<1,keystone安装配置>
1,yum -y install openstack-keystone python-keystoneclient;
2,配置实用mysql存储keytone componts 配置信息
/etc/keystone/keystone.conf
connection = mysql://ruiy:321@byruiy.cc/keystone
创建数据库用户赋予合适权限;
3,Define an authorization token to use as a shared secret between the identity service and other OpenStack service
ADMIN_TOKEN=$(openssl rand -hex 10)
admin_token = $ADMIN_TOKEN
export OS_SERVICE_TOKEN=14034bb8102de15503dc
export OS_SERVICE_ENDPOINT=http://byruiy.cc:35357/v2.0
4,Keystone usees PKI tokens,Create the signing keys and certificates and restrict access to the generated data:
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
chown -R keystone:keystone /etc/keystone/ssl
chmod -R o-rwx /etc/keystone/ssl
5,OpenStack清理expired tokens
6,Define users,tenants,roles
创建administrative用户
创建用户,角色,租户
keystone user-create --name=admin --pass=admin --email=rui.qin@egrandis.com
keystone role-create --name=admin
keystone tenant-create --name=admin --description="Admin Tenant"
链接用户角色租户
创建normal普通用户
daily non-administrative interaction with the OpenStack cloud,skip the tenant role creation step when creating there users;
当前角色有admin(super-user)和_member_(normal-user)
7,Create a service tenant:
OpenStack service also require a username,tenant,and role to access other OpenStack services.
Ruiy tips
基于2中环境变量交互访问OpenStack services components
(1,用户,租户,Auth-URL,无此API called)
export OS_USERNAME=admin
export OS_PASSWORD=321
export OS_TENANT_NAME=admin_project
export OS_AUTH_URL=http://5.10.124.181:5000/v2.0
(2,admin_token,OS_SERVICE_ENDPOINT)
export OS_SERVICE_TOKEN=14034bb8102de15503dc
export OS_SERVICE_ENDPOINT=http://byruiy.cc:35357/v2.0
或是指定OpenStack components --options
8,Define services and API endpoints
keystone service-create Describes the service;
keystone endpoint-create Associates API endpoints with the service;
register the identity service itself:
8.1,service-create
8.2,endpoint-create
Specify an OpenStack core components service API endpoint for identity service by using every keystone service-create returned service_ID
8.2.1,截取keystone service-id字段
8.2.2,基于OpenStack service components keystone service-id创建keystone的API endpoint
8.2.3,verify identityService installed and configured correctly
clear unset OS_SERVICE_TOKEN and OS_SERVICE_ENDPOINT environment variables
8.2.4,use regular user name-based authentication(基于此时还没使用tenant)
request a authentication token by using the admin user and the password
in response,you receive a token paired with your user ID
verifyes identity service kis running on the expected endpoint and that your user account is established with the expected credenitals
当你看到上面的截图时,你一定惊呆了!要是惊呆了,那你就傻了,上面仅仅是使用上面创建的用户基于密码,而没使用tenant,看到没
分别总结基于环境变量访问以定义的API endpoint
基于OpenStack core components python-OpenStackcorecomponentsClients --options访问API endpoint
keystone --os-username= --os-password= --os-auth-url= token-get
8.2.5,基于tenant 获取token-get for specify tenant
request authorization on tenant
In response,you receive a token that includes the ID of the tenant that you specified.Verifies that your user account has an explicitly defined role on the specified tenant and the tenant exists expected;
测试不使用--os-username= --os-password= --os-tenant-name= --os-auth-url= 而是使用此命令选项的环境变量
或是--os-service-token= --os-service-endpoint=
<二,安装配置OpenStackClient客户端>
OpenStack Client客户端是干啥的?是用来执行CLI called OpenStack core components Services API;
Ruiy Tips:Internally,each OpenStack core components Service client CLI runs cURL commands that embed API requests;
OpenStack APIs are RESTful APIs that use the HTTP protocol,including methods,URIs,media types,and response codes;
URI,URL区别见
http://baike.baidu.com/view/160675.htm?fr=aladdin
Each Openstack service has its own command-line client;
Openstack services and clients:
Block Storage cinder python-cinderclient create and manage volumes
Compute nova python-novaclient create and manage images,instances,and flavors
Database service trove python-troveclient create and manage databases
image service glance python-glanceclient create and manage images
identity keystone python-keystoneclient create and manage users,tenants,roles,endpoints,and credentials
Networking neutron python-neutronclient configure network for guest servers
Object Storage swift python-swiftclient gather statistics,list items,update metadata,and upload,download,and delete files stored by the object storage service,gain access to an object storage installation for ad hoc processing
orchestration heat python-heatclient launch stacks from templates,view details of running stacks including events and resources,and update and delete stacks
telemetry ceilometer python-ceilometerclient create and collect measurements across openstack
prerequisite softwares for openstack core components services clients
setuptools是 Python Enterprise Application Kit(PEAK)的一个副项目,它 是一组Python的 distutilsde工具的增强工具
pip(python package index) CLC
easy_install pip
from setuptools package
pip install python-PROJECTclient (latest version)
pip enables you to update or remove a packages
upgrade or remove clients
pip install --upgrade python-PROJECTclient
pip uninstall python-PROJECTclient
<三,安装配置image 镜像服务>
OpenStack VMIs image service overview
snapshots for back up and as templates to launch new servers
can store registered
images in Object Storage or in other locations or simple fileSystem
verify image service Succ installed
下载测试镜像
http://cdn.download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img
upload registry img to image service;
online regtry img resources
Ruiy Tips,OpenStack Services Core components image Service(glance)项目下的组件
glance-api
glance-registry
<四,安装配置compute service Inc Compute control service and compute Nodes>
1,compute control service
Ruiy Rips:
every OpenStack core Componets Service 都需要创建一个keystone user,为其指定service tenant,admin role
注册此组件服务,并关联足迹API endpoints
Ubuntu OpenStack compute control service 服务控制
测试compute controll service -->nova 配置Ok!
基于CLIlaunch virtual machine 前提是获取相关image-id,flavor-id
2,compute Nodes
无网络实例化VMI,always spawning
<五,add a Network services (Nrutron,legacy networking)>
关于云计算安全组(security group)概念:
安全组概念属于云网络范畴,Security groups enable adminstrators to defined firewall rules in groups,a VM can blong to one or more security group,and Networking applies the rules in those security groups to block or unblock,port ranges,or traffic types for that VM
Ruiy Tips:一般命令行的参数Arguments及options选项区别
Arguments(通常no --)
Options(通常加--)
调节内核参数,启用内核网络(kernel networking)功能
dmks(动态内核模块支持(Dynamic Kernel Module Support))
generic routing encapsulation(通用路由封装)
Generic Receive Offload (GRO)
Tunneling protocols such as generic routing encapsulation (GRE) include additional
packet headers that increase overhead and decrease space available for the payload or
user data
many network devices lack support for jumbo frames (Mellanox)
基于单网卡(eg,eth0)配置多ip
ifconfig eth0:1 192.168.1.159 netmask 255.255.255.0;
create a router and attach your tenant and external networks to it;
在配置OpenStack网络后启动虚机必须指定网络
基于nova boot --image --flavor --nic net-id= --security-group --key-name New-Instance-You-want-like-to-name初始化创建OpenStack虚机实例VMI VMs;
获取与本机ESTABLISH的外网ip
OpenStack基于CLI删除VMI,VMs;
