OpenStack基础云平台搭建详细步骤
新手快速部署Openstack
OpenStack是一个云操作系统,它控制整个数据中心的计算、存储和网络资源的大型池,所有这些都通过具有通用身份验证机制的api进行管理和配置。
还提供了一个仪表板,允许管理员控制,同时允许用户通过web界面提供资源。除了标准的基础设施即服务功能外,其他组件还提供编排、故障管理和服务管理等服务,以确保用户应用程序的高可用性。
搭建流程跟着文档走即可,本文仅作参考,适合新手去了解云平台的搭建流程,搭建好平台之后,更易上手Liberty或更高版本。
参考文档网址:
docs.openstack.org
选择Mitaka 版本版本开始了解,建议使用mitaka版本之后再上手Liberty版本
环境搭建:
全新rehl7.6,配置7.6参考:
需要添加第二块网卡eth1以及更改网卡名称,需要创建eth1
BOOTPROTO=none
DEVICE=eth1
ONBOOT=yes
NAME=eth1
ifup eth1 #启用第二块网卡但不分配ip
激活不用给IP,不能down掉
控制节点: 1 处理器, 4 GB 内存, 及10GB 存储
计算节点: 1 处理器, 2 GB 内存, 及10GB 存储
禁掉防火墙,禁掉selinux
需要在虚拟机中设置cpu支持虚拟化
注意需要将每一个组件的密码和用户名保持一致防止出错
修改主机名
hostnamectl set-hostname controller
修改解析,注意修改controller
vim /etc/hosts
172.25.0.11 controller
172.25.0.12 compute1 计算节点
172.25.0.13 block1 存储节点
设置时间同步
yum install -y chrony
vim /etc/chrony.conf
server ntp1.aliyun.com iburst
记得开机自启
查看时间是否同步
chronyc sources -v
下载mitaka的压缩包,解压缩,移动到根目录下
链接:https://pan.baidu.com/s/1uM7Eaa7qs8eDdwRqVEHj1w?pwd=231J
提取码:231J
mv mitaka/ /
解压mitaka,将解压后的mitaka移动至根目录下
写入mitaka的源
vim /etc/yum.repos.d/ops.repo
[openstack]
name=mitaka
baseurl=file:///mitaka
gpgcheck=0
yum repolist
升级:
yum upgrade
安装 OpenStack 客户端:
yum install python-openstackclient -y
安装SQL数据库:
yum install mariadb mariadb-server python2-PyMySQL -y (装的是openstack源中的数据库)
编辑配置文件:
vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 172.25.0.11
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
开机自启:
systemctl enable --now mariadb
mysql_secure_installation
##设置密码
参考长截图
mysql -p 测试能否成功进入sql
NoSQL 数据库跳过:
用于计算流量使用情况,本实验不涉及
安装消息队列:
(消息队列掌握其中一种即可)
yum install rabbitmq-server -y
开机自启:
systemctl enable --now rabbitmq-server.service
添加openstack用户,密码与用户名保持一致:
rabbitmqctl add_user openstack openstack
给``openstack``用户配置写和读权限:
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
开启rabbitmq_management:
rabbitmq-plugins list
rabbitmq-plugins enable rabbitmq_management (提供一个web界面)
此时登录:
http://172.25.0.11:15672
用户名和密码: guest
点击 admin - guest
可以查看guest用户的权限,在后面的实验连接消息队列是使用openstack用户连接,如果连接不上,问题可能出现在用户(密码,权限)
安装Memcached:
yum install memcached python-memcached -y
禁掉仅监听本机:
vim /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
#OPTIONS="-l 127.0.0.1,::1"
开机自启:
systemctl enable --now memcached.service
Keystone认证服务:
主要提供两大功能:授权管理和目录服务
keystone介绍:
连接数据库并创建数据库:
mysql -u root -p
CREATE DATABASE keystone; 创建keystone数据库
授予合适的权限:
(本地远程都可以登录)
这里的KEYSTONE_DBPASS建议和keystone保持一致
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
##这里分两步执行
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
##除了localhost可以访问,还可以从any访问
CTRL+D退出后台
生成令牌:
(初始化token)
openssl rand -hex 10
生成令牌之后可以使用keystone用户登录keystone数据库:
mysql -u keystone -p
keystone
show databases;
能成功登录和查看数据库即可
安装ketstone组件:
yum install openstack-keystone httpd mod_wsgi -y
编辑配置文件:
vim /etc/keystone/keystone.conf
这里的token是刚刚使用openssl生成的token
文档介绍如下:
初始化身份认证服务的数据库:
su -s /bin/sh -c "keystone-manage db_sync" keystone
能成功登录数据库展示表结构即可:
初始化Fernet keys:
[root@controller ~]# cd /etc/keystone/
[root@controller keystone]#
[root@controller keystone]# ls
default_catalog.templates keystone.conf keystone-paste.ini logging.conf policy.json sso_callback_template.html
[root@controller keystone]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller keystone]# ls
default_catalog.templates fernet-keys keystone.conf keystone-paste.ini logging.conf policy.json sso_callback_template.html
配置 Apache HTTP 服务器:
在/etc/httpd/conf/httpd.conf中做解析:
ServerName controller
创建/etc/httpd/conf.d/wsgi-keystone.conf,写入以下配置文件:
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
开机自启httpd:
systemctl enable --now httpd.service
查看端口:
使用环境变量以缩短命令行的长度:
[root@controller keystone]# head /etc/keystone/keystone.conf #调出刚刚生成的token
[DEFAULT]
admin_token = 0d19bff1318846209794
#
# From keystone
#
# A "shared secret" that can be used to bootstrap Keystone. This "token" does
# not represent a user, and carries no explicit authorization. If set to
# `None`, the value is ignored and the `admin_token` log in mechanism is
[root@controller keystone]# export OS_TOKEN=0d19bff1318846209794 #导入token
[root@controller keystone]# export OS_URL=http://controller:35357/v3 #配置端点URL
[root@controller keystone]# export OS_IDENTITY_API_VERSION=3 #配置认证 API 版本
创建服务实体和身份认证服务:
[root@controller keystone]# openstack service create \
> --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | df21aed0841f4362b4f56f20f3ce647b |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
##创建三个endpoint(端点)
[root@controller keystone]# openstack endpoint create --region RegionOne \
> identity public http://controller:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 596ff91fd7b5448baed395d75ef2c673 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | df21aed0841f4362b4f56f20f3ce647b |
| service_name | keystone |
| service_type | identity |
| url | http://controller:5000/v3 |
+--------------+----------------------------------+
[root@controller keystone]# openstack endpoint create --region RegionOne \
> identity internal http://controller:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 815e18b6e17c4b4db1675f951bbdd849 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | df21aed0841f4362b4f56f20f3ce647b |
| service_name | keystone |
| service_type | identity |
| url | http://controller:5000/v3 |
+--------------+----------------------------------+
[root@controller keystone]# openstack endpoint create --region RegionOne \
> identity admin http://controller:35357/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 79d457d6e16a4be7a01a9c736ebb29be |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | df21aed0841f4362b4f56f20f3ce647b |
| service_name | keystone |
| service_type | identity |
| url | http://controller:35357/v3 |
+--------------+----------------------------------+
[root@controller keystone]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+
| 596ff91fd7b5448baed395d75ef2c673 | RegionOne | keystone | identity | True | public | http://controller:5000/v3 |
| 79d457d6e16a4be7a01a9c736ebb29be | RegionOne | keystone | identity | True | admin | http://controller:35357/v3 |
| 815e18b6e17c4b4db1675f951bbdd849 | RegionOne | keystone | identity | True | internal | http://controller:5000/v3 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+
创建域default:
[root@controller keystone]# openstack domain create --description "Default Domain" default
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Default Domain |
| enabled | True |
| id | 65ba4832694740dc9c562168dd0c025c |
| name | default |
+-------------+----------------------------------+
在域中创建项目admin:
[root@controller keystone]# openstack project create --domain default \
> --description "Admin Project" admin
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Admin Project |
| domain_id | 65ba4832694740dc9c562168dd0c025c |
| enabled | True |
| id | f3937a6ce863477bbeedaec2cc583828 |
| is_domain | False |
| name | admin |
| parent_id | 65ba4832694740dc9c562168dd0c025c |
+-------------+----------------------------------+
创建 admin 用户:
[root@controller keystone]# openstack user create --domain default \
> --password admin admin
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 65ba4832694740dc9c562168dd0c025c |
| enabled | True |
| id | ea703e47663d43d5849a05c1b910dcbf |
| name | admin |
+-----------+----------------------------------+
创建角色“admin”:
[root@controller keystone]# openstack role create admin
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | a55da766be4f4316aa229b43d8471493 |
| name | admin |
+-----------+----------------------------------+
添加``admin`` 角色到 admin 项目和用户上:
openstack role add --project admin --user admin admin
创建service项目:
[root@controller keystone]# openstack project create --domain default \
> --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | 65ba4832694740dc9c562168dd0c025c |
| enabled | True |
| id | da78608395934f789acd19d0bff36d8c |
| is_domain | False |
| name | service |
| parent_id | 65ba4832694740dc9c562168dd0c025c |
+-------------+----------------------------------+
创建demo项目:
[root@controller keystone]# openstack project create --domain default \
> --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | 65ba4832694740dc9c562168dd0c025c |
| enabled | True |
| id | 3bb8c1df79bb409f97bae7488b8be06b |
| is_domain | False |
| name | demo |
| parent_id | 65ba4832694740dc9c562168dd0c025c |
+-------------+----------------------------------+
创建demo用户:
[root@controller keystone]# openstack user create --domain default \
> --password demo demo
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 65ba4832694740dc9c562168dd0c025c |
| enabled | True |
| id | bfa5312532544551b351881c708fe1c4 |
| name | demo |
+-----------+----------------------------------+
创建user角色(role):
[root@controller keystone]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 44ec48aee42943e68cdfd0025c4b47fc |
| name | user |
+-----------+----------------------------------+
添加 user``角色到 ``demo 项目和用户:
openstack role add --project demo --user demo user
下图表示以上过程,防止混乱:
我们可以重复此过程来创建额外的项目和用户。
取消临时token:
unset OS_TOKEN OS_URL
作为 admin 用户,请求认证令牌:
[root@controller keystone]# openstack --os-auth-url http://controller:35357/v3 \
> --os-project-domain-name default --os-user-domain-name default \
> --os-project-name admin --os-username admin token issue
Password:
+------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2024-01-10T14:50:55.433958Z |
| id | gAAAAABlnqC_AoN_VYoT5NEUbjknxSqUvde-QHMmk9dCeS8EYUlf-mPVnPANJlTHoJXNoy5nVmCWrkObDraFLJel8xubKzVJDv8OtHsmKGWlHcz77KJfjpw- |
| | 0WrD8vc_UCLKgh5pnVjGdX21DGgWsXoHf14R1tJE5ucsEZyEuCk4aihAAbMSohg |
| project_id | f3937a6ce863477bbeedaec2cc583828 |
| user_id | ea703e47663d43d5849a05c1b910dcbf |
+------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
作为``demo`` 用户,请求认证令牌:
[root@controller keystone]# openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name demo --os-username demo token issue
Password:
+------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2024-01-10T14:53:55.535554Z |
| id | gAAAAABlnqFzF_CzuIC8m4aG6-uZJut9-MrNL14HoQSs0aIKEsH84I_eM3RoG4NMd- |
| | M9HYc3fGmMfg3wlf22J64D_UAkr40fY9Ps5WkZklqF80CzC0VfKYIeUJTEK68i_zUxQemJRVtcXslIWIxVREbG1pcksDQiPMhAl-ByK3aBwyXAiWQ5uc8 |
| project_id | 3bb8c1df79bb409f97bae7488b8be06b |
| user_id | bfa5312532544551b351881c708fe1c4 |
+------------+----------------------------------------------------------------------------------------------------------------------------------------------------------+
由于命令行不方便,创建脚本
admin脚本:
vim admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
demo脚本:
vim demo-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
此时我们切换到管理员admin用户查看:
[root@controller ~]# source admin-openrc
[root@controller ~]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| bfa5312532544551b351881c708fe1c4 | demo |
| ea703e47663d43d5849a05c1b910dcbf | admin |
+----------------------------------+-------+
[root@controller ~]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 3bb8c1df79bb409f97bae7488b8be06b | demo |
| da78608395934f789acd19d0bff36d8c | service |
| f3937a6ce863477bbeedaec2cc583828 | admin |
+----------------------------------+---------+
[root@controller ~]# openstack service list
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| df21aed0841f4362b4f56f20f3ce647b | keystone | identity |
+----------------------------------+----------+----------+
[root@controller ~]# openstack role list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 44ec48aee42943e68cdfd0025c4b47fc | user |
| a55da766be4f4316aa229b43d8471493 | admin |
+----------------------------------+-------+
切换至普通用户demo查看时无权限:
[root@controller ~]# source demo-openrc
(reverse-i-search)`': openstack ^Cer create --domain default --password demo demo [root@controller ~]# openstack user list
You are not authorized to perform the requested action: identity:list_users (HTTP 403) (Request-ID: req-b57de3be-9a24-42c4-89d9-052cf01418b3)
[root@controller ~]#
问题:怎么判断用户是管理员还是普通用户?
Glance镜像服务:
创建数据库:
[root@controller ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 26
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE glance;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| glance |
| information_schema |
| keystone |
| mysql |
| performance_schema |
+--------------------+
5 rows in set (0.00 sec)
MySQL创建Glance用户:
仍然需要将密码保持一致
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
-> IDENTIFIED BY 'glance';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
-> IDENTIFIED BY 'glance';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> ^DBye
文档指出需要执行脚本,如果接着前面做实验则跳过该步骤,直接创建glance用户:
[root@controller ~]# openstack user create --domain default --password glance glance
Missing parameter(s):
Set a username with --os-username, OS_USERNAME, or auth.username
Set an authentication URL, with --os-auth-url, OS_AUTH_URL or auth.auth_url
Set a scope, such as a project or domain, set a project scope with --os-project-name, OS_PROJECT_NAME or auth.project_name, set a domain scope with --os-domain-name, OS_DOMAIN_NAME or auth.domain_name
##此时为未获得权限,无法创建
[root@controller ~]# source admin-openrc
[root@controller ~]# openstack user create --domain default --password glance glance
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 65ba4832694740dc9c562168dd0c025c |
| enabled | True |
| id | 6004e4e2141c42429bb02ace02988b70 |
| name | glance |
+-----------+----------------------------------+
添加 admin 角色到 glance 用户和 service 项目上
openstack role add --project service --user glance admin
创建镜像服务:
[root@controller ~]# openstack service create --name glance \
> --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 77413786e5634ef1ad5e375f18548823 |
| name | glance |
| type | image |
+-------------+----------------------------------+
创建三个endpoint
[root@controller ~]# openstack endpoint create --region RegionOne \
> image public http://controller:9292
Missing parameter(s):
Set a username with --os-username, OS_USERNAME, or auth.username
Set an authentication URL, with --os-auth-url, OS_AUTH_URL or auth.auth_url
Set a scope, such as a project or domain, set a project scope with --os-project-name, OS_PROJECT_NAME or auth.project_name, set a domain scope with --os-domain-name, OS_DOMAIN_NAME or auth.domain_name
[root@controller ~]# source admin-openrc
[root@controller ~]# openstack endpoint create --region RegionOne image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 4d2023e4a05443eea449afc535caec37 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 77413786e5634ef1ad5e375f18548823 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 6a1fed275d014860b48fb1b3fd3e2b0b |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 77413786e5634ef1ad5e375f18548823 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 42d358bce5354ddeadff5af3847786d8 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 77413786e5634ef1ad5e375f18548823 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
查看
[root@controller ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+
| 42d358bce5354ddeadff5af3847786d8 | RegionOne | glance | image | True | admin | http://controller:9292 |
| 4d2023e4a05443eea449afc535caec37 | RegionOne | glance | image | True | public | http://controller:9292 |
| 596ff91fd7b5448baed395d75ef2c673 | RegionOne | keystone | identity | True | public | http://controller:5000/v3 |
| 6a1fed275d014860b48fb1b3fd3e2b0b | RegionOne | glance | image | True | internal | http://controller:9292 |
| 79d457d6e16a4be7a01a9c736ebb29be | RegionOne | keystone | identity | True | admin | http://controller:35357/v3 |
| 815e18b6e17c4b4db1675f951bbdd849 | RegionOne | keystone | identity | True | internal | http://controller:5000/v3 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+
安装软件包:
yum install openstack-glance -y
在/etc/glance/glance-api.conf中编辑配置文件:
文档中的passwd已经和用户名保持一致
[database]
connection = mysql+pymysql://glance:glance@controller/glance
#mysql+pymysql模块 此时的密码为数据库中的密码
这里为keystone创建的glance用户,在 [keystone_authtoken] 和 [paste_deploy] 部分
配置认证服务访问:
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
在 [glance_store] 部分
配置本地文件系统存储和镜像文件位置:
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
编辑文件 /etc/glance/glance-registry.conf:
在 [database] 部分
配置数据库访问:
[database]
connection = mysql+pymysql://glance:glance@controller/glance
在 [keystone_authtoken] 和 [paste_deploy] 部分
配置认证服务访问:
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
写入镜像服务数据库:
su -s /bin/sh -c "glance-manage db_sync" glance
开机自启:
# systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
# systemctl start openstack-glance-api.service \
openstack-glance-registry.service
验证操作:
查看端口号9292:
日志:/var/log/
下载测试镜像:
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
如果进不去就需要科学上网
上传镜像:
openstack image create "cirros" \
> --file cirros-0.3.4-x86_64-disk.img \
> --disk-format qcow2 --container-format bare \
> --public
此时可以列出镜像:
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 7b8b8238-3196-4b09-b01e-30e88eaeb5ce | cirros | active |
+--------------------------------------+--------+--------+
做到这里之后,我们需要加一台计算节点,2核2G即可
计算节点:
端口:8774
首先我们在虚拟机的配置上需要做出如下设置:
然后修改hostname,以及域名解析,以及时间同步,做好这些之后在controller上
创建 nova_api 和 nova 两个数据库:
CREATE DATABASE nova_api;
CREATE DATABASE nova;
两个库给nova授权:
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY 'nova';
创建 nova 用户:
(非交互式)
openstack user create --domain default \
--password nova nova
添加 admin 角色到 glance 用户和 service 项目上:
openstack role add --project service --user nova admin
创建 nova 服务组件:
[root@controller ~]# openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 5fe8407d861143d6b1eccd9e9e808a4c |
| name | nova |
| type | compute |
+-------------+----------------------------------+
创建 Compute 服务 API 端点 :
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute public http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | bdb6121e0405453c938a8703b73847ca |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 5fe8407d861143d6b1eccd9e9e808a4c |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute internal http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 7c2f34eef2764d539540cf0e482747ea |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 5fe8407d861143d6b1eccd9e9e808a4c |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute admin http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 05acbb3f94e54e5b94977dc579570a7a |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 5fe8407d861143d6b1eccd9e9e808a4c |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
安装软件包:
[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor \
> openstack-nova-console openstack-nova-novncproxy \
> openstack-nova-scheduler -y
在/etc/nova/nova.conf`下进行配置:
在``[DEFAULT]``部分,只启用计算和元数据API:
[DEFAULT]
enabled_apis = osapi_compute,metadata
在``[api_database]``和``[database]``部分,配置数据库的连接:
[api_database]
connection = mysql+pymysql://nova:nova@controller/nova_api
[database]
connection = mysql+pymysql://nova:nova@controller/nova
在 “[DEFAULT]” 和 “[oslo_messaging_rabbit]”部分,配置 “RabbitMQ” 消息队列访问:
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
在 “[DEFAULT]” 和 “[keystone_authtoken]” 部分,配置认证服务访问:
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
在 [DEFAULT 部分,配置``my_ip`` 来使用控制节点的管理接口的IP 地址:
[DEFAULT]
my_ip = 172.25.0.11 #这里的IP是controller的IP
[DEFAULT]
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
在``[vnc]``部分,配置VNC代理使用控制节点的管理接口IP地址 :
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
在 [glance] 区域,配置镜像服务 API 的位置:
[glance]
api_servers = http://controller:9292
在 [oslo_concurrency] 部分,配置锁路径:
关于锁参考分布式锁及在OpenStack上的应用_coordination.synchronized-CSDN博客
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
同步Compute 数据库:
# su -s /bin/sh -c "nova-manage api_db sync" nova
# su -s /bin/sh -c "nova-manage db sync" nova
同步执行结果如下:
注意:提示信息为警告,根据文档忽略即可
[root@controller nova]# su -s /bin/sh -c "nova-manage api_db sync" nova
[root@controller nova]# su -s /bin/sh -c "nova-manage db sync" nova
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release.')
result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release.')
result = self._query(query)
开机自启:
[root@controller nova]# systemctl enable openstack-nova-api.service \
> openstack-nova-consoleauth.service openstack-nova-scheduler.service \
> openstack-nova-conductor.service openstack-nova-novncproxy.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-api.service to /usr/lib/systemd/system/openstack-nova-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-consoleauth.service to /usr/lib/systemd/system/openstack-nova-consoleauth.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-scheduler.service to /usr/lib/systemd/system/openstack-nova-scheduler.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-conductor.service to /usr/lib/systemd/system/openstack-nova-conductor.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-novncproxy.service to /usr/lib/systemd/system/openstack-nova-novncproxy.service.
[root@controller nova]# systemctl start openstack-nova-api.service \
> openstack-nova-consoleauth.service openstack-nova-scheduler.service \
> openstack-nova-conductor.service openstack-nova-novncproxy.service
成功启动之后查看计算服务:
[root@controller nova]# openstack compute service list
+----+------------------+------------+----------+---------+-------+----------------------------+
| Id | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+------------+----------+---------+-------+----------------------------+
| 1 | nova-consoleauth | controller | internal | enabled | up | 2024-01-11T08:40:34.000000 |
| 2 | nova-scheduler | controller | internal | enabled | up | 2024-01-11T08:40:34.000000 |
| 3 | nova-conductor | controller | internal | enabled | up | 2024-01-11T08:40:37.000000 |
+----+------------------+------------+----------+---------+-------+----------------------------+
此时只有controller
计算节点:
之后复制controller上的文件到compute1上:
##这两步在controller上执行
scp -r /mitaka/ compute1:/
scp -r /etc/yum.repos.d/ops.repo compute1:/etc/yum.repos.d/
升级软件包:
yum upgrade
根据文档安装:
yum install openstack-nova-compute -y
在/etc/nova/nova.conf中编辑配置文件:
在[DEFAULT] 和 [oslo_messaging_rabbit]部分,配置RabbitMQ消息队列的连接:
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
在 “[DEFAULT]” 和 “[keystone_authtoken]” 部分,配置认证服务访问:
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
uth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
在 [DEFAULT] 部分,配置 my_ip 选项(计算节点):
DEFAULT
my_ip = 172.25.0.12
在 [DEFAULT] 部分,使能 Networking 服务(自带的功能不够强大):
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
在[vnc]部分,启用并配置远程控制台访问(在控制节点):
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
在 [glance] 区域,配置镜像服务 API 的位置:
[glance]
api_servers = http://controller:9292
在 [oslo_concurrency] 部分,配置锁路径:
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
确定计算节点是否支持虚拟机的硬件加速
[root@compulte1 yum.repos.d]# egrep -c '(vmx|svm)' /proc/cpuinfo
2
在编辑虚拟化是文档中选择的是qemu,但配置文件中默认的是kvm虚拟化
开机自启:
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
验证操作:
[root@controller nova]# openstack compute service list
+----+------------------+------------+----------+---------+-------+----------------------------+
| Id | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+------------+----------+---------+-------+----------------------------+
| 1 | nova-consoleauth | controller | internal | enabled | up | 2024-01-11T09:02:14.000000 |
| 2 | nova-scheduler | controller | internal | enabled | up | 2024-01-11T09:02:14.000000 |
| 3 | nova-conductor | controller | internal | enabled | up | 2024-01-11T09:02:07.000000 |
| 6 | nova-compute | compulte1 | nova | enabled | up | 2024-01-11T09:02:14.000000 |
+----+------------------+------------+----------+---------+-------+----------------------------+
Nutron网络服务:
创建``neutron`` 数据库:
CREATE DATABASE neutron;
授权:
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'neutron';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'neutron';
使用 admin证来获取只有管理员能执行的命令的访问权限:
source admin-openrc
在keystone中创建neutron用户,针对keystone认证:
openstack user create --domain default --password neutron neutron
添加``admin`` 角色到``neutron`` 用户:
openstack role add --project service --user neutron admin
创建``neutron``服务实体:
openstack service create --name neutron --description "OpenStack Networking" network
创建网络服务API端点(9696):
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
配置公共网络:
安装网络组件:
yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables -y
编辑/etc/neutron/neutron.conf文件
在 [database] 部分,配置数据库访问:
[database]
connection = mysql+pymysql://neutron:neutron@controller/neutron
在[DEFAULT]部分,启用ML2插件并禁用其他插件:
文档下方还有关于[default]的配置,为了方便整理,这里全部展示
[DEFAULT]
core_plugin = ml2
service_plugins =
rpc_backend = rabbit ##启用消息队列
auth_strategy = keystone ##keystone认证
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
在 “[DEFAULT]” 和 “[oslo_messaging_rabbit]”部分,配置 “RabbitMQ” 消息队列的连接:
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
在 “[DEFAULT]” 和 “[keystone_authtoken]” 部分,配置认证服务访问:
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
在``[DEFAULT]``和``[nova]``部分,配置网络服务来通知计算节点的网络拓扑变化:
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
在 [oslo_concurrency] 部分,配置锁路径:
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
配置ML2插件:
编辑``/etc/neutron/plugins/ml2/ml2_conf.ini``文件
在``[ml2]``部分, 启用flat和VLAN网络:
禁用私有网络:
启用Linuxbridge机制:
启用端口安全扩展驱动:
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
在``[ml2_type_flat]``部分,配置公共虚拟网络为flat网络:
[ml2_type_flat]
flat_networks = provider
在 ``[securitygroup]``部分,启用 ipset 增加安全组规则的高效性:
[securitygroup]
enable_ipset = True
控制节点:
配置Linuxbridge代理:
编辑``/etc/neutron/plugins/ml2/linuxbridge_agent.ini``文件
在``[linux_bridge]``部分,将公共虚拟网络和公共物理网络接口对应起来:
[linux_bridge]
physical_interface_mappings = provider:eth1
##需要注意的是,eth1是第二块网卡的名字,如果没有进行更改,则需要根据自己网卡名字来填写
在``[vxlan]``部分,禁止VXLAN覆盖网络:
[vxlan]
enable_vxlan = False
在 ``[securitygroup]``部分,启用安全组并配置 Linuxbridge iptables firewall driver:
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置DHCP代理:
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
配置完之后点击红色部分返回,本实验暂不设计私有网络
配置元数据代理:
编辑``/etc/neutron/metadata_agent.ini``文件
在``[DEFAULT]`` 部分,配置元数据主机以及共享密码:
[DEFAULT]
nova_metadata_ip = controller
metadata_proxy_shared_secret = westos
这里在设置共享密码时,可以自定义
为计算节点配置网络服务:
编辑``/etc/nova/nova.conf``文件并完成以下操作:
在``[neutron]``部分,配置访问参数,启用元数据代理并设置密码:
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = westos
##westos即为上方设置的共享密码
做软链接:
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
同步数据库:
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
699 --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
重启计算API 服务:
systemctl restart openstack-nova-api.service
开机自启一个server和三个agent:
systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
验证操作查看neutron是否部署成功:
(compute1忽略,已成功部署)
[root@controller ~]# neutron agent-list
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| id | agent_type | host | availability_zone | alive | admin_state_up | binary |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| 04e3c56b-2040-4da2-a0ef-1a138bcafc6e | Linux bridge agent | compulte1 | | :-) | True | neutron-linuxbridge-agent |
| 556eb562-4779-4470-8fe1-1a457af71e56 | DHCP agent | controller | nova | :-) | True | neutron-dhcp-agent |
| 665d7e22-4d80-436b-954d-5967e41e9f72 | Linux bridge agent | controller | | :-) | True | neutron-linuxbridge-agent |
| 699e0237-7915-495e-9b5d-16544923e816 | Metadata agent | controller | | :-) | True | neutron-metadata-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
以下在计算节点配置:
安装组件:
yum install openstack-neutron-linuxbridge ebtables ipset -y
编辑``/etc/neutron/neutron.conf`` 文件并完成如下操作:
在``[database]`` 部分,注释所有``connection`` 项,因为计算节点不直接访问数据库。
在 “[DEFAULT]” 和 “[oslo_messaging_rabbit]”部分,配置 “RabbitMQ” 消息队列的连接:
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
在 “[DEFAULT]” 和 “[keystone_authtoken]” 部分,配置认证服务访问:
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
在 [oslo_concurrency] 部分,配置锁路径:
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
继续配置公共网络:
配置Linuxbridge代理:
编辑``/etc/neutron/plugins/ml2/linuxbridge_agent.ini``文件并且完成以下操作:
-
在``[linux_bridge]``部分,将公共虚拟网络和公共物理网络接口对应起来:
[linux_bridge]
physical_interface_mappings = provider:eth1
在``[vxlan]``部分,禁止VXLAN覆盖网络:
[vxlan]
enable_vxlan = False
在 ``[securitygroup]``部分,启用安全组并配置 Linuxbridge iptables firewall driver:
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
此时在文档中返回,不涉及私有网络
为计算节点配置网络服务:
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
重启计算服务:
systemctl restart openstack-nova-compute.service
开机自启Linuxbridge代理:
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
此时查看agent,发现compute1状态为True
[root@controller ~]# neutron agent-list
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| id | agent_type | host | availability_zone | alive | admin_state_up | binary |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| 04e3c56b-2040-4da2-a0ef-1a138bcafc6e | Linux bridge agent | compulte1 | | :-) | True | neutron-linuxbridge-agent |
| 556eb562-4779-4470-8fe1-1a457af71e56 | DHCP agent | controller | nova | :-) | True | neutron-dhcp-agent |
| 665d7e22-4d80-436b-954d-5967e41e9f72 | Linux bridge agent | controller | | :-) | True | neutron-linuxbridge-agent |
| 699e0237-7915-495e-9b5d-16544923e816 | Metadata agent | controller | | :-) | True | neutron-metadata-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
如果出现错误,在/var/log/下进行查看
启动云主机:
点击提供者网络:
使用admin凭证:
source admin-openrc
创建网络:
neutron net-create --shared --provider:physical_network provider --provider:network_type flat provider
在网络上创建一个子网:
neutron subnet-create --name provider --allocation-pool start=172.25.0.100,end=172.25.0.200 --dns-nameserver 114.114.114.114 --gateway 172.25.0.2 provider 172.25.0.0/24
##在使用网段时应该和宿主机使用同一网段
##DNS 114.114.114.114
##网关 和宿主机保持一致
创建m1.nano规格的主机
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
##id 为0
##虚拟化cpu1个
##内存64MB
##磁盘1G
切换至普通用户凭证
source demo-openrc
生成和添加秘钥对:
ssh-keygen -q -N ""
openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
##用于免密访问云主机
验证公钥的添加:
openstack keypair list
##查看key有没有就绪
增加安全组规则:
openstack security group rule create --proto icmp default #允许 ICMP (ping)
openstack security group rule create --proto tcp --dst-port 22 default 允许安全 shell (SSH) 的访问
在公有网络创建实例,列出可用类型:
[root@controller ~]# source demo-openrc
[root@controller ~]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
+----+-----------+-------+------+-----------+-------+-----------+
列出可用镜像:
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 7b8b8238-3196-4b09-b01e-30e88eaeb5ce | cirros | active |
+--------------------------------------+--------+--------+
列出可用网络:
[root@controller ~]# openstack network list
+--------------------------------------+----------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+----------+--------------------------------------+
| 81536e7b-5921-47ff-8501-5f37ff01a6af | provider | 042afb98-c733-4b26-9c8c-463a2cccb520 |
+--------------------------------------+----------+--------------------------------------+
列出可用的安全组:
[root@controller ~]# openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+
| ID | Name | Description | Project |
+--------------------------------------+---------+------------------------+----------------------------------+
| 3ccf0d46-999e-40a3-a32f-4c60eb378411 | default | Default security group | 3bb8c1df79bb409f97bae7488b8be06b |
+--------------------------------------+---------+------------------------+----------------------------------+
启动实例:
在创建实例时需要用demo凭证,否则报错
openstack server create --flavor m1.nano --image cirros --nic net-id=81536e7b-5921-47ff-8501-5f37ff01a6af --security-group default --key-name mykey provider-instance
## --net 使用的id是列出的可用网络的id
## --flavor 规格
## --image 镜像
## -security-group 安全组
## --key-name mykey key的名字
## provider-instance 云主机名字
实例:
[root@controller ~]# openstack server create --flavor m1.nano --image cirros --nic net-id=bc3cae92-9338-4f61-b6c2-0dd8c03262b6 --security-group default --key-name mykey provider-instance
+--------------------------------------+-----------------------------------------------+
| Field | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | 9FxZDKmcEpSB |
| config_drive | |
| created | 2024-01-12T06:45:00Z |
| flavor | m1.nano (0) |
| hostId | |
| id | d58d11a0-4a6d-42cd-818a-4a12a1543183 |
| image | cirros (7b8b8238-3196-4b09-b01e-30e88eaeb5ce) |
| key_name | mykey |
| name | provider-instance |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | 3bb8c1df79bb409f97bae7488b8be06b |
| properties | |
| security_groups | [{u'name': u'default'}] |
| status | BUILD |
| updated | 2024-01-12T06:45:00Z |
| user_id | bfa5312532544551b351881c708fe1c4 |
+--------------------------------------+-----------------------------------------------+
检查实例状态:
[root@controller ~]# openstack server list
+--------------------------------------+-------------------+--------+---------------------+
| ID | Name | Status | Networks |
+--------------------------------------+-------------------+--------+---------------------+
| d58d11a0-4a6d-42cd-818a-4a12a1543183 | provider-instance | ACTIVE | public=172.25.0.103 |
| 3bf3460c-1563-4c94-8d70-24021c50a669 | vm1-2 | ACTIVE | public=172.25.0.101 |
+--------------------------------------+-------------------+--------+---------------------+
##第一个为命令行创建,第二个vm2为图形化创建
使用虚拟控制台来访问云主机:
[root@controller ~]# openstack console url show provider-instance
+-------+---------------------------------------------------------------------------------+
| Field | Value |
+-------+---------------------------------------------------------------------------------+
| type | novnc |
| url | http://controller:6080/vnc_auto.html?token=f50ceafe-1ad8-4240-b613-90f7de1106ea |
+-------+---------------------------------------------------------------------------------+
注意:edge浏览器如果无法访问则使用chrome浏览器
用户名:cirros
密码:cubswin:)
验证能否ping通:
验证是否能被远程连接:
至此Openstack基本搭建完成,有不足之处敬请指出。
开放原子开发者工作坊旨在鼓励更多人参与开源活动,与志同道合的开发者们相互交流开发经验、分享开发心得、获取前沿技术趋势。工作坊有多种形式的开发者活动,如meetup、训练营等,主打技术交流,干货满满,真诚地邀请各位开发者共同参与!
更多推荐
所有评论(0)