Openstack是目前比较流行的一个实现云计算平台的项目,本文通过云计算概述、Openstack简介、Openstack核心模块、Openstack实战部署这几个方面来介绍Openstack。
一、云计算概述
1.1、 云计算是一个资源池,它为我们提供了诸如水、电、煤气一样的基础服务。
1.2 、云计算是一种按使用量付费的模式,这种模式可以快速、高效地提供网络,服务器,存储,应用软件,服务等,我们不必关心如何实现,所以只需投入很少的管理工作,只需和服务供应商进行很少的交互。
1.3、云计算从广义上可以分为如下几种模式:IaaS(基础设施即服务)、PaaS(平台即服务)、SaaS(软件即服务)
1)IaaS:Amazon、阿里云、腾讯云提供的云主机即IaaS,我们拿到的是一台机器,可以自定义操作系统。
2)PaaS:面向开发者,直接给用户提供一个平台来运行用户的程序,早期的idc服务商卖的主机、新浪的sae、阿里云的云数据库等。
3)SaaS:卖的是服务,比如腾讯企业邮箱、印象笔记等
二、Openstack简介
2.1、官网: www.openstack.org
2.2、由NASA(美国国家航空航天局)和Rackspace合作研发并发起的,以Apache许可证授权的自由软件和开放源代码项目,用python语言开发,可以实现私有云或者公有云。
2.3、主要有三个最基础组件:计算服务、网络服务、存储服务。
2.4、发布版本 http://releases.openstack.org,目前稳定版本为:Mitaka
三、Openstack核心模块
3.1、6个核心服务
1)nova:计算中心,对比阿里云的ESC,支持kvm,xen等虚拟化技术
2)keystone:认证中心
3)neutron:网络服务中心
4)swift:对象存储服务,存储图片,附件等文件,对比腾讯云的COS
5)cinder:块存储服务,对比云盘
6)glance:镜像管理中心
3.2、其他可选组件
1)HORIZON:控制面板
2)CEILOMETER:提供监控和数据采集
3)HEAT:自动化部署
4)TROVE:数据库应用服务
5)SAHARA:大数据处理
6)IRONIC:物理机管理服务
7)ZAQAR:消息服务
8)MANILA:文件共享服务
9)DESIGNATE:DNS服务
10)BARBICAN:key管理中心
11)MAGNUM:容器
12)MURANO:应用目录
13)CONGRESS:策略即服务
四、Openstack实战部署
4.1、前期准备
1)实验环境:至少两台机器
2)在RHEL7/CentOS7上安装openstack libertyl
官方文档: http://docs.openstack.org/liberty/install-guide-rdo
3)两台虚拟机,安装centos7系统(准备两个网卡,一个NAT,另一个仅主机)
4)nat网卡设置ip,可以联网,仅主机的网卡只要我们windows可以通就行,主要是用于xshell远程连接
5)关闭selinuxl、关闭iptables
systemctl stop firewalld
systemctl disable firewalld
6)关闭NetworkManager
systemctl stop NetworkManager
systemctl disable NetworkManager
7)centos7配置iptables
参考文档:http://www.myhack58.com/Article/48/66/2015/61454.htm
8)定义密码,在部署openstack过程中会在多个地方使用到密码,为了方便管理和安全设置,我们需要提前先定义好密码,使用命令mkpasswd -s 0 生成随机字符串
账号 | 描述 | 密码 |
Database password | Root password for the database | tn1Pi6Ytm |
ADMIN_PASS | Password of user admin | 3qiVpzU2x |
CEILOMETER_DBPASS | Database password for the Telemetry service | Czn3bF1hm |
CEILOMETER_PASS | Password of Telemetry service userceilometer | abquh12GU |
CINDER_DBPASS | Database password for the Block Storageservice | O3bwbpoZ3 |
CINDER_PASS | Password of Block Storage service usercinder | hf8LX9bow |
DASH_DBPASS | Database password for the dashboard | 5qBZxnn1g |
DEMO_PASS | Password of user demo | 9TtbgaA1q |
GLANCE_DBPASS | Database password for Image service | Zznky4tP0 |
GLANCE_PASS | Password of Image service user glance | Wuyaf4cV6 |
HEAT_DBPASS | Database password for the Orchestrationservice | b7Fk5wjLg |
HEAT_DOMAIN_PASS | Password of Orchestration domain | 7Gotb3eoH |
HEAT_PASS | Password of Orchestration service userheat | eqQ2jLgz0 |
KEYSTONE_DBPASS | Database password of Identity service | f6zx0gURv |
NEUTRON_DBPASS | Database password for the Networking service | quidyOC50 |
NEUTRON_PASS | Password of Networking service userneutron | mdcGVl29i |
NOVA_DBPASS | Database password for Compute service | RYgv0rg7p |
NOVA_PASS | Password of Compute service user nova | hsSNsqc43 |
RABBIT_PASS | Password of user guest of RabbitMQ | o3NXovnz5 |
SWIFT_PASS | Password of Object Storage service userswift | 6ci5xWOdk |
METADATA_SECRET | m8uhmQTu2 |
9)设置主机名
两台机器都设置hostname
hostnamectl set-hostname controller
hostnamectl set-hostname compute
编辑/etc/hosts:
192.168.16.111 controller
192.168.16.112 compute
10)同步时间
controller上:
yum install -y chrony
vim /etc/chrony.conf //增加或更改
allow 192.168.16.0/24
保存后,执行
systemctl enable chronyd.service
systemctl start chronyd.service
compute上:
yum install -y chrony
vim /etc/chrony.conf //增加或更改
server controller iburst
保存后,执行
systemctl enable chronyd.service
systemctl start chronyd.service
4.2、安装openstack
1)安装openstack的yum源(两个机器上都操作)
yum install -y centos-release-openstack-liberty
2)升级所有的包(两个机器上都操作)
yum upgrade //结束后重启系统
3)安装openstack 客户端和openstack-selinux
yum install -y python-openstackclient openstack-selinux
以下 4.3-4.12 步骤若无特殊说明则默认表示在 controller 机器上执行操作
4.3、安装sql服务
1)安装
yum install -y mariadb mariadb-server MySQL-python
2)编辑配置文件
vim /etc/my.cnf.d/mariadb_openstack.cnf //加入下面内容
[mysqld]
bind-address= 192.168.16.111
default-storage-engine= innodb
innodb_file_per_table
collation-server= utf8_general_ci
init-connect= 'SET NAMES utf8'
character-set-server= utf8
3)启动mariadb:
systemctl enable mariadb.service
systemctl start mariadb.service
4)安全配置,设置root密码
mysql_secure_installation
设置root密码为:tn1Pi6Ytm
4.4、安装nosql
1)nosql数据库被Telemetry service用到,在这里我们安装的是mongodb
yum install -y mongodb-server mongodb
2)编辑配置文件
vim /etc/mongod.conf //更改如下配置
bind_ip= 192.168.16.111
smallfiles= true
3)启动服务
systemctl enable mongod.service
systemctl start mongod.service
4.5、安装消息队列
1)rabbitmq消息队列服务在openstack中起到非常关键的作用,它好比是一个交通枢纽,各个组件之间的通信由它来完成。
yum install -y rabbitmq-server
2)启动rabbitmq-server服务
systemctl enable rabbitmq-server
systemctl start rabbitmq-server
3)添加openstack用户
rabbitmqctl add_user openstack o3NXovnz5 //用户名为openstack,密码为o3NXovnz5
4)为openstack用户授权
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
允许openstack用户可以配置,可以写,可以读
4.6、增加identity
1、keystone介绍
1)identity即keystone,它是openstack的验证中心,所有的服务都由它来认证。
参考:http://blog.csdn.net/wsfdl/article/details/20492343
2)在keyston中有以下角色:tenants(租户或项目)、用户、角色、服务目录和端点
3)如果把宾馆比作为Tenant,住宿的人就是User,宾馆可以提供多种诸如住宿、娱乐、饮食等多种服务(Service),具体来说,住宿是一种具体的服务(Endpoint)。就住宿而言,有普通间和总统套房,如果你的VIP等级(Role)高,你可以享受到豪华的总统套房。入住前,我们需要拿身份证开房(Credential),认证身份证不是冒牌货后(Authenticaiton),会给你一个房卡(Token),然后你拿着房卡,就可以进入房间和享受各种服务。
4)以创建一个虚拟机(server)为例,keystone在openstack的访问流程大致如下:
a、用户Alice通过自己的户名和密码向keystone申请token,keystone认证用户名和密码后,返回token1
b、Alice通过token1发送keystone查询他所拥有的租户,keystone验证token1成功后,返回Alice的所有Tenant
c、Alice选择一个租户,通过用户名和密码申请token,keystone认证用户名、密码、tenant后,返回token2。(其实1、2步仅仅是为了查询tenant,如果已经知道tenant,可以忽略1、2步)
d、Alice通过token2发送创建server的请求,keystone验证token2(包括该token是否有效,是否有权限创建虚拟机等)成功后,然后再把请求下发到nova,最终创建虚拟机
2、前期准备
1)登陆mysql,创建数据库
mysql -uroot -ptn1Pi6Ytm
>createdatabase keystone;
>GRANTALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'f6zx0gURv';
>GRANTALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'f6zx0gURv';
说明:创建一个keystone库,并且授权给keystone用户所有权限,密码为f6zx0gURv
2)安装相关的包
yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached
3)启动memcached服务
systemctl enable memcached.service
systemctl start memcached.service
3、编辑配置文件
编辑keystone配置文件
vim /etc/keystone/keystone.conf //修改或增加配置如下
[DEFAULT]
admin_token= 3qiVpzU2x
verbose= true
[database]
connection= mysql://keystone:f6zx0gURv@controller/keystone
[memcache]
servers= localhost:11211
[token]
provider= uuid
driver= memcache
[revoke]
driver= sql
4、导入数据
1)导入keystone相关的数据
su -s /bin/sh -c "keystone-manage db_sync" keystone
注意:这里会有个提示 Nohandlers could be found for logger "oslo_config.cfg" 忽略它,不影响
2)检查有没有正常导入数据:
mysql -ukeystone -pf6zx0gURv -hcontroller -t keystone -e "show tables"
看是否有列出表来,如果是空,说明没有成功导入数据
5、配置httpd
1)先编辑apache配置文件
vim /etc/httpd/conf/httpd.conf //增加或更改
ServerName controller
2)编辑配置文件
vim /etc/httpd/conf.d/wsgi-keystone.conf //内容如下
Listen5000
Listen35357
<VirtualHost*:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion>= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion>= 2.4>
Require all granted
</IfVersion>
<IfVersion< 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost*:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion>= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion>= 2.4>
Require all granted
</IfVersion>
<IfVersion< 2.4>
Order allow,deny
Allowf rom all
</IfVersion>
</Directory>
</VirtualHost>
3)启动apache
systemctl enable httpd.service
systemctl start httpd.service
6、创建服务实例
1)设置环境变量:
export OS_TOKEN=3qiVpzU2x
export OS_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
2)创建服务实例
openstack service create --name keystone--description "OpenStack Identity" identity
3)创建端点
openstack endpoint create --region RegionOne identity public http://controller:5000/v2.0
openstack endpoint create --region RegionOne identity internal http://controller:5000/v2.0
openstack endpoint create --region RegionOne identity admin http://controller:35357/v2.0
4)创建admin 租户
openstack project create --domain default --description "Admin Project" admin
5)创建admin用户 (密码为3qiVpzU2x)
openstack user create --domain default --password-prompt admin
6)创建admin角色
openstack role create admin
7)添加admin角色到admin租户和用户
openstack role add --project admin --user admin admin
8)创建service 租户
openstack project create --domain default --description "Service Project" service
9)创建demo租户
openstack project create --domain default --description "Demo Project" demo
10)创建demo用户 (密码9TtbgaA1q)
openstack user create --domain default --password-prompt demo
11)创建角色user
openstack role create user
12)添加user角色到demo租户和demo用户
openstack role add --project demo --user demo user
7、验证操作
验证admin用户和demo用户是否能正常登陆
1)首先做一个安全设置:
vim /usr/share/keystone/keystone-dist-paste.ini
搜索admin_token_auth,从[pipeline:public_api],[pipeline:admin_api]和[pipeline:api_v3]中,把admin_token_auth去掉
例如:
pipeline= sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension user_crud_extension public_service
改为:
pipeline= sizelimit url_normalize request_id build_auth_context token_auth json_body ec2_extension user_crud_extension public_service
2)取消环境变量OS_TOKEN和OS_URL
unset OS_TOKEN OS_URL
3)然后再登陆admin和demo用户
openstack --os-auth-url http://controller:35357/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name admin --os-username admin --os-auth-type password token issue
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name demo --os-username demo --os-auth-type password token issue
4)创建两个openstack客户端脚本
vim admin-openrc.sh //内容
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=3qiVpzU2x
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
执行脚本
source admin-openrc.sh
申请认证令牌
openstack token issue
vim demo-openrc.sh //内容
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=9TtbgaA1q
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
执行脚本
source demo-openrc.sh
申请认证令牌
openstack token issue
4.7、增加image
1、前期准备
image又叫做glance,是用来管理镜像的一个组件,我们用镜像来安装操作系统。glance支持让用户自己管理自定义镜像。
1)创建glance库和用户
mysql -uroot -ptn1Pi6Ytm
>CREATE database glance;
>GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'Zznky4tP0';
>GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'Zznky4tP0';
2)执行 admin-openrc.sh 脚本
source admin-openrc.sh
3)创建glance用户(密码为hf8LX9bow)
openstack user create --domain default --password-prompt glance
4)把admin角色添加到glance用户和service租户
openstack role add --project service --user glance admin
5)创建glance服务实体
openstack service create --name glance --description "OpenStack Image service" image
6)创建image服务api 端点
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
2、安装和配置
1)安装包
yum install -y openstack-glance python-glance python-glanceclient
2)编辑配置文件
vim /etc/glance/glance-api.conf //更改或增加
[database]
connection= mysql://glance:Zznky4tP0@controller/glance
[keystone_authtoken]
auth_uri= http://controller:5000
auth_url= http://controller:35357
auth_plugin= password
project_domain_id= default
user_domain_id= default
project_name= service
username= glance
password= hf8LX9bow
[paste_deploy]
flavor= keystone
[glance_store]
default_store= file
filesystem_store_datadir= /var/lib/glance/images/
[DEFAULT]
notificaction_driver= noop
verbose=True
vim /etc/glance/glance-registry.conf //更改或增加
[DEFAULT]
notificaction_driver= noop
verbose=True
[database]
connection= mysql://glance:Zznky4tP0@controller/glance
[keystone_authtoken]
auth_uri= http://controller:5000
auth_url= http://controller:35357
auth_plugin= password
project_domain_id= default
user_domain_id= default
project_name= service
username= glance
password= hf8LX9bow
[paste_deploy]
flavor= keystone
3)同步glance数据库数据
su -s /bin/sh -c "glance-manage db_sync" glance
4)启动服务
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service
3、验证操作
1)添加环境变量
echo"export OS_IMAGE_API_VERSION=2" | tee -a admin-openrc.sh demo-openrc.sh
2)执行admin-openrc.sh
source admin-openrc.sh
3)下载镜像
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
4)把刚刚下载的镜像上传到镜像服务中心
glance image-create --name "cirros" \
--file cirros-0.3.4-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--visibility public --progress
然后我们可以在 /var/lib/glance/images/目录下看到一个文件,这个就是刚刚上传的镜像,你会发现这个文件的名字和id是一致的。使用命令:
glance image-list //可以查看镜像列表
4.8、增加compute
1、前期准备
1)compute又叫nova,是OpenStack中的计算组织控制器。OpenStack中实例(instances)生命周期的所有活动都由Nova处理。这样使得Nova成为一个负责管理计算资源、网络、认证、所需可扩展性的平台。但是,Nova自身并没有提供任何虚拟化能力,相反它使用libvirtAPI来与被支持的Hypervisors(kvm、xen、vmware等)交互。
2)创建nova库,并创建nova用户
mysql -uroot -ptn1Pi6Ytm
>CREATE DATABASE nova;
>GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'RYgv0rg7p';
>GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'RYgv0rg7p';
3)初始化环境变量
source admin-openrc.sh
4)创建nova用户,密码为hsSNsqc43
openstack user create --domain default--password-prompt nova
5)添加admin角色到nova用户
openstack role add --project service --usernova admin
6)创建nova服务实例
openstack service create--name nova --description"OpenStack Compute" compute
7)创建api端点
openstack endpoint create --region RegionOne compute public http://controller:8774/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2/%\(tenant_id\)s
2、安装包并配置(controller上操作)
1)安装包
yum install -y openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient
2)编辑配置文件
vim /etc/nova/nova.conf //更改或增加配置
[database]
connection= mysql://nova:RYgv0rg7p@controller/nova
[DEFAULT]
rpc_backend=rabbit
my_ip=192.168.16.111
auth_strategy=keystone
network_api_class= nova.network.neutronv2.api.API
security_group_api= neutron
linuxnet_interface_driver= nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver= nova.virt.firewall.NoopFirewallDriver
enabled_apis=osapi_compute,metadata
verbose=true
[keystone_authtoken]
auth_uri= http://controller:5000
auth_url= http://controller:35357
auth_plugin= password
project_domain_id= default
user_domain_id= default
project_name= service
username= nova
password= hsSNsqc43
[oslo_messaging_rabbit]
rabbit_host= controller
rabbit_userid= openstack
rabbit_password= o3NXovnz5
[vnc]
vncserver_listen= $my_ip
vncserver_proxyclient_address= $my_ip
[glance]
host= controller
[oslo_concurrency]
lock_path= /var/lib/nova/tmp
3)同步数据创建nova库
su -s /bin/sh -c "nova-manage db sync" nova
4)启动服务
systemctl enable openstack-nova-api.service \
openstack-nova-cert.service openstack-nova-consoleauth.service \
openstack-nova-scheduler.service openstack-nova-conductor.service \
openstack-nova-novncproxy.service
systemctlstart openstack-nova-api.service \
openstack-nova-cert.service openstack-nova-consoleauth.service \
openstack-nova-scheduler.service openstack-nova-conductor.service \
openstack-nova-novncproxy.service
3、安装包并配置(compute上操作)
1)安装nova-compute包
yum install -y openstack-nova-compute sysfsutils
2)编辑配置文件
vim /etc/nova/nova.conf //更改或增加如下配置
[DEFAULT]
rpc_backend= rabbit
auth_strategy= keystone
my_ip= 192.168.16.112
network_api_class= nova.network.neutronv2.api.API
security_group_api= neutron
linuxnet_interface_driver= nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver= nova.virt.firewall.NoopFirewallDriver
verbose=true
[oslo_messaging_rabbit]
rabbit_host= controller
rabbit_userid= openstack
rabbit_password= o3NXovnz5
[keystone_authtoken]
auth_uri= http://controller:5000
auth_url= http://controller:35357
auth_plugin= password
project_domain_id= default
user_domain_id= default
project_name= service
username= nova
password= hsSNsqc43
[vnc]
enabled= True
vncserver_listen= 0.0.0.0
vncserver_proxyclient_address= $my_ip
novncproxy_base_url= http://controller:6080/vnc_auto.html
[glance]
host= controller
[oslo_concurrency]
lock_path= /var/lib/nova/tmp
3)开启支持虚拟化
使用如下命令检查你的机器cpu是否支持虚拟化
egrep -c '(vmx|svm)' /proc/cpuinfo
如果得到的数字大于0,说明是支持的,否则说明不支持,若为0,需要编辑如下配置文件
vim /etc/nova/nova.conf //编辑
[libvirt]
virt_type= qemu
4)启动服务
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
4、验证操作
1)执行脚本
source admin-openrc.sh
2)列出服务组件
nova service-list
共有5个:nova-consoleauth、nova-conductor、nova-scheduler、nova-cert、nova-compute
3)列出api端点,一共有9组:nova三组,glance三组,keystone三组
nova endpoints
注意:如果有提示:WARNING:nova has no endpoint in ! Available endpoints for this service
可以忽略掉,也可以编辑 admin-openrc.sh 增加一行 export OS_REGION_NAME=RegionOne
4)列出镜像
nova image-list
4.9、增加networking
1、前期准备
1)Networking又叫做Neutron,是Openstack必不可少的组件,它其实是网络虚拟化的实现工具,可以让我们模拟出路由器、交换机、网卡等网络设备。关于Neutron的电书:
https://yeasy.gitbooks.io/openstack_understand_neutron/content/
Neutron支持两种网络模式,第一种是非常简单的网络架构,它仅支持是让实例连接外网,不支持自定义网络、路由器以及浮动ip。只有管理员或者授权的用户有权限去管理网络。第二种网络功能比较强大,支持自定义网络管理,支持自建路由器并且也支持浮动ip。即使没有授权的用户也可以管理网络,支持用户自己配置和管理。
2)创建库、授权账号
mysql -uroot -ptn1Pi6Ytm
>CREATE DATABASE neutron;
>GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'quidyOC50';
>GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'quidyOC50';
3)执行脚本
source admin-openrc.sh
4)创建neutron用户(密码为mdcGVl29i)
openstack user create --domain default --password-prompt neutron
5)把admin角色添加到neutron用户里
openstack role add --project service --userneutron admin
6)创建neutron实例
openstack service create --name neutron --description "OpenStack Networking" network
7)创建networking服务api终端
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
2、配置
1)安装组件
yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset
2)配置服务端组件
vim /etc/neutron/neutron.conf //更改或增加
[DEFAULT]
core_plugin= ml2
service_plugins=
rpc_backend= rabbit
auth_strategy= keystone
notify_nova_on_port_status_changes= True
notify_nova_on_port_data_changes= True
nova_url= http://controller:8774/v2
verbose= True
[database]
connection= mysql://neutron:quidyOC50@controller/neutron
[oslo_messaging_rabbit]
rabbit_host= controller
rabbit_userid= openstack
rabbit_password= o3NXovnz5
[keystone_authtoken]
auth_uri= http://controller:5000
auth_url= http://controller:35357
auth_plugin= password
project_domain_id= default
user_domain_id= default
project_name= service
username= neutron
password= mdcGVl29i
[nova]
auth_url= http://controller:35357
auth_plugin= password
project_domain_id= default
user_domain_id= default
region_name= RegionOne
project_name= service
username= nova
password= hsSNsqc43
[oslo_concurrency]
lock_path= /var/lib/neutron/tmpl
3)配置ml2 插件
vim /etc/neutron/plugins/ml2/ml2_conf.ini //更改或增加
[ml2]
type_drivers= flat,vlan
tenant_network_types=
mechanism_drivers= linuxbridge
extension_drivers= port_security
[ml2_type_flat]
flat_networks= public
[securitygroup]
enable_ipset= True
4)编辑linux桥接agent
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini //增加或更改
[linux_bridge]
physical_interface_mappings= public:eno16777736
[vxlan]
enable_vxlan= False
[agent]
prevent_arp_spoofing= True
[securitygroup]
enable_security_group= True
firewall_driver= neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
5)配置dhcp agent
vim /etc/neutron/dhcp_agent.ini //增加或更改
[DEFAULT]
interface_driver= neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver= neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata= True
verbose= True
3、配置元数据agent
编辑配置文件
vim /etc/neutron/metadata_agent.ini //更改或增加
[DEFAULT]
auth_uri= http://controller:5000
auth_url= http://controller:35357
auth_region= RegionOne
auth_plugin= password
project_domain_id= default
user_domain_id= default
project_name= service
username= neutron
password= mdcGVl29i
nova_metadata_ip= controller
metadata_proxy_shared_secret= m8uhmQTu2
verbose= True
说明:需要删除掉配置文件里原有的 auth_url auth_region admin_tenant_name admin_user admin_password
4、compute使用网络(controller上操作)
vim /etc/nova/nova.conf //更改或添加
[neutron]
url= http://controller:9696
auth_url= http://controller:35357
auth_plugin= password
project_domain_id= default
user_domain_id= default
region_name= RegionOne
project_name= service
username= neutron
password= mdcGVl29i
service_metadata_proxy= True
metadata_proxy_shared_secret= m8uhmQTu2
5、启动服务
1)创建ml2插件配置文件创建软连接
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
2)生成数据
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
3)重启compute api服务
systemctl restart openstack-nova-api.service
4)启动服务
systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.servicelsystemctlstart neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.servicelsystemctlenable neutron-l3-agent.service
systemctl start neutron-l3-agent.service
6、配置compute节点(compute上操作)
1)安装组件
yum install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset
2)配置普通组件
vim /etc/neutron/neutron.conf //更改或增加
[DEFAULT]
rpc_backend= rabbit
auth_strategy= keystone
verbose= True
[oslo_messaging_rabbit]
rabbit_host= controller
rabbit_userid= openstack
rabbit_password= o3NXovnz5
[keystone_authtoken]
auth_uri= http://controller:5000
auth_url= http://controller:35357
auth_plugin= password
project_domain_id= default
user_domain_id= default
project_name= service
username= neutron
password= mdcGVl29i
[oslo_concurrency]
lock_path= /var/lib/neutron/tmp
3)配置linux桥接agent
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings =public:eno16777736
[vxlan]
enable_vxlan = False
[agent]
prevent_arp_spoofing = True
[securitygroup]
enable_security_group = True
firewall_driver =neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
4)配置compute使用网络
vim /etc/nova/nova.conf //更改或增加
[neutron]
url= http://controller:9696
auth_url= http://controller:35357
auth_plugin= password
project_domain_id= default
user_domain_id= default
region_name= RegionOne
project_name= service
username= neutron
password= mdcGVl29i
5)启动服务
systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
7、验证配置
1)执行环境变量脚本
source admin-openrc.sh
2)列出所有的扩展
neutron ext-list
3)列出所有agent
neutron agent-list //agenttype如下:
Linuxbridge agent
Linuxbridge agent
DHCP agent
Metadata agent
必须要有4个,否则说明上面的某个步骤配置有问题。
4.10、增加dashboard
1、horizon
1)安装包
yum install -y openstack-dashboard
2)编辑配置文件
vim /etc/openstack-dashboard/local_settings //更改或增加
OPENSTACK_HOST= "controller"
ALLOWED_HOSTS= ['*', ]
CACHES= {
'default':{
'BACKEND':'django.core.cache.backends.locmem.LocMemCache',
'LOCATION':'127.0.0.1:11211',
} }
OPENSTACK_KEYSTONE_DEFAULT_ROLE= "user"
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT= True
OPENSTACK_API_VERSIONS= {
"identity":3,
"volume":2,
}
TIME_ZONE= "Asia/Chongqing"
3)重启服务
systemctl restart httpd.service memcached.service
此时可以去访问 http://controller/dashboard 了,使用账号admin或者demon用户登陆即可,域为default
4.11、增加block storage
1、前期准备
blockstorage又叫做cinder,用来给openstack提供存储服务,比如我们在阿里云购买一台云主机,同时想购买容量大的磁盘,通常叫做云盘,这个云盘就是blockstorage。
1)创建库并授权cinder用户
mysql -uroot -ptn1Pi6Ytml
>CREATE DATABASE cinder;
>GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'O3bwbpoZ3';
>GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'O3bwbpoZ3';
2)执行初始化脚本
source admin-openrc.sh
3)创建cinder用户 (密码为hf8LX9bow)
openstack user create --domain default --password-prompt cinder
4)添加admin角色
openstack role add --project service --user cinder admin
5)创建cinder和cinderv2 实例
openstack service create --name cinder \
--description "OpenStack Block Storage" volume
openstack service create --name cinderv2 \
--description "OpenStack Block Storage" volumev2
6)创建块存储服务api终端
openstack endpoint create --region RegionOne volume public http://controller:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volume internal http://controller:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volume admin http://controller:8776/v1/%\(tenant_id\)s
openstackendpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(tenant_id\)s
2、安装和配置
1)安装包
yum install -y openstack-cinder python-cinderclient
2)编辑配置文件
vim /etc/cinder/cinder.conf //更改或增加
[database]
connection= mysql://cinder:O3bwbpoZ3@controller/cinder
[DEFAULT]
rpc_backend= rabbit
auth_strategy= keystone
my_ip= 192.168.16.111
verbose= True
[keystone_authtoken]
auth_uri= http://controller:5000
auth_url= http://controller:35357
auth_plugin= password
project_domain_id= default
user_domain_id= default
project_name= service
username= cinder
password= hf8LX9bow
[oslo_messaging_rabbit]
rabbit_host= controller
rabbit_userid= openstack
rabbit_password= o3NXovnz5
[oslo_concurrency]
lock_path= /var/lib/cinder/tmp
3)同步数据
su -s /bin/sh -c "cinder-manage db sync" cinder
4)配置compute使用块存储
vim /etc/nova/nova.conf
[cinder]
os_region_name=RegionOne
5)启动服务
systemctl restart openstack-nova-api.service
systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
3、配置storage节点(compute上操作)
我们理应需要再准备一台单独的机器来做storage服务的,但是为了节省资源,我们就那compute节点和storage节点共用。这里需要为compute(storage)节点再增加一块磁盘(/dev/sdb)作为存储磁盘。
1)安装lvm
yum install -y lvm2
2)启动服务
systemctl enable lvm2-lvmetad.service
systemctl start lvm2-lvmetad.service
3)创建物理卷
pvcreate /dev/sdb
4)创建卷组
vgcreate cinder-volumes /dev/sdb
5)编辑配置文件
vim /etc/lvm/lvm.conf
devices{
filter = [ "a/sdb/","r/.*/"]
说明:如果还有第三块磁盘,应该再加上
filter= [ "a/sda/", "a/sdb/", "r/.*/"]
6)安装包
yum install -y openstack-cinder targetclipython-oslo-policy
7)编辑配置文件
vim /etc/cinder/cinder.conf
[DEFAULT]
rpc_backend= rabbit
auth_strategy= keystone
my_ip= 192.168.16.112
enabled_backends= lvm
glance_host= controller
verbose= True
[database]
connection= mysql://cinder:O3bwbpoZ3@controller/cinder
[oslo_messaging_rabbit]
rabbit_host= controller
rabbit_userid= openstack
rabbit_password= o3NXovnz5
[keystone_authtoken]
auth_uri= http://controller:5000
auth_url= http://controller:35357
auth_plugin= password
project_domain_id= default
user_domain_id= default
project_name= service
username= cinder
password= hf8LX9bow
[lvm]
volume_driver= cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group= cinder-volume
liscsi_protocol= iscsi
iscsi_helper= lioadm
[oslo_concurrency]
lock_path= /var/lib/cinder/tmp
4、启动和验证
1)启动服务(compute上操作)
systemctl enable openstack-cinder-volume.service target.service
systemctl start openstack-cinder-volume.service target.service
2)验证操作(controller上操作)
执行初始化脚本
source admin-openrc.sh
列出服务
cinder service-list
4.12、运行实例
1、创建公网网络
1)执行初始化脚本
source admin-openrc.sh
2)创建网络
neutron net-create public--shared --provider:physical_network public \
--provider:network_type flat
3)创建子网
neutron subnet-create public 192.168.16.0/24 --name public \
--allocation-pool start=192.168.16.10,end=192.168.16.30 \
--dns-nameserver 119.29.29.29 --gateway 192.168.16.2l
说明:这里的公网,实际上是虚拟机用的那个网段,我们暂时把它作为公网,在这里因为涉及到dhcp服务,会和局域网内的路由器上的dhcp服务产生冲突,所以需要先把路由器上的dhcp服务关掉。
2、创建key
1)执行初始化脚本
source demo-openrc.sh
2)生成密钥
ssh-keygen-q -N ""
nova keypair-add --pub-key ~/.ssh/id_rsa.pub mykey
3)验证密钥
nova keypair-list
4)增加安全组规则
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
5)允许ssh 访问
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
3、配置实例选项
1)执行初始化脚本
source demo-openrc.sh
2)列出实例类型
nova flavor-list
3)列出所有镜像
nova image-list
4)列出可用网络
neutron net-list
5)列出安全组
nova secgroup-list
6)运行实例
nova boot --flavor m1.tiny --image cirros --nic net-id=PUBLIC_NET_ID \
--security-group default --key-name mykeypublic-instance
说明:这里的PUBLIC_NET_ID需要替换为可用网络里面public网络的id
7)检测实例状态
nova list
4、连接实例
1)使用vnc连接(使用下面命令可以列出vnc的连接)
nova get-vnc-console public-instance novnc
2)验证网络(在实例里面)
ping -c 4 192.168.16.2
3)远程连接实例
首先用 nova list 查看实例的ip(假如为192.168.16.33)
验证ip:
ping -c4 192.168.16.33
远程ssh登录:
ssh cirros@192.168.16.33
5、增加云盘
1)先执行初始化脚本
source demo-openrc.sh
2)创建一个2G的云盘,名字为volume1
cinder create --display-name volume1 2
3)列出所有云盘
cinder list
4)把云盘挂到实例中
nova volume-attach INSTANCE_NAME VOLUME_ID
说明:INSTACE_NAME可以用nova list查看,VOLUME_ID就是用cinder list查看到的云盘id
5)列出已经挂上的云盘
nova volume-list
6)登陆到实例查看云盘
ssh cirros@192.168.16.33
sudo fdisk -l
本文转自M四月天 51CTO博客,原文链接:http://blog.51cto.com/msiyuetian/1841292,如需转载请自行联系原作者