OpenStack-Mitaka
一、Cloud 基础概念
- IAAS:Infrastructre As A Service 基础架构及服务,OpenStack,CloudStack
- PAAS:Platform As A Service 平台及服务,Docker
- SAAS:Software As A Service 软件及服务
- FWaas,DBaas,LBaas,...
- Private Cloud
- Public Cloud
- Hybrid Cloud
二、OpenStack
官方站点:https://www.openstack.org/
安装文档:https://docs.openstack.org/mitaka/install-guide-rdo/
中文文档:https://docs.openstack.org/mitaka/zh_CN/install-guide-rdo/
环境:
- controller:192.168.100.11(管理网络) 172.16.100.11(服务网络)
- compute:192.168.100.12(管理网络) 172.16.100.12(服务网络)
- block:192.168.100.14
- OpenStack版本:Mitaka
三、基础环境
1、NTP
- controller节点
[root@controller ~]# yum install chrony
[root@controller ~]# vim /etc/chrony.conf
server ntp.aliyun.com iburst
allow 192.168.100.0/24
[root@controller ~]# systemctl enable chronyd.service
[root@controller ~]# systemctl restart chronyd.service
- controller节点
[root@compute1 ~]# yum install chrony
server controller iburst
[root@compute1 ~]# systemctl enable chronyd.service
[root@compute1 ~]# systemctl start chronyd.service
[root@compute1 ~]# chronyc sources #对比本地时间和服务器时间差
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? controller 3 6 1 1 -731us[ -731us] +/- 12ms
2、配置yum源
3、安装数据库
- controller
[root@controller ~]# yum install mariadb mariadb-server python2-PyMySQL
[root@controller ~]# vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.100.11
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
[root@controller ~]# vim /etc/my.cnf
[mysqld]
skip_name_resolve
[root@controller ~]# systemctl start mariadb.service
四、Identity认证服务
- User:一个user可以关联至多个tenant
- Tanant:租户,一个tenant对应于一个project,或者一个组织
- Role:角色
- Token:令牌,用于认证和授权
- Service:服务
- Endpoint:端点,服务的访问入口
- 在controller节点上安装keystone
[root@controller ~]# mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'keystone';
[root@controller ~]# yum install python-openstackclient -y
[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y
[root@controller ~]# openssl rand -hex 10 > mytoken
[root@controller ~]# cat mytoken
7a1da5ba2fe4c69eea05
[root@controller ~]# vim /etc/keystone/keystone.conf
[DEFAULT]
admin_token = 7a1da5ba2fe4c69eea05
[database]
connection = mysql+pymysql://keystone:keystone@controller/keystone
[token]
provider = fernet
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# vim /etc/httpd/conf/httpd.conf
ServerName controller
[root@controller ~]# vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
[root@controller ~]# systemctl enable httpd.service
[root@controller ~]# systemctl start httpd.service
- 配置
[root@controller ~]# export OS_TOKEN=`cat mytoken`
[root@controller ~]# export |grep OS_TOKEN
declare -x OS_TOKEN="7a1da5ba2fe4c69eea05"
[root@controller ~]# export OS_URL=http://controller:35357/v3
[root@controller ~]# export OS_IDENTITY_API_VERSION=3
[root@controller ~]# openstack service create \
> --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | b37f52dd30654076b151a852afeeee7e |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> identity public http://controller:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 10b3925aea3b44bc9fe7dcf4fc93697a |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b37f52dd30654076b151a852afeeee7e |
| service_name | keystone |
| service_type | identity |
| url | http://controller:5000/v3 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> identity internal http://controller:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 4749500493f94ea89f2b33e675fae051 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b37f52dd30654076b151a852afeeee7e |
| service_name | keystone |
| service_type | identity |
| url | http://controller:5000/v3 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> identity admin http://controller:35357/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | e76140cd04494699ba7e434f297ce291 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b37f52dd30654076b151a852afeeee7e |
| service_name | keystone |
| service_type | identity |
| url | http://controller:35357/v3 |
+--------------+----------------------------------+
[root@controller ~]# openstack domain create --description "Default Domain" default
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Default Domain |
| enabled | True |
| id | c121b35fd0314f16827a85fdb61bf94b |
| name | default |
+-------------+----------------------------------+
[root@controller ~]# openstack project create --domain default \
> --description "Admin Project" admin
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Admin Project |
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled | True |
| id | 3a76f6def02b417d91ec9278b7bff6f2 |
| is_domain | False |
| name | admin |
| parent_id | c121b35fd0314f16827a85fdb61bf94b |
+-------------+----------------------------------+
[root@controller ~]# openstack user create --domain default \
> --password-prompt admin
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled | True |
| id | 5643b73e9be142bc806ce6db0c853150 |
| name | admin |
+-----------+----------------------------------+
[root@controller ~]# openstack role create admin
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 6b8aadf364be463886296a4125eadb0b |
| name | admin |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project admin --user admin admin
[root@controller ~]# openstack project create --domain default \
> --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled | True |
| id | 32e1692c57ac4f2db2bb52163cf09ac4 |
| is_domain | False |
| name | service |
| parent_id | c121b35fd0314f16827a85fdb61bf94b |
+-------------+----------------------------------+
[root@controller ~]# openstack project create --domain default \
> --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled | True |
| id | d94a719f93844a2e90da8ee3ec95a999 |
| is_domain | False |
| name | demo |
| parent_id | c121b35fd0314f16827a85fdb61bf94b |
+-------------+----------------------------------+
[root@controller ~]# openstack user create --domain default \
> --password-prompt demo
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled | True |
| id | 4af0aec1e50742cd88f3d1b426424c9f |
| name | demo |
+-----------+----------------------------------+
[root@controller ~]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 43777741cd66492b824d734a36a01cfd |
| name | user |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project demo --user demo user
[root@controller ~]# openstack service list
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| b37f52dd30654076b151a852afeeee7e | keystone | identity |
+----------------------------------+----------+----------+
[root@controller ~]# openstack endpoint list
+--------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+--------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
| 10b3925aea3b44bc9fe7dcf4 | RegionOne | keystone | identity | True | public | http://controller:5000/v3 |
| fc93697a | | | | | | |
| 4749500493f94ea89f2b33e6 | RegionOne | keystone | identity | True | internal | http://controller:5000/v3 |
| 75fae051 | | | | | | |
| e76140cd04494699ba7e434f | RegionOne | keystone | identity | True | admin | http://controller:35357/v |
| 297ce291 | | | | | | 3 |
+--------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
[root@controller ~]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 4af0aec1e50742cd88f3d1b426424c9f | demo |
| 5643b73e9be142bc806ce6db0c853150 | admin |
+----------------------------------+-------+
[root@controller ~]# openstack domain list
+----------------------------------+---------+---------+----------------+
| ID | Name | Enabled | Description |
+----------------------------------+---------+---------+----------------+
| c121b35fd0314f16827a85fdb61bf94b | default | True | Default Domain |
+----------------------------------+---------+---------+----------------+
[root@controller ~]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 32e1692c57ac4f2db2bb52163cf09ac4 | service |
| 3a76f6def02b417d91ec9278b7bff6f2 | admin |
| d94a719f93844a2e90da8ee3ec95a999 | demo |
+----------------------------------+---------+
- 配置认证
编辑 /etc/keystone/keystone-paste.ini 文件,从``[pipeline:public_api]``,[pipeline:admin_api]``和``[pipeline:api_v3]``部分删除``admin_token_auth 。
[root@controller ~]# unset OS_TOKEN OS_URL
[root@controller ~]# openstack --os-auth-url http://controller:35357/v3 \
> --os-project-domain-name default --os-user-domain-name default \
> --os-project-name admin --os-username admin token issue
Password:
+------------+---------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+---------------------------------------------------------------------------------------------------------+
| expires | 2019-03-31T08:59:20.930753Z |
| id | gAAAAABcoHNYAlA--SMCscCnp8EgqsZEwdD8Zt-AxaWqxVI-BYCrAPgVkOpy4tZbDfcuzgVRaYdHQ17a0QcRmD5GczM2TDIDrZh_N5e |
| | iwMgZGd_ZYVujJwWXMWgE7aVwah3WXOrIxSavBwrQgw51aRSbu9aRDRuNxCfVyZRh5h2-0Qcc6x5S7KU |
| project_id | 3a76f6def02b417d91ec9278b7bff6f2 |
| user_id | 5643b73e9be142bc806ce6db0c853150 |
+------------+---------------------------------------------------------------------------------------------------------+
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \
> --os-project-domain-name default --os-user-domain-name default \
> --os-project-name demo --os-username demo token issue
Password:
+------------+---------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+---------------------------------------------------------------------------------------------------------+
| expires | 2019-03-31T08:59:58.926501Z |
| id | gAAAAABcoHN-h-fvwJtU3mEwx0ZjaXC85hptKUDp2SXKCkuh64kE6aBLC75SWKQVKebK4RSHs9YHfupaTeC7ayEpLnzH1YB9la8K8CH |
| | vFAbXigraC4-ExHNNdZzGK3n57IR_EZoO4pTXRmv8GUIyry7nwoHYyCSjMe0zcSrDDotJvqwSWZykzVg |
| project_id | d94a719f93844a2e90da8ee3ec95a999 |
| user_id | 4af0aec1e50742cd88f3d1b426424c9f |
+------------+---------------------------------------------------------------------------------------------------------+
[root@controller ~]# vim admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@controller ~]# vim demo-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@controller ~]# source admin-openrc
[root@controller ~]# openstack token issue
+------------+---------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+---------------------------------------------------------------------------------------------------------+
| expires | 2019-03-31T09:03:03.526342Z |
| id | gAAAAABcoHQ3Rgtrx-5SEiyZ4nYiWB1wG2CWXU9RVgOFaNggiUYy8o_-MzVhFGmlrjLCEWDbB7Jf4LTVUos- |
| | 078UIGPCyFSd91wdEKKHSWbJMy-lOOt3eu_kauDL-GDbx5JA4cRdD4yzOyM1dHpRrGy5zL2s4f_jOuQzdEjTreKVyS88wfV_PEw |
| project_id | 3a76f6def02b417d91ec9278b7bff6f2 |
| user_id | 5643b73e9be142bc806ce6db0c853150 |
+------------+---------------------------------------------------------------------------------------------------------+
[root@controller ~]# source demo-openrc
[root@controller ~]# openstack token issue
+------------+---------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+---------------------------------------------------------------------------------------------------------+
| expires | 2019-03-31T09:02:07.204901Z |
| id | gAAAAABcoHP_cFN8-o_9eljXOpHg1801dDM9Fl5c0RoWJ5PWw0oMx-VOdOGGisCeXqwY16Q3WncLTiUwt6-0RddWpE0fMNtO854_gTy |
| | PHdDSFLmWR_YHSLtJb7qYVkQz7n3JYlTRTACp7mKPGxXKG290nBWBkIXUdYpdIz1BFr2fnXUEOrEG5m0 |
| project_id | d94a719f93844a2e90da8ee3ec95a999 |
| user_id | 4af0aec1e50742cd88f3d1b426424c9f |
+------------+---------------------------------------------------------------------------------------------------------+
五、Glance镜像服务
- 注册认证信息
[root@controller ~]# mysql -u root -p
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY 'glance';
[root@controller ~]# . admin-openrc
[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled | True |
| id | facce294374f4dd68616a4f0c6881e7e |
| name | glance |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project service --user glance admin
[root@controller ~]# openstack service create --name glance \
> --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | ebad348788cb4f9fbd4396ed8a9423dc |
| name | glance |
| type | image |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | fe627e6b04784e278e1acc7fadaa3027 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ebad348788cb4f9fbd4396ed8a9423dc |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 404e5b9ad5134a7998abf614373138d0 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ebad348788cb4f9fbd4396ed8a9423dc |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | cc98e57149b544db819ced2a2de560d5 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ebad348788cb4f9fbd4396ed8a9423dc |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
- 安装配置glance
[root@controller ~]# yum install openstack-glance -y
[database]
connection = mysql+pymysql://glance:glance@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[root@controller ~]# vim /etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:glance@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
[root@controller ~]# systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
[root@controller ~]# systemctl start openstack-glance-api.service \
openstack-glance-registry.service
- 验证
[root@controller ~]# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
[root@controller ~]# qemu-img info cirros-0.3.4-x86_64-disk.img
image: cirros-0.3.4-x86_64-disk.img
file format: qcow2
virtual size: 39M (41126400 bytes)
disk size: 13M
cluster_size: 65536
Format specific information:
compat: 0.10
refcount bits: 16
[root@controller ~]# openstack image create "cirros" \
> --file cirros-0.3.4-x86_64-disk.img \
> --disk-format qcow2 --container-format bare \
> --public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2019-03-31T08:30:12Z |
| disk_format | qcow2 |
| file | /v2/images/78acfd89-fbe8-4009-90ba-fcda26d2a107/file |
| id | 78acfd89-fbe8-4009-90ba-fcda26d2a107 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | 3a76f6def02b417d91ec9278b7bff6f2 |
| protected | False |
| schema | /v2/schemas/image |
| size | 13287936 |
| status | active |
| tags | |
| updated_at | 2019-03-31T08:30:12Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 78acfd89-fbe8-4009-90ba-fcda26d2a107 | cirros | active |
+--------------------------------------+--------+--------+
六、Compute计算服务
1、Controller节点
- controller注册
[root@controller ~]# mysql -u root -p
CREATE DATABASE nova_api;
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY 'nova';
[root@controller ~]# . admin-openrc
[root@controller ~]# openstack user create --domain default \
> --password-prompt nova
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled | True |
| id | 4e58c5b06038436fbf427ab5b06ce31c |
| name | nova |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project service --user nova admin
[root@controller ~]# openstack service create --name nova \
> --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 89fccdcdb1bb4e869bb15e756e0469f5 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute public http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 9d69264950994bcfad490d3bc50f4164 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 89fccdcdb1bb4e869bb15e756e0469f5 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute internal http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 7f1a7bf4d72c48da8c75ebf1a3ebb5f1 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 89fccdcdb1bb4e869bb15e756e0469f5 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute admin http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | b58bd319647f49329fd9dce3bb8e191c |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 89fccdcdb1bb4e869bb15e756e0469f5 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
- 安装Nova
[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor \
> openstack-nova-console openstack-nova-novncproxy \
> openstack-nova-scheduler -y
[root@controller ~]# vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 192.168.100.11
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]
connection = mysql+pymysql://nova:nova@controller/nova_api
[database]
connection = mysql+pymysql://nova:nova@controller/nova
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
[root@controller ~]# systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller ~]# systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
- 安装rabbitmq
[root@controller ~]# yum install rabbitmq-server -y
[root@controller ~]# rabbitmq-plugins enable rabbitmq_management
[root@controller ~]# systemctl enable rabbitmq-server.service
[root@controller ~]# systemctl start rabbitmq-server.service
[root@controller ~]# rabbitmqctl add_user openstack openstack
[root@controller ~]# rabbitmqctl set_user_tags openstack administrator
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
[root@controller ~]# rabbitmqctl list_users
Listing users ...
openstack [administrator]
guest [administrator]
2、Compute节点
[root@compute1 ~]# yum install openstack-nova-compute -y
[root@compute1 ~]# vim /etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 192.168.100.12
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[libvirt]
virt_type=kvm
[root@compute1 ~]# egrep -c '(vmx|svm)' /proc/cpuinfo
[root@compute1 ~]# systemctl enable libvirtd.service openstack-nova-compute.service
[root@compute1 ~]# systemctl start libvirtd.service openstack-nova-compute.service
3、在controller上验证
[root@controller ~]# openstack compute service list
+----+------------------+------------+----------+---------+-------+----------------------------+
| Id | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+------------+----------+---------+-------+----------------------------+
| 1 | nova-consoleauth | controller | internal | enabled | up | 2019-03-31T15:47:13.000000 |
| 2 | nova-conductor | controller | internal | enabled | up | 2019-03-31T15:47:13.000000 |
| 3 | nova-scheduler | controller | internal | enabled | up | 2019-03-31T15:47:13.000000 |
| 6 | nova-compute | compute1 | nova | enabled | up | 2019-03-31T15:47:14.000000 |
+----+------------------+------------+----------+---------+-------+----------------------------+
七、Neutron网络服务
1、Controller节点
- 配置认证
[root@controller ~]# mysql -u root -p
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'neutron';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'neutron';
[root@controller ~]# . admin-openrc
[root@controller ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled | True |
| id | 7cf18301eb244ab488718d36e5031a94 |
| name | neutron |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project service --user neutron admin
[root@controller ~]# openstack service create --name neutron \
> --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 7e91416ee62f47b392bcf17c23a53e4a |
| name | neutron |
| type | network |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 12344ed6417b47be8b66736aecd9e2d6 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 7e91416ee62f47b392bcf17c23a53e4a |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | bb92e479e0dd4ed89f5dec5b51b78d2d |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 7e91416ee62f47b392bcf17c23a53e4a |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | eb661eb09d5c48c3885fa8d99edf70cc |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 7e91416ee62f47b392bcf17c23a53e4a |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
- 安装配置
[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 \
> openstack-neutron-linuxbridge ebtables -y
[root@controller ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
[database]
connection = mysql+pymysql://neutron:neutron@controller/neutron
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = True
[root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1
[vxlan]
enable_vxlan = True
local_ip = 192.168.100.11
l2_population = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[root@controller ~]# vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge = #此选项特意设置成缺省值,这样就可以在一个代理上允许多种外部网络
[root@controller ~]# vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
[root@controller ~]# vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_ip = controller
metadata_proxy_shared_secret = METADATA_SECRET
[root@controller ~]# vim /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
> --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
[root@controller ~]# systemctl restart openstack-nova-api.service
[root@controller ~]# systemctl enable neutron-server.service \
> neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
> neutron-metadata-agent.service
[root@controller ~]# systemctl start neutron-server.service \
> neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
> neutron-metadata-agent.service
[root@controller ~]# systemctl enable neutron-l3-agent.service
[root@controller ~]# systemctl start neutron-l3-agent.service
2、Compute节点
- 安装配置
[root@compute1 ~]# yum install openstack-neutron-linuxbridge ebtables ipset -y
[root@compute1 ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[root@compute1 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1
[vxlan]
enable_vxlan = True
local_ip = 192.168.100.12
l2_population = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[root@compute1 ~]# vim /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
[root@compute1 ~]# systemctl restart openstack-nova-compute.service
[root@compute1 ~]# systemctl enable neutron-linuxbridge-agent.service
[root@compute1 ~]# systemctl start neutron-linuxbridge-agent.service
- 验证
[root@controller ~]# . admin-openrc
[root@controller ~]# neutron ext-list
+---------------------------+-----------------------------------------------+
| alias | name |
+---------------------------+-----------------------------------------------+
| default-subnetpools | Default Subnetpools |
| network-ip-availability | Network IP Availability |
| network_availability_zone | Network Availability Zone |
| auto-allocated-topology | Auto Allocated Topology Services |
| ext-gw-mode | Neutron L3 Configurable external gateway mode |
| binding | Port Binding |
| agent | agent |
| subnet_allocation | Subnet Allocation |
| l3_agent_scheduler | L3 Agent Scheduler |
| tag | Tag support |
| external-net | Neutron external network |
| net-mtu | Network MTU |
| availability_zone | Availability Zone |
| quotas | Quota management support |
| l3-ha | HA Router extension |
| provider | Provider Network |
| multi-provider | Multi Provider Network |
| address-scope | Address scope |
| extraroute | Neutron Extra Route |
| timestamp_core | Time Stamp Fields addition for core resources |
| router | Neutron L3 Router |
| extra_dhcp_opt | Neutron Extra DHCP opts |
| dns-integration | DNS Integration |
| security-group | security-group |
| dhcp_agent_scheduler | DHCP Agent Scheduler |
| router_availability_zone | Router Availability Zone |
| rbac-policies | RBAC Policies |
| standard-attr-description | standard-attr-description |
| port-security | Port Security |
| allowed-address-pairs | Allowed Address Pairs |
| dvr | Distributed Virtual Router |
+---------------------------+-----------------------------------------------+
[root@controller ~]# neutron agent-list
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| id | agent_type | host | availability_zone | alive | admin_state_up | binary |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| 0c22170c-cdbd-40db-b3f8-5f248d3c3df1 | Linux bridge agent | controller | | :-) | True | neutron-linuxbridge-agent |
| 5bb07134-1fb2-4f68-876c-62b939572034 | L3 agent | controller | nova | :-) | True | neutron-l3-agent |
| 786ecf78-00aa-4f4a-bc40-73b7f1549d4c | DHCP agent | controller | nova | :-) | True | neutron-dhcp-agent |
| d20c1f79-479c-4136-b322-8e7322673fe4 | Metadata agent | controller | | :-) | True | neutron-metadata-agent |
| daab7305-88e5-40a3-a42f-9ea55d5d2ad2 | Linux bridge agent | compute1 | | :-) | True | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
3、创建一个实例
- 创建规格、添加安全组规则、创建秘钥
[root@controller ~]# . admin-openrc
[root@controller ~]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
+----+-----------+-------+------+-----------+-------+-----------+
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 78acfd89-fbe8-4009-90ba-fcda26d2a107 | cirros | active |
+--------------------------------------+--------+--------+
[root@controller ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
+----------------------------+---------+
| Field | Value |
+----------------------------+---------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 1 |
| id | 0 |
| name | m1.nano |
| os-flavor-access:is_public | True |
| ram | 64 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+---------+
[root@controller ~]# . demo-openrc
[root@controller ~]# ssh-keygen -q -N ""
[root@controller ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | 3f:e6:e2:86:d9:06:42:90:0d:8c:c2:5e:17:cd:c6:3d |
| name | mykey |
| user_id | 4af0aec1e50742cd88f3d1b426424c9f |
+-------------+-------------------------------------------------+
[root@controller ~]# openstack keypair list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | 3f:e6:e2:86:d9:06:42:90:0d:8c:c2:5e:17:cd:c6:3d |
+-------+-------------------------------------------------+
[root@controller ~]# openstack security group rule create --proto icmp default
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| id | 391b2fbe-e5b5-4b46-b2c7-75d027f52ed0 |
| ip_protocol | icmp |
| ip_range | 0.0.0.0/0 |
| parent_group_id | a692a42c-bd57-430f-acbc-5473bf925c8c |
| port_range | |
| remote_security_group | |
+-----------------------+--------------------------------------+
[root@controller ~]# openstack security group rule create --proto tcp --dst-port 22 default
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| id | 7549cdf2-754e-4b8f-b538-ab349513b689 |
| ip_protocol | tcp |
| ip_range | 0.0.0.0/0 |
| parent_group_id | a692a42c-bd57-430f-acbc-5473bf925c8c |
| port_range | 22:22 |
| remote_security_group | |
+-----------------------+--------------------------------------+
[root@controller ~]# openstack security group rule list
+--------------------------------------+-------------+-----------+------------+-----------------------+--------------------------------------+
| ID | IP Protocol | IP Range | Port Range | Remote Security Group | Security Group |
+--------------------------------------+-------------+-----------+------------+-----------------------+--------------------------------------+
| 391b2fbe-e5b5-4b46-b2c7-75d027f52ed0 | icmp | 0.0.0.0/0 | | | a692a42c-bd57-430f-acbc-5473bf925c8c |
| 7549cdf2-754e-4b8f-b538-ab349513b689 | tcp | 0.0.0.0/0 | 22:22 | | a692a42c-bd57-430f-acbc-5473bf925c8c |
| 799f8b91-2e84-4031-8fe7-08ddfe50681b | | | | default | a692a42c-bd57-430f-acbc-5473bf925c8c |
| 8b3acaec-8dc8-41bb-98a5-2aac5aa5b8bd | | | | default | a692a42c-bd57-430f-acbc-5473bf925c8c |
+--------------------------------------+-------------+-----------+------------+-----------------------+--------------------------------------+
- 创建网络(Provider Network)
[root@controller ~]# . admin-openrc
[root@controller ~]# neutron net-create --shared --provider:physical_network provider \
> --provider:network_type flat provider
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2019-04-09T14:10:04 |
| description | |
| id | 99870bf3-69f2-4784-b381-543031698ba6 |
| ipv4_address_scope | |
| ipv6_address_scope | |
| mtu | 1500 |
| name | provider |
| port_security_enabled | True |
| provider:network_type | flat |
| provider:physical_network | provider |
| provider:segmentation_id | |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | 3a76f6def02b417d91ec9278b7bff6f2 |
| updated_at | 2019-04-09T14:10:04 |
+---------------------------+--------------------------------------+
[root@controller ~]# neutron net-list
+--------------------------------------+----------+---------+
| id | name | subnets |
+--------------------------------------+----------+---------+
| 99870bf3-69f2-4784-b381-543031698ba6 | provider | |
+--------------------------------------+----------+---------+
[root@controller ~]# neutron subnet-create --name provider \
> --allocation-pool start=192.168.124.51,end=192.168.124.100 \
> --dns-nameserver 114.114.114.114 --gateway 192.168.124.1 \
> provider 192.168.124.0/16
Created a new subnet:
+-------------------+-------------------------------------------------------+
| Field | Value |
+-------------------+-------------------------------------------------------+
| allocation_pools | {"start": "192.168.124.51", "end": "192.168.124.100"} |
| cidr | 192.168.0.0/16 |
| created_at | 2019-04-09T14:13:08 |
| description | |
| dns_nameservers | 114.114.114.114 |
| enable_dhcp | True |
| gateway_ip | 192.168.124.1 |
| host_routes | |
| id | 991405b9-4f87-415e-b3ef-6a613e5a8b7d |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | provider |
| network_id | 99870bf3-69f2-4784-b381-543031698ba6 |
| subnetpool_id | |
| tenant_id | 3a76f6def02b417d91ec9278b7bff6f2 |
| updated_at | 2019-04-09T14:13:08 |
+-------------------+-------------------------------------------------------+
- 创建网络(Self-Service Network)
[root@controller ~]# . demo-openrc
[root@controller ~]# neutron net-create selfservice
Created a new network:
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2019-04-09T14:16:16 |
| description | |
| id | 5267421c-d411-48c2-ac0d-9f14cd4659d7 |
| ipv4_address_scope | |
| ipv6_address_scope | |
| mtu | 1450 |
| name | selfservice |
| port_security_enabled | True |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | d94a719f93844a2e90da8ee3ec95a999 |
| updated_at | 2019-04-09T14:16:16 |
+-------------------------+--------------------------------------+
[root@controller ~]# neutron subnet-create --name selfservice \
> --dns-nameserver 114.114.114.114 --gateway 172.16.1.1 \
> selfservice 172.16.1.0/24
Created a new subnet:
+-------------------+------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------+
| allocation_pools | {"start": "172.16.1.2", "end": "172.16.1.254"} |
| cidr | 172.16.1.0/24 |
| created_at | 2019-04-09T14:18:08 |
| description | |
| dns_nameservers | 114.114.114.114 |
| enable_dhcp | True |
| gateway_ip | 172.16.1.1 |
| host_routes | |
| id | 9d27bc42-e396-4a5a-a9cc-753c4c1e4f65 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | selfservice |
| network_id | 5267421c-d411-48c2-ac0d-9f14cd4659d7 |
| subnetpool_id | |
| tenant_id | d94a719f93844a2e90da8ee3ec95a999 |
| updated_at | 2019-04-09T14:18:08 |
+-------------------+------------------------------------------------+
[root@controller ~]# . admin-openrc
[root@controller ~]# neutron net-update provider --router:external
Updated network: provider
[root@controller ~]# . demo-openrc
[root@controller ~]# neutron router-create router
Created a new router:
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| description | |
| external_gateway_info | |
| id | fe27e064-3549-414a-9ddf-df8d26bde1c7 |
| name | router |
| routes | |
| status | ACTIVE |
| tenant_id | d94a719f93844a2e90da8ee3ec95a999 |
+-------------------------+--------------------------------------+
[root@controller ~]# neutron router-interface-add router selfservice
Added interface 64df9078-607d-4564-919d-cb1f4fa97856 to router router.
[root@controller ~]# neutron router-gateway-set router provider
Set gateway for router router
[root@controller ~]# . admin-openrc
[root@controller ~]# ip netns #查看网络名称空间
qrouter-fe27e064-3549-414a-9ddf-df8d26bde1c7 (id: 2)
qdhcp-5267421c-d411-48c2-ac0d-9f14cd4659d7 (id: 1)
qdhcp-99870bf3-69f2-4784-b381-543031698ba6 (id: 0)
[root@controller ~]# neutron router-port-list router
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+
| 1e2a8c51-6bc7-4a01-9ded-6ce90d611b15 | | fa:16:3e:77:cc:cc | {"subnet_id": "991405b9-4f87-415e-b3ef-6a613e5a8b7d", "ip_address": "192.168.124.52"} |
| 64df9078-607d-4564-919d-cb1f4fa97856 | | fa:16:3e:39:4e:15 | {"subnet_id": "9d27bc42-e396-4a5a-a9cc-753c4c1e4f65", "ip_address": "172.16.1.1"} |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+
- 创建一个实例
[root@controller ~]# . demo-openrc
[root@controller ~]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
+----+-----------+-------+------+-----------+-------+-----------+
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 78acfd89-fbe8-4009-90ba-fcda26d2a107 | cirros | active |
+--------------------------------------+--------+--------+
[root@controller ~]# openstack network list
+--------------------------------------+-------------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+-------------+--------------------------------------+
| 99870bf3-69f2-4784-b381-543031698ba6 | provider | 991405b9-4f87-415e-b3ef-6a613e5a8b7d |
| 5267421c-d411-48c2-ac0d-9f14cd4659d7 | selfservice | 9d27bc42-e396-4a5a-a9cc-753c4c1e4f65 |
+--------------------------------------+-------------+--------------------------------------+
[root@controller ~]# openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+
| ID | Name | Description | Project |
+--------------------------------------+---------+------------------------+----------------------------------+
| a692a42c-bd57-430f-acbc-5473bf925c8c | default | Default security group | d94a719f93844a2e90da8ee3ec95a999 |
+--------------------------------------+---------+------------------------+----------------------------------+
[root@controller ~]# openstack server create --flavor m1.tiny --image cirros \
> --nic net-id=5267421c-d411-48c2-ac0d-9f14cd4659d7 --security-group default \
> --key-name mykey selfservice-instance
+--------------------------------------+-----------------------------------------------+
| Field | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | NH7zMf4swBAm |
| config_drive | |
| created | 2019-04-09T14:50:33Z |
| flavor | m1.tiny (1) |
| hostId | |
| id | 2665c153-e26d-4b58-952f-3ee67f1954dc |
| image | cirros (78acfd89-fbe8-4009-90ba-fcda26d2a107) |
| key_name | mykey |
| name | selfservice-instance |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | d94a719f93844a2e90da8ee3ec95a999 |
| properties | |
| security_groups | [{u'name': u'default'}] |
| status | BUILD |
| updated | 2019-04-09T14:50:33Z |
| user_id | 4af0aec1e50742cd88f3d1b426424c9f |
+--------------------------------------+-----------------------------------------------+
[root@controller ~]# openstack server list
八、Dashboard
[root@controller ~]# yum install openstack-dashboard -y
[root@controller ~]# vim /etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*', ]
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'default'
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
'enable_router': False,
'enable_quotas': False,
'enable_ipv6': True,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
'default_ipv4_subnet_pool_label': None,
'default_ipv6_subnet_pool_label': None,
'profile_support': None,
'supported_provider_types': ['*'],
'supported_vnic_types': ['*'],
}
TIME_ZONE = "Asia/Shanghai"
[root@controller ~]# yum install memcached -y
[root@controller ~]# systemctl enable httpd.service memcached.service
[root@controller ~]# systemctl restart httpd.service memcached.service
访问:http://controller/dashboard default/admin/admin
OpenStack-Mitaka的更多相关文章
- OpenStack Mitaka安装
http://egon09.blog.51cto.com/9161406/1839667 前言: openstack的部署非常简单,简单的前提建立在扎实的理论功底,本人一直觉得,玩技术一定是理论指导实 ...
- openstack项目【day24】:OpenStack mitaka部署
前言: openstack的部署非常简单,简单的前提建立在扎实的理论功底,本人一直觉得,玩技术一定是理论指导实践,网上遍布个种搭建方法都可以实现一个基本的私有云环境,但是诸位可曾发现,很多配置都是重复 ...
- OpenStack Mitaka/Newton/Ocata/Pike 各版本功能贴整理
逝者如斯,刚接触OpenStack的时候还只是第9版本IceHouse.前几天也看到了刘大咖更新了博客,翻译了Mirantis博客文章<OpenStack Pike 版本中的 53 个新功能盘点 ...
- OpenStack Mitaka HA部署方案(随笔)
[Toc] https://github.com/wanstack/AutoMitaka # 亲情奉献安装openstack HA脚本 使用python + shell,完成了基本的核心功能(纯二层的 ...
- Win10+VirtualBox+Openstack Mitaka
首先VirtualBox安装的话,没有什么可演示的,去官网(https://www.virtualbox.org/wiki/Downloads)下载,或者可以去(https://www.virtual ...
- OpenStack Mitaka 版本中的 domain 和 admin
OpenStack 的 Keystone V3 中引入了 Domain 的概念.引入这个概念后,关于 admin 这个role 的定义就变得复杂了起来. 本文测试环境是社区 Mitaka 版本. 1. ...
- 在ubuntu14.04上安装openstack mitaka
最近在工作环境安装部署了juno版本,在GE口测试网络性能不太满意,发现mitaka版本支持ovs-dpdk,于是抽时间安装实验一番. 参考官网的安装文档,先准备将mitaka版本安装好再配置ovs. ...
- 云计算之阿里仓库停止openstack mitaka源报错“No package centos-release-openstack-mitaka available.”
之前学习了一个月的openstack的mitaka版本,写完脚本放置一段时间,最近准备正式部署突然发现 No package centos-release-openstack-mitaka avail ...
- Openstack Mitaka 负载均衡 LoadBalancerv2
最近研究了一下Openstack负载均衡,yum源和源码级别的安装都尝试成功了.网上有很多文章都是LoadBalancerv1,这个已经被放弃了.所以写一下自己是如何使用LoadBalancerv ...
- CentOS阿里仓库停止openstack mitaka源服务报错------“No package centos-release-openstack-mitaka available.”
之前学习了一个月的openstack的mitaka版本,部署完后放置一段时间,最近准备正式部署突然发现“No package centos-release-openstack-mitaka avail ...
随机推荐
- Linux系统设置Samba共享笔记
# "不允许一个用户使用一个以上用户名与服务器或共享资源的多重连接" C: 之前曾经与主机成功进行连接,连接断开后未将连接状态清除 $: net use */del /y # &q ...
- Jenkins+maven+SVN构建java项目中遇到的问题及解决
[ERROR] No goals have been specified for this build. You must specify a valid lifecycle phase or a g ...
- ParksLink修改密码
设置环境变量: ?set classpath=D:\ptc\PartsLink\srclib\jmxcore\WtLogR.jar;D:\ptc\PartsLink\srclib\log4j.jar; ...
- 【HDU5391】Zball in Tina Town
[题目大意] 一个球初始体积为1,一天天变大,第一天变大1倍,第二天变大2倍,第n天变大n倍.问当第 n-1天的时候,体积变为多少.注意答案对n取模. [题解] 根据威尔逊定理:(n-1)! mod ...
- libevent源码深度剖析九
libevent源码深度剖析九 ——集成定时器事件 张亮 现在再来详细分析libevent中I/O事件和Timer事件的集成,与Signal相比,Timer事件的集成会直观和简单很多.Libevent ...
- Android Studio 编译提示 No installed build tools found. Please install the Android build tools
添加 ANDROID_HOME=D:\Android\adt-bundle-windows\sdk 系统变量即可
- Tensorflow训练结果测试
代码参考(https://blog.csdn.net/disiwei1012/article/details/79928679) import osimport sysimport randomimp ...
- 8.INSERT INTO 语句 UPDATE 语句
1. INSERT INTO 语句 INSERT INTO 语句用于向表格中插入新的行. 语法 INSERT INTO 表名称 VALUES (值1, 值2,....) INSERT INTO Per ...
- Classification and Prediction
# coding: utf-8 # In[128]: get_ipython().magic(u'matplotlib inline') import pandas as pd from pandas ...
- ofbiz
http://www.cnblogs.com/Ivan-j2ee/category/404613.html 本类别主要收集一些关于ofbiz的技术文档,包括一些原创文档