OpenStack企業私有雲
一、openstack 介紹
OpenStack是一個由NASA(美國國家航空航天局)和Rackspace合作研發並發起的,以Apache許可證授權的自由軟件和開放源代碼項目。
OpenStack是一個開源的雲計算管理平台項目,由幾個主要的組件組合起來完成具體工作。OpenStack支持幾乎所有類型的雲環境,項目目標是提供實施簡單、可大規模擴展、豐富、標准統一的雲計算管理平台。OpenStack通過各種互補的服務提供了基礎設施即服務(IaaS)的解決方案,每個服務提供API以進行集成。
OpenStack是一個旨在為公共及私有雲的建設與管理提供軟件的開源項目。它的社區擁有超過130家企業及1350位開發者,這些機構與個人都將OpenStack作為基礎設施即服務(IaaS)資源的通用前端。OpenStack項目的首要任務是簡化雲的部署過程並為其帶來良好的可擴展性。本文希望通過提供必要的指導信息,幫助大家利用OpenStack前端來設置及管理自己的公共雲或私有雲。
OpenStack雲計算平台,幫助服務商和企業內部實現類似於 Amazon EC2 和 S3 的雲基礎架構服務(Infrastructure as a Service, IaaS)。OpenStack 包含兩個主要模塊:Nova 和 Swift,前者是 NASA 開發的虛擬服務器部署和業務計算模塊;后者是 Rackspace開發的分布式雲存儲模塊,兩者可以一起用,也可以分開單獨用。OpenStack除了有 Rackspace 和 NASA 的大力支持外,還有包括 Dell、Citrix、 Cisco、 Canonical等重量級公司的貢獻和支持,發展速度非常快,有取代另一個業界領先開源雲平台 Eucalyptus 的態勢。
Openstack 組件分類
https://docs.openstack.org/ocata/install-guide-rdo/glance-install.html
官方文檔地址
二、基礎環境
系統版本: Centos7.3 兩塊網卡(eth0,eth1)
機器的配置: 4G 50G硬盤(兩塊) 4個CPU
機器名: linux-node1(計算節點)
機器名: linux-node2(主控制節點)
Node2 IP:eth0 192.168.57.145, eth1:192.168.57.146
Node1IP: eth0: 192.168.57.142 eth1:192.168.57.143
主控制節點主要安裝如下:(keystone、Glance、nova、networking、Dashboard)
計算節點主要安裝如下:(nova、networking)
2.1 時間同步(node1 +node2 操作)
https://docs.openstack.org/ocata/install-guide-rdo/glance-install.html
node1 # yum install chrony vim /etc/chrony.conf 設置 allow 192.168.57.0/24 ####啟動 [root@linux-node2 ~]# systemctl enable chronyd.service [root@linux-node2 ~]#systemctl start chronyd.service ########node1 的時間先同步一下標准時間 [root@linux-node2 ~]# ntpdate pool.ntp.org # chronyc sources node2 修改主配置文件 vim /etc/chrony.conf 把所有行去掉 添加一行 Server 192.168.57.145 iburst [root@linux-node2 ~]#systemctl start chronyd.service # chronyc sources
2.2 安裝mysql(node2主控制節點操作)
配置一下mysql
添加文件/etc/my.cnf.d/openstack.cnf 內容如下:
[mysqld]
bind-address=192.168.57.145
default-storage-engine = innodb
innodb_file_per_table
collation-server =utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
重啟一下mysql
[root@linux-node2 ~]# systemctl enable mariadb.service
[root@linux-node2 ~]# systemctl start mariadb.service
設置root密碼
[root@linux-node2 ~]# mysql_secure_installation
創建數據庫
[root@linux-node2 ~]# mysql -uroot -p123456 -e "Create database keystone;"
[root@linux-node2 ~]# mysql -uroot -p123456 -e "grant all privileges on keystone.* to 'keystone'@'%' identified by 'keystone'"
[root@linux-node2 ~]# mysql -uroot -p123456 -e "grant all privileges on keystone.* to 'keystone'@'localhost' identified by 'keystone'"
2.3 安裝消息隊列(node2 主控制節點操作)
2.3 安裝消息隊列(node2 主節點操作)
# yum install rabbitmq-server
啟動
# systemctl enable rabbitmq-server.service
# systemctl start rabbitmq-server.service
新建用戶
# rabbitmqctl add_user openstack openstack
對用戶授權
rabbitmqctl set_permissions openstack ".*"".*"".*"
查看插件
[root@linux-node2 ~]# rabbitmq-plugins list
[ ] amqp_client 3.3.5
[ ] cowboy 0.5.0-rmq3.3.5-git4b93c2d
[ ] eldap 3.3.5-gite309de4
[ ] mochiweb 2.7.0-rmq3.3.5-git680dba8
[ ] rabbitmq_amqp1_0 3.3.5
[ ] rabbitmq_auth_backend_ldap 3.3.5
[ ] rabbitmq_auth_mechanism_ssl 3.3.5
[ ] rabbitmq_consistent_hash_exchange 3.3.5
[ ] rabbitmq_federation 3.3.5
[ ] rabbitmq_federation_management 3.3.5
[ ] rabbitmq_management 3.3.5
[ ] rabbitmq_management_agent 3.3.5
[ ] rabbitmq_management_visualiser 3.3.5
[ ] rabbitmq_mqtt 3.3.5
[ ] rabbitmq_shovel 3.3.5
[ ] rabbitmq_shovel_management 3.3.5
[ ] rabbitmq_stomp 3.3.5
[ ] rabbitmq_test 3.3.5
[ ] rabbitmq_tracing 3.3.5
[ ] rabbitmq_web_dispatch 3.3.5
[ ] rabbitmq_web_stomp 3.3.5
[ ] rabbitmq_web_stomp_examples 3.3.5
[ ] sockjs 0.3.4-rmq3.3.5-git3132eb9
[ ] webmachine 1.10.3-rmq3.3.5-gite9359c7
啟用web插件
[root@linux-node2 ~]# rabbitmq-plugins enable rabbitmq_management
重啟一下
[root@linux-node2 ~]# systemctl restart rabbitmq-server.service
檢查是否啟動成功
[root@linux-node2 ~]# netstat -nltp |grep 5672
tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 16686/beam.smp
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 16686/beam.smp
tcp6 0 0 :::5672 :::* LISTEN 16686/beam.smp
[root@linux-node2 ~]#
Web訪問
http://192.168.57.138:15672/#/
用戶名密碼為guest
三、搭建openstack
3.1 安裝keystone 組件介紹(node2 主控制節點操作)
Keystone功能:
- 用戶與認證: 用戶權限與用戶行為跟蹤
- 服務目錄:提供一個服務目錄、包括所有服務項與相關API的端點
Keystone名詞: User: 用戶 Tenant: 租戶/項目 Token: 令牌 Role: 角色 Service: 服務 Endpoint: 端點
3.2 安裝keystone 組件
安裝openstack最新的源:
#yum install centos-release-openstack-ocata
#yum install https://rdoproject.org/repos/rdo-release.rpm
#yum upgrade (在主機上升級包)
#yum install python-openstackclient (安裝opentack必須的插件)
#yum install openstack-selinux (可選則安裝這個插件,我直接關閉了selinux,因為不熟,對后續不會有影響)
[root@linux-node1 home]# yum install openstack-keystone httpd mod_wsgi
3.2.1修改配置文件
vim /etc/keystone/keystone.conf
[database]
connection = mysql://keystone:keystone@192.168.57.141/keystone
[token]
provider=fernet
3.2.2同步數據庫
su -s /bin/sh -c "keystone-manage db_sync" keystone
###為什么需要su 一下呢?因為在寫日志的時候文件是放在/var/log/keystone 這個下面如果是root用戶執行的話。那么寫日志的時候就會寫不進去。
驗證一下是否成功。進入數據庫查看有沒有表的建立。
MariaDB [keystone]> show tables;
+------------------------+
| Tables_in_keystone |
初始化
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
引導身份信息
keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://linux-node2:35357/v3/ \
--bootstrap-internal-url http://linux-node2:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
3.2.3配置memcache的配置(/etc/sysconfig/memcached)
vim /etc/sysconfig/memcached
OPTIONS="-l 127.0.0.1,::1,192.168.57.141"
3.2.4啟動memcache
[root@linux-node2 ~]# systemctl start memcached.service
[root@linux-node2 ~]# netstat -nltp|grep 121
tcp 0 0 0.0.0.0:11211 0.0.0.0:* LISTEN 20054/memcached
tcp6 0 0 :::11211 :::* LISTEN 20054/memcached
3.2.5設置apache
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
3.2.6修改主apache的主配置文件
vim /etc/httpd/conf/httpd.conf
配置一下Servername
ServerName 192.168.57.138:80
3.2.7啟動apache
systemctl enable httpd.service
systemctl start httpd.service
3.2.8檢查一下是否啟動成功了
[root@linux-node2 conf.d]# netstat -nltp|grep httpd
tcp6 0 0 :::80 :::* LISTEN 20253/httpd
tcp6 0 0 :::35357 :::* LISTEN 20253/httpd
tcp6 0 0 :::5000 :::* LISTEN 20253/httpd
[root@linux-node2 conf.d]#
3.3 keystone 用戶權限
3.3.1 設置環境變量
$exportOS_USERNAME=admin
$exportOS_PASSWORD=ADMIN_PASS
$exportOS_PROJECT_NAME=admin
$exportOS_USER_DOMAIN_NAME=Default
$exportOS_PROJECT_DOMAIN_NAME=Default
$exportOS_AUTH_URL=http://linux-node2:35357/v3
$exportOS_IDENTITY_API_VERSION=3
3.3.2創建域、項目、用戶和角色
創建服務
[root@linux-node2 ~]# openstack project create --domain default --description "Service Project" service
創建demo項目
[root@linux-node2 ~]# openstack project create --domain default \
> --description "Demo Project" demo
設置demo密碼
[root@linux-node2 ~]# openstack user create --domain default \
> --password-prompt demo
創建用戶組
[root@linux-node2 ~]# openstack role create user
加入用戶組
[root@linux-node2 ~]# openstack role add --project demo --user demo user
3.3.3驗證操作
1. 出於安全原因,請禁用臨時身份驗證令牌機制:
編輯/etc/keystone/keystone-paste.ini 文件並刪除admin_token_auth從 [pipeline:public_api],[pipeline:admin_api]和[pipeline:api_v3]段。
2、取消設置臨時 變量OS_AUTH_URL和OS_PASSWORD環境變量:
[root@linux-node2 ~]# unset OS_AUTH_URL OS_PASSWORD
3、作為admin 、請求身份驗證令牌
$ openstack --os-auth-url http://linux-node2:35357/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name admin --os-username admin token issue
Password:
+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:14:07.056119Z |
| id | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
| | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
| | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws |
| project_id | 343d245e850143a096806dfaefa9afdc |
| user_id | ac3377633149401296f6c0d92d79dc16 |
+------------+-----------------------------------------------------------------+
4、用demo用戶、請求驗證令牌
$ openstack --os-auth-url http://linux-node2:5000/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name demo --os-username demo token issue
Password:
+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:15:39.014479Z |
| id | gAAAAABWvi9bsh7vkiby5BpCCnc-JkbGhm9wH3fabS_cY7uabOubesi-Me6IGWW |
| | yQqNegDDZ5jw7grI26vvgy1J5nCVwZ_zFRqPiz_qhbq29mgbQLglbkq6FQvzBRQ |
| | JcOzq3uwhzNxszJWmzGC7rJE_H0A_a3UFhqv8M4zMRYSbS2YF0MyFmp_U |
| project_id | ed0b60bf607743088218b0a533d5943f |
| user_id | 58126687cbcc4888bfa9ab73a2256f27 |
3.3.4創建 OpenStack 客戶端環境腳本
vi admin-openrc 加入如下:
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://linux-node2:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
#vi demo-openrc 加入:
[root@linux-node2 ~]# cat demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://linux-node2:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
四:鏡像服務Glance(node2 主控制節點操作)
4.1 Glance 介紹
Glance 主要由三個部分構成: glance-api、glance-registry 以 image stroe
Glance-api:接受雲系統鏡像創建、刪除、讀取請求
Glance-Registry: 雲系統鏡像注冊服務
4.2 mysql 配置
$ mysql -u root –p
MariaDB [(none)]> CREATE DATABASE glance;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'glance';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY 'glance';
4.3 Glance安裝
# yum install openstack-glance
4.4修改主配置文件/etc/glance/glance-api.conf
[database]
# ...
connection = mysql://glance:glance@192.168.57.145/glance
在[keystone_authtoken]和[paste_deploy]部分中,配置身份服務訪問:
[keystone_authtoken]
auth_uri = http://linux-node2:5000
auth_url = http://linux-node2:35357
memcached_servers = linux-node2:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance #########這里的密碼就是下面的新建 API glance用戶的密碼
#...
[paste_deploy]
flavor = keystone
[glance_store]
# ...
stores=file,http
default_store=file
filesystem_store_datadir=/var/lib/glance/images/
4.5 修改主配置文件/etc/glance/glance-registry.conf
[database]
# ...
connection = mysql://glance:glance@192.168.57.145/glance
在[keystone_authtoken]和[paste_deploy]部分中,配置身份服務訪問:
[keystone_authtoken]
auth_uri = http://linux-node2:5000
auth_url = http://linux-node2:35357
memcached_servers = linux-node2:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance #########這里的密碼就是下面的新建 API glance用戶的密碼
#...
[paste_deploy]
flavor = keystone
4.6 設置數據庫
# su -s /bin/sh -c "glance-manage db_sync" glance
4.7創建鏡像服務的API服務
$ openstack user create --domain default --password-prompt glance
$ openstack role add --project service --user glance admin
$ openstack service create --name glance \
--description "OpenStack Image" image
$ openstack endpoint create --region RegionOne \
image public http://linux-node2:9292
$ openstack endpoint create --region RegionOne \
image internal http://linux-node2:9292
$ openstack endpoint create --region RegionOne \
image admin http://linux-node2:9292=
4.8 啟動服務
# systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
# systemctl start openstack-glance-api.service \
openstack-glance-registry.service
4.9驗證
運行環境變量:
#. admin-openrc
下載一個比較小的鏡像:
#wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
一、上傳文件
$ openstack image create "cirros"\
--file cirros-0.3.5-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | 133eae9fb1c98f45894a4e60d8736619 |
| container_format | bare |
| created_at | 2015-03-26T16:52:10Z |
| disk_format | qcow2 |
| file | /v2/images/cc5c6982-4910-471e-b864-1098015901b5/file |
| id | cc5c6982-4910-471e-b864-1098015901b5 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | ae7a98326b9c455588edd2656d723b9d |
| protected | False |
| schema | /v2/schemas/image |
| size | 13200896 |
| status | active |
| tags | |
| updated_at | 2015-03-26T16:52:10Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
二、查看
$ openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 38047887-61a7-41ea-9b49-27987d5e8bb9 | cirros | active |
+--------------------------------------+--------+--------+
有輸出證明glance配置正確
五、計算服務一 nova(node2 主控制節點操作)
5 .Nova 作用
1. API :負責接收和相應外部請求、支持 openstack API Ec2API
2. Cert:負責身份認證
3. Scheduler:用於雲主機調度
4. Conductor: 計算節點訪問數據的中間件
5. Consoleaut:用於控制台的授權驗證
6. NovncProxy: VNC代理
5.1 新建數據庫
$ mysql -u root –p
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
新建用戶
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY 'nova_api';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
IDENTIFIED BY 'nova';
5.2創建nova用戶:
# . admin-openrc
openstack user create --domain default --password-prompt nova
User Password: nova
Repeat User Password: nova
The passwords entered were not the same
User Password: nova
Repeat User Password: nova
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | b9878680c70a4a678fd9a7a580706ccf |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@linux-node2 ~]#
加入組
[root@linux-node2 ~]# openstack role add --project service --user nova admin
5.3創建nova服務實體
$ openstack service create --name nova \
--description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 060d59eac51b4594815603d75a00aba2 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
5.4創建服務API
[root@linux-node2 ~]# openstack endpoint create --region RegionOne \
> compute public http://linux-node2:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b6ebf975780344a597a65650eafdf67a |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d6a1591a15944bea85ab1e203af6732c |
| service_name | nova |
| service_type | compute |
| url | http://linux-node2:8774/v2.1 |
+--------------+----------------------------------+
[root@linux-node2 ~]# openstack endpoint create --region RegionOne \
> compute internal http://linux-node2:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | a2c1af804a31484cb3d82017b15fa47f |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d6a1591a15944bea85ab1e203af6732c |
| service_name | nova |
| service_type | compute |
| url | http://linux-node2:8774/v2.1 |
+--------------+----------------------------------+
[root@linux-node2 ~]# openstack endpoint create --region RegionOne \
> compute admin http://linux-node2:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0304b6e92bf049d09e7d28bacfb1ed16 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d6a1591a15944bea85ab1e203af6732c |
| service_name | nova |
| service_type | compute |
| url | http://linux-node2:8774/v2.1 |
+--------------+----------------------------------+
5.5新建另一個用戶
[root@linux-node2 ~]# openstack user create --domain default --password-prompt placement
User Password: nova
Repeat User Password: nova
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 1654b6d199bf4fc582d1e70db802a31a |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@linux-node2 ~]#
加入管理員組
[root@linux-node2 ~]# openstack role add --project service --user placement admin
5.6在服務目錄中創建Placement API條目:
$ openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | 2d1a27022e6e4185b86adac4444c495f |
| name | placement |
| type | placement |
+-------------+----------------------------------+
5.7創建Placement API服務端點:
[root@linux-node2 ~]# openstack endpoint create --region RegionOne placement public http://linux-node2:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 4b82fb4b30de4228982dea8c663f6d26 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ba2a8b23524a4635af583cbfc80abd91 |
| service_name | placement |
| service_type | placement |
| url | http://linux-node2:8778 |
+--------------+----------------------------------+
[root@linux-node2 ~]# openstack endpoint create --region RegionOne placement internal http://linux-node2:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | bea3dbb6003d4cea802527de411f8cde |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ba2a8b23524a4635af583cbfc80abd91 |
| service_name | placement |
| service_type | placement |
| url | http://linux-node2:8778 |
+--------------+----------------------------------+
[root@linux-node2 ~]# openstack endpoint create --region RegionOne placement admin http://linux-node2:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b5d6d62d8f3f4e7c9ee2d6241b832bc5 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ba2a8b23524a4635af583cbfc80abd91 |
| service_name | placement |
| service_type | placement |
| url | http://linux-node2:8778 |
+--------------+----------------------------------+
5.8安裝和配置的部件
# yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler openstack-nova-placement-api
5.9修改配置文件 /etc/nova/nova.conf
[DEFAULT]
# ...
enabled_apis=osapi_compute,metadata
[api_database]
connection=mysql://nova:nova_api@192.168.57.145/nova_api
[database]
connection=connection=mysql://nova:nova@192.168.57.145/nova
[DEFAULT]
# ...
transport_url = rabbit://openstack:openstack@192.168.57.145
5.10設置api和連接信息
[api]
# ...
auth_strategy=keystone
[keystone_authtoken]
# ...
auth_uri = http://linux-node2:5000
auth_url = http://linux-node2:35357
memcached_servers = linux-node2:11211
auth_type=password
project_domain_name=default
user_domain_name=default
project_name=service
username=nova
password=nova
設置IP
[DEFAULT]
# ...
my_ip=192.168.57.145
[DEFAULT]
# ...
use_neutron=True
firewall_driver=nova.virt.firewall.NoopFirewallDriver
[vnc]
enabled=true
# ...
vncserver_listen=$my_ip
vncserver_proxyclient_address=$my_ip
5.11設置glance
[glance]
# ...
api_servers=http://linux-node2:9292
5.12設置[oslo_concurrency]
[oslo_concurrency]
# ...
lock_path=/var/lib/nova/tmp
5.13設置[placement]
[placement]
# ...
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://linux-node2:35357/v3
username = placement
password = nova
5.14設置apache
vim /etc/httpd/conf.d/00-nova-placement-api.conf:
<Directory /usr/bin>
<IfVersion >=2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
5.15重啟apache
# systemctl restart httpd
填充nova-api數據庫:
# su -s /bin/sh -c "nova-manage api_db sync" nova
注冊cell0數據庫:
# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
創建cell1單元格:
# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
109e1d4b-536a-40d0-83c6-5f121b82b650
填充nova數據庫:
# su -s /bin/sh -c "nova-manage db sync" nova
5.17驗證
驗證nova cell0和cell1是否正確注冊:
# nova-manage cell_v2 list_cells
+ ------- + ----------------------------------- --- +
| 名稱| UUID |
+ ------- + -------------------------------------- +
| cell1 | 109e1d4b-536a-40d0-83c6-5f121b82b650 |
| cell0 | 00000000-0000-0000-0000-000000000000 |
+ ------- + -------------------------------------- +
設置開機自啟動
[root@linux-node2 nova]# systemctl enable openstack-nova-api.service
[root@linux-node2 nova]# systemctl enable openstack-nova-consoleauth.service
[root@linux-node2 nova]# systemctl enable openstack-nova-scheduler.service
[root@linux-node2 nova]# systemctl enable openstack-nova-conductor.service
[root@linux-node2 nova]# systemctl enable openstack-nova-novncproxy.service
[root@linux-node2 nova]#
啟動服務
[root@linux-node2 nova]# systemctl start openstack-nova-api.service
[root@linux-node2 nova]# systemctl start openstack-nova-consoleauth.service
[root@linux-node2 nova]# systemctl start openstack-nova-scheduler.service
[root@linux-node2 nova]# systemctl start openstack-nova-conductor.service
[root@linux-node2 nova]# systemctl start openstack-nova-novncproxy.service
六、計算服務二 nova(計算節點)在node1 上安裝
6.1安裝nova-compute
# yum install openstack-nova-compute
6.2配置主配置文件(/etc/nova/nova.conf)
[DEFAULT]
# ...
enabled_apis=osapi_compute,metadata
[DEFAULT]
# ...
transport_url = rabbit://openstack:openstack@192.168.57.145
[api]
# ...
auth_strategy=keystone
[keystone_authtoken]
# ...
auth_uri = http://linux-node2:5000
auth_url = http://linux-node2:35357
memcached_servers = linux-node2:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
[DEFAULT]
# ...
my_ip=192.168.57.142 ########這個是本機IP
[DEFAULT]
# ...
use_neutron=True
firewall_driver=nova.virt.firewall.NoopFirewallDriver
[vnc]
# ...
enabled=True
vncserver_listen=0.0.0.0
vncserver_proxyclient_address=$my_ip
novncproxy_base_url=http://linux-node2:6080/vnc_auto.html
[glance]
# ...
api_servers=http://linux-node2:9292
[oslo_concurrency]
# ...
lock_path=/var/lib/nova/tmp
[placement]
# ...
os_region_name=RegionOne
project_domain_name=Default
project_name=service
auth_type=password
user_domain_name=Default
auth_url=http://linux-node2:35357/v3
username=placement
password=nova
6.3檢查是否需要硬件加速
$ egrep -c '(vmx|svm)' /proc/cpuinfo
如果為0則需要修改#vi /etc/nova/nova.conf
[libvirt]
# ...
virt_type=qemu
6.4啟動服務
# systemctl enable libvirtd.service openstack-nova-compute.service
# systemctl start libvirtd.service openstack-nova-compute.service
6.5驗證(node2 主節點操作)
將計算節點添加到單元數據庫¶(在主節點操作)
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
Found 2 cell mappings.
Skipping cell0 since it does not contain hosts.
Getting compute nodes from cell 'cell1': ad5a5985-a719-4567-98d8-8d148aaae4bc
Found 1 computes in cell: ad5a5985-a719-4567-98d8-8d148aaae4bc
Checking host mapping for compute host 'linux-node1': fe58ddc1-1d65-4f87-9456-bc040dc106b3
Creating host mapping for compute host 'linux-node1': fe58ddc1-1d65-4f87-9456-bc040dc106b3
查看comput節點
$ openstack compute service list
+----+--------------------+------------+----------+---------+-------+----------------------------+
| Id | Binary | Host | Zone | Status | State | Updated At |
+----+--------------------+------------+----------+---------+-------+----------------------------+
| 1 | nova-consoleauth | controller | internal | enabled | up | 2016-02-09T23:11:15.000000 |
| 2 | nova-scheduler | controller | internal | enabled | up | 2016-02-09T23:11:15.000000 |
| 3 | nova-conductor | controller | internal | enabled | up | 2016-02-09T23:11:16.000000 |
| 4 | nova-compute | compute1 | nova | enabled | up | 2016-02-09T23:11:20.000000 |
+----+--------------------+------------+----------+---------+-------+----------------------------+
查看catalog
$ openstack catalog list
+-----------+-----------+-----------------------------------------+
| Name | Type | Endpoints |
+-----------+-----------+-----------------------------------------+
| keystone | identity | RegionOne |
| | | public: http://linux-node2:5000/v3/ |
| | | RegionOne |
| | | internal: http://linux-node2:5000/v3/ |
| | | RegionOne |
| | | admin: http://linux-node2:35357/v3/ |
| | | |
| glance | image | RegionOne |
| | | admin: http://linux-node2:9292 |
| | | RegionOne |
| | | public: http://linux-node2:9292 |
| | | RegionOne |
| | | internal: http://linux-node2:9292 |
| | | |
| nova | compute | RegionOne |
| | | admin: h http://linux-node2:8774/v2.1 |
| | | RegionOne |
| | | internal: http://linux-node2:8774/v2.1 |
| | | RegionOne |
| | | public: http://linux-node2:8774/v2.1 |
| | | |
| placement | placement | RegionOne |
| | | public: http://linux-node2:8778 |
| | | RegionOne |
| | | admin: http://linux-node2:8778 |
| | | RegionOne |
| | | internal: http://linux-node2:8778 |
| | | |
+-----------+-----------+-----------------------------------------+
列出Image服務中的圖像以驗證與Image服務的連接性:
$ openstack image list
+--------------------------------------+-------------+-------------+
| ID | Name | Status |
+--------------------------------------+-------------+-------------+
| 9a76d9f9-9620-4f2e-8c69-6c5691fae163 | cirros | active |
+--------------------------------------+-------------+-------------+
檢查單元格和放置API正在成功工作:
# nova-status upgrade check
+---------------------------+
| Upgrade Check Results |
+---------------------------+
| Check: Cells v2 |
| Result: Success |
| Details: None |
+---------------------------+
| Check: Placement API |
| Result: Success |
| Details: None |
+---------------------------+
| Check: Resource Providers |
| Result: Success |
| Details: None |
+---------------------------+
七、網絡節點一(node2 主配置節點操作)
7.1 設置mysql
$ mysql -u root –p
MariaDB [(none)] CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'neutron';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'neutron';
7.2創建服務憑據
在admin的環境下
$ . admin-openrc
$ openstack user create --domain default --password-prompt neutron
User Password: neutron #密碼
Repeat User Password: neutron #密碼
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | fdb0f541e28141719b6a43c8944bf1fb |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
加入到admin組
$ openstack role add --project service --user neutron admin
創建neutron 服務實體
$ openstack service create --name neutron \
--description "OpenStack Networking" network
創建neutron API
$ openstack endpoint create --region RegionOne \
network public http://linux-node2:9696
$ openstack endpoint create --region RegionOne \
network internal http://linux-node2:9696
$ openstack endpoint create --region RegionOne \
network admin http://linux-node2:9696
7.3配置網絡選項(這里我選用的是網絡1 的配置)
您可以使用選項1和2所代表的兩種體系結構之一來部署網絡服務。
選項1部署了最簡單的架構,只支持將實例連接到提供者(外部)網絡。沒有自助服務(專用)網絡,路由器或浮動IP地址。只有admin或其他特權用戶才能管理提供商網絡。
選項2增加了選項1,其中第三層服務支持將實例附加到自助服務網絡。這個demo或其他非特權用戶可以管理自助服務網絡,包括在自助服務和提供商網絡之間提供連接的路由器。此外,浮動IP地址還提供與使用來自外部網絡(如Internet)的自助服務網絡的實例的連接。
自助服務網絡通常使用覆蓋網絡。覆蓋網絡協議(如VXLAN)包含額外的標頭,這些標頭會增加開銷並減少有效負載或用戶數據的可用空間。在不了解虛擬網絡基礎架構的情況下,實例將嘗試使用1500字節的默認以太網最大傳輸單元(MTU)發送數據包。網絡服務通過DHCP自動為實例提供正確的MTU值。但是,某些雲圖像不使用DHCP或忽略DHCP MTU選項並需要使用元數據或腳本進行配置。
7.4 安裝網絡openstack-neutron
# yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables
7.5 編輯/etc/neutron/neutron.conf
[database]
# ...
connection=mysql://neutron:neutron@linux-node2/neutron
[DEFAULT]
# ...
core_plugin=ml2
service_plugins=
transport_url=rabbit://openstack:openstack@linux-node2
auth_strategy=keystone
notify_nova_on_port_status_changes=true
notify_nova_on_port_data_changes=true
[keystone_authtoken]
# ...
auth_uri=http://linux-node2:5000
auth_url=http://linux-node2:35357
memcached_servers= linux-node2:11211
auth_type=password
project_domain_name=default
user_domain_name=default
project_name=service
username=neutron
password=neutron ######這個密碼是上面設置的密碼
[nova]
# ...
auth_url=http://controller:35357
auth_type=password
project_domain_name=default
user_domain_name=default
region_name=RegionOne
project_name=service
username=nova
password=nova ####注意這個是nova設置的密碼
[oslo_concurrency]
# ...
lock_path=/var/lib/neutron/tmp
7.6配置模塊化層2(ML2)插件(/etc/neutron/plugins/ml2/ml2_conf.ini)
編輯配置文件設置如下:
[ml2]
type_drivers=flat,vlan
tenant_network_types=
mechanism_drivers=linuxbridge
[ml2_type_flat]
flat_networks=provider
[securitygroup]
enable_ipset=true
7.7配置Linux網橋代理(/etc/neutron/plugins/ml2/linuxbridge_agent.ini)
編輯配置文件設置如下:
[linux_bridge]
physical_interface_mappings=provider:eth1 ####這個是為底層實現網絡的網絡接口(我這里用了eth1)
[vxlan]
enable_vxlan=false
[securitygroup]
# ...
enable_security_group=true
firewall_driver=neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
7.8配置DHCP代理(/etc/neutron/dhcp_agent.ini)
[DEFAULT]
#...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
7.9配置計算服務以使用網絡服務(/etc/nova/nova.conf)
在該[neutron]部分中,配置訪問參數,啟用元數據代理並配置密鑰:
[neutron]
#...
url = http://linux-node2:9696
auth_url = http://linux-node2:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron ###在身份識別服務中為用戶選擇的密碼。
service_metadata_proxy = true
metadata_proxy_shared_secret = neutron # #為元數據代理選擇的密碼。
創建擴展鏈接
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
7.10同步數據庫
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
7.10 啟動服務
重新啟動計算API服務:
# systemctl restart openstack-nova-api.service
啟動網絡服務並將其配置為在系統引導時啟動。
# systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
# systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
八、網絡節點二、(node1 計算節點操作)
8.1 安裝openstack-neutron
# yum install openstack-neutron-linuxbridge ebtables ipset
8.2配置通用組件(/etc/neutron/neutron.conf)
修改如下配置文件:
[DEFAULT]
transport_url=rabbit://openstack:openstack@linux-node2
auth_strategy=keystone
[keystone_authtoken]
# ...
auth_uri=http://linux-node2:5000
auth_url=http://linux-node2:35357
memcached_servers=linux-node2:11211
auth_type=password
project_domain_name=default
user_domain_name=default
project_name=service
username=neutron
password=neutron
[oslo_concurrency]
# ...
lock_path=/var/lib/neutron/tmp
8.3配置計算服務以使用網絡服務(/etc/nova/nova.conf)
在該[neutron]部分中,配置訪問參數:
[neutron]
#...
url = http://linux-node2:9696
auth_url = http://linux-node2:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
8.4配置Linux網橋代理(/etc/neutron/plugins/ml2/linuxbridge_agent.ini)
編輯文件修改如下配置:
[linux_bridge]
physical_interface_mappings=provider:eht1 #這里是為底層服務的網卡名稱
[vxlan]
enable_vxlan=false
[securitygroup]
# ...
enable_security_group=true
firewall_driver=neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
8.5 啟動服務
重啟一下openstack-nova-compute
# systemctl restart openstack-nova-compute.service
啟動Linux橋代理並將其配置為在系統引導時啟動:
# systemctl enable neutron-linuxbridge-agent.service
# systemctl start neutron-linuxbridge-agent.service
8.6 驗證操作
1.運行管理員環境
$ . admin-openrc
2.查看網絡
$ openstack extension list --network
+---------------------------+---------------------------+----------------------------+
| Name | Alias | Description |
+---------------------------+---------------------------+----------------------------+
| Default Subnetpools | default-subnetpools | Provides ability to mark |
| | | and use a subnetpool as |
| | | the default |
| Availability Zone | availability_zone | The availability zone |
| | | extension. |
| Network Availability Zone | network_availability_zone | Availability zone support |
| | | for network. |
| Port Binding | binding | Expose port bindings of a |
| | | virtual port to external |
| | | application |
| agent | agent | The agent management |
| | | extension. |
| Subnet Allocation | subnet_allocation | Enables allocation of |
| | | subnets from a subnet pool |
| DHCP Agent Scheduler | dhcp_agent_scheduler | Schedule networks among |
| | | dhcp agents |
| Tag support | tag | Enables to set tag on |
| | | resources. |
| Neutron external network | external-net | Adds external network |
| | | attribute to network |
| | | resource. |
| Neutron Service Flavors | flavors | Flavor specification for |
| | | Neutron advanced services |
| Network MTU | net-mtu | Provides MTU attribute for |
| | | a network resource. |
| Network IP Availability | network-ip-availability | Provides IP availability |
| | | data for each network and |
| | | subnet. |
| Quota management support | quotas | Expose functions for |
| | | quotas management per |
| | | tenant |
| Provider Network | provider | Expose mapping of virtual |
| | | networks to physical |
| | | networks |
| Multi Provider Network | multi-provider | Expose mapping of virtual |
| | | networks to multiple |
| | | physical networks |
| Address scope | address-scope | Address scopes extension. |
| Subnet service types | subnet-service-types | Provides ability to set |
| | | the subnet service_types |
| | | field |
| Resource timestamps | standard-attr-timestamp | Adds created_at and |
| | | updated_at fields to all |
| | | Neutron resources that |
| | | have Neutron standard |
| | | attributes. |
| Neutron Service Type | service-type | API for retrieving service |
| Management | | providers for Neutron |
| | | advanced services |
| Tag support for | tag-ext | Extends tag support to |
| resources: subnet, | | more L2 and L3 resources. |
| subnetpool, port, router | | |
| Neutron Extra DHCP opts | extra_dhcp_opt | Extra options |
| | | configuration for DHCP. |
| | | For example PXE boot |
| | | options to DHCP clients |
| | | can be specified (e.g. |
| | | tftp-server, server-ip- |
| | | address, bootfile-name) |
| Resource revision numbers | standard-attr-revisions | This extension will |
| | | display the revision |
| | | number of neutron |
| | | resources. |
| Pagination support | pagination | Extension that indicates |
| | | that pagination is |
| | | enabled. |
| Sorting support | sorting | Extension that indicates |
| | | that sorting is enabled. |
| security-group | security-group | The security groups |
| | | extension. |
| RBAC Policies | rbac-policies | Allows creation and |
| | | modification of policies |
| | | that control tenant access |
| | | to resources. |
| standard-attr-description | standard-attr-description | Extension to add |
| | | descriptions to standard |
| | | attributes |
| Port Security | port-security | Provides port security |
| Allowed Address Pairs | allowed-address-pairs | Provides allowed address |
| | | pairs |
| project_id field enabled | project-id | Extension that indicates |
| | | that project_id field is |
| | | enabled. |
+---------------------------+---------------------------+----------------------------+
1. 查看網絡
2. $ openstack network agent list
3.
4. +--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
5. | ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
6. +--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
7. | 0400c2f6-4d3b-44bc-89fa-99093432f3bf | Metadata agent | controller | None | True | UP | neutron-metadata-agent |
8. | 83cf853d-a2f2-450a-99d7-e9c6fc08f4c3 | DHCP agent | controller | nova | True | UP | neutron-dhcp-agent |
9. | ec302e51-6101-43cf-9f19-88a78613cbee | Linux bridge agent | compute | None | True | UP | neutron-linuxbridge-agent |
10. | fcb9bc6e-22b1-43bc-9054-272dd517d025 | Linux bridge agent | controller | None | True | UP | neutron-linuxbridge-agent |
11. +--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
九、Dashboard(主控制節點 node2 操作)
9.1 安裝
# yum install openstack-dashboard
9.2配置主配置文件(/etc/openstack-dashboard/local_settings)
OPENSTACK_HOST="linux-node2"
ALLOWED_HOSTS=['*']
SESSION_ENGINE='django.contrib.sessions.backends.cache'
CACHES={
'default':{
'BACKEND':'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION':'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL="http://%s:5000/v3"%OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT=True
OPENSTACK_API_VERSIONS={
"identity":3,
"image":2,
"volume":2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN="Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE="user"
OPENSTACK_NEUTRON_NETWORK={
...
'enable_router':False,
'enable_quotas':False,
'enable_distributed_router':False,
'enable_ha_router':False,
'enable_lb':False,
'enable_firewall':False,
'enable_vpn':False,
'enable_fip_topology_check':False,
}
TIME_ZONE="UTC"
9.4重啟服務
# systemctl restart httpd.service memcached.service
9.5 訪問openstack
http://192.168.57.145/dashboard/auth/login/
十、啟動第一個實例
10.1 創建第一個實例
首先是我選用的網絡類型是提供商網絡()
創建一個環境
openstack flavor create --id 0 --vcpus 1 --ram 1024 --disk 10 m1.nano
##########
ID表示為唯一識別的標志
--ram 表示內存的大小
--disk 10 代表存儲空間為10G
M1.nano 為名字
10.2生成一個密鑰對
$ . demo-openrc
$ ssh-keygen -q -N ""
$ openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | ee:3d:2e:97:d4:e2:6a:54:6d:0d:ce:43:39:2c:ba:4d |
| name | mykey |
| user_id | 58126687cbcc4888bfa9ab73a2256f27 |
+-------------+-------------------------------------------------+
查看
$ openstack keypair list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | ee:3d:2e:97:d4:e2:6a:54:6d:0d:ce:43:39:2c:ba:4d |
+-------+-------------------------------------------------+
10.3創建一個icmp
$ openstack security group rule create --proto icmp default
添加規則
$ openstack security group rule create --proto tcp --dst-port 22 default
10.4創建網絡
$ . admin-openrc
$ openstack network create --share --external \
--provider-physical-network provider \
--provider-network-type flat provider
該--share選項允許所有項目使用虛擬網絡。
該--external選項將虛擬網絡定義為外部。如果你想創建一個內部網絡,你可以使用--internal。默認值是internal。
10.5創建子網
$ openstack subnet create --network provider \
--allocation-pool start=192.168.57.100,end=192.168.57.200\
--dns-nameserver 202.101.224.68 --gateway 192.168.57.2\
--subnet-range 192.168.57.0/24 provider
10.6創建虛擬機
查看有那些配置選項
[root@linux-node2 ~]# openstack flavor list
+----+------------+------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+------------+------+------+-----------+-------+-----------+
| 0 | m1.nano | 1024 | 1 | 0 | 1 | True |
| 10 | liang.nano | 1024 | 5 | 0 | 1 | True |
| 2 | m.nano | 1024 | 10 | 0 | 10 | True |
| 3 | m2.nano | 1024 | 10 | 0 | 1 | True |
| 4 | m4.nano | 1024 | 10 | 0 | 1 | True |
+----+------------+------+------+-----------+-------+-----------+
查看可以用的鏡像
[root@linux-node2 ~]# openstack image list
+--------------------------------------+--------------------+--------+
| ID | Name | Status |
+--------------------------------------+--------------------+--------+
| 470802c8-3385-4e08-b069-ace2d3f8e914 | Centos7 | active |
| 984e73aa-1faf-40c6-88ee-5532ab7cf41f | cirros | active |
| 742c7273-56f2-43e2-8816-98f980fd97d7 | windows Server2003 | active |
+--------------------------------------+--------------------+--------+
查看可用網絡
[root@linux-node2 ~]# openstack network list
+--------------------------------------+----------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+----------+--------------------------------------+
| 161a2f1e-5c2d-418a-91a3-7a1d9aa35200 | provider | 80695e60-cd51-4385-8af3-cd792f3a77ef |
+--------------------------------------+----------+--------------------------------------+
[root@linux-node2 ~]# openstack security group list
+--------------------------------------+---------+-------------+----------------------------------+
| ID | Name | Description | Project |
+--------------------------------------+---------+-------------+----------------------------------+
| 593ef5a3-b48b-483e-8753-aabd81afae8a | default | 缺省安全組 | 2534c30f191a40038947f238c534c20d |
| 73b40ecf-1bfb-49d1-9382-05e3a2d0f577 | liang | adasd | 497f3c89978641479a56bb6954b6da7d |
+--------------------------------------+---------+-------------+----------------------------------+
創建虛擬機
[root@linux-node2 ~]# openstack server create --flavor m1.nano --image cirros \
> --nic net-id=3de76652-72aa-4638-9c31-7465055db1f3 --security-group default \
> --key-name mykey provider-instance
+-----------------------------+-----------------------------------------------+
| Field | Value |
+-----------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | LYFNpN5rHRnx |
| config_drive | |
| created | 2018-01-03T07:39:13Z |
| flavor | m1.nano (0) |
| hostId | |
| id | 00d4afc5-266f-4852-9c7f-b86c2a5ec3f3 |
| image | cirros (984e73aa-1faf-40c6-88ee-5532ab7cf41f) |
| key_name | mykey |
| name | provider-instance |
| progress | 0 |
| project_id | 497f3c89978641479a56bb6954b6da7d |
| properties | |
| security_groups | name='ff0181e2-596b-4e1b-87d9-90647674194b' |
| status | BUILD |
| updated | 2018-01-03T07:39:13Z |
| user_id | 1df20bd306664a498a6c9d6af66263a8 |
| volumes_attached | |
+-----------------------------+-----------------------------------------------+
查看虛擬機(狀態從改變BUILD到ACTIVE時構建過程成功完成。)
[root@linux-node2 ~]# openstack server list
+--------------------------------------+-------------------+--------+----------+--------+---------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+-------------------+--------+----------+--------+---------+
| 00d4afc5-266f-4852-9c7f-b86c2a5ec3f3 | provider-instance | BUILD | | cirros | m1.nano |
+--------------------------------------+-------------------+--------+----------+--------+---------+
[root@linux-node2 ~]# openstack server list
+--------------------------------------+-------------------+--------+-------------------------+--------+---------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+-------------------+--------+-------------------------+--------+---------+
| 00d4afc5-266f-4852-9c7f-b86c2a5ec3f3 | provider-instance | ACTIVE | provider=192.168.57.105 | cirros | m1.nano |
+--------------------------------------+-------------------+--------+-------------------------+--------+---------+
查看虛擬機的VNC的URL
[root@linux-node2 ~]# openstack console url show provider-instance
+-------+----------------------------------------------------------------------------------+
| Field | Value |
+-------+----------------------------------------------------------------------------------+
| type | novnc |
| url | http://linux-node2:6080/vnc_auto.html?token=2d0363d8-dcc7-4048-a3e8-38ad0551bc18 |
+-------+----------------------------------------------------------------------------------+
10.7網頁查看
10.8 測試網絡連通性
在openstack server list中查看的IP地址為192.168.57.105
現在在node1 node2 進行測試
Node2 測試結果
[root@linux-node2 ~]# ping -c 4 192.168.57.105
PING 192.168.57.105 (192.168.57.105) 56(84) bytes of data.
64 bytes from 192.168.57.105: icmp_seq=1 ttl=64 time=2.48 ms
64 bytes from 192.168.57.105: icmp_seq=2 ttl=64 time=2.23 ms
64 bytes from 192.168.57.105: icmp_seq=3 ttl=64 time=1.84 ms
64 bytes from 192.168.57.105: icmp_seq=4 ttl=64 time=2.64 ms
--- 192.168.57.105 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 1.841/2.299/2.642/0.305 ms
node1 測試結果
[root@linux-node1 neutron]# ping -c 4 192.168.57.105
PING 192.168.57.105 (192.168.57.105) 56(84) bytes of data.
64 bytes from 192.168.57.105: icmp_seq=1 ttl=64 time=1.33 ms
64 bytes from 192.168.57.105: icmp_seq=2 ttl=64 time=0.873 ms
64 bytes from 192.168.57.105: icmp_seq=3 ttl=64 time=1.22 ms
64 bytes from 192.168.57.105: icmp_seq=4 ttl=64 time=2.47 ms
--- 192.168.57.105 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 0.873/1.478/2.476/0.602 ms
10.9 Ssh連接測試一下
[root@linux-node2 ~]# ssh cirros@192.168.57.105
The authenticity of host '192.168.57.105 (192.168.57.105)' can't be established.
RSA key fingerprint is SHA256:7Qa9JtqTy/3uqoJKw7doB6hC93pHEuHbv+e6xpgPGD8.
RSA key fingerprint is MD5:61:64:aa:1a:94:f7:dc:26:58:f5:cf:fd:ba:48:66:b5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.57.105' (RSA) to the list of known hosts.
$ ifconfig
eth0 Link encap:Ethernet HWaddr FA:16:3E:27:D7:37
inet addr:192.168.57.105 Bcast:192.168.57.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:fe27:d737/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:364 errors:0 dropped:0 overruns:0 frame:0
TX packets:249 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:33991 (33.1 KiB) TX bytes:26215 (25.6 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
EOF
openstack優化部分過幾天上傳