~]# openssl rand -hex 10
9b7976d96ef6ecadccce

[root@openstack ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '9b7976d96ef6ecadccce';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '9b7976d96ef6ecadccce';

yum安装KeyStone和Memcached

[root@openstack ~]# yum install -y openstack-keystone python-openstackclient httpd mod_wsgi memcached python-memcached

启动Memcached并设置开机自启

[root@openstack ~]# systemctl enable memcached.service
[root@openstack ~]# systemctl start memcached.service

生成一个admin_token

[root@openstack keystone]# openssl rand -hex 10
58d48e8481d5f01b6ca0

配置keystone.conf文件

[root@openstack ~]# vim /etc/keystone/keystone.conf
[DEFAULT]    #定义初始管理令牌的值
admin_token = 58d48e8481d5f01b6ca0

[database]    #配置数据库访问
connection = mysql+pymysql://keystone:[email protected]/keystone

[revoke]    #配置回滚驱动
driver = sql

[token]    #配置Fernet UUID令牌的提供者
provider = fernet    

初始化身份认证服务的数据库

[root@openstack ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone

初始化Fernet keys

[root@openstack ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

配置Apache HTTP服务器

[root@openstack ~]# vim /etc/httpd/conf/httpd.conf
ServerName controller

[root@openstack ~]# vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357

<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

启动Apache HTTP并设置开机自启

[root@openstack ~]# systemctl enable httpd.service
[root@openstack ~]# systemctl start httpd.service

设置OpenStack环境变量

[root@openstack ~]# export OS_TOKEN=58d48e8481d5f01b6ca0
[root@openstack ~]# export OS_URL=http://openstack.if010.com:35357/v3
[root@openstack ~]# export OS_IDENTITY_API_VERSION=3

创建服务实体和身份认证服务

[root@openstack ~]# openstack service create --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Identity               |
| enabled     | True                             |
| id          | 4ddaae90388b4ebc9d252ec2252d8d10 |
| name        | keystone                         |
| type        | identity                         |
+-------------+----------------------------------+

创建认证服务的 API 端点

[root@openstack ~]# openstack endpoint create --region RegionOne identity public http://openstack.if010.com:5000/v3
+--------------+------------------------------------+
| Field        | Value                              |
+--------------+------------------------------------+
| enabled      | True                               |
| id           | 30fff543e7dc4b7d9a0fb13791b78bf4   |
| interface    | public                             |
| region       | RegionOne                          |
| region_id    | RegionOne                          |
| service_id   | 8c8c0927262a45ad9066cfe70d46892c   |
| service_name | keystone                           |
| service_type | identity                           |
| url          | http://openstack.if010.com:5000/v3 |
+--------------+------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne identity internal http://openstack.if010.com:5000/v3
+--------------+------------------------------------+
| Field        | Value                              |
+--------------+------------------------------------+
| enabled      | True                               |
| id           | 57cfa543e7dc4b712c0ab137911bc4fe   |
| interface    | internal                           |
| region       | RegionOne                          |
| region_id    | RegionOne                          |
| service_id   | 6f8de927262ac12f6066cfe70d99ac51   |
| service_name | keystone                           |
| service_type | identity                           |
| url          | http://openstack.if010.com:5000/v3 |
+--------------+------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne identity admin http://openstack.if010.com:35357/v3
+--------------+-------------------------------------+
| Field        | Value                               |
+--------------+-------------------------------------+
| enabled      | True                                |
| id           | 78c3dfa3e7dc44c98ab1b1379122ecb1    |
| interface    | admin                               |
| region       | RegionOne                           |
| region_id    | RegionOne                           |
| service_id   | 34ab3d27262ac449cba6cfe704dbc11f    |
| service_name | keystone                            |
| service_type | identity                            |
| url          | http://openstack.if010.com:35357/v3 |
+--------------+-------------------------------------+

创建default域

[root@openstack ~]# openstack domain create --description "Default Domain" default
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Default Domain                   |
| enabled     | True                             |
| id          | e0353a670a9e496da891347c589539e9 |
| name        | default                          |
+-------------+----------------------------------+

创建admin项目

[root@openstack ~]# openstack project create --domain default --description "Admin Project" admin
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Admin Project                    |
| domain_id   | e0353a670a9e496da891347c589539e9 |
| enabled     | True                             |
| id          | 343d245e850143a096806dfaefa9afdc |
| is_domain   | False                            |
| name        | admin                            |
| parent_id   | None                             |
+-------------+----------------------------------+

创建admin用户并设置密码

[root@openstack ~]# openstack user create --domain default --password-prompt admin
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled   | True                             |
| id        | ac3377633149401296f6c0d92d79dc16 |
| name      | admin                            |
+-----------+----------------------------------+

创建admin角色

[root@openstack ~]# openstack role create admin
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | cd2cb9a39e874ea69e5d4b896eb16128 |
| name      | admin                            |
+-----------+----------------------------------+

添加admin角色到admin项目和用户上

[root@openstack ~]# openstack role add --project admin --user admin admin

创建service项目

[root@openstack ~]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | e0353a670a9e496da891347c589539e9 |
| enabled     | True                             |
| id          | 894cdfa366d34e9d835d3de01e752262 |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | None                             |
+-------------+----------------------------------+

创建demo项目

[root@openstack ~]# openstack project create --domain default --description "Demo Project" demo
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Demo Project                     |
| domain_id   | e0353a670a9e496da891347c589539e9 |
| enabled     | True                             |
| id          | ed0b60bf607743088218b0a533d5943f |
| is_domain   | False                            |
| name        | demo                             |
| parent_id   | None                             |
+-------------+----------------------------------+

创建demo用户并设置密码

[root@openstack ~]# openstack user create --domain default --password-prompt demo
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled   | True                             |
| id        | 58126687cbcc4888bfa9ab73a2256f27 |
| name      | demo                             |
+-----------+----------------------------------+

创建user角色

[root@openstack ~]# openstack role create user
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 997ce8d05fc143ac97d83fdfb5998552 |
| name      | user                             |
+-----------+----------------------------------+

添加user角色到demo项目和用户

[root@openstack ~]# openstack role add --project demo --user demo user

验证操作

#进行验证作为admin用户,请求认证令牌

    [root@openstack ~]# unset OS_TOKEN OS_URL
    [root@openstack ~]# openstack --os-auth-url http://openstack.if010.com:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue
    Password:
    +------------+-----------------------------------------------------------------+
    | Field      | Value                                                           |
    +------------+-----------------------------------------------------------------+
    | expires    | 2016-02-12T20:14:07.056119Z                                     |
    | id         | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
    |            | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
    |            | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws       |
    | project_id | 343d245e850143a096806dfaefa9afdc                                |
    | user_id    | ac3377633149401296f6c0d92d79dc16                                |
    +------------+-----------------------------------------------------------------+

# 作为demo用户,请求认证令牌
[root@openstack ~]# openstack --os-auth-url http://controller:5000/v3 \
  --os-project-domain-name default --os-user-domain-name default \
  --os-project-name demo --os-username demo token issue
Password:
+------------+-----------------------------------------------------------------+
| Field      | Value                                                           |
+------------+-----------------------------------------------------------------+
| expires    | 2016-02-12T20:15:39.014479Z                                     |
| id         | gAAAAABWvi9bsh7vkiby5BpCCnc-JkbGhm9wH3fabS_cY7uabOubesi-Me6IGWW |
|            | yQqNegDDZ5jw7grI26vvgy1J5nCVwZ_zFRqPiz_qhbq29mgbQLglbkq6FQvzBRQ |
|            | JcOzq3uwhzNxszJWmzGC7rJE_H0A_a3UFhqv8M4zMRYSbS2YF0MyFmp_U       |
| project_id | ed0b60bf607743088218b0a533d5943f                                |
| user_id    | 58126687cbcc4888bfa9ab73a2256f27                                |
+------------+-----------------------------------------------------------------+

创建 OpenStack 客户端环境脚本

[root@openstack keystone]# vim admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=yy99..
export OS_AUTH_URL=http://openstack.if010.com:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

[root@openstack keystone]# vim demo-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://openstack.if010.com:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

[root@openstack ~]# source admin-openrc
[root@openstack ~]# openstack token issue
+------------+-----------------------------------------------------------------+
| Field      | Value                                                           |
+------------+-----------------------------------------------------------------+
| expires    | 2016-02-12T20:44:35.659723Z                                     |
| id         | gAAAAABWvjYj-Zjfg8WXFaQnUd1DMYTBVrKw4h3fIagi5NoEmh21U72SrRv2trl |
|            | JWFYhLi2_uPR31Igf6A8mH2Rw9kv_bxNo1jbLNPLGzW_u5FC7InFqx0yYtTwa1e |
|            | eq2b0f6-18KZyQhs7F3teAta143kJEWuNEYET-y7u29y0be1_64KYkM7E       |
| project_id | 343d245e850143a096806dfaefa9afdc                                |
| user_id    | ac3377633149401296f6c0d92d79dc16                                |
+------------+-----------------------------------------------------------------+

食用教程—Glance

##创建Glance数据库并授权

[root@openstack ~]# openssl rand -hex 10
a92e900d1dc37b94f347

[root@openstack ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE glance;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'127.0.0.1' IDENTIFIED BY 'a92e900d1dc37b94f347';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'a92e900d1dc37b94f347';

获得admin凭证

[root@openstack ~]# source admin-openrc

创建glance用户并设置密码

[root@openstack ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled   | True                             |
| id        | e38230eeff474607805b596c91fa15d9 |
| name      | glance                           |
+-----------+----------------------------------+

添加 admin 角色到 glance 用户和 service 项目上

[root@openstack ~]# openstack role add --project service --user glance admin

创建glance服务实体

[root@openstack ~]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Image                  |
| enabled     | True                             |
| id          | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| name        | glance                           |
| type        | image                            |
+-------------+----------------------------------+

创建镜像服务的 API 端点

[root@openstack ~]# openstack endpoint create --region RegionOne image public http://openstack.if010.com:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 340be3625e9b4239a6415d034e98aace |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://openstack.if010.com:9292  |
+--------------+----------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne image internal http://openstack.if010.com:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | a6e4b153c2ae4c919eccfdbb7dceb5d2 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://openstack.if010.com:9292  |
+--------------+----------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne image admin http://openstack.if010.com:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 0c37ed58103f4300a84ff125a539032d |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://openstack.if010.com:9292  |
+--------------+----------------------------------+

yum安装Glance服务

[root@openstack ~]# yum install -y openstack-glance python-glance python-glanceclient

#配置 /etc/glance/glance-api.conf 文件
[root@openstack ~]# vim /etc/glance/glance-api.conf
[database]    #配置数据库访问
connection = mysql+pymysql://glance:[email protected]/glance

[glance_store]    #配置本地文件系统存储和镜像文件位置
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images

[keystone_authtoken]    #配置认证服务访问
auth_uri = http://openstack.if010.com:5000
auth_url = http://openstack.if010.com:35357
memcached_servers = openstack.if010.com:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance@If010    #glance用户的密码

[paste_deploy]    #配置认证的方式
flavor = keystone

#配置 /etc/glance/glance-registry.conf 文件
[root@openstack ~]# vim /etc/glance/glance-registry.conf
[database]    #配置数据库访问
connection = mysql+pymysql://glance:[email protected]/glance

[keystone_authtoken]    #配置认证服务访问
auth_uri = http://openstack.if010.com:5000
auth_url = http://openstack.if010.com:35357
memcached_servers = openstack.if010.com:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance@If010    #glance用户的密码

[paste_deploy]    #配置认证的方式
flavor = keystone

初始化镜像服务的数据库:

[root@openstack ~]# su -s /bin/sh -c "glance-manage db_sync" glance

启动镜像服务、配置他们随机启动

[root@openstack ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service
[root@openstack ~]# systemctl restart openstack-glance-api.service openstack-glance-registry.service

验证镜像

#下载镜像,这个镜像好像需要翻墙才能下载,可以使用别的镜像测试
[root@openstack ~]# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
#用 QCOW2 磁盘格式, bare 容器格式上传镜像到镜像服务并设置公共可见,这样所有的项目都可以访问它
[root@openstack ~]# openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
+------------------+------------------------------------------------------+
| Field            | Value                                                |
+------------------+------------------------------------------------------+
| checksum         | ee1eca47dc88f4879d8a229cc70a07c6                     |
| container_format | bare                                                 |
| created_at       | 2022-06-05T05:22:14Z                                 |
| disk_format      | qcow2                                                |
| file             | /v2/images/1bf99dfb-6943-4b9d-bb00-dafc0d70c6d7/file |
| id               | 1bf99dfb-6943-4b9d-bb00-dafc0d70c6d7                 |
| min_disk         | 0                                                    |
| min_ram          | 0                                                    |
| name             | cirros                                               |
| owner            | a71798a89caf4ad094fdf16e253f00ea                     |
| protected        | False                                                |
| schema           | /v2/schemas/image                                    |
| size             | 13287936                                             |
| status           | active                                               |
| tags             |                                                      |
| updated_at       | 2022-06-05T05:22:14Z                                 |
| virtual_size     | None                                                 |
| visibility       | public                                               |
+------------------+------------------------------------------------------+
#确认镜像的上传并验证属性
[root@openstack ~]# openstack image list
+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| 1bf99dfb-6943-4b9d-bb00-dafc0d70c6d7 | cirros | active |
+--------------------------------------+--------+--------+

食用教程—Nova

安装并配置控制节点

创建Nova数据库并授权

[root@openstack ~]# openssl rand -hex 10
e528734fc653231683c9

[root@openstack ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'e528734fc653231683c9';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'e528734fc653231683c9';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'e528734fc653231683c9';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'e528734fc653231683c9';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'e528734fc653231683c9';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'e528734fc653231683c9';

获得admin凭证

[root@openstack ~]# source admin-openrc

创建nova并设置密码

[root@openstack ~]# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled   | True                             |
| id        | 8c46e4760902464b889293a74a0c90a8 |
| name      | nova                             |
+-----------+----------------------------------+

给nova用户添加admin角色:

[root@openstack ~]# openstack role add --project service --user nova admin

创建 nova 服务实体:

[root@openstack ~]# openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Compute                |
| enabled     | True                             |
| id          | 060d59eac51b4594815603d75a00aba2 |
| name        | nova                             |
| type        | compute                          |
+-------------+----------------------------------+

创建 Compute 服务 API 端点 :

[root@openstack ~]# openstack endpoint create --region RegionOne compute public http://openstack.if010.com:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------------+
| Field        | Value                                              |
+--------------+----------------------------------------------------+
| enabled      | True                                               |
| id           | 3c1caa473bfe4390a11e7177894bcc7b                   |
| interface    | public                                             |
| region       | RegionOne                                          |
| region_id    | RegionOne                                          |
| service_id   | e702f6f497ed42e6a8ae3ba2e5871c78                   |
| service_name | nova                                               |
| service_type | compute                                            |
| url          | http://openstack.if010.com:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne compute internal http://openstack.if010.com:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------------+
| Field        | Value                                              |
+--------------+----------------------------------------------------+
| enabled      | True                                               |
| id           | e3c918de680746a586eac1f2d9bc10ab                   |
| interface    | internal                                           |
| region       | RegionOne                                          |
| region_id    | RegionOne                                          |
| service_id   | e702f6f497ed42e6a8ae3ba2e5871c78                   |
| service_name | nova                                               |
| service_type | compute                                            |
| url          | http://openstack.if010.com:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne compute admin http://openstack.if010.com:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------------+
| Field        | Value                                              |
+--------------+----------------------------------------------------+
| enabled      | True                                               |
| id           | 38f7af91666a47cfb97b4dc790b94424                   |
| interface    | admin                                              |
| region       | RegionOne                                          |
| region_id    | RegionOne                                          |
| service_id   | e702f6f497ed42e6a8ae3ba2e5871c78                   |
| service_name | nova                                               |
| service_type | compute                                            |
| url          | http://openstack.if010.com:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------------+

创建placement并设置密码

[root@openstack ~]# openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled   | True                             |
| id        | 8c46e4760902464b889293a74a0c90a8 |
| name      | placement                        |
+-----------+----------------------------------+

给 placement 用户添加 admin 角色:

[root@openstack ~]# openstack role add --project service --user placement admin

创建 placement 服务实体:

[root@openstack ~]# openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Placement API                    |
| enabled     | True                             |
| id          | 060d59eac51b4594815603d75a00aba2 |
| name        | placement                        |
| type        | placement                        |
+-------------+----------------------------------+

创建 Compute 服务 API 端点 :

[root@openstack ~]# openstack endpoint create --region RegionOne placement public http://openstack.if010.com:8778
+--------------+-------------------------------------------+
| Field        | Value                                     |
+--------------+-------------------------------------------+
| enabled      | True                                      |
| id           | 3c1caa473bfe4390a11e7177894bcc7b          |
| interface    | public                                    |
| region       | RegionOne                                 |
| region_id    | RegionOne                                 |
| service_id   | e702f6f497ed42e6a8ae3ba2e5871c78          |
| service_name | placement                                 |
| service_type | placement                                 |
| url          | http://openstack.if010.com:8778           |
+--------------+-------------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne placement internal http://openstack.if010.com:8778
+--------------+-------------------------------------------+
| Field        | Value                                     |
+--------------+-------------------------------------------+
| enabled      | True                                      |
| id           | e3c918de680746a586eac1f2d9bc10ab          |
| interface    | internal                                  |
| region       | RegionOne                                 |
| region_id    | RegionOne                                 |
| service_id   | e702f6f497ed42e6a8ae3ba2e5871c78          |
| service_name | placement                                 |
| service_type | placement                                 |
| url          | http://openstack.if010.com:8778           |
+--------------+-------------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne placement admin http://openstack.if010.com:8778
+--------------+-------------------------------------------+
| Field        | Value                                     |
+--------------+-------------------------------------------+
| enabled      | True                                      |
| id           | 38f7af91666a47cfb97b4dc790b94424          |
| interface    | admin                                     |
| region       | RegionOne                                 |
| region_id    | RegionOne                                 |
| service_id   | e702f6f497ed42e6a8ae3ba2e5871c78          |
| service_name | placement                                 |
| service_type | placement                                 |
| url          | http://openstack.if010.com:8778           |
+--------------+-------------------------------------------+

Nova 控制节点安装与配置

[root@openstack ~]# yum install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient openstack-nova-placement-api

#配置/etc/nova/nova.conf文件
[root@openstack ~]# vim /etc/nova/nova.conf
[DEFAULT]
block_device_allocate_retries=180
my_ip=192.168.31.4     #配置my_ip来使用控制节点的管理接口的IP地址
use_neutron=True
firewall_driver=nova.virt.firewall.NoopFirewallDriver     #配置防火墙驱动
enabled_apis=osapi_compute,metadata     #启用计算和元数据API
transport_url=rabbit://openstack:[email protected]     #配置RabbitMQ消息队列访问
rpc_backend=rabbit     #配置RabbitMQ消息队列访问
auth_strategy=keystone     #配置认证服务访问

[api]
auth_strategy=keystone

[api_database]    #配置数据库的连接
connection=mysql+pymysql://nova:[email protected]/nova_api

[cinder]
os_region_name=RegionOne

[database]    #配置数据库的连接
connection=mysql+pymysql://nova:[email protected]/nova

[glance]    #配置镜像服务API的地址
api_servers=http://openstack.if010.com:9292

[keystone_authtoken]    #配置认证服务访问
auth_uri=http://openstack.if010.com:5000
auth_url=http://openstack.if010.com:35357
memcached_servers=openstack.if010.com:11211
auth_type=password
project_domain_name=default
user_domain_name=default
project_name=service
username=nova
password=nova@If010    #nova用户的密码

[libvirt]
virt_type=kvm
inject_password=true
cpu_mode=host-passthrough

[neutron]
url = http://openstack.if010.com:9696
auth_url = http://openstack.if010.com:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron@If010
service_metadata_proxy = True
metadata_proxy_shared_secret = neutron

[oslo_concurrency]    #配置锁路径
lock_path=/var/lib/nova/tmp

[oslo_messaging_rabbit]    #配置RabbitMQ消息队列访问
rabbit_host=127.0.0.1
rabbit_port=5672
rabbit_userid=openstack
rabbit_password=1735e32955b2ef18362e    #RabbitMQ的openstack用户的密码

[placement]    #配置placement认证
os_region_name=RegionOne
auth_type=password
auth_url=http://openstack.if010.com:35357/v3
project_name=service
project_domain_name=Default
username=placement
user_domain_name=Default
password=placement@If010    #placement用户的密码

[scheduler]
discover_hosts_in_cells_interval=300

[vnc]    #配置VNC代理使用控制节点的管理接口IP地址
enabled=true
server_listen=$my_ip
server_proxyclient_address=$my_ip
novncproxy_base_url=http://192.168.31.4:6080/vnc_auto.html

#配置00-nova-placement-api.conf文件
[root@openstack ~]# vim /etc/httpd/conf.d/00-nova-placement-api.conf
...
<Directory /usr/bin>
  <IfVersion >= 2.4>
     Require all granted
  </IfVersion>
  <IfVersion < 2.4>
    Order allow,deny
    Allow from all
  </IfVersion>
</Directory>

重启httpd服务

[root@openstack ~]# systemctl restart httpd.service

同步Nova数据库:

#同步nova_api数据
[root@openstack ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
# 注册cell0数据库
[root@openstack ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
# 创建cell0的单元格
[root@openstack ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
#同步nova数据
[root@openstack ~]# su -s /bin/sh -c "nova-manage db sync" nova

验证nova cell0和cell1是否正确注册

[root@openstack ~]# nova-manage cell_v2 list_cells
+-------+--------------------------------------+-----------------------------------+------------------------------------------------+
|  名称 |                 UUID                 |           Transport URL           |                   数据库连接                    |
+-------+--------------------------------------+-----------------------------------+------------------------------------------------+
| cell0 | 00000000-0000-0000-0000-000000000000 |               none:/              | mysql+pymysql://nova:****@127.0.0.1/nova_cell0 |
| cell1 | 7d6f800c-2c16-4d15-8b75-0ce02a1af13f | rabbit://openstack:****@127.0.0.1 |    mysql+pymysql://nova:****@127.0.0.1/nova    |
+-------+--------------------------------------+-----------------------------------+------------------------------------------------+

启动 Compute 服务并将其设置为随系统启动:

[root@openstack ~]# systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@openstack ~]# systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service

nova.conf的内容有些提前配置了,如neutron服务、cinder服务等,可能会影响服务的启动

安装并配置计算节点

[root@openstack-node01 ~]# yum install openstack-nova-compute

#配置/etc/nova/nova.conf文件
[root@openstack-node01 ~]# vim /etc/nova/nova.conf
[DEFAULT]
transport_url=rabbit://openstack:[email protected]    #配置RabbitMQ消息队列访问
auth_strategy=keystone    #配置认证服务访问
my_ip=192.168.31.4    #配置my_ip来使用控制节点的管理接口的IP地址
use_neutron=True
firewall_driver=nova.virt.firewall.NoopFirewallDriver     #配置防火墙驱动

[oslo_messaging_rabbit]    #配置RabbitMQ消息队列访问
rabbit_host=openstack.if010.com
rabbit_userid=openstack
rabbit_password=1735e32955b2ef18362e

[keystone_authtoken]    #配置认证服务访问
auth_uri=http://openstack.if010.com:5000
auth_url=http://openstack.if010.com:35357
memcached_servers=openstack.if010.com:11211
auth_type=password
project_domain_name=default
user_domain_name=default
project_name=service
username=nova
password=nova@If010    #nova用户的密码

[vnc]    #配置VNC代理使用控制节点的管理接口IP地址
enabled=True
vncserver_listen=0.0.0.0
vncserver_proxyclient_address=$my_ip
novncproxy_base_url=http://openstack.if010.com:6080/vnc_auto.html

[glance]    #配置镜像服务API的地址
api_servers=http://openstack.if010.com:9292

[oslo_concurrency]        #配置锁路径
lock_path=/var/lib/nova/tmp

[placement]    #配置placement认证
os_region_name=RegionOne
project_domain_name=Default
project_name=service
auth_type=password
user_domain_name=Default
auth_url=http://openstack.if010.com:35357/v3
username=placement
password=placement@If010    #placement用户的密码

[libvirt]    #配置支持虚拟机的硬件加速
virt_type=kvm

注意:libvirt项的配置确定您的计算节点是否支持虚拟机的硬件加速"
egrep -c ‘(vmx|svm)’ /proc/cpuinfo`
如果这个命令返回了 one or greater 的值,那么你的计算节点支持硬件加速且不需要额外的配置。
如果这个命令返回了 zero 值,那么你的计算节点不支持硬件加速。你必须配置 libvirt 来使用 QEMU 去代替 KVM[/collapse]

启动计算服务及其依赖,并将其配置为随系统自动启动

[root@openstack-node01 ~]# systemctl enable libvirtd.service openstack-nova-compute.service
[root@openstack-node01 ~]# systemctl start libvirtd.service openstack-nova-compute.service

验证操作

发现计算主机操作

[root@openstack ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova

*注意:当您添加新的计算节点时,您必须在控制器节点上运行以注册这些新的计算节点。或者可以编辑/etc/nova/nova.conf在以下位置设置适当的间隔:

[scheduler]
...
discover_hosts_in_cells_interval=300

确认数据库中是否有计算主机

[root@openstack ~]# openstack compute service list --service nova-compute
+----+--------------+----------------------------+------+---------+-------+----------------------------+
| ID | Binary       | Host                       | Zone | Status  | State | Updated At                 |
+----+--------------+----------------------------+------+---------+-------+----------------------------+
| 12 | nova-compute | openstack-node01.if010.com | nova | enabled | up    | 2022-06-12T07:16:23.000000 |
+----+--------------+----------------------------+------+---------+-------+----------------------------+

列出服务组件以验证每个进程的成功启动和注册:

[root@openstack ~]# openstack compute service list
+----+------------------+----------------------------+----------+---------+-------+----------------------------+
| ID | Binary           | Host                       | Zone     | Status  | State | Updated At                 |
+----+------------------+----------------------------+----------+---------+-------+----------------------------+
|  1 | nova-consoleauth | openstack.if010.com        | internal | enabled | up    | 2022-06-12T07:17:42.000000 |
|  2 | nova-conductor   | openstack.if010.com        | internal | enabled | up    | 2022-06-12T07:17:41.000000 |
|  3 | nova-scheduler   | openstack.if010.com        | internal | enabled | up    | 2022-06-12T07:17:33.000000 |
| 12 | nova-compute     | openstack-node01.if010.com | nova     | enabled | up    | 2022-06-12T07:17:33.000000 |
+----+------------------+----------------------------+----------+---------+-------+----------------------------+

列出身份服务中的API端点以验证与身份服务的连接

[root@openstack ~]# openstack catalog list
+-----------+-----------+-----------------------------------------------------------------------------------+
| Name      | Type      | Endpoints                                                                         |
+-----------+-----------+-----------------------------------------------------------------------------------+
| placement | placement | RegionOne                                                                         |
|           |           |   public: http://openstack.if010.com:8778                                         |
|           |           | RegionOne                                                                         |
|           |           |   admin: http://openstack.if010.com:8778                                          |
|           |           | RegionOne                                                                         |
|           |           |   internal: http://openstack.if010.com:8778                                       |
|           |           |                                                                                   |
| nova      | compute   | RegionOne                                                                         |
|           |           |   admin: http://openstack.if010.com:8774/v2.1/9193663417bd4262944a2480e253cb38    |
|           |           | RegionOne                                                                         |
|           |           |   public: http://openstack.if010.com:8774/v2.1/9193663417bd4262944a2480e253cb38   |
|           |           | RegionOne                                                                         |
|           |           |   internal: http://openstack.if010.com:8774/v2.1/9193663417bd4262944a2480e253cb38 |
|           |           |                                                                                   |
| glance    | image     | RegionOne                                                                         |
|           |           |   public: http://openstack.if010.com:9292                                         |
|           |           | RegionOne                                                                         |
|           |           |   admin: http://openstack.if010.com:9292                                          |
|           |           | RegionOne                                                                         |
|           |           |   internal: http://openstack.if010.com:9292                                       |
|           |           |                                                                                   |
| keystone  | identity  | RegionOne                                                                         |
|           |           |   public: http://openstack.if010.com:5000/v3                                      |
|           |           | RegionOne                                                                         |
|           |           |   admin: http://openstack.if010.com:35357/v3                                      |
|           |           | RegionOne                                                                         |
|           |           |   internal: http://openstack.if010.com:5000/v3                                    |
|           |           |                                                                                   |
+-----------+-----------+-----------------------------------------------------------------------------------+

列出Image服务中的图像以验证与Image服务的连接性:

[root@openstack ~]# openstack image list
+--------------------------------------+----------+--------+
| ID                                   | Name     | Status |
+--------------------------------------+----------+--------+
| e0f5041e-db3b-4e65-9ef3-39ad1b8b0b1f | CentOS 7 | active |
+--------------------------------------+----------+--------+

检查cells和placement API是否成功运行:

[root@openstack ~]# nova-status upgrade check
+-------------------------------+
| 升级检查结果                  |
+-------------------------------+
| 检查: Cells v2                |
| 结果: 成功                    |
| 详情: None                    |
+-------------------------------+
| 检查: Placement API           |
| 结果: 成功                    |
| 详情: None                    |
+-------------------------------+
| 检查: Resource Providers      |
| 结果: 成功                    |
| 详情: None                    |
+-------------------------------+
| 检查: Ironic Flavor Migration |
| 结果: 成功                    |
| 详情: None                    |
+-------------------------------+
| 检查: API Service Version     |
| 结果: 成功                    |
| 详情: None                    |
+-------------------------------+

食用教程—Neutron

本教程所配置的是公共网络,也就是单一扁平网络,有需要的小伙伴可以自行研究私有网络

Neutron控制节点安装与配置

创建Neutron数据库并授权

[root@openstack ~]# openssl rand -hex 10
e528734fc653231683c9

[root@openstack ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'e528734fc653231683c9';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'e528734fc653231683c9';

获得admin凭证

[root@openstack ~]# source admin-openrc

创建 neutron 用户并设置

[root@openstack ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled   | True                             |
| id        | b20a6692f77b4258926881bf831eb683 |
| name      | neutron                          |
+-----------+----------------------------------+

添加admin角色到neutron 用户:

[root@openstack ~]# openstack role add --project service --user neutron admin

创建neutron服务实体:

[root@openstack ~]# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Networking             |
| enabled     | True                             |
| id          | f71529314dab4a4d8eca427e701d209e |
| name        | neutron                          |
| type        | network                          |
+-------------+----------------------------------+

创建网络服务API端点:

[root@openstack ~]# openstack endpoint create --region RegionOne network public http://openstack.if010.com:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 85d80a6d02fc4b7683f611d7fc1493a3 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://openstack.if010.com:9696  |
+--------------+----------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne network internal http://openstack.if010.com:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 09753b537ac74422a68d2d791cf3714f |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://openstack.if010.com:9696  |
+--------------+----------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne network admin http://openstack.if010.com:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 1ee14289c9374dffb5db92a5c112fc4e |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://openstack.if010.com:9696  |
+--------------+----------------------------------+

安装并配置计算节点

[root@openstack ~]# yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables

#配置/etc/neutron/neutron.conf文件
[root@openstack ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
auth_strategy = keystone    #配置认证服务访问
core_plugin = ml2    #启用ML2插件
service_plugins =    #禁用其他插件
notify_nova_on_port_status_changes = True    #配置网络服务来通知计算节点的网络拓扑变化
notify_nova_on_port_data_changes = True    ##配置网络服务来通知计算节点的网络拓扑变化
transport_url = rabbit://openstack:[email protected]    #配置RabbitMQ消息队列访问
rpc_backend = rabbit    #配置RabbitMQ消息队列访问

[database]    #配置数据库的连接
connection = mysql+pymysql://neutron:[email protected]/neutron

[keystone_authtoken]    #配置认证服务访问
auth_uri = http://openstack.if010.com:5000
auth_url = http://openstack.if010.com:35357
memcached_servers = openstack.if010.com:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron@If010    #neutron用户的密码

[nova]    #配置nova服务访问
auth_url = http://openstack.if010.com:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova@If010    #nova用户的密码

[oslo_concurrency]    #配置锁路径
lock_path = /var/lib/neutron/tmp

[oslo_messaging_rabbit]    #配置RabbitMQ消息队列访问
rabbit_host = 127.0.0.1
rabbit_port = 5672
rabbit_userid = openstack
rabbit_password = 1735e32955b2ef18362e

#配置ml2_conf.ini文件
[root@openstack ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan    #启用flat和VLAN网络
tenant_network_types =    #禁用私有网络
mechanism_drivers = linuxbridge    #启用Linuxbridge机制
extension_drivers = port_security    #启用端口安全扩展驱动

[ml2_type_flat]    #配置公共虚拟网络为flat网络
flat_networks = provider

[securitygroup]    #启用ipset增加安全组规则的高效性
enable_ipset = true

#配置linuxbridge_agent.ini文件
[root@openstack ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1    //将eth1替换成自己本身的网卡接口,ip addr可查看网卡名称

[securitygroup]    #启用安全组并配置Linuxbridge iptables firewall driver
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
enable_security_group = true

[vxlan]
enable_vxlan = false    #禁止VXLAN覆盖网络

#配置dhcp_agent.ini文件
*配置Linuxbridge驱动接口,DHCP驱动并启用隔离元数据,这样在公共网络上的实例就可以通过网络来访问元数据
[root@openstack ~]# vim /etc/neutron/dhcp_agent.ini
[DEFAULT]    #配置DHCP代理
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

#配置metadata_agent.ini文件
[root@openstack ~]# vim /etc/neutron/metadata_agent.ini
[DEFAULT]    #配置元数据主机以及共享密码
nova_metadata_host = openstack.if010.com
metadata_proxy_shared_secret = neutron

#配置nova使用neutron服务
[root@openstack ~]# vim /etc/nova/nova.conf
[neutron]
url = http://openstack.if010.com:9696
auth_url = http://openstack.if010.com:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron@If010
service_metadata_proxy = true
metadata_proxy_shared_secret = neutron

链接plugin.ini文件

网络服务初始化脚本需要/etc/neutron/plugin.ini指向ML2插件配置文件的符号链接/etc/neutron/plugins/ml2 ml2_conf.ini。如果此符号链接不存在,请使用以下命令创建它:

[root@openstack ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

初始化neutron数据库

[root@openstack ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

重启计算Nova API服务

[root@openstack ~]# systemctl restart openstack-nova-api.service

启动网络服务并将其配置为系统启动时启动

[root@openstack ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
[root@openstack ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

Neutron计算节点安装与配置

[root@openstack-node01 ~]# yum installopenstack-neutron-linuxbridge ebtables ipset

#配置/etc/neutron/neutron.conf文件
[root@openstack-node01 ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:[email protected]
auth_strategy = keystone

[keystone_authtoken]
auth_uri = http://openstack.if010.com:5000
auth_url = http://openstack.if010.com:35357
memcached_servers = openstack.if010.com:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron@If010

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

#配置linuxbridge_agent.ini文件
[root@openstack-node01 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1 //将eth1替换为自己的网卡接口

[vxlan]
enable_vxlan = false

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

#配置计算服务使用网络服务
[root@openstack-node01 ~]# vim /etc/nova/nova.conf
[neutron]
url = http://openstack.if010.com:9696
auth_url = http://openstack.if010.com:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron@If010

重新启动计算服务:

[root@openstack-node01 ~]# systemctl restart openstack-nova-compute.service

启动Linux桥代理并将其配置为在系统引导时启动:

[root@openstack-node01 ~]# systemctl enable neutron-linuxbridge-agent.service
[root@openstack-node01 ~]# systemctl start neutron-linuxbridge-agent.service

验证操作

#列出加载的扩展以验证neutron-server过程的成功启动
[root@openstack ~]# openstack extension list --network

#验证 neutron agent成功
[root@openstack ~]# openstack network agent list

食用教程—Cinder

控制节点安装与配置

创建cinder数据库并授权

[root@openstack ~]# openssl rand -hex 10
8ef194ead24acb67de4c

[root@openstack ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE cinder;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY '8ef194ead24acb67de4c';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY '8ef194ead24acb67de4c';

获得admin凭证

[root@openstack ~]# source admin-openrc

###创建cinder用户并设置密码

[root@openstack ~]# openstack user create --domain default --password-prompt cinder
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled   | True                             |
| id        | bb279f8ffc444637af38811a5e1f0562 |
| name      | cinder                           |
+-----------+----------------------------------+

添加admin角色到cinder用户:

[root@openstack ~]# openstack role add --project service --user cinder admin

创建cinder服务实体:

[root@openstack ~]# openstack service create --name cinder --description "OpenStack Block Storage" volume
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Block Storage          |
| enabled     | True                             |
| id          | ab3bbbef780845a1a283490d281e7fda |
| name        | cinder                           |
| type        | volume                           |
+-------------+----------------------------------+
[root@openstack ~]# openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Block Storage          |
| enabled     | True                             |
| id          | eb9fd245bdbc414695952e93f29fe3ac |
| name        | cinderv2                         |
| type        | volumev2                         |
+-------------+----------------------------------+
[root@openstack ~]# openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Block Storage          |
| enabled     | True                             |
| id          | eb9fd245bdbc414695952e93f29fe3ac |
| name        | cinderv3                         |
| type        | volumev3                         |
+-------------+----------------------------------+

创建网络服务API端点:

[root@openstack ~]# openstack endpoint create --region RegionOne volume public http://openstack.if010.com:8776/v1/%\(tenant_id\)s
+--------------+--------------------------------------------------+
| Field        | Value                                            |
+--------------+--------------------------------------------------+
| enabled      | True                                             |
| id           | 03fa2c90153546c295bf30ca86b1344b                 |
| interface    | public                                           |
| region       | RegionOne                                        |
| region_id    | RegionOne                                        |
| service_id   | ab3bbbef780845a1a283490d281e7fda                 |
| service_name | cinder                                           |
| service_type | volume                                           |
| url          | http://openstack.if010.com:8776/v1/%(tenant_id)s |
+--------------+-----------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne volume internal http://openstack.if010.com:8776/v1/%\(tenant_id\)s
+--------------+--------------------------------------------------+
| Field        | Value                                            |
+--------------+--------------------------------------------------+
| enabled      | True                                             |
| id           | 94f684395d1b41068c70e4ecb11364b2                 |
| interface    | internal                                         |
| region       | RegionOne                                        |
| region_id    | RegionOne                                        |
| service_id   | ab3bbbef780845a1a283490d281e7fda                 |
| service_name | cinder                                           |
| service_type | volume                                           |
| url          | http://openstack.if010.com:8776/v1/%(tenant_id)s |
  +--------------+---------------------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne volume admin http://openstack.if010.com:8776/v1/%\(tenant_id\)s
+--------------+--------------------------------------------------+
| Field        | Value                                            |
+--------------+--------------------------------------------------+
| enabled      | True                                             |
| id           | 4511c28a0f9840c78bacb25f10f62c98                 |
| interface    | admin                                            |
| region       | RegionOne                                        |
| region_id    | RegionOne                                        |
| service_id   | ab3bbbef780845a1a283490d281e7fda                 |
| service_name | cinder                                           |
| service_type | volume                                           |
| url          | http://openstack.if010.com:8776/v1/%(tenant_id)s |
+--------------+--------------------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne volumev2 public http://openstack.if010.com:8776/v2/%\(tenant_id\)s
+--------------+--------------------------------------------------+
| Field        | Value                                            |
+--------------+--------------------------------------------------+
| enabled      | True                                             |
| id           | 513e73819e14460fb904163f41ef3759                 |
| interface    | public                                           |
| region       | RegionOne                                        |
| region_id    | RegionOne                                        |
| service_id   | eb9fd245bdbc414695952e93f29fe3ac                 |
| service_name | cinderv2                                         |
| service_type | volumev2                                         |
| url          | http://openstack.if010.com:8776/v2/%(tenant_id)s |
+--------------+--------------------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne volumev2 internal http://openstack.if010.com:8776/v2/%\(tenant_id\)s
+--------------+--------------------------------------------------+
| Field        | Value                                            |
+--------------+--------------------------------------------------+
| enabled      | True                                             |
| id           | 513e73819e14460fb904163f41ef3759                 |
| interface    | internal                                         |
| region       | RegionOne                                        |
| region_id    | RegionOne                                        |
| service_id   | eb9fd245bdbc414695952e93f29fe3ac                 |
| service_name | cinderv2                                         |
| service_type | volumev2                                         |
| url          | http://openstack.if010.com:8776/v2/%(tenant_id)s |
+--------------+--------------------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne volumev2 admin http://openstack.if010.com:8776/v2/%\(tenant_id\)s
+--------------+--------------------------------------------------+
| Field        | Value                                            |
+--------------+--------------------------------------------------+
| enabled      | True                                             |
| id           | 513e73819e14460fb904163f41ef3759                 |
| interface    | admin                                            |
| region       | RegionOne                                        |
| region_id    | RegionOne                                        |
| service_id   | eb9fd245bdbc414695952e93f29fe3ac                 |
| service_name | cinderv2                                         |
| service_type | volumev2                                         |
| url          | http://openstack.if010.com:8776/v2/%(tenant_id)s |
+--------------+--------------------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne volumev3 public http://openstack.if010.com:8776/v3/%\(tenant_id\)s
+--------------+--------------------------------------------------+
| Field        | Value                                            |
+--------------+--------------------------------------------------+
| enabled      | True                                             |
| id           | 513e73819e14460fb904163f41ef3759                 |
| interface    | public                                           |
| region       | RegionOne                                        |
| region_id    | RegionOne                                        |
| service_id   | eb9fd245bdbc414695952e93f29fe3ac                 |
| service_name | cinderv3                                         |
| service_type | volumev3                                         |
| url          | http://openstack.if010.com:8776/v2/%(tenant_id)s |
+--------------+--------------------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne volumev3 internal http://openstack.if010.com:8776/v3/%\(tenant_id\)s
+--------------+--------------------------------------------------+
| Field        | Value                                            |
+--------------+--------------------------------------------------+
| enabled      | True                                             |
| id           | 513e73819e14460fb904163f41ef3759                 |
| interface    | internal                                         |
| region       | RegionOne                                        |
| region_id    | RegionOne                                        |
| service_id   | eb9fd245bdbc414695952e93f29fe3ac                 |
| service_name | cinderv3                                         |
| service_type | volumev3                                         |
| url          | http://openstack.if010.com:8776/v2/%(tenant_id)s |
+--------------+--------------------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne volumev3 admin http://openstack.if010.com:8776/v3/%\(tenant_id\)s
+--------------+--------------------------------------------------+
| Field        | Value                                            |
+--------------+--------------------------------------------------+
| enabled      | True                                             |
| id           | 513e73819e14460fb904163f41ef3759                 |
| interface    | admin                                            |
| region       | RegionOne                                        |
| region_id    | RegionOne                                        |
| service_id   | eb9fd245bdbc414695952e93f29fe3ac                 |
| service_name | cinderv3                                         |
| service_type | volumev3                                         |
| url          | http://openstack.if010.com:8776/v2/%(tenant_id)s |
+--------------+--------------------------------------------------+

安装并配置控制节点

[root@openstack ~]# yum install -y openstack-cinder

#配置/etc/cinder/cinder.conf文件
[DEFAULT]
glance_api_servers = http://openstack.if010.com:9292
auth_strategy = keystone    #配置认证服务访问
enabled_backends = lvm
cinder_internal_tenant_project_id = 926b3127ab004702a50c969fa629022b    #service的项目ID
cinder_internal_tenant_user_id = de788c0a0f77469b9e8285052e50fd60    #cinder的用户ID
transport_url = rabbit://openstack:[email protected]
rpc_backend = rabbit    #配置RabbitMQ消息队列访问
my_ip = 192.168.31.4    #配置管理接口的IP 地址

[database]    #配置数据库访问
connection = mysql+pymysql://cinder:[email protected]/cinder

[keystone_authtoken]    #配置认证服务访问
auth_uri = http://openstack.if010.com:5000
auth_url = http://openstack.if010.com:35357
memcached_servers = openstack.if010.com:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = cinder@If010    #cinder用户的密码

[oslo_concurrency]    #配置硕路径
lock_path = /var/lib/cinder/tmp

[oslo_messaging_rabbit]    #配置RabbitMQ消息队列访问
rabbit_host = openstack.if010.com
rabbit_port = 5672
rabbit_userid = openstack
rabbit_password = 1735e32955b2ef18362e

[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm
image_volume_cache_max_size_gb = 200
image_volume_cache_max_count = 50
image_volume_cache_enabled = True

#配置nova使用cinder模块
[root@openstack ~]# vim /etc/nova/nova.conf
[cinder]
os_region_name = RegionOne

初始化块设备服务的数据库:

[root@openstack ~]# su -s /bin/sh -c "cinder-manage db sync" cinder

重启计算API 服务:

[root@openstack ~]# systemctl restart openstack-nova-api.service

启动块设备存储服务,并将其配置为开机自启:

[root@openstack ~]# systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
[root@openstack ~]# systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service

存储节点安装与配置

硬盘初始化准备

#安装LVM包:
[root@openstack ~]# yum install -y lvm2

#启动LVM的metadata服务并且设置该服务随系统启动:
[root@openstack ~]# systemctl enable lvm2-lvmetad.service
[root@openstack ~]# systemctl start lvm2-lvmetad.service

#创建LVM物理卷 /dev/sda2
[root@openstack ~]# pvcreate /dev/sdb

#创建LVM卷组cinder-volumes
[root@openstack ~]# vgcreate cinder-volumes /dev/sdb

[root@openstack ~]# vim /etc/lvm/lvm.conf 
devices {
...
filter = [ "a/sdb/", "r/.*/"]
}

安装并配置组件

[root@openstack ~]# yum install -y openstack-cinder targetcli python-keystone

#配置/etc/cinder/cinder.conf文件
[root@openstack ~]# vim /etc/cinder/cinder.conf
[DEFAULT]
enabled_backends = lvm
glance_api_servers = http://openstack.if010.com:9292

[oslo_concurrency]
lock_path = /var/lib/cinder/tmp

[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm
*[lvm]直接在文件最后追加

启动块存储卷服务及其依赖的服务,并将其配置为随系统启动:

[root@openstack ~]# systemctl enable openstack-cinder-volume.service target.service
[root@openstack ~]# systemctl start openstack-cinder-volume.service target.service

验证操作

[root@openstack ~]# cinder service-list
+------------------+-------------------------+------+---------+-------+----------------------------+-----------------+
| Binary           | Host                    | Zone | Status  | State | Updated_at                 | Disabled Reason |
+------------------+-------------------------+------+---------+-------+----------------------------+-----------------+
| cinder-scheduler | openstack.if010.com     | nova | enabled | up    | 2022-06-12T10:02:09.000000 | -               |
| cinder-volume    | openstack.if010.com@lvm | nova | enabled | up    | 2022-06-12T10:02:04.000000 | -               |
+------------------+-------------------------+------+---------+-------+----------------------------+-----------------+

食用教程—Dashboard

安装并配置

[root@openstack ~]# yum install -y openstack-dashboard

[root@openstack ~]# vim /etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*', ]
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'controller:11211',
    }
}

OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 2,
}

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

OPENSTACK_NEUTRON_NETWORK = {
    ...
    'enable_router': False,
    'enable_quotas': False,
    'enable_distributed_router': False,
    'enable_ha_router': False,
    'enable_lb': False,
    'enable_firewall': False,
    'enable_vpn': False,
    'enable_fip_topology_check': False,
}

TIME_ZONE = "Asia/Shanghai"

重启web服务器以及会话存储服务:

[root@openstack ~]# systemctl restart httpd.service memcached.service

浏览器访问配置
http://192.168.31.4/dashboard/
默认管理账号密码: admin/123456(keystone上注册创建的admin用户名密码)
openstack web界面

食用教程—Designate

创建Designate数据库并授权

[root@openstack ~]# openssl rand -hex 10
669569abe0ff510a6a69

[root@openstack ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE designate CHARACTER SET utf8 COLLATE utf8_general_ci;;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON designate.* TO 'designate'@'localhost' IDENTIFIED BY '669569abe0ff510a6a69';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON designate.* TO 'designate'@'%' IDENTIFIED BY '669569abe0ff510a6a69';

获得admin凭证

[root@openstack ~]# source admin-openrc

创建designate用户并设置密码

[root@openstack ~]# openstack user create --domain default --password-prompt designate
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled   | True                             |
| id        | ca2e175b851943349be29a328cc5e360 |
| name      | designat                         |
+-----------+----------------------------------+

添加admin角色到designate用户

[root@openstack ~]# openstack role add --project service --user designate admin

创建designate服务实体

[root@openstack ~]# openstack service create --name designate --description "DNS" dns
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | DNS                              |
| enabled     | True                             |
| id          | 727841c6f5df4773baa4e8a5ae7d72eb |
| name        | designate                        |
| type        | dns                              |
+-------------+----------------------------------+

创建designate服务的API端点

[root@openstack ~]# openstack endpoint create --region RegionOne dns public http://openstack.if010.com:9001/
+--------------+--------------------------------------------------+
| Field        | Value                                            |
+--------------+--------------------------------------------------+
| enabled      | True                                             |
| id           | 3f4dab34624e4be7b000265f25049609                 |
| interface    | public                                           |
| region       | RegionOne                                        |
| region_id    | RegionOne                                        |
| service_id   | 727841c6f5df4773baa4e8a5ae7d72eb                 |
| service_name | dns                                              |
| service_type | orchestration                                    |
| url          | http://openstack.if010.com:9001/                 |
+--------------+--------------------------------------------------+

安装组件

[root@openstack ~]# yum install -y openstack-designate\* bind bind-utils

创建RNDC密钥

[root@openstack ~]# rndc-confgen -a -k designate -c /etc/designate/rndc.key -r /dev/urandom

配置named.conf文件

[root@openstack ~]# cat /etc/named.conf 
include "/etc/designate/rndc.key";

options {
        listen-on port 53 { any; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-new-zones yes;
        request-ixfr no;
        recursion no;
        allow-query { 127.0.0.1; 192.168.31.4; localhost; };    
        dnssec-enable yes;
        dnssec-validation yes;  
        bindkeys-file "/etc/named.root.key";  
        managed-keys-directory "/var/named/dynamic";
        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

controls {
  inet 127.0.0.1 port 953
    allow { 127.0.0.1; } keys { "designate"; };
};

启动DNS服务并添加自启动

[root@openstack ~]# systemctl enable named  
[root@openstack ~]# systemctl start named

配置designate.conf文件

[root@openstack ~]# vim /etc/designate/designate.conf
[DEFAULT]
transport_url = rabbit://openstack: [email protected]

[keystone_authtoken]
auth_type = password
username = designate
password = designate@If010
project_name = service
project_domain_name = default
user_domain_name = default
www_authenticate_uri = http://openstack.if010.com:5000/
auth_url = http://openstack.if010.com:5000/
memcached_servers = 127.0.0.1:11211

[service:api]
enable_host_header = true
listen = 0.0.0.0:9001
auth_strategy = keystone
enable_api_v2 = true
enable_api_admin = true
enabled_extensions_admin = quotas,reports

[service:worker]
enabled = true
notify = true

[storage:sqlalchemy]
connection = mysql+pymysql://designate:[email protected]/designate

##同步数据库

[root@openstack ~]# su -s /bin/sh -c "designate-manage database sync" designate

启动指定的中心和API服务并添加自启动

[root@openstack ~]# systemctl enable designate-central designate-api
[root@openstack ~]# systemctl start designate-central designate-api

创建pools.yaml文件

[root@openstack ~]# vim /etc/designate/pools.yaml
- name: default
  # The name is immutable. There will be no option to change the name after
  # creation and the only way will to change it will be to delete it
  # (and all zones associated with it) and recreate it.
  description: Default Pool

  attributes: {}

  # List out the NS records for zones hosted within this pool
  # This should be a record that is created outside of designate, that
  # points to the public IP of the controller node.
  ns_records:
    - hostname: ns1-1.example.org.
      priority: 1

  # List out the nameservers for this pool. These are the actual BIND servers.
  # We use these to verify changes have propagated to all nameservers.
  nameservers:
    - host: 127.0.0.1
      port: 53

  # List out the targets for this pool. For BIND there will be one
  # entry for each BIND server, as we have to run rndc command on each server
  targets:
    - type: bind9
      description: BIND9 Server 1

      # List out the designate-mdns servers from which BIND servers should
      # request zone transfers (AXFRs) from.
      # This should be the IP of the controller node.
      # If you have multiple controllers you can add multiple masters
      # by running designate-mdns on them, and adding them here.
      masters:
        - host: 127.0.0.1
          port: 5354

      # BIND Configuration options
      options:
        host: 127.0.0.1
        port: 53
        rndc_host: 127.0.0.1
        rndc_port: 953
        rndc_key_file: /etc/designate/rndc.key

更新池

[root@openstack ~]# su -s /bin/sh -c "designate-manage pool update" designate

启动指定和 mDNS 服务

[root@openstack ~]# systemctl start designate-worker designate-producer designate-mdns
[root@openstack ~]# systemctl enable designate-worker designate-producer designate-mdns

配置neutron使用designate服务

[root@openstack ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
external_dns_driver = designate 
dns_domain = if010.com.

[designate]
url = http://openstack.if010.com:9001/v2
auth_type = password
auth_url = http://openstack.if010.com:5000
username = designate
password = designate@If010
project_name = service
project_domain_name = default
user_domain_name = default
allow_reverse_dns_lookup = True
ipv4_ptr_zone_prefix_size = 24
ipv6_ptr_zone_prefix_size = 116

配置neutron使用ml2模块

[root@openstack ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
extension_drivers = port_security,qos,dns

这里要通过

neutron ext-list

命令dns-integration看是否支持扩展,而且他这个需要私有网络的换件

重启neutron服务

[root@openstack ~]# systemctl restart neutron-*

验证操作

[root@openstack ~]# ps -aux | grep designate
../usr/bin/python /usr/bin/designate-mdns --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-central --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-agent --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-api --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-worker --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-producer --config-file /etc/designate/designate.conf

[root@openstack ~]# openstack dns service list
+--------------------------------------+---------------------+--------------+--------+-------+--------------+
| id                                   | hostname            | service_name | status | stats | capabilities |
+--------------------------------------+---------------------+--------------+--------+-------+--------------+
| e29fe05a-4ef8-4fe5-9e6d-bf8be29b4fb2 | openstack.if010.com | worker       | UP     | -     | -            |
| 5c6802ab-05a0-4238-a15b-12f3239282d5 | openstack.if010.com | api          | UP     | -     | -            |
| 1c649421-f58b-44f9-8c82-19f50a8ea7cf | openstack.if010.com | mdns         | UP     | -     | -            |
| 1fab1750-215e-41f4-be42-0956f59cd2bd | openstack.if010.com | producer     | UP     | -     | -            |
| 6ea46d05-e9dc-49dd-a66d-8887d1049f7f | openstack.if010.com | central      | UP     | -     | -            |
+--------------------------------------+---------------------+--------------+--------+-------+--------------+

##创建一个zone区

[root@openstack ~]# openstack zone create [email protected] if010.com.
+----------------+--------------------------------------+
| Field          | Value                                |
+----------------+--------------------------------------+
| action         | CREATE                               |
| attributes     |                                      |
| created_at     | 2022-09-29T09:30:08.000000           |
| description    | None                                 |
| email          | [email protected]                      |
| id             | 8d381343-5e55-49f8-9cad-1f559d2aaa1e |
| masters        |                                      |
| name           | if010.com.                           |
| pool_id        | 794ccc2c-d751-44fe-b57f-8894c9f5c842 |
| project_id     | 6f827144ec354bafb697983463d0078a     |
| serial         | 1664443808                           |
| status         | PENDING                              |
| transferred_at | None                                 |
| ttl            | 3600                                 |
| type           | PRIMARY                              |
| updated_at     | None                                 |
| version        | 1                                    |
+----------------+--------------------------------------+

关联网络,不然的话创建了虚拟机也是不会有记录的
neutron net-update 38c5e950-b450-4c30-83d4-ee181c28aad3 --dns_domain if010.com.

[root@openstack ~]# openstack zone list
+--------------------------------------+------------+---------+------------+--------+--------+
| id                                   | name       | type    |     serial | status | action |
+--------------------------------------+------------+---------+------------+--------+--------+
| 8d381343-5e55-49f8-9cad-1f559d2aaa1e | if010.com. | PRIMARY | 1664446134 | ACTIVE | NONE   |
+--------------------------------------+------------+---------+------------+--------+--------+

食用教程—Heat

创建Heat数据库并授权

[root@openstack ~]# openssl rand -hex 10
fd0bf116b91362e17446

[root@openstack ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE heat;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'fd0bf116b91362e17446';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'fd0bf116b91362e17446';

获得admin凭证

[root@openstack ~]# source admin-openrc

创建heat用户并设置密码

[root@openstack ~]# openstack user create --domain default --password-prompt heat
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled   | True                             |
| id        | ca2e175b851943349be29a328cc5e360 |
| name      | heat                             |
+-----------+----------------------------------+

添加admin角色到heat用户

[root@openstack ~]# openstack role add --project service --user heat admin

创建heat服务实体

[root@openstack ~]# openstack service create --name heat --description "Orchestration" orchestration
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Orchestration                    |
| enabled     | True                             |
| id          | 727841c6f5df4773baa4e8a5ae7d72eb |
| name        | heat                             |
| type        | orchestration                    |
+-------------+----------------------------------+

[root@openstack ~]# openstack service create --name heat-cfn --description "Orchestration"  cloudformation
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Orchestration                    |
| enabled     | True                             |
| id          | c42cede91a4e47c3b10c8aedc8d890c6 |
| name        | heat-cfn                         |
| type        | cloudformation                   |
+-------------+----------------------------------+

创建Orchestration服务的API端点

[root@openstack ~]# openstack endpoint create --region RegionOne orchestration public http://openstack.if010.com:8004/v1/%\(tenant_id\)s
+--------------+--------------------------------------------------+
| Field        | Value                                            |
+--------------+--------------------------------------------------+
| enabled      | True                                             |
| id           | 3f4dab34624e4be7b000265f25049609                 |
| interface    | public                                           |
| region       | RegionOne                                        |
| region_id    | RegionOne                                        |
| service_id   | 727841c6f5df4773baa4e8a5ae7d72eb                 |
| service_name | heat                                             |
| service_type | orchestration                                    |
| url          | http://openstack.if010.com:8004/v1/%(tenant_id)s |
+--------------+--------------------------------------------------+

[root@openstack ~]# openstack endpoint create --region RegionOne orchestration internal http://openstack.if010.com:8004/v1/%\(tenant_id\)s
+--------------+--------------------------------------------------+
| Field        | Value                                            |
+--------------+--------------------------------------------------+
| enabled      | True                                             |
| id           | 9489f78e958e45cc85570fec7e836d98                 |
| interface    | internal                                         |
| region       | RegionOne                                        |
| region_id    | RegionOne                                        |
| service_id   | 727841c6f5df4773baa4e8a5ae7d72eb                 |
| service_name | heat                                             |
| service_type | orchestration                                    |
| url          | http://openstack.if010.com:8004/v1/%(tenant_id)s |
+--------------+--------------------------------------------------+

[root@openstack ~]# openstack endpoint create --region RegionOne orchestration admin http://openstack.if010.com:8004/v1/%\(tenant_id\)s
+--------------+--------------------------------------------------+
| Field        | Value                                            |
+--------------+--------------------------------------------------+
| enabled      | True                                             |
| id           | 76091559514b40c6b7b38dde790efe99                 |
| interface    | admin                                            |
| region       | RegionOne                                        |
| region_id    | RegionOne                                        |
| service_id   | 727841c6f5df4773baa4e8a5ae7d72eb                 |
| service_name | heat                                             |
| service_type | orchestration                                    |
| url          | http://openstack.if010.com:8004/v1/%(tenant_id)s |
+--------------+--------------------------------------------------+

[root@openstack ~]# openstack endpoint create --region RegionOne cloudformation public http://openstack.if010.com:8000/v1
+--------------+-------------------------------------------+
| Field        | Value                                     |
+--------------+-------------------------------------------+
| enabled      | True                                      |
| id           | b3ea082e019c4024842bf0a80555052c          |
| interface    | public                                    |
| region       | RegionOne                                 |
| region_id    | RegionOne                                 |
| service_id   | c42cede91a4e47c3b10c8aedc8d890c6          |
| service_name | heat-cfn                                  |
| service_type | cloudformation                            |
| url          | http://openstack.if010.com:8000/v1        |
+--------------+-------------------------------------------+

[root@openstack ~]# openstack endpoint create --region RegionOne cloudformation internal http://openstack.if010.com:8000/v1
+--------------+-------------------------------------------+
| Field        | Value                                     |
+--------------+-------------------------------------------+
| enabled      | True                                      |
| id           | 169df4368cdc435b8b115a9cb084044e          |
| interface    | internal                                  |
| region       | RegionOne                                 |
| region_id    | RegionOne                                 |
| service_id   | c42cede91a4e47c3b10c8aedc8d890c6          |
| service_name | heat-cfn                                  |
| service_type | cloudformation                            |
| url          | http://openstack.if010.com:8000/v1        |
+--------------+-------------------------------------------+

[root@openstack ~]# openstack endpoint create --region RegionOne cloudformation admin http://openstack.if010.com:8000/v1
+--------------+-------------------------------------------+
| Field        | Value                                     |
+--------------+-------------------------------------------+
| enabled      | True                                      |
| id           | 3d3edcd61eb343c1bbd629aa041ff88b          |
| interface    | internal                                  |
| region       | RegionOne                                 |
| region_id    | RegionOne                                 |
| service_id   | c42cede91a4e47c3b10c8aedc8d890c6          |
| service_name | heat-cfn                                  |
| service_type | cloudformation                            |
| url          | http://openstack.if010.com:8000/v1        |
+--------------+-------------------------------------------+

为栈创建heat包含项目和用户的域

[root@openstack ~]# openstack domain create --description "Stack projects and users" heat
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Stack projects and users         |
| enabled     | True                             |
| id          | 0f4d1bd326f2454dacc72157ba328a47 |
| name        | heat                             |
+-------------+----------------------------------+

在heat域中创建管理项目和用户的heat_domain_admin用户并设置密码

[root@openstack ~]# openstack user create --domain heat --password-prompt heat_domain_admin
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | 0f4d1bd326f2454dacc72157ba328a47 |
| enabled   | True                             |
| id        | b7bd1abfbcf64478b47a0f13cd4d970a |
| name      | heat_domain_admin                |
+-----------+----------------------------------+

添加admin角色到heat域 中的heat_domain_admin用户,启用heat_domain_admin用户管理栈的管理权限

[root@openstack ~]# openstack role add --domain heat --user-domain heat --user heat_domain_admin admin

创建 heat_stack_owner 角色

[root@openstack ~]# openstack role create heat_stack_owner
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 15e34f0c4fed4e68b3246275883c8630 |
| name      | heat_stack_owner                 |
+-----------+----------------------------------+

添加heat_stack_owner角色到demo项目和用户,启用demo用户管理栈

[root@openstack ~]# openstack role add --project demo --user demo heat_stack_owner

创建 heat_stack_user 角色

[root@openstack ~]# openstack role create heat_stack_user
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 88849d41a55d4d1d91e4f11bffd8fc5c |
| name      | heat_stack_user                  |
+-----------+----------------------------------+

安装并配置组件

[root@openstack ~]# yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine openstack-heat-ui

# 配置 /etc/heat/heat.conf 文件
[root@openstack ~]# vim /etc/heat/heat.conf
[DEFAULT]
heat_metadata_server_url = http://openstack.if010.com:8000  #配置元数据Url
heat_waitcondition_server_url = http://openstack.if010.com:8000/v1/waitcondition  #配置等待条件Url
stack_user_domain_name = heat   #配置栈域
stack_domain_admin = heat_domain_admin  #配置栈域与管理凭据用户
stack_domain_admin_password = stack_domain_admin@If010  #配置栈域与管理凭据密码
transport_url = rabbit://openstack:[email protected]    #配置RabbitMQ消息队列访问
rpc_backend = rabbit    #配置RabbitMQ消息队列访问

[clients_keystone]  #认证服务访问
auth_uri = http://openstack.if010.com:35357

[database]   #配置数据库的连接
connection = mysql+pymysql://heat:[email protected]/heat

[ec2authtoken]  #认证服务访问
auth_uri = http://openstack.if010.com:5000/v2.0

[oslo_messaging_rabbit]    #配置RabbitMQ消息队列访问
rabbit_host = 127.0.0.1
rabbit_port = 5672
rabbit_userid = openstack
rabbit_password = 1735e32955b2ef18362e

[trustee] #认证服务访问
auth_plugin = password
auth_url = http://openstack.if010.com:35357
username = heat
password = heat@If010     #heat用户的密码
user_domain_name = default

[keystone_authtoken]  #配置认证服务访问
auth_uri = http://openstack.if010.com:5000
auth_url = http://openstack.if010.com:35357
memcached_servers = openstack.if010.com:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = heat
password = heat@If010     #heat用户的密码

同步数据库

[root@openstack ~]# su -s /bin/sh -c "heat-manage db_sync" heat

启动Orchestration服务并将其设置为随系统启动

[root@openstack ~]# systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service
[root@openstack ~]# systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service

重启Http web服务使其horizon上显示并管理Heat

[root@openstack ~]# systemctl restart openstack-heat*
[root@openstack ~]# systemctl restart httpd

验证操作

[root@openstack ~]# openstack orchestration service list
+---------------------+-------------+--------------------------------------+---------------------+--------+----------------------------+--------+
| Hostname            | Binary      | Engine ID                            | Host                | Topic  | Updated At                 | Status |
+---------------------+-------------+--------------------------------------+---------------------+--------+----------------------------+--------+
| openstack.if010.com | heat-engine | 290417fa-3930-43ac-aca2-af574b91ff0f | openstack.if010.com | engine | 2022-06-24T13:05:47.000000 | up     |
| openstack.if010.com | heat-engine | 9d112d09-5133-4f4e-8976-678346fd53c9 | openstack.if010.com | engine | 2022-06-24T13:05:47.000000 | up     |
| openstack.if010.com | heat-engine | 2ee0f328-f4bf-49b2-a0fe-205255811c8b | openstack.if010.com | engine | 2022-06-24T14:18:43.000000 | up     |
| openstack.if010.com | heat-engine | bfadeb82-2631-498c-8d8d-7870b73cfbec | openstack.if010.com | engine | 2022-06-24T13:05:47.000000 | up     |
+---------------------+-------------+--------------------------------------+---------------------+--------+----------------------------+--------+

启动一个实例

获取凭证

[root@openstack ~]# source admin-openrc

创建虚拟网络

[root@openstack ~]# neutron net-create --shared --provider:physical_network provider --provider:network_type flat provider
Created a new network:
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| id                        | 0e62efcd-8cee-46c7-b163-d8df05c3c5ad |
| mtu                       | 1500                                 |
| name                      | provider                             |
| port_security_enabled     | True                                 |
| provider:network_type     | flat                                 |
| provider:physical_network | provider                             |
| provider:segmentation_id  |                                      |
| router:external           | False                                |
| shared                    | True                                 |
| status                    | ACTIVE                               |
| subnets                   |                                      |
| tenant_id                 | d84313397390425c8ed50b2f6e18d092     |
+---------------------------+--------------------------------------+
[root@openstack ~]# neutron subnet-create --name provider \
  --allocation-pool start=192.168.31.100,end=192.168.31.200 \
  --dns-nameserver 8.8.8.8 --gateway 192.168.31.1 \
  provider 192.168.31.0/24
+-------------------+------------------------------------------------------+
| Field             | Value                                                |
+-------------------+------------------------------------------------------+
| allocation_pools  | {"start": "192.168.31.100", "end": "192.168.31.200"} |
| cidr              | 192.168.31.0/24                                      |
| dns_nameservers   | 8.8.8.8                                              |
| enable_dhcp       | True                                                 |
| gateway_ip        | 192.168.31.1                                         |
| host_routes       |                                                      |
| id                | 5cc70da8-4ee7-4565-be53-b9c011fca011                 |
| ip_version        | 4                                                    |
| ipv6_address_mode |                                                      |
| ipv6_ra_mode      |                                                      |
| name              | provider                                             |
| network_id        | 0e62efcd-8cee-46c7-b163-d8df05c3c5ad                 |
| subnetpool_id     |                                                      |
| tenant_id         | d84313397390425c8ed50b2f6e18d092                     |
+-------------------+------------------------------------------------------+

创建主机规格

[root@openstack ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
+----------------------------+---------+
| Field                      | Value   |
+----------------------------+---------+
| OS-FLV-DISABLED:disabled   | False   |
| OS-FLV-EXT-DATA:ephemeral  | 0       |
| disk                       | 1       |
| id                         | 0       |
| name                       | m1.nano |
| os-flavor-access:is_public | True    |
| ram                        | 64      |
| rxtx_factor                | 1.0     |
| swap                       |         |
| vcpus                      | 1       |
+----------------------------+---------+

生产环境的规格推荐

openstack flavor create --vcpus 1 --ram 512 ecs.c1.nano
openstack flavor create --vcpus 1 --ram 1024 ecs.c1.tiny
openstack flavor create --vcpus 1 --ram 2048 ecs.c1.small
openstack flavor create --vcpus 1 --ram 4096 ecs.c1.medium
openstack flavor create --vcpus 1 --ram 8192 ecs.c1.large
openstack flavor create --vcpus 1 --ram 16384 ecs.c1.xlarge

openstack flavor create --vcpus 2 --ram 512 ecs.c2.nano
openstack flavor create --vcpus 2 --ram 1024 ecs.c2.tiny
openstack flavor create --vcpus 2 --ram 2048 ecs.c2.small
openstack flavor create --vcpus 2 --ram 4096 ecs.c2.medium
openstack flavor create --vcpus 2 --ram 8192 ecs.c2.large
openstack flavor create --vcpus 2 --ram 16384 ecs.c2.xlarge

openstack flavor create --vcpus 4 --ram 512 ecs.c4.nano
openstack flavor create --vcpus 4 --ram 1024 ecs.c4.tiny
openstack flavor create --vcpus 4 --ram 2048 ecs.c4.small
openstack flavor create --vcpus 4 --ram 4096 ecs.c4.medium
openstack flavor create --vcpus 4 --ram 8192 ecs.c4.large
openstack flavor create --vcpus 4 --ram 16384 ecs.c4.xlarge

openstack flavor create --vcpus 8 --ram 512 ecs.c8.nano
openstack flavor create --vcpus 8 --ram 1024 ecs.c8.tiny
openstack flavor create --vcpus 8 --ram 2048 ecs.c8.small
openstack flavor create --vcpus 8 --ram 4096 ecs.c8.medium
openstack flavor create --vcpus 8 --ram 8192 ecs.c8.large
openstack flavor create --vcpus 8 --ram 16384 ecs.c8.xlarge

生成一个键值对

[root@openstack ~]# ssh-keygen -q -N ""
[root@openstack ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field       | Value                                           |
+-------------+-------------------------------------------------+
| fingerprint | ee:3d:2e:97:d4:e2:6a:54:6d:0d:ce:43:39:2c:ba:4d |
| name        | mykey                                           |
| user_id     | 58126687cbcc4888bfa9ab73a2256f27                |
+-------------+-------------------------------------------------+

#验证公钥的添加#
[root@openstack ~]# openstack keypair list
+-------+-------------------------------------------------+
| Name  | Fingerprint                                     |
+-------+-------------------------------------------------+
| mykey | ee:3d:2e:97:d4:e2:6a:54:6d:0d:ce:43:39:2c:ba:4d |
+-------+-------------------------------------------------+

增加安全组规则

默认情况下,default安全组适用于所有实例并且包括拒绝远程访问实例的防火墙规则。对诸如CirrOS这样的Linux镜像,我们推荐至少允许ICMP (ping) 和安全shell(SSH)规则。

#允许 ICMP (ping):
[root@openstack ~]# openstack security group rule create --proto icmp default
+-----------------------+--------------------------------------+
| Field                 | Value                                |
+-----------------------+--------------------------------------+
| id                    | a1876c06-7f30-4a67-a324-b6b5d1309546 |
| ip_protocol           | icmp                                 |
| ip_range              | 0.0.0.0/0                            |
| parent_group_id       | b0d53786-5ebb-4729-9e4a-4b675016a958 |
| port_range            |                                      |
| remote_security_group |                                      |
+-----------------------+--------------------------------------+

#允许安全 shell (SSH) 的访问:
[root@openstack ~]# openstack security group rule create --proto tcp --dst-port 22 default
+-----------------------+--------------------------------------+
| Field                 | Value                                |
+-----------------------+--------------------------------------+
| id                    | 3d95e59c-e98d-45f1-af04-c750af914f14 |
| ip_protocol           | tcp                                  |
| ip_range              | 0.0.0.0/0                            |
| parent_group_id       | b0d53786-5ebb-4729-9e4a-4b675016a958 |
| port_range            | 22:22                                |
| remote_security_group |                                      |
+-----------------------+--------------------------------------+

创建块设备存储

[root@openstack ~]# openstack volume create --size 1 volume1
+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| attachments         | []                                   |
| availability_zone   | nova                                 |
| bootable            | false                                |
| consistencygroup_id | None                                 |
| created_at          | 2016-03-08T14:30:48.391027           |
| description         | None                                 |
| encrypted           | False                                |
| id                  | a1e8be72-a395-4a6f-8e07-856a57c39524 |
| multiattach         | False                                |
| name                | volume1                              |
| properties          |                                      |
| replication_status  | disabled                             |
| size                | 1                                    |
| snapshot_id         | None                                 |
| source_volid        | None                                 |
| status              | creating                             |
| type                | None                                 |
| updated_at          | None                                 |
| user_id             | 684286a9079845359882afc3aa5011fb     |
+---------------------+--------------------------------------+

#等待Status状态从creating变成available
[root@openstack ~]# openstack volume list
+--------------------------------------+--------------+-----------+------+-------------+
| ID                                   | Display Name | Status    | Size | Attached to |
+--------------------------------------+--------------+-----------+------+-------------+
| a1e8be72-a395-4a6f-8e07-856a57c39524 | volume1      | available |    1 |             |
+--------------------------------------+--------------+-----------+------+-------------+

#附加卷到一个实例上
openstack server add volume provider-instance volume1
#列出卷
[root@openstack ~]# openstack volume list
+--------------------------------------+--------------+--------+------+--------------------------------------------+
| ID                                   | Display Name | Status | Size | Attached to                                |
+--------------------------------------+--------------+--------+------+--------------------------------------------+
| a1e8be72-a395-4a6f-8e07-856a57c39524 | volume1      | in-use |    1 | Attached to provider-instance on /dev/vdb  |
+--------------------------------------+--------------+--------+------+--------------------------------------------+

创建实例

#列出可用类型
[root@openstack ~]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name      |   RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 1  | m1.tiny   |   512 |    1 |         0 |     1 | True      |
+----+-----------+-------+------+-----------+-------+-----------+

#列出可用镜像
[root@openstack ~]# openstack image list
+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| 390eb5f7-8d49-41ec-95b7-68c0d5d54b34 | cirros | active |
+--------------------------------------+--------+--------+

#列出可用网络
[root@openstack ~]# openstack network list
+--------------------------------------+--------------+--------------------------------------+
| ID                                   | Name         | Subnets                              |
+--------------------------------------+--------------+--------------------------------------+
| b5b6993c-ddf9-40e7-91d0-86806a42edb8 | provider     | 310911f6-acf0-4a47-824e-3032916582ff |
+--------------------------------------+--------------+--------------------------------------+

#列出可用的安全组
[root@openstack ~]# openstack security group list
+--------------------------------------+---------+------------------------+
| ID                                   | Name    | Description            |
+--------------------------------------+---------+------------------------+
| dd2b614c-3dad-48ed-958b-b155a3b38515 | default | Default security group |
+--------------------------------------+---------+------------------------+

根据上面查询出来的结果进行创建实例

[root@openstack ~]# openstack server create --flavor m1.tiny --image cirros \
  --nic net-id=b5b6993c-ddf9-40e7-91d0-86806a42edb8 --security-group default \
  --key-name mykey provider-instance    
+--------------------------------------+-----------------------------------------------+
| Property                             | Value                                         |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig                    | MANUAL                                        |
| OS-EXT-AZ:availability_zone          | nova                                          |
| OS-EXT-STS:power_state               | 0                                             |
| OS-EXT-STS:task_state                | scheduling                                    |
| OS-EXT-STS:vm_state                  | building                                      |
| OS-SRV-USG:launched_at               | -                                             |
| OS-SRV-USG:terminated_at             | -                                             |
| accessIPv4                           |                                               |
| accessIPv6                           |                                               |
| adminPass                            | hdF4LMQqC5PB                                  |
| config_drive                         |                                               |
| created                              | 2015-09-17T21:58:18Z                          |
| flavor                               | m1.tiny (1)                                   |
| hostId                               |                                               |
| id                                   | 181c52ba-aebc-4c32-a97d-2e8e82e4eaaf          |
| image                                | cirros (38047887-61a7-41ea-9b49-27987d5e8bb9) |
| key_name                             | mykey                                         |
| metadata                             | {}                                            |
| name                                 | provider-instance                             |
| os-extended-volumes:volumes_attached | []                                            |
| progress                             | 0                                             |
| security_groups                      | default                                       |
| status                               | BUILD                                         |
| tenant_id                            | f5b2ccaa75ac413591f12fcaa096aa5c              |
| updated                              | 2015-09-17T21:58:18Z                          |
| user_id                              | 684286a9079845359882afc3aa5011fb              |
+--------------------------------------+-----------------------------------------------+

检查实例的状态
[root@openstack ~]# openstack server list
+--------------------------------------+-------------------+--------+---------------------------------+
| ID                                   | Name              | Status | Networks                        |
+--------------------------------------+-------------------+--------+---------------------------------+
| 181c52ba-aebc-4c32-a97d-2e8e82e4eaaf | provider-instance | ACTIVE | provider=192.168.31.101         |
+--------------------------------------+-------------------+--------+---------------------------------+

获取你实例的VNC会话URL并从web浏览器访问它
[root@openstack ~]# openstack console url show provider-instance
+-------+------------------------------------------------------------------------------------------+
| Field | Value                                                                                    |
+-------+------------------------------------------------------------------------------------------+
| type  | novnc                                                                                    |
| url   | http://openstack.if010.com:6080/vnc_auto.html?token=5eeccb47-525c-4918-ac2a-3ad1e9f1f493 |
+-------+------------------------------------------------------------------------------------------+

VNC访问结果图

最后小结

目前为止所用到的端口罗列在下面,可以供大家查询

# 远程访问服务
# sshd.service
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1220/sshd           
tcp6       0      0 :::22                   :::*                    LISTEN      1220/sshd 

# 时间同步服务
# chronyd.service
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
udp        0      0 0.0.0.0:123             0.0.0.0:*                           1954/chronyd        
udp        0      0 127.0.0.1:323           0.0.0.0:*                           1954/chronyd        
udp6       0      0 ::1:323                 :::*                                1954/chronyd

# 数据库服务
# mariadb.service
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp6       0      0 :::3306                 :::*                    LISTEN      2368/mysqld

# 消息队列服务
# rabbitmq-server.service
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:4369            0.0.0.0:*               LISTEN      1/systemd           
tcp        0      0 0.0.0.0:15672           0.0.0.0:*               LISTEN      3775/beam.smp(web)
tcp        0      0 0.0.0.0:25672           0.0.0.0:*               LISTEN      3775/beam.smp       
tcp6       0      0 :::5672                 :::*                    LISTEN      3775/beam.smp

# 分布式内存服务
# memcached.service
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name  
tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      6032/memcached           
tcp6       0      0 ::1:11211               :::*                    LISTEN      6032/memcached

# 站点服务
# httpd.service
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name        
tcp6       0      0 :::80                   :::*                    LISTEN      7138/httpd(default)
tcp6       0      0 :::35357                :::*                    LISTEN      7138/httpd          
tcp6       0      0 :::5000                 :::*                    LISTEN      7138/httpd

# 镜像服务
# openstack-glance-api.service、openstack-glance-registry.service
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:9191            0.0.0.0:*               LISTEN      10683/python2       
tcp        0      0 0.0.0.0:9292            0.0.0.0:*               LISTEN      10649/python2       
      
# 计算服务
# openstack-nova-api.service、openstack-nova-consoleauth.service、openstack-nova-scheduler.service、openstack-nova-conductor.service、openstack-nova-novncproxy.service
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name                  
tcp        0      0 0.0.0.0:6080            0.0.0.0:*               LISTEN      28341/python2(vnc)
tcp        0      0 0.0.0.0:8774            0.0.0.0:*               LISTEN      28337/python2       
tcp        0      0 0.0.0.0:8775            0.0.0.0:*               LISTEN      28337/python2       
tcp6       0      0 :::8778                 :::*                    LISTEN      14667/httpd     

# 网络服务
# neutron-server.service、neutron-linuxbridge-agent.service、neutron-dhcp-agent.service、neutron-metadata-agent.service
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:9696            0.0.0.0:*               LISTEN      10916/python2       

# 存储服务
# openstack-cinder-api.service、openstack-cinder-scheduler.service、lvm2-lvmetad.service
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:8776            0.0.0.0:*               LISTEN      25496/python2       

# 编排服务
# openstack-heat-api.service、openstack-heat-api-cfn.service、openstack-heat-engine.service
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:8000            0.0.0.0:*               LISTEN      29142/python        
tcp        0      0 0.0.0.0:8004            0.0.0.0:*               LISTEN      29141/python   

对于OpenStack的食用就到此处了,还有计费,数据库啥的有时间的话我会在补上去的吧~~~


本文转载自: https://blog.csdn.net/qq_32262243/article/details/127113282
版权归原作者 Genius Kim 所有, 如有侵权,请联系我们删除。

“最全openstack部署教程”的评论:

还没有评论