最新消息: USBMI致力于为网友们分享Windows、安卓、IOS等主流手机系统相关的资讯以及评测、同时提供相关教程、应用、软件下载等服务。

openstack云计算平台

业界 admin 7浏览 0评论

文章目录

    • openstack简介
    • 1 openstack环境部署
      • 1.1主机网络和解析
      • 1.2网络时间协议,所有的节点时间一直
      • 1.3OpenStack包
      • 1.4 SQL数据库
      • 1.5 消息队列
      • 1.6 memcached
    • 2.认证服务
      • 2.1 安装和配置
        • 1)先决条件
        • 2)安全并配置组件
        • 3)配置 Apache HTTP 服务器
      • 2.2 创建服务实体和API端点
      • 2.3 创建域、项目、用户和角色
      • 2.3 验证操作
      • 2.4 创建 OpenStack 客户端环境脚本
    • 3 镜像服务
      • 3.1 安装和配置
      • 3.2 安全并配置组件
      • 3.3 验证操作
    • 4.计算服务nova
      • 4.1 安装并配置控制节点
      • 4.2 安装并配置计算节点
        • 1)计算节点server2环境部署
        • 2)安装和配置计算节点
        • 3)验证操作
    • 5.Networking 服务
      • 5.1 安装并配置控制节点
      • 5.2 网络选项1:公共网络
      • 5.3 继续配置控制节点
      • 5.4 安装和配置计算节点
      • 5.5 网络选项1:公共网络
      • 5.6 继续配置计算节点
      • 5.7 验证操作
    • 6.启动一个实例
        • 1)提供者网络
        • 2)创建m1.nano规格的主机
        • 3)生成一个键值对
        • 4)增加安全组规则
        • 5)启动一个实例
    • 7.dashboard可视化界面
      • 7.1 安全并配置组件
      • 7.2 验证操作
    • 8 dashboard可视化界面添加私有网络配置
      • 8.1 控制节点->网络选项2:私有网络
      • 8.2 计算节点网络选项2:私有网络
    • 9.镜像服务
      • 9.1 安装虚拟机
      • 9.2 上传镜像
    • 10.块存储服务
      • 10.1 先决条件
      • 10.2 安装并配置控制节点


openstack简介

openstack云计算平台官网:https://docs.openstack/mitaka/zh_CN/install-guide-rdo/

  • OpenStack就是一个云操作系统,目的是简化云的部署过程,并为其带来良好的可扩展性。它控制整个数据中心的计算、存储和网络资源的大型池,所有这些都通过具有通用身份验证机制的api进行管理和配置。
  • 还提供了一个仪表板,允许管理员控制,同时允许用户通过web界面提供资源
  • 除了标准的基础设施即服务功能外,其他组件还提供编排、故障管理和服务管理等服务,以确保用户应用程序的高可用性。
  • 整个OpenStack是由控制节点,计算节点,网络节点,存储节点四大部分组成。计算服务、认证服务、网络服务、镜像服务、块存储服务、对象存储服务、计量服务、编排服务和数据库服务。
  • openstack重要集成组件:
    <1> Horizon: UI服务,用于管理Openstack各种服务的、基于web的管理(UI界面)接口通过图形界面实现创建用户、管理网络、启动实例等操作.
    <2>Keystone: 认证服务,为其他服务提供认证和授权的集中身份管理服务;
    – 也提供了集中的目录服务;
    – 支持多种身份认证模式,如密码认证、令牌认证、以及AWS(亚马逊Web服务)登陆;
    – 为用户和其他服务提供了SSO认证服务;
    <3>Neutron: 一种软件定义网络服务;
    – 用于创建网络、子网、路由器、管理浮动IP地址;
    – 可以实现虚拟交换机、虚拟路由器;
    – 可用于在项目中创建VPN;
    <4>Cinder: 块存储服务
    – 为虚拟机管理存储卷的服务;
    – 为运行在Nova中的实例提供永久的块存储;
    – 可以通过快照进行数据备份;
    – 经常应用在实例存储环境中,如数据库文件;
    <5>Glance: 镜像服务
    – 扮演虚拟机镜像注册的角色;
    – 允许用户为直接存储拷贝服务器镜像;
    – 这些镜像可以用于新建虚拟机的模板;
    <6>Nova:计算服务
    –在节点上用于管理虚拟机的服务;
    –Nova是一个分布式的服务,能够与Keystone交互实现认证,与Glance交互实现镜像管理;
    –Nova被设计成在标准硬件上能够进行水平扩展;
    –启动实例时,如果有则需要下载镜像;

1 openstack环境部署

##新建一个快照server1,内存4096,两个虚拟网卡,4个CPU,模式是直通host-passthrough
##若添加的网卡不是eth1,就在server1中vim /boot/grub2/grubenv 添加net.ifnames=0

1.1主机网络和解析

https://docs.openstack/mitaka/zh_CN/install-guide-rdo/environment-networking.html
[root@server1 ~]# ip addr
[root@server1 ~]# cd /etc/sysconfig/network-scripts/
[root@server1 network-scripts]# cp ifcfg-eth0 ifcfg-eth1
[root@server1 network-scripts]# vim ifcfg-eth1
[root@server1 network-scripts]# cat ifcfg-eth1
BOOTPROTO=none
DEVICE=eth1
ONBOOT=yes
[root@server1 network-scripts]# ifup eth1##启动eth1
[root@server1 network-scripts]# ip addr show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
[root@server1 ~]# vim /etc/hosts
172.25.3.1 controller
172.25.3.2 compute1
172.25.3.3 block1
[root@server1 ~]# hostnamectl set-hostname controller
[root@server1 ~]# logout##断开重连server1
[root@zhenji images]# ssh 172.25.3.1

1.2网络时间协议,所有的节点时间一直

宿主机(真机)同步172.25.254.250,虚拟机(快照)同步宿主机(172.25.3.250)
若宿主机能联网,直接宿主机同步也行。所有节点与控制节点一致。

[root@controller ~]# yum install chrony -y
[root@controller ~]# vim /etc/chrony.conf
##第三行添加
server 172.25.3.250 iburst##宿主机的Ip
[root@zhenji ~]# vim /etc/chrony.conf
server 172.25.254.250 iburst
[root@controller ~]# systemctl enable --now chronyd
[root@controller ~]# chronyc sources -v##时间同步
^* zhenji                        4   6   377     6   +183us[ +346us] +/-   34ms


1.3OpenStack包

[root@zhenji ~]# cd /var/www/html/
[root@zhenji html]# ls##下载该目录下rpm包
mitaka
[root@zhenji html mitaka]# ls
bootswatch-common-3.3.5.3-2.el7.noarch.rpm
bootswatch-fonts-3.3.5.3-2.el7.noarch.rpm
crudini-0.7-1.el7.noarch.rpm
dibbler-client-1.0.1-0.RC1.2.el7.x86_64.rpm
dnsmasq-utils-2.66-21.el7.x86_64.rpm
erlang-asn1-18.3.4.4-2.el7.x86_64.rpm
erlang-compiler-18.3.4.4-2.el7.x86_64.rpm
erlang-crypto-18.3.4.4-2.el7.x86_64.rpm
erlang-eldap-18.3.4.4-2.el7.x86_64.rpm
erlang-erts-18.3.4.4-2.el7.x86_64.rpm
erlang-hipe-18.3.4.4-2.el7.x86_64.rpm
erlang-inets-18.3.4.4-2.el7.x86_64.rpm
erlang-kernel-18.3.4.4-2.el7.x86_64.rpm
erlang-mnesia-18.3.4.4-2.el7.x86_64.rpm
erlang-os_mon-18.3.4.4-2.el7.x86_64.rpm
erlang-otp_mibs-18.3.4.4-2.el7.x86_64.rpm
erlang-public_key-18.3.4.4-2.el7.x86_64.rpm
erlang-runtime_tools-18.3.4.4-2.el7.x86_64.rpm
erlang-sasl-18.3.4.4-2.el7.x86_64.rpm
erlang-sd_notify-0.1-9.el7.x86_64.rpm
erlang-snmp-18.3.4.4-2.el7.x86_64.rpm
erlang-ssl-18.3.4.4-2.el7.x86_64.rpm
erlang-stdlib-18.3.4.4-2.el7.x86_64.rpm
erlang-syntax_tools-18.3.4.4-2.el7.x86_64.rpm
erlang-tools-18.3.4.4-2.el7.x86_64.rpm
erlang-xmerl-18.3.4.4-2.el7.x86_64.rpm
fontawesome-fonts-4.4.0-1.el7.noarch.rpm
fontawesome-fonts-web-4.4.0-1.el7.noarch.rpm
gperftools-libs-2.4-7.el7.i686.rpm
gperftools-libs-2.4.91-1.el7.x86_64.rpm
ipxe-roms-qemu-20160127-1.git6366fa7a.el7.noarch.rpm
libimagequant-2.8.2-2.el7.x86_64.rpm
libnetfilter_queue-1.0.2-2.el7.x86_64.rpm
libxslt-python-1.1.28-5.el7.x86_64.rpm
mariadb-10.1.20-1.el7.x86_64.rpm
mariadb-common-10.1.20-1.el7.x86_64.rpm
mariadb-config-10.1.20-1.el7.x86_64.rpm
mariadb-errmsg-10.1.20-1.el7.x86_64.rpm
mariadb-libs-10.1.20-1.el7.x86_64.rpm
mariadb-server-10.1.20-1.el7.x86_64.rpm
mdi-common-1.1.70.1-5.el7.noarch.rpm
mdi-fonts-1.1.70.1-5.el7.noarch.rpm
memcached-1.4.33-2.el7.x86_64.rpm
novnc-0.5.1-2.el7.noarch.rpm
openjpeg2-2.1.2-1.el7.x86_64.rpm
openstack-cinder-8.1.0-1.el7.noarch.rpm
openstack-dashboard-9.0.1-1.el7.noarch.rpm
openstack-glance-12.0.0-1.el7.noarch.rpm
openstack-keystone-9.2.0-1.el7.noarch.rpm
openstack-neutron-8.3.0-1.el7.noarch.rpm
openstack-neutron-common-8.3.0-1.el7.noarch.rpm
openstack-neutron-linuxbridge-8.3.0-1.el7.noarch.rpm
openstack-neutron-ml2-8.3.0-1.el7.noarch.rpm
openstack-nova-api-13.1.2-1.el7.noarch.rpm
openstack-nova-common-13.1.2-1.el7.noarch.rpm
openstack-nova-compute-13.1.2-1.el7.noarch.rpm
openstack-nova-conductor-13.1.2-1.el7.noarch.rpm
openstack-nova-console-13.1.2-1.el7.noarch.rpm
openstack-nova-novncproxy-13.1.2-1.el7.noarch.rpm
openstack-nova-scheduler-13.1.2-1.el7.noarch.rpm
openstack-selinux-0.7.13-2.el7.noarch.rpm
openstack-utils-2016.1-1.el7.noarch.rpm
pyOpenSSL-0.15.1-1.el7.noarch.rpm
pyparsing-2.0.7-1.el7.noarch.rpm
pysendfile-2.0.0-5.el7.x86_64.rpm
python2-appdirs-1.4.0-4.el7.noarch.rpm
python2-babel-2.3.4-1.el7.noarch.rpm
python2-castellan-0.4.0-1.el7.noarch.rpm
python2-cffi-1.5.2-1.el7.x86_64.rpm
python2-cinderclient-1.6.0-2.el7.noarch.rpm
python2-cryptography-1.2.1-3.el7.x86_64.rpm
python2-debtcollector-1.3.0-1.el7.noarch.rpm
python2-designateclient-2.1.0-1.el7.noarch.rpm
python2-eventlet-0.17.4-4.el7.noarch.rpm
python2-fasteners-0.14.1-6.el7.noarch.rpm
python2-funcsigs-0.4-2.el7.noarch.rpm
python2-futurist-0.13.0-1.el7.noarch.rpm
python2-gflags-2.0-5.el7.noarch.rpm
python2-glanceclient-2.0.1-2.el7.noarch.rpm
python2-google-api-client-1.4.2-4.el7.noarch.rpm
python2-greenlet-0.4.9-1.el7.x86_64.rpm
python2-heatclient-1.1.0-2.el7.noarch.rpm
python2-iso8601-0.1.11-1.el7.noarch.rpm
python2-jsonpatch-1.14-1.el7.noarch.rpm
python2-jsonpointer-1.10-4.el7.noarch.rpm
python2-keystoneauth1-2.4.1-1.el7.noarch.rpm
python2-mock-1.3.0-2.el7.noarch.rpm
python2-neutronclient-4.1.2-1.el7.noarch.rpm
python2-novaclient-3.3.2-1.el7.noarch.rpm
python2-numpy-1.11.2-2.el7.x86_64.rpm
python2-oauth2client-1.5.2-3.el7.1.noarch.rpm
python2-olefile-0.44-1.el7.noarch.rpm
python2-openstacksdk-0.8.3-1.el7.noarch.rpm
python2-os-brick-1.1.0-1.el7.noarch.rpm
python2-os-client-config-1.16.0-1.el7.noarch.rpm
python2-oslo-cache-1.6.0-1.el7.noarch.rpm
python2-oslo-concurrency-3.7.1-3.el7.noarch.rpm
python2-oslo-config-3.9.0-1.el7.noarch.rpm
python2-oslo-context-2.2.0-2.el7.noarch.rpm
python2-oslo-db-4.7.1-1.el7.noarch.rpm
python2-oslo-i18n-3.5.0-1.el7.noarch.rpm
python2-oslo-log-3.3.0-1.el7.noarch.rpm
python2-oslo-messaging-4.6.1-1.el7.noarch.rpm
python2-oslo-middleware-3.8.0-1.el7.noarch.rpm
python2-oslo-policy-1.6.0-1.el7.noarch.rpm
python2-oslo-reports-1.7.0-1.el7.noarch.rpm
python2-oslo-rootwrap-4.1.0-1.el7.noarch.rpm
python2-oslo-serialization-2.4.0-2.el7.noarch.rpm
python2-oslo-service-1.8.0-1.el7.noarch.rpm
python2-oslo-utils-3.8.0-2.el7.noarch.rpm
python2-oslo-versionedobjects-1.8.0-1.el7.noarch.rpm
python2-oslo-vmware-2.5.0-1.el7.noarch.rpm
python2-passlib-1.7.0-4.el7.noarch.rpm
python2-pecan-1.0.2-2.el7.noarch.rpm
python2-pika-0.10.0-3.el7.noarch.rpm
python2-pika_pool-0.1.3-3.el7.noarch.rpm
python2-pillow-4.0.0-1.el7.x86_64.rpm
python2-positional-1.0.1-1.el7.noarch.rpm
python2-psutil-5.0.1-2.el7.x86_64.rpm
python2-pyasn1-0.1.9-6.el7.1.noarch.rpm
python2-pyasn1-modules-0.1.9-6.el7.1.noarch.rpm
python2-pycadf-2.2.0-1.el7.noarch.rpm
python2-PyMySQL-0.7.9-2.el7.noarch.rpm
python2-pysaml2-3.0.2-2.el7.noarch.rpm
python2-pysocks-1.5.6-3.el7.noarch.rpm
python2-rcssmin-1.0.6-2.el7.x86_64.rpm
python2-requests-2.11.1-1.el7.noarch.rpm
python2-requestsexceptions-1.1.3-1.el7.noarch.rpm
python2-rfc3986-0.3.1-1.el7.noarch.rpm
python2-rjsmin-1.0.12-2.el7.x86_64.rpm
python2-rsa-3.3-2.el7.noarch.rpm
python2-ryu-4.3-2.el7.noarch.rpm
python2-saharaclient-0.14.1-1.el7.noarch.rpm
python2-scipy-0.17.0-2.el7.x86_64.rpm
python2-scss-1.3.4-6.el7.x86_64.rpm
python2-setuptools-22.0.5-1.el7.noarch.rpm
python2-singledispatch-3.4.0.3-4.el7.noarch.rpm
python2-stevedore-1.12.0-2.el7.noarch.rpm
python2-suds-0.7-0.4.94664ddd46a6.el7.noarch.rpm
python2-swiftclient-3.0.0-3.el7.noarch.rpm
python2-taskflow-1.30.0-3.el7.noarch.rpm
python2-troveclient-2.1.2-2.el7.noarch.rpm
python2-uri-templates-0.6-5.el7.noarch.rpm
python2-urllib3-1.16-1.el7.noarch.rpm
python2-wsme-0.8.0-1.el7.noarch.rpm
python2-XStatic-1.0.1-8.el7.noarch.rpm
python2-XStatic-bootswatch-3.3.5.3-2.el7.noarch.rpm
python2-XStatic-mdi-1.1.70.1-5.el7.noarch.rpm
python2-XStatic-roboto-fontface-0.4.3.2-8.el7.noarch.rpm
python2-zake-0.2.2-2.el7.noarch.rpm
python-alembic-0.8.7-1.el7.noarch.rpm
python-amqp-1.4.6-1.el7.noarch.rpm
python-anyjson-0.3.3-3.el7.noarch.rpm
python-automaton-1.2.0-1.el7.noarch.rpm
python-beautifulsoup4-4.4.1-3.el7.noarch.rpm
python-boto-2.34.0-4.el7.noarch.rpm
python-cachetools-1.0.3-2.el7.noarch.rpm
python-ceilometerclient-2.4.0-1.el7.noarch.rpm
python-cheetah-2.4.4-4.el7.x86_64.rpm
python-cinder-8.1.0-1.el7.noarch.rpm
python-cliff-2.0.0-1.el7.noarch.rpm
python-cliff-tablib-1.1-3.el7.noarch.rpm
python-cmd2-0.6.8-8.el7.noarch.rpm
python-contextlib2-0.4.0-1.el7.noarch.rpm
python-crypto-2.6.1-1.el7.x86_64.rpm
python-dateutil-2.4.2-1.el7.noarch.rpm
python-django-1.8.14-1.el7.noarch.rpm
python-django-appconf-1.0.1-4.el7.noarch.rpm
python-django-bash-completion-1.8.14-1.el7.noarch.rpm
python-django-compressor-2.0-1.el7.noarch.rpm
python-django-horizon-9.0.1-1.el7.noarch.rpm
python-django-openstack-auth-2.2.1-1.el7.noarch.rpm
python-django-pyscss-2.0.2-1.el7.noarch.rpm
python-dogpile-cache-0.5.7-3.el7.noarch.rpm
python-dogpile-core-0.4.1-2.el7.noarch.rpm
python-ecdsa-0.11-3.el7.noarch.rpm
python-editor-0.4-4.el7.noarch.rpm
python-extras-0.0.3-2.el7.noarch.rpm
python-fixtures-3.0.0-2.el7.noarch.rpm
python-futures-3.0.3-1.el7.noarch.rpm
python-glance-12.0.0-1.el7.noarch.rpm
python-glance-store-0.13.1-1.el7.noarch.rpm
python-html5lib-0.999-5.el7.noarch.rpm
python-httplib2-0.9.2-1.el7.noarch.rpm
python-idna-2.0-1.el7.noarch.rpm
python-ipaddress-1.0.16-3.el7.noarch.rpm
python-jsonschema-2.3.0-1.el7.noarch.rpm
python-kazoo-2.2.1-1.el7.noarch.rpm
python-keyring-5.7.1-1.el7.noarch.rpm
python-keystone-9.2.0-1.el7.noarch.rpm
python-keystoneclient-2.3.1-2.el7.noarch.rpm
python-keystonemiddleware-4.4.1-1.el7.noarch.rpm
python-kombu-3.0.32-1.el7.noarch.rpm
python-ldappool-1.0-4.el7.noarch.rpm
python-lesscpy-0.9j-4.el7.noarch.rpm
python-linecache2-1.0.0-1.el7.noarch.rpm
python-lockfile-0.9.1-4.el7.noarch.rpm
python-logutils-0.3.3-3.el7.noarch.rpm
python-markdown-2.4.1-1.el7.noarch.rpm
python-memcached-1.54-3.el7.noarch.rpm
python-migrate-0.10.0-1.el7.noarch.rpm
python-mimeparse-0.1.4-1.el7.noarch.rpm
python-monotonic-0.6-1.el7.noarch.rpm
python-msgpack-0.4.6-3.el7.x86_64.rpm
python-ncclient-0.4.2-2.el7.noarch.rpm
python-netaddr-0.7.18-1.el7.noarch.rpm
python-netifaces-0.10.4-1.el7.x86_64.rpm
python-networkx-1.10-1.el7.noarch.rpm
python-networkx-core-1.10-1.el7.noarch.rpm
python-neutron-8.3.0-1.el7.noarch.rpm
python-neutron-lib-0.0.3-1.el7.noarch.rpm
python-nose-1.3.7-7.el7.noarch.rpm
python-nova-13.1.2-1.el7.noarch.rpm
python-oauthlib-0.7.2-5.20150520git514cad7.el7.noarch.rpm
python-openstackclient-2.3.0-1.el7.noarch.rpm
python-osprofiler-1.2.0-1.el7.noarch.rpm
python-paramiko-1.15.1-1.el7.noarch.rpm
python-paste-deploy-1.5.2-6.el7.noarch.rpm
python-pathlib-1.0.1-1.el7.noarch.rpm
python-pbr-1.8.1-2.el7.noarch.rpm
python-pint-0.6-2.el7.noarch.rpm
python-posix_ipc-0.9.8-1.el7.x86_64.rpm
python-prettytable-0.7.2-1.el7.noarch.rpm
python-pycadf-common-2.2.0-1.el7.noarch.rpm
python-pygments-2.0.2-4.el7.noarch.rpm
python-repoze-lru-0.4-3.el7.noarch.rpm
python-repoze-who-2.1-1.el7.noarch.rpm
python-retrying-1.2.3-4.el7.noarch.rpm
python-routes-1.13-2.el7.noarch.rpm
python-ryu-common-4.3-2.el7.noarch.rpm
python-semantic_version-2.4.2-1.el7.noarch.rpm
python-simplegeneric-0.8-7.el7.noarch.rpm
python-simplejson-3.5.3-5.el7.x86_64.rpm
python-six-1.10.0-3.el7.noarch.rpm
python-sqlalchemy-1.0.11-1.el7.x86_64.rpm
python-sqlparse-0.1.18-5.el7.noarch.rpm
python-tablib-0.10.0-1.el7.noarch.rpm
python-tempita-0.5.1-8.el7.noarch.rpm
python-testtools-1.8.0-2.el7.noarch.rpm
python-tooz-1.34.0-1.el7.noarch.rpm
python-traceback2-1.4.0-2.el7.noarch.rpm
python-unicodecsv-0.14.1-1.el7.noarch.rpm
python-unittest2-1.0.1-1.el7.noarch.rpm
python-versiontools-1.9.1-4.el7.noarch.rpm
python-voluptuous-0.8.9-1.el7.noarch.rpm
python-waitress-0.8.9-5.el7.noarch.rpm
python-warlock-1.0.1-1.el7.noarch.rpm
python-webob-1.4.1-2.el7.noarch.rpm
python-websockify-0.8.0-1.el7.noarch.rpm
python-webtest-2.0.23-1.el7.noarch.rpm
python-wrapt-1.10.8-2.el7.x86_64.rpm
python-XStatic-Angular-1.3.7.0-4.el7.noarch.rpm
python-XStatic-Angular-Bootstrap-0.11.0.2-1.el7.noarch.rpm
python-XStatic-Angular-Gettext-2.1.0.2-1.el7.noarch.rpm
python-XStatic-Angular-lrdragndrop-1.0.2.2-2.el7.noarch.rpm
python-XStatic-Angular-Mock-1.2.1.1-2.el7.noarch.rpm
python-XStatic-Bootstrap-Datepicker-1.3.1.0-1.el7.noarch.rpm
python-XStatic-Bootstrap-SCSS-3.2.0.0-1.el7.noarch.rpm
python-XStatic-D3-3.1.6.2-2.el7.noarch.rpm
python-XStatic-Font-Awesome-4.3.0.0-1.el7.noarch.rpm
python-XStatic-Hogan-2.0.0.2-2.el7.noarch.rpm
python-XStatic-Jasmine-1.3.1.1-2.el7.noarch.rpm
python-XStatic-jQuery-1.10.2.1-1.el7.noarch.rpm
python-XStatic-JQuery-Migrate-1.2.1.1-2.el7.noarch.rpm
python-XStatic-JQuery-quicksearch-2.0.3.1-2.el7.noarch.rpm
python-XStatic-JQuery-TableSorter-2.14.5.1-2.el7.noarch.rpm
python-XStatic-jquery-ui-1.10.4.1-1.el7.noarch.rpm
python-XStatic-JSEncrypt-2.0.0.2-2.el7.noarch.rpm
python-XStatic-Magic-Search-0.2.0.1-2.el7.noarch.rpm
python-XStatic-QUnit-1.14.0.2-2.el7.noarch.rpm
python-XStatic-Rickshaw-1.5.0.0-4.el7.noarch.rpm
python-XStatic-smart-table-1.4.5.3-5.el7.1.noarch.rpm
python-XStatic-Spin-1.2.5.2-2.el7.noarch.rpm
python-XStatic-termjs-0.0.4.2-2.el7.noarch.rpm
python-zope-interface-4.0.5-4.el7.x86_64.rpm
rabbitmq-server-3.6.5-1.el7.noarch.rpm
repodata
roboto-fontface-common-0.4.3.2-8.el7.noarch.rpm
roboto-fontface-fonts-0.4.3.2-8.el7.noarch.rpm
web-assets-filesystem-5-1.el7.noarch.rpm

[root@controller ~]# vim /etc/yum.repos.d/openstack.repo
[root@controller ~]# cat /etc/yum.repos.d/openstack.repo
[openstack]
name=mitaka
baseurl=http://172.25.3.250/mitaka
gpgcheck=0

[root@controller ~]# yum repolist
[root@controller ~]# yum upgrade
[root@controller ~]# yum install python-openstackclient -y

1.4 SQL数据库

大多数 OpenStack 服务使用 SQL 数据库来存储信息。 典型地,数据库运行在控制节点上。

[root@controller ~]# yum install mariadb mariadb-server python2-PyMySQL -y
[root@controller ~]# vim /etc/myf.d/openstackf
[root@controller ~]# cat /etc/myf.d/openstackf
[mysqld]
bind-address = 172.25.3.1
default-storage-engine = innodb##默认引擎
innodb_file_per_table
max_connections = 4096##最大连接数
collation-server = utf8_general_ci
character-set-server = utf8
[root@controller ~]# systemctl enable --now mariadb.service 
[root@controller ~]# mysql_secure_installation ##数据库安全初始化,密码之后都是y
包含选项: 提示输入密码,没有密码就直接回车
提示设置root user密码  Y
生产环境建议删除系统创建的匿名用户  Y
禁止root用户远程登录  Y
删除test数据库  Y
重载权限表  Y

1.5 消息队列

OpenStack 使用 message queue 协调操作和各服务的状态信息。消息队列服务一般运行在控制节点上。

[root@controller ~]# yum install rabbitmq-server -y
[root@controller ~]# systemctl enable --now rabbitmq-server.service
##添加 openstack 用户,用户和密码都是openstack
[root@controller ~]# rabbitmqctl add_user openstack openstack
##给``openstack``用户配置写和读权限
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
[root@controller ~]# rabbitmq-plugins enable rabbitmq_management
[root@controller ~]# netstat -antlp
tcp        0      0 0.0.0.0:15672           0.0.0.0:*               LISTEN  

网页访问http://172.25.3.1:15672,用户和密码是guest

[root@controller ~]# rabbitmqctl --help
[root@controller ~]# rabbitmqctl list_users
[root@controller ~]# rabbitmqctl list_user_permissions openstack
Listing permissions for user "openstack" ...
/	.*	.*	.*
[root@controller ~]# rabbitmqctl authenticate_user openstack openstack

1.6 memcached

认证服务认证缓存使用Memcached缓存令牌

[root@controller ~]# yum install memcached python-memcached -y
[root@controller ~]# vim /etc/sysconfig/memcached 
#OPTIONS="-l 127.0.0.1,::1"##注释监听本机,就可以监听所有端口
[root@controller ~]# systemctl enable --now memcached.service
[root@controller ~]# netstat -antlp|grep :11211
tcp        0      0 0.0.0.0:11211           0.0.0.0:*               LISTEN      17596/memcached     
tcp6       0      0 :::11211                :::*                    LISTEN      17596/memcached    

2.认证服务

2.1 安装和配置

1)先决条件

##创建一个数据库

[root@controller ~]# mysql -u root -pwestos
MariaDB [(none)]> CREATE DATABASE keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
    ->   IDENTIFIED BY 'keystone';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
    ->   IDENTIFIED BY 'keystone';

###生成一个随机值在初始的配置中作为管理员的令牌token

[root@controller ~]# openssl rand -hex 10
0c933701b5bf4cbc08f1
2)安全并配置组件
[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y
[root@controller ~]# grep -v ^# /etc/keystone/keystone.conf |uniq
[root@controller ~]# vim /etc/keystone/keystone.conf
##定义初始管理令牌的值
[DEFAULT]
admin_token =  0c933701b5bf4cbc08f1
##配置数据库访问
[database]
connection = mysql+pymysql://keystone:keystone@controller/keystone
##配置Fernet UUID令牌的提供者
[token]
provider = fernet

##初始化身份认证服务的数据库
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync"  keystone##这里的keystone是系统用户,还有一个mysql用户keystone
[root@controller ~]# id keystone
uid=163(keystone) gid=163(keystone) groups=163(keystone)

[root@controller ~]# mysql -pwestos
MariaDB [(none)]> use keystone
MariaDB [keystone]> show tables;

##初始化Fernet keys
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# cd /etc/keystone/
[root@controller keystone]# ll
drwx------ 2 keystone keystone    24 May  1 11:36 fernet-keys
3)配置 Apache HTTP 服务器
[root@controller ~]# vim /etc/httpd/conf/httpd.conf
ServerName controller
[root@controller ~]# vim  /etc/httpd/conf.d/wsgi-keystone.conf
[root@controller ~]# cat /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000##普通用户
Listen 35357##admin

<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

[root@controller ~]# systemctl enable --now httpd.service
[root@controller ~]# netstat -antlp
tcp6       0      0 :::35357                :::*                    LISTEN      17916/httpd 

2.2 创建服务实体和API端点

身份认证服务提供服务的目录和他们的位置。每个你添加到OpenStack环境中的服务在目录中需要一个 service 实体和一些 API endpoints 。
###api端点的连接:外部public、内部internal、管理员admin

[root@controller ~]# export OS_TOKEN=0c933701b5bf4cbc08f1#配置认证令牌
[root@controller ~]# export OS_URL=http://controller:35357/v3#配置端点URL
[root@controller ~]# export OS_IDENTITY_API_VERSION=3#配置认证 API 版本
#在你的Openstack环境中,认证服务管理服务目录。服务使用这个目录来决定您的环境中可用的服务。
#创建服务实体和身份认证服务
[root@controller ~]# openstack service create \
>   --name keystone --description "OpenStack Identity" ident^Cy
[root@controller ~]# openstack service create \
>   --name keystone --description "OpenStack Identity" identity
[root@controller ~]# openstack service list
+----------------------------------+----------+----------+
| ID                               | Name     | Type     |
+----------------------------------+----------+----------+
| 5232fb6e30374396ba3a236b11e2a8ee | keystone | identity |
+----------------------------------+----------+----------+
[root@controller ~]# openstack service  --help
身份认证服务管理了一个与您环境相关的 API 端点的目录。服务使用这个目录来决定如何与您环境中的其他服务进行通信。
##创建认证服务的 API 端点
[root@controller ~]# openstack endpoint create --region RegionOne \
>   identity public http://controller:5000/v3
[root@controller ~]# openstack endpoint create --region RegionOne \
>   identity internal http://controller:5000/v3
[root@controller ~]# openstack endpoint create --region RegionOne \
>   identity admin http://controller:35357/v3

2.3 创建域、项目、用户和角色

##创建域``default`
[root@controller ~]# openstack domain create --description "Default Domain" default
##创建 admin 项目
[root@controller ~]# openstack project create --domain default \
>   --description "Admin Project" admin
##创建 admin 用户
[root@controller ~]# openstack user create --domain default --password admin admin
##创建 admin 角色
[root@controller ~]# openstack role create admin
##添加``admin`` 角色到 admin 项目和用户上
[root@controller ~]# openstack role add --project admin --user admin admin

##创建``service``项目:
[root@controller ~]# openstack project create --domain default \
>   --description "Service Project" service
#创建``demo`` 项目
[root@controller ~]# openstack project create --domain default \
>   --description "Demo Project" demo
[root@controller ~]# openstack user create --domain default --password demo demo

[root@controller ~]# openstack role create user
[root@controller ~]# openstack role add --project demo --user demo user

2.3 验证操作

[root@controller ~]# unset OS_TOKEN OS_URL
[root@controller ~]# openstack --os-auth-url http://controller:35357/v3 \
>   --os-project-domain-name default --os-user-domain-name default \
>   --os-project-name admin --os-username admin token issue
Password: admin
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \
>   --os-project-domain-name default --os-user-domain-name default \
>   --os-project-name demo --os-username demo token issue
Password: demo

2.4 创建 OpenStack 客户端环境脚本

[root@controller ~]# vim admin-openrc
[root@controller ~]# cat admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

[root@controller ~]# vim demo-openrc
[root@controller ~]# cat demo-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

[root@controller ~]# source admin-openrc
[root@controller ~]# openstack user list
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 40f72c8ca6e849d18dc4ea61f4caff03 | demo  |
| 909c05b0de4e47f48edf41b547dc1058 | admin |
+----------------------------------+-------+
[root@controller ~]# openstack project list
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 3bcddbdc48bc4de5889a9b3385e886f1 | admin   |
| 632e549039cc4a5d9bb68eca19807845 | service |
| 7279bbbaa2cc482f8b02e879b1ffe378 | demo    |
+----------------------------------+---------+
[root@controller ~]# source demo-openrc##没权限
[root@controller ~]# openstack user list
You are not authorized to perform the requested action: identity:list_users (HTTP 403) (Request-ID: req-f4c91ca1-afa1-4392-a1c6-bb7db0e3467e)
[root@controller ~]# openstack project list
You are not authorized to perform the requested action: identity:list_projects (HTTP 403) (Request-ID: req-c0b9b96e-d430-4ea6-8701-178a7dda995c)
[root@controller ~]# source admin-openrc

3 镜像服务

3.1 安装和配置

创建 glance 数据库,对``glance``数据库授予恰当的权限
[root@controller ~]# mysql -pwestos
MariaDB [(none)]> CREATE DATABASE glance;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
    ->   IDENTIFIED BY 'glance';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%'    IDENTIFIED BY 'glance';

创建 glance 用户
[root@controller ~]# openstack user create --domain default --password glance glance
添加 admin 角色到 glance 用户和 service 项目上
[root@controller ~]# openstack role add --project service --user glance admin
[root@controller ~]# openstack service create --name glance \
>   --description "OpenStack Image" image
#创建镜像服务的 API 端点
[root@controller ~]# openstack endpoint create --region RegionOne \
>   image public http://controller:9292
[root@controller ~]# openstack endpoint create --region RegionOne \
>   image internal http://controller:9292
[root@controller ~]# openstack endpoint create --region RegionOne \
>   image admin http://controller:9292

3.2 安全并配置组件

[root@controller ~]# yum install openstack-glance -y
[root@controller ~]# vim /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:glance@controller/glance

[keystone_authtoken]
uth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance

[paste_deploy]
flavor = keystone

[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/


[root@controller ~]# vim /etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:glance@controller/glance

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance

[paste_deploy]
flavor = keystone

[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
[root@controller ~]# systemctl enable --now openstack-glance-api.service openstack-glance-registry.service

3.3 验证操作

[root@controller ~]# wget http://download.cirros-cloud/0.3.4/cirros-0.3.4-x86_64-disk.img
[root@controller ~]# ls##下载镜像
cirros-0.4.0-x86_64-disk.img 
##使用 QCOW2 磁盘格式, bare 容器格式上传镜像到镜像服务并设置公共可见,这样所有的项目都可以访问它
[root@controller ~]# openstack image create "cirros" \
>   --file cirros-0.4.0-x86_64-disk.img \
>   --disk-format qcow2 --container-format bare \
>   --public

[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| b6822af6-9d93-44e9-99a2-a19017f3ad20 | cirros | active |
+--------------------------------------+--------+--------+
[root@controller ~]# ls /var/lib/glance/images/
b6822af6-9d93-44e9-99a2-a19017f3ad20

4.计算服务nova

4.1 安装并配置控制节点

[root@controller ~]# mysql -pwestos
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%'    IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost'    IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%'    IDENTIFIED BY 'nova'; 


[root@controller ~]# openstack user create --domain default --password nova nova

[root@controller ~]# openstack role add --project service --user nova admin
##创建 nova 服务实体
[root@controller ~]# openstack service create --name nova --description "OpenStack Compute" compute

##创建 Compute 服务 API 端点 3个
[root@controller ~]# openstack endpoint create --region RegionOne \
>   compute public http://controller:8774/v2.1/%\(tenant_id\)s
[root@controller ~]# openstack endpoint create --region RegionOne \
>   compute internal http://controller:8774/v2.1/%\(tenant_id\)s
[root@controller ~]# openstack endpoint create --region RegionOne \
>   compute admin http://controller:8774/v2.1/%\(tenant_id\)s

###安全并配置组件

[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor \
>   openstack-nova-console openstack-nova-novncproxy \
>   openstack-nova-scheduler -y

[root@controller ~]# vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 172.25.3.1
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[api_database]
connection = mysql+pymysql://nova:nova@controller/nova_api

[database]
connection = mysql+pymysql://nova:nova@controller/nova

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova

[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip

[glance]
api_servers = http://controller:9292

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
[root@controller ~]# systemctl enable openstack-nova-api.service \
>   openstack-nova-consoleauth.service openstack-nova-scheduler.service \
>   openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller ~]# systemctl start openstack-nova-api.service \
>   openstack-nova-consoleauth.service openstack-nova-scheduler.service \
>   openstack-nova-conductor.service openstack-nova-novncproxy.service

4.2 安装并配置计算节点

###新建一个快照server2,内存2048,两个虚拟网卡,2个CPU,模式是直通host-passthrough

1)计算节点server2环境部署

%%%网络
[root@server2 ~]# ip addr
[root@server2 ~]# cd /etc/sysconfig/network-scripts/
[root@server2 network-scripts]# cp ifcfg-eth0 ifcfg-eth1
[root@server2 network-scripts]# vim ifcfg-eth1
[root@server2 network-scripts]# cat ifcfg-eth1
BOOTPROTO=none
DEVICE=eth1
ONBOOT=yes
[root@server2 network-scripts]# ifup eth1##启动eth1
[root@server2 network-scripts]# ip addr show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

[root@compute1 ~]# hosnamectl set-hostname compute1

%%%解析
[root@compute1 ~]# vim /etc/hosts
172.25.3.1 controller
172.25.3.2 compute1
172.25.3.3 block1

%%%%时间同步
[root@compute1 ~]# yum install -y chrony
[root@controller ~]# vim /etc/chrony.conf
##第三行添加
server 172.25.3.250 iburst
[root@compute1 ~]# systemctl enable --now chronyd
[root@controller ~]# scp /etc/yum.repos.d/openstack.repo compute1:/etc/yum.repos.d/openstack.repo

2)安装和配置计算节点
[root@compute1 ~]# yum install openstack-nova-compute -y
[root@compute1 ~]# vim /etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 172.25.3.2
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova

[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html

[glance]
api_servers = http://controller:9292

[oslo_concurrency]
lock_path = /var/lib/nova/tmp
3)验证操作
[root@compute1 ~]# egrep -c '(vmx|svm)' /proc/cpuinfo
2
[root@compute1 ~]# systemctl enable --now libvirtd.service openstack-nova-compute.service 
[root@controller ~]# openstack compute service list##都是up

5.Networking 服务

5.1 安装并配置控制节点

[root@controller ~]# mysql -pwestos
MariaDB [(none)]> CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';


[root@controller ~]# openstack user create --domain default --password neutron neutron
[root@controller ~]# openstack role add --project service --user neutron admin

[root@controller ~]# openstack service create --name neutron \
>   --description "OpenStack Networking" network

##创建网络服务API端点
[root@controller ~]# openstack endpoint create --region RegionOne \
>   network public http://controller:9696
[root@controller ~]# openstack endpoint create --region RegionOne \
>   network internal http://controller:9696
[root@controller ~]# openstack endpoint create --region RegionOne \
>   network admin http://controller:9696

5.2 网络选项1:公共网络

[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 \
>   openstack-neutron-linuxbridge ebtables -y
%配置服务组件
[root@controller ~]# vim /etc/neutron/neutron.conf 
[database]
connection = mysql+pymysql://neutron:neutron@controller/neutron

[DEFAULT]
core_plugin = ml2
service_plugins =
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron

[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

%配置 Modular Layer 2 (ML2) 插件

[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini 
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security

[ml2_type_flat]
flat_networks = provider

[securitygroup]
enable_ipset = True


%配置Linuxbridge代理

[root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini 
[linux_bridge]
physical_interface_mappings = provider:eth1

[vxlan]
enable_vxlan = False

[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

%配置DHCP代理
[root@controller ~]# vim /etc/neutron/dhcp_agent.ini 
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True

5.3 继续配置控制节点

%配置元数据代理

[root@controller ~]# vim /etc/neutron/metadata_agent.ini 
[DEFAULT]
nova_metadata_ip = controller
metadata_proxy_shared_secret = westos

%为计算节点配置网络服务

[root@controller ~]# vim /etc/nova/nova.conf 
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron

service_metadata_proxy = True 
metadata_proxy_shared_secret = westos

[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
同步数据库
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

[root@controller ~]# systemctl restart openstack-nova-api.service
[root@controller ~]# systemctl enable --now neutron-server.service   neutron-linuxbridge-agent.service neutron-dhcp-agent.service   neutron-metadata-agent.service

5.4 安装和配置计算节点

[root@compute1 ~]# yum install openstack-neutron-linuxbridge ebtables ipset -y

%配置通用组件
[root@compute1 ~]# vim /etc/neutron/neutron.conf 
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password =  openstack

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

5.5 网络选项1:公共网络

%配置Linuxbridge代理

[root@compute1 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini 
[linux_bridge]
physical_interface_mappings = provider:eth1

[vxlan]
enable_vxlan = False

[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

5.6 继续配置计算节点

%为计算节点配置网络服务

[root@compute1 ~]# vim /etc/nova/nova.conf 
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron

[root@compute1 ~]# systemctl restart openstack-nova-compute.service
[root@compute1 ~]# systemctl enable --now neutron-linuxbridge-agent.service

5.7 验证操作

[root@controller ~]# neutron agent-list

输出结果应该包括控制节点上的三个代理和每个计算节点上的一个代理

6.启动一个实例

1)提供者网络

%创建提供者网络

[root@controller ~]# neutron net-create --shared --provider:physical_network provider \
>   --provider:network_type flat provider
[root@controller ~]# neutron subnet-create --name provider  --allocation-pool start=172.25.3.100,end=172.25.3.200 --dns-nameserver 114.114.114.114 --gateway 172.25.3.250 provider 172.25.3.0/24

下面继续启动一个实例

2)创建m1.nano规格的主机
[root@controller ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
[root@controller ~]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name      |   RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 0  | m1.nano   |    64 |    1 |         0 |     1 | True      |
| 1  | m1.tiny   |   512 |    1 |         0 |     1 | True      |
| 2  | m1.small  |  2048 |   20 |         0 |     1 | True      |
| 3  | m1.medium |  4096 |   40 |         0 |     2 | True      |
| 4  | m1.large  |  8192 |   80 |         0 |     4 | True      |
| 5  | m1.xlarge | 16384 |  160 |         0 |     8 | True      |
+----+-----------+-------+------+-----------+-------+-----------+
3)生成一个键值对
[root@controller ~]# source demo-openrc 
[root@controller ~]# ssh-keygen -q -N ""
[root@controller ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey##
[root@controller ~]#  openstack keypair list

4)增加安全组规则
[root@controller ~]# openstack security group rule create --proto icmp default
[root@controller ~]# openstack security group rule create --proto tcp --dst-port 22 default
5)启动一个实例
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| b6822af6-9d93-44e9-99a2-a19017f3ad20 | cirros | active |
+--------------------------------------+--------+--------+
[root@controller ~]# openstack network list
+-------------------------------------+----------+--------------------------------------+
| ID                                  | Name     | Subnets                              |
+-------------------------------------+----------+--------------------------------------+
| 3d677349-45f9-4509-a307-8477dd630d8 | provider | 0405e3ce-700f-4fe4-9606-e70aeea2a6ac |
| 1                                   |          |                                      |
+-------------------------------------+----------+--------------------------------------+
[root@controller ~]# openstack security group list
+-------------------------+---------+------------------------+-------------------------+
| ID                      | Name    | Description            | Project                 |
+-------------------------+---------+------------------------+-------------------------+
| eca05701-794e-          | default | Default security group | 7279bbbaa2cc482f8b02e87 |
| 41d6-bb65-fa062e1272d8  |         |                        | 9b1ffe378               |
+-------------------------+---------+------------------------+-------------------------+

[root@controller ~]# openstack server create --flavor m1.tiny --image cirros --nic net-id=3d677349-45f9-4509-a307-8477dd630d81 --security-group default --key-name mykey provider-instance

检查实例的状态
[root@controller ~]# openstack server list

[root@controller ~]# openstack console url show provider-instance
+-------+---------------------------------------------------------------------------------+
| Field | Value                                                                           |
+-------+---------------------------------------------------------------------------------+
| type  | novnc                                                                           |
| url   | http://controller:6080/vnc_auto.html?token=cbc719a4-5ea9-4502-b7c9-b9fbe2549f71 |
+-------+---------------------------------------------------------------------------------+

[root@zhenji ~]# vim /etc/hosts
172.25.3.1 controller

网页访问http://controller:6080/vnc_auto.html?token=cbc719a4-5ea9-4502-b7c9-b9fbe2549f71
##虚拟机界面,用户cirros,密码gocubsgo
此时云主机框架部署成功

[root@controller ~]# ssh cirros@172.25.3.101##普通用户连接
$ ip addr
    inet 172.25.3.101/24 brd 172.25.3.255 scope global eth0

7.dashboard可视化界面

7.1 安全并配置组件

[root@controller ~]# yum install openstack-dashboard -y
[root@controller ~]# vim /etc/openstack-dashboard/local_settings 
OPENSTACK_HOST = "controller"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

ALLOWED_HOSTS = ['*', ]

#CACHES = {
#    'default': {
#        'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
#    },
#}
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'controller:11211',
    }
}

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

#OPENSTACK_API_VERSIONS = {
#    "data-processing": 1.1,
#    "identity": 3,
#    "volume": 2,
#    "compute": 2,
#}
OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 2,
}

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'default'

OPENSTACK_NEUTRON_NETWORK = {
    'enable_router': False,
    'enable_quotas': False,
    'enable_ipv6': False,
    'enable_distributed_router': False,
    'enable_ha_router': False,
    'enable_lb': False,
    'enable_firewall': False,
    'enable_vpn': False,
    'enable_fip_topology_check': False,

TIME_ZONE = "Asia/Shanghai"


[root@controller ~]# systemctl restart httpd.service memcached.service

7.2 验证操作

网页访问http://controller/dashboard

网页操作:删除、创建云主机步骤

  • 1)Domain(域):default;user:demo;passwd:demo普通用户登陆,先删除云主机

  • 2)设置中文

  • 3)Domain(域):default;user:demo;passwd:demo,普通用户登陆,先删除云主机
  • 4)Domain(域):default;user:admin;passwd:admin管理员登陆,删除子网,再删除网络

  • 5)管理员登陆,创建网络,创建子网

  • 6)普通用户登陆创建云主机




8 dashboard可视化界面添加私有网络配置

8.1 控制节点->网络选项2:私有网络

%配置服务组件

[root@controller ~]# vim /etc/neutron/neutron.conf 
[DEFAULT]
service_plugins = router
allow_overlapping_ips = True

%配置 Modular Layer 2 (ML2) 插件
ML2插件使用Linuxbridge机制来为实例创建layer-2虚拟网络基础设施

[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini 
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population

[ml2_type_vxlan]
vni_ranges = 1:1000

%配置Linuxbridge代理
Linuxbridge代理为实例建立layer-2虚拟网络并且处理安全组规则

[root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini 
[vxlan]
enable_vxlan = True
local_ip = 172.25.3.1
l2_population = True

%配置layer-3代理
##Layer-3代理为私有虚拟网络提供路由和NAT服务

[root@controller ~]# vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =

[root@controller ~]# systemctl restart neutron-server.service neutron-linuxbridge-agent.service
[root@controller ~]# systemctl enable --now neutron-l3-agent.service

8.2 计算节点网络选项2:私有网络

%配置Linuxbridge代理

[root@compute1 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[vxlan]
enable_vxlan = True
local_ip = 172.25.3.2
l2_population = True
 
[root@compute1 ~]# systemctl restart neutron-linuxbridge-agent.service 
[root@controller ~]# vim /etc/openstack-dashboard/local_settings 
OPENSTACK_NEUTRON_NETWORK = {
    'enable_router': True,
    'enable_quotas': True,
    'enable_ipv6': True,
    'enable_distributed_router': True,
    'enable_ha_router': True,
    'enable_lb': True,
    'enable_firewall': True,
    'enable_vpn': True,
    'enable_fip_topology_check': True,

[root@controller ~]# systemctl restart httpd memcached

网页操作:

  • 网页访问http://controller/dashboard,管理员admin登陆:网络:编辑网络->勾选外部网络

  • 网页访问http://controller/dashboard,demo登陆:网络:创建网络private


  • 创建云主机



  • 路由:新建路由
  • 增加路由接口

  • 控制台查看网络通不通

此时10.0.0.3能ping通172.25.3.101,但172.25.3.101不能ping通10.0.0.3,需要在vm2中管理浮动IP:点+号申请合法ip分配ip,此时便能ping通浮动ip,浮动ip连接的就是10.0.0.3
点+号分配ip



[root@controller ~]# ssh cirros@172.25.3.103
$ ip addr
    inet 10.0.0.3/24 brd 10.0.0.255 scope global eth0

[root@zhenji ~]# which virsh
/usr/bin/virsh
[root@zhenji ~]# rpm -qf /usr/bin/virsh
libvirt-client-4.5.0-42.module+el8.2.0+6024+15a2423f.x86_64
[root@compute1 ~]# yum install -y libvirt-client
[root@compute1 ~]# virsh list
 Id    Name                           State
----------------------------------------------------
 2     instance-00000002              running
 3     instance-00000003              running

9.镜像服务

https://docs.openstack/image-guide/centos-image.html

9.1 安装虚拟机






手动分区,全部分在根下


关掉selinux


连接新建虚拟机localhost
[root@localhost ~]# vi /etc/yum.repos.d/dvd.repo
[root@localhost ~]# cat /etc/yum.repos.d/dvd.repo
[dvd]
name=rhel7.6
baseurl=http://172.25.3.250/rhel7.6
gpgcheck=0
[root@localhost ~]# vi /etc/yum.repos.d/dvd.repo
[root@localhost ~]# yum repolist

https://docs.openstack/image-guide/centos-image.html
[root@localhost ~]# yum install acpid -y
[root@localhost ~]# systemctl enable acpid

[root@zhenji isos]# cd /var/www/html/
[root@zhenji html]# ls
4.0        docker.repo    image   rhel7    small.qcow2       upload
docker-ce  get-docker.sh  mitaka  rhel7.6  softare_packages  westos
[root@zhenji html]# lftp 172.25.254.250
lftp 172.25.254.250:~> cd pub/cloud-init/
lftp 172.25.254.250:/pub/cloud-init> ls
drwxr-xr-x    3 0        0            4096 Mar 16  2018 rhel6
drwxr-xr-x    3 0        0            4096 Mar 16  2018 rhel7
lftp 172.25.254.250:/pub/cloud-init> mirror  rhel7
Total: 1 directory, 34 files, 0 symlinks                   
lftp 172.25.254.250:/pub/cloud-init> exit
[root@zhenji html]# ls
4.0        docker.repo    image   rhel7  


[root@localhost ~]# vi /etc/yum.repos.d/cloud.repo
[root@localhost ~]# cat /etc/yum.repos.d/cloud.repo
[cloud]
name=cloud-init
baseurl=http://172.25.3.250/rhel7
gpgcheck=0
[root@localhost ~]# yum install -y cloud-init cloud-utils-growpart
[root@localhost cloud]# echo "NOZEROCONF=yes" >> /etc/sysconfig/network

[root@localhost cloud]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 
BOOTPROTO=dhcp
DEVICE=eth0
ONBOOT=tes
[root@localhost cloud]# poweroff

##清理,压缩,
[root@zhenji html]# cd /var/lib/libvirt/images/
[root@zhenji images]# ls
small.qcow2
[root@zhenji images]# virt-sysprep -d small
[root@zhenji images]# du -h small.qcow2 
5.1G	small.qcow2
[root@zhenji images]# virt-sparsify --compress small.qcow2 /var/www/html/small.qcow2

9.2 上传镜像

网页访问http://controller/dashboard,管理员admin登陆:镜像:创建镜像->云主机类型:创建云主机类型


网页访问http://controller/dashboard,管理员demo登陆:创建云主机






启动主机->控制台:root登陆,查看ip,根被拉伸到10G

10.块存储服务

10.1 先决条件

##新建server3,hostname=block1,添加一个10G的硬盘

[root@block1 ~]# vim /etc/hosts
[root@block1 ~]# cat /etc/hosts
172.25.3.1 controller
172.25.3.2 compute1
172.25.3.3 block1

[root@controller ~]# scp /etc/yum.repos.d/openstack.repo block1:/etc/yum.repos.d/openstack.repo
##时间同步
[root@block1 ~]# yum install chrony -y
[root@block1 ~]# vim /etc/chrony.conf 
server 172.25.3.250 iburst
[root@block1 ~]# systemctl enable --now chronyd


[root@controller ~]# mysql -pwestos
MariaDB [(none)]> CREATE DATABASE cinder;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \
    ->   IDENTIFIED BY 'cinder';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%'    IDENTIFIED BY 'cinder'; 

10.2 安装并配置控制节点

%要创建服务证书
[root@controller ~]# openstack user create --domain default --password cinder cinder
[root@controller ~]# openstack role add --project service --user cinder admin
[root@controller ~]# openstack service create --name cinder \
  --description "OpenStack Block Storage" volume

[root@controller ~]# openstack service create --name cinderv2 \
  --description "OpenStack Block Storage" volumev2

%创建块设备存储服务的 API 入口点
[root@controller ~]# openstack endpoint create --region RegionOne \
  volume public http://controller:8776/v1/%\(tenant_id\)s
[root@controller ~]# openstack endpoint create --region RegionOne \
  volume internal http://controller:8776/v1/%\(tenant_id\)s

[root@controller ~]# openstack endpoint create --region RegionOne \
  volume admin http://controller:8776/v1/%\(tenant_id\)s

[root@controller ~]# openstack endpoint create --region RegionOne \
  volumev2 public http://controller:8776/v2/%\(tenant_id\)s

[root@controller ~]# openstack endpoint create --region RegionOne \
  volumev2 internal http://controller:8776/v2/%\(tenant_id\)s

[root@controller ~]# openstack endpoint create --region RegionOne \
  volumev2 admin http://controller:8776/v2/%\(tenant_id\)s

[root@controller ~]# yum install openstack-cinder -y


[root@controller ~]# vim /etc/cinder/cinder.conf 
[database]
connection = mysql+pymysql://cinder:cinder@controller/cinder

[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 172.25.3.1

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = cinder

[oslo_concurrency]
lock_path = /var/lib/cinder/tmp


[root@controller ~]# su -s /bin/sh -c "cinder-manage db sync" cinder



[root@controller ~]# vim /etc/nova/nova.conf 
[cinder]
os_region_name = RegionOne
[root@controller ~]# systemctl restart openstack-nova-api.service
[root@controller ~]# systemctl enable --now openstack-cinder-api.service openstack-cinder-scheduler.service

[root@block1 ~]# yum install lvm2 -y
[root@block1 ~]# systemctl enable lvm2-lvmetad.service
[root@block1 ~]# pvcreate /dev/vdb
[root@block1 ~]# vgcreate cinder-volumes /dev/vdb

[root@block1 ~]# vim /etc/lvm/lvm.conf

        # filter = [ "a|.*/|" ]
        filter = [ "a/vdb/","a/vdb/", "r/.*/"]

[root@block1 ~]# yum install openstack-cinder targetcli python-keystone -y



[database]
connection = mysql+pymysql://cinder:cinder@controller/cinder

[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 
enabled_backends = lvm
glance_api_servers = http://controller:9292

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = cinder
#最后添加
[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm

[oslo_concurrency]
lock_path = /var/lib/cinder/tmp

[root@block1 ~]# systemctl enable --now openstack-cinder-volume.service target.service
[root@controller ~]# cinder service-list

网页访问http://controller/dashboard,管理员demo登陆:创建云硬盘->管理以连接硬盘->vm3的控制台:
mkfs.xfs /dev/vdb
mkdir /data
mount /dev/vdb /data/
cd /data
cp /etc/* .
ls
umount /data



网页访问http://controller/dashboard,管理员demo登陆:分离刚才创建的云硬盘

文章目录

    • openstack简介
    • 1 openstack环境部署
      • 1.1主机网络和解析
      • 1.2网络时间协议,所有的节点时间一直
      • 1.3OpenStack包
      • 1.4 SQL数据库
      • 1.5 消息队列
      • 1.6 memcached
    • 2.认证服务
      • 2.1 安装和配置
        • 1)先决条件
        • 2)安全并配置组件
        • 3)配置 Apache HTTP 服务器
      • 2.2 创建服务实体和API端点
      • 2.3 创建域、项目、用户和角色
      • 2.3 验证操作
      • 2.4 创建 OpenStack 客户端环境脚本
    • 3 镜像服务
      • 3.1 安装和配置
      • 3.2 安全并配置组件
      • 3.3 验证操作
    • 4.计算服务nova
      • 4.1 安装并配置控制节点
      • 4.2 安装并配置计算节点
        • 1)计算节点server2环境部署
        • 2)安装和配置计算节点
        • 3)验证操作
    • 5.Networking 服务
      • 5.1 安装并配置控制节点
      • 5.2 网络选项1:公共网络
      • 5.3 继续配置控制节点
      • 5.4 安装和配置计算节点
      • 5.5 网络选项1:公共网络
      • 5.6 继续配置计算节点
      • 5.7 验证操作
    • 6.启动一个实例
        • 1)提供者网络
        • 2)创建m1.nano规格的主机
        • 3)生成一个键值对
        • 4)增加安全组规则
        • 5)启动一个实例
    • 7.dashboard可视化界面
      • 7.1 安全并配置组件
      • 7.2 验证操作
    • 8 dashboard可视化界面添加私有网络配置
      • 8.1 控制节点->网络选项2:私有网络
      • 8.2 计算节点网络选项2:私有网络
    • 9.镜像服务
      • 9.1 安装虚拟机
      • 9.2 上传镜像
    • 10.块存储服务
      • 10.1 先决条件
      • 10.2 安装并配置控制节点


openstack简介

openstack云计算平台官网:https://docs.openstack/mitaka/zh_CN/install-guide-rdo/

  • OpenStack就是一个云操作系统,目的是简化云的部署过程,并为其带来良好的可扩展性。它控制整个数据中心的计算、存储和网络资源的大型池,所有这些都通过具有通用身份验证机制的api进行管理和配置。
  • 还提供了一个仪表板,允许管理员控制,同时允许用户通过web界面提供资源
  • 除了标准的基础设施即服务功能外,其他组件还提供编排、故障管理和服务管理等服务,以确保用户应用程序的高可用性。
  • 整个OpenStack是由控制节点,计算节点,网络节点,存储节点四大部分组成。计算服务、认证服务、网络服务、镜像服务、块存储服务、对象存储服务、计量服务、编排服务和数据库服务。
  • openstack重要集成组件:
    <1> Horizon: UI服务,用于管理Openstack各种服务的、基于web的管理(UI界面)接口通过图形界面实现创建用户、管理网络、启动实例等操作.
    <2>Keystone: 认证服务,为其他服务提供认证和授权的集中身份管理服务;
    – 也提供了集中的目录服务;
    – 支持多种身份认证模式,如密码认证、令牌认证、以及AWS(亚马逊Web服务)登陆;
    – 为用户和其他服务提供了SSO认证服务;
    <3>Neutron: 一种软件定义网络服务;
    – 用于创建网络、子网、路由器、管理浮动IP地址;
    – 可以实现虚拟交换机、虚拟路由器;
    – 可用于在项目中创建VPN;
    <4>Cinder: 块存储服务
    – 为虚拟机管理存储卷的服务;
    – 为运行在Nova中的实例提供永久的块存储;
    – 可以通过快照进行数据备份;
    – 经常应用在实例存储环境中,如数据库文件;
    <5>Glance: 镜像服务
    – 扮演虚拟机镜像注册的角色;
    – 允许用户为直接存储拷贝服务器镜像;
    – 这些镜像可以用于新建虚拟机的模板;
    <6>Nova:计算服务
    –在节点上用于管理虚拟机的服务;
    –Nova是一个分布式的服务,能够与Keystone交互实现认证,与Glance交互实现镜像管理;
    –Nova被设计成在标准硬件上能够进行水平扩展;
    –启动实例时,如果有则需要下载镜像;

1 openstack环境部署

##新建一个快照server1,内存4096,两个虚拟网卡,4个CPU,模式是直通host-passthrough
##若添加的网卡不是eth1,就在server1中vim /boot/grub2/grubenv 添加net.ifnames=0

1.1主机网络和解析

https://docs.openstack/mitaka/zh_CN/install-guide-rdo/environment-networking.html
[root@server1 ~]# ip addr
[root@server1 ~]# cd /etc/sysconfig/network-scripts/
[root@server1 network-scripts]# cp ifcfg-eth0 ifcfg-eth1
[root@server1 network-scripts]# vim ifcfg-eth1
[root@server1 network-scripts]# cat ifcfg-eth1
BOOTPROTO=none
DEVICE=eth1
ONBOOT=yes
[root@server1 network-scripts]# ifup eth1##启动eth1
[root@server1 network-scripts]# ip addr show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
[root@server1 ~]# vim /etc/hosts
172.25.3.1 controller
172.25.3.2 compute1
172.25.3.3 block1
[root@server1 ~]# hostnamectl set-hostname controller
[root@server1 ~]# logout##断开重连server1
[root@zhenji images]# ssh 172.25.3.1

1.2网络时间协议,所有的节点时间一直

宿主机(真机)同步172.25.254.250,虚拟机(快照)同步宿主机(172.25.3.250)
若宿主机能联网,直接宿主机同步也行。所有节点与控制节点一致。

[root@controller ~]# yum install chrony -y
[root@controller ~]# vim /etc/chrony.conf
##第三行添加
server 172.25.3.250 iburst##宿主机的Ip
[root@zhenji ~]# vim /etc/chrony.conf
server 172.25.254.250 iburst
[root@controller ~]# systemctl enable --now chronyd
[root@controller ~]# chronyc sources -v##时间同步
^* zhenji                        4   6   377     6   +183us[ +346us] +/-   34ms


1.3OpenStack包

[root@zhenji ~]# cd /var/www/html/
[root@zhenji html]# ls##下载该目录下rpm包
mitaka
[root@zhenji html mitaka]# ls
bootswatch-common-3.3.5.3-2.el7.noarch.rpm
bootswatch-fonts-3.3.5.3-2.el7.noarch.rpm
crudini-0.7-1.el7.noarch.rpm
dibbler-client-1.0.1-0.RC1.2.el7.x86_64.rpm
dnsmasq-utils-2.66-21.el7.x86_64.rpm
erlang-asn1-18.3.4.4-2.el7.x86_64.rpm
erlang-compiler-18.3.4.4-2.el7.x86_64.rpm
erlang-crypto-18.3.4.4-2.el7.x86_64.rpm
erlang-eldap-18.3.4.4-2.el7.x86_64.rpm
erlang-erts-18.3.4.4-2.el7.x86_64.rpm
erlang-hipe-18.3.4.4-2.el7.x86_64.rpm
erlang-inets-18.3.4.4-2.el7.x86_64.rpm
erlang-kernel-18.3.4.4-2.el7.x86_64.rpm
erlang-mnesia-18.3.4.4-2.el7.x86_64.rpm
erlang-os_mon-18.3.4.4-2.el7.x86_64.rpm
erlang-otp_mibs-18.3.4.4-2.el7.x86_64.rpm
erlang-public_key-18.3.4.4-2.el7.x86_64.rpm
erlang-runtime_tools-18.3.4.4-2.el7.x86_64.rpm
erlang-sasl-18.3.4.4-2.el7.x86_64.rpm
erlang-sd_notify-0.1-9.el7.x86_64.rpm
erlang-snmp-18.3.4.4-2.el7.x86_64.rpm
erlang-ssl-18.3.4.4-2.el7.x86_64.rpm
erlang-stdlib-18.3.4.4-2.el7.x86_64.rpm
erlang-syntax_tools-18.3.4.4-2.el7.x86_64.rpm
erlang-tools-18.3.4.4-2.el7.x86_64.rpm
erlang-xmerl-18.3.4.4-2.el7.x86_64.rpm
fontawesome-fonts-4.4.0-1.el7.noarch.rpm
fontawesome-fonts-web-4.4.0-1.el7.noarch.rpm
gperftools-libs-2.4-7.el7.i686.rpm
gperftools-libs-2.4.91-1.el7.x86_64.rpm
ipxe-roms-qemu-20160127-1.git6366fa7a.el7.noarch.rpm
libimagequant-2.8.2-2.el7.x86_64.rpm
libnetfilter_queue-1.0.2-2.el7.x86_64.rpm
libxslt-python-1.1.28-5.el7.x86_64.rpm
mariadb-10.1.20-1.el7.x86_64.rpm
mariadb-common-10.1.20-1.el7.x86_64.rpm
mariadb-config-10.1.20-1.el7.x86_64.rpm
mariadb-errmsg-10.1.20-1.el7.x86_64.rpm
mariadb-libs-10.1.20-1.el7.x86_64.rpm
mariadb-server-10.1.20-1.el7.x86_64.rpm
mdi-common-1.1.70.1-5.el7.noarch.rpm
mdi-fonts-1.1.70.1-5.el7.noarch.rpm
memcached-1.4.33-2.el7.x86_64.rpm
novnc-0.5.1-2.el7.noarch.rpm
openjpeg2-2.1.2-1.el7.x86_64.rpm
openstack-cinder-8.1.0-1.el7.noarch.rpm
openstack-dashboard-9.0.1-1.el7.noarch.rpm
openstack-glance-12.0.0-1.el7.noarch.rpm
openstack-keystone-9.2.0-1.el7.noarch.rpm
openstack-neutron-8.3.0-1.el7.noarch.rpm
openstack-neutron-common-8.3.0-1.el7.noarch.rpm
openstack-neutron-linuxbridge-8.3.0-1.el7.noarch.rpm
openstack-neutron-ml2-8.3.0-1.el7.noarch.rpm
openstack-nova-api-13.1.2-1.el7.noarch.rpm
openstack-nova-common-13.1.2-1.el7.noarch.rpm
openstack-nova-compute-13.1.2-1.el7.noarch.rpm
openstack-nova-conductor-13.1.2-1.el7.noarch.rpm
openstack-nova-console-13.1.2-1.el7.noarch.rpm
openstack-nova-novncproxy-13.1.2-1.el7.noarch.rpm
openstack-nova-scheduler-13.1.2-1.el7.noarch.rpm
openstack-selinux-0.7.13-2.el7.noarch.rpm
openstack-utils-2016.1-1.el7.noarch.rpm
pyOpenSSL-0.15.1-1.el7.noarch.rpm
pyparsing-2.0.7-1.el7.noarch.rpm
pysendfile-2.0.0-5.el7.x86_64.rpm
python2-appdirs-1.4.0-4.el7.noarch.rpm
python2-babel-2.3.4-1.el7.noarch.rpm
python2-castellan-0.4.0-1.el7.noarch.rpm
python2-cffi-1.5.2-1.el7.x86_64.rpm
python2-cinderclient-1.6.0-2.el7.noarch.rpm
python2-cryptography-1.2.1-3.el7.x86_64.rpm
python2-debtcollector-1.3.0-1.el7.noarch.rpm
python2-designateclient-2.1.0-1.el7.noarch.rpm
python2-eventlet-0.17.4-4.el7.noarch.rpm
python2-fasteners-0.14.1-6.el7.noarch.rpm
python2-funcsigs-0.4-2.el7.noarch.rpm
python2-futurist-0.13.0-1.el7.noarch.rpm
python2-gflags-2.0-5.el7.noarch.rpm
python2-glanceclient-2.0.1-2.el7.noarch.rpm
python2-google-api-client-1.4.2-4.el7.noarch.rpm
python2-greenlet-0.4.9-1.el7.x86_64.rpm
python2-heatclient-1.1.0-2.el7.noarch.rpm
python2-iso8601-0.1.11-1.el7.noarch.rpm
python2-jsonpatch-1.14-1.el7.noarch.rpm
python2-jsonpointer-1.10-4.el7.noarch.rpm
python2-keystoneauth1-2.4.1-1.el7.noarch.rpm
python2-mock-1.3.0-2.el7.noarch.rpm
python2-neutronclient-4.1.2-1.el7.noarch.rpm
python2-novaclient-3.3.2-1.el7.noarch.rpm
python2-numpy-1.11.2-2.el7.x86_64.rpm
python2-oauth2client-1.5.2-3.el7.1.noarch.rpm
python2-olefile-0.44-1.el7.noarch.rpm
python2-openstacksdk-0.8.3-1.el7.noarch.rpm
python2-os-brick-1.1.0-1.el7.noarch.rpm
python2-os-client-config-1.16.0-1.el7.noarch.rpm
python2-oslo-cache-1.6.0-1.el7.noarch.rpm
python2-oslo-concurrency-3.7.1-3.el7.noarch.rpm
python2-oslo-config-3.9.0-1.el7.noarch.rpm
python2-oslo-context-2.2.0-2.el7.noarch.rpm
python2-oslo-db-4.7.1-1.el7.noarch.rpm
python2-oslo-i18n-3.5.0-1.el7.noarch.rpm
python2-oslo-log-3.3.0-1.el7.noarch.rpm
python2-oslo-messaging-4.6.1-1.el7.noarch.rpm
python2-oslo-middleware-3.8.0-1.el7.noarch.rpm
python2-oslo-policy-1.6.0-1.el7.noarch.rpm
python2-oslo-reports-1.7.0-1.el7.noarch.rpm
python2-oslo-rootwrap-4.1.0-1.el7.noarch.rpm
python2-oslo-serialization-2.4.0-2.el7.noarch.rpm
python2-oslo-service-1.8.0-1.el7.noarch.rpm
python2-oslo-utils-3.8.0-2.el7.noarch.rpm
python2-oslo-versionedobjects-1.8.0-1.el7.noarch.rpm
python2-oslo-vmware-2.5.0-1.el7.noarch.rpm
python2-passlib-1.7.0-4.el7.noarch.rpm
python2-pecan-1.0.2-2.el7.noarch.rpm
python2-pika-0.10.0-3.el7.noarch.rpm
python2-pika_pool-0.1.3-3.el7.noarch.rpm
python2-pillow-4.0.0-1.el7.x86_64.rpm
python2-positional-1.0.1-1.el7.noarch.rpm
python2-psutil-5.0.1-2.el7.x86_64.rpm
python2-pyasn1-0.1.9-6.el7.1.noarch.rpm
python2-pyasn1-modules-0.1.9-6.el7.1.noarch.rpm
python2-pycadf-2.2.0-1.el7.noarch.rpm
python2-PyMySQL-0.7.9-2.el7.noarch.rpm
python2-pysaml2-3.0.2-2.el7.noarch.rpm
python2-pysocks-1.5.6-3.el7.noarch.rpm
python2-rcssmin-1.0.6-2.el7.x86_64.rpm
python2-requests-2.11.1-1.el7.noarch.rpm
python2-requestsexceptions-1.1.3-1.el7.noarch.rpm
python2-rfc3986-0.3.1-1.el7.noarch.rpm
python2-rjsmin-1.0.12-2.el7.x86_64.rpm
python2-rsa-3.3-2.el7.noarch.rpm
python2-ryu-4.3-2.el7.noarch.rpm
python2-saharaclient-0.14.1-1.el7.noarch.rpm
python2-scipy-0.17.0-2.el7.x86_64.rpm
python2-scss-1.3.4-6.el7.x86_64.rpm
python2-setuptools-22.0.5-1.el7.noarch.rpm
python2-singledispatch-3.4.0.3-4.el7.noarch.rpm
python2-stevedore-1.12.0-2.el7.noarch.rpm
python2-suds-0.7-0.4.94664ddd46a6.el7.noarch.rpm
python2-swiftclient-3.0.0-3.el7.noarch.rpm
python2-taskflow-1.30.0-3.el7.noarch.rpm
python2-troveclient-2.1.2-2.el7.noarch.rpm
python2-uri-templates-0.6-5.el7.noarch.rpm
python2-urllib3-1.16-1.el7.noarch.rpm
python2-wsme-0.8.0-1.el7.noarch.rpm
python2-XStatic-1.0.1-8.el7.noarch.rpm
python2-XStatic-bootswatch-3.3.5.3-2.el7.noarch.rpm
python2-XStatic-mdi-1.1.70.1-5.el7.noarch.rpm
python2-XStatic-roboto-fontface-0.4.3.2-8.el7.noarch.rpm
python2-zake-0.2.2-2.el7.noarch.rpm
python-alembic-0.8.7-1.el7.noarch.rpm
python-amqp-1.4.6-1.el7.noarch.rpm
python-anyjson-0.3.3-3.el7.noarch.rpm
python-automaton-1.2.0-1.el7.noarch.rpm
python-beautifulsoup4-4.4.1-3.el7.noarch.rpm
python-boto-2.34.0-4.el7.noarch.rpm
python-cachetools-1.0.3-2.el7.noarch.rpm
python-ceilometerclient-2.4.0-1.el7.noarch.rpm
python-cheetah-2.4.4-4.el7.x86_64.rpm
python-cinder-8.1.0-1.el7.noarch.rpm
python-cliff-2.0.0-1.el7.noarch.rpm
python-cliff-tablib-1.1-3.el7.noarch.rpm
python-cmd2-0.6.8-8.el7.noarch.rpm
python-contextlib2-0.4.0-1.el7.noarch.rpm
python-crypto-2.6.1-1.el7.x86_64.rpm
python-dateutil-2.4.2-1.el7.noarch.rpm
python-django-1.8.14-1.el7.noarch.rpm
python-django-appconf-1.0.1-4.el7.noarch.rpm
python-django-bash-completion-1.8.14-1.el7.noarch.rpm
python-django-compressor-2.0-1.el7.noarch.rpm
python-django-horizon-9.0.1-1.el7.noarch.rpm
python-django-openstack-auth-2.2.1-1.el7.noarch.rpm
python-django-pyscss-2.0.2-1.el7.noarch.rpm
python-dogpile-cache-0.5.7-3.el7.noarch.rpm
python-dogpile-core-0.4.1-2.el7.noarch.rpm
python-ecdsa-0.11-3.el7.noarch.rpm
python-editor-0.4-4.el7.noarch.rpm
python-extras-0.0.3-2.el7.noarch.rpm
python-fixtures-3.0.0-2.el7.noarch.rpm
python-futures-3.0.3-1.el7.noarch.rpm
python-glance-12.0.0-1.el7.noarch.rpm
python-glance-store-0.13.1-1.el7.noarch.rpm
python-html5lib-0.999-5.el7.noarch.rpm
python-httplib2-0.9.2-1.el7.noarch.rpm
python-idna-2.0-1.el7.noarch.rpm
python-ipaddress-1.0.16-3.el7.noarch.rpm
python-jsonschema-2.3.0-1.el7.noarch.rpm
python-kazoo-2.2.1-1.el7.noarch.rpm
python-keyring-5.7.1-1.el7.noarch.rpm
python-keystone-9.2.0-1.el7.noarch.rpm
python-keystoneclient-2.3.1-2.el7.noarch.rpm
python-keystonemiddleware-4.4.1-1.el7.noarch.rpm
python-kombu-3.0.32-1.el7.noarch.rpm
python-ldappool-1.0-4.el7.noarch.rpm
python-lesscpy-0.9j-4.el7.noarch.rpm
python-linecache2-1.0.0-1.el7.noarch.rpm
python-lockfile-0.9.1-4.el7.noarch.rpm
python-logutils-0.3.3-3.el7.noarch.rpm
python-markdown-2.4.1-1.el7.noarch.rpm
python-memcached-1.54-3.el7.noarch.rpm
python-migrate-0.10.0-1.el7.noarch.rpm
python-mimeparse-0.1.4-1.el7.noarch.rpm
python-monotonic-0.6-1.el7.noarch.rpm
python-msgpack-0.4.6-3.el7.x86_64.rpm
python-ncclient-0.4.2-2.el7.noarch.rpm
python-netaddr-0.7.18-1.el7.noarch.rpm
python-netifaces-0.10.4-1.el7.x86_64.rpm
python-networkx-1.10-1.el7.noarch.rpm
python-networkx-core-1.10-1.el7.noarch.rpm
python-neutron-8.3.0-1.el7.noarch.rpm
python-neutron-lib-0.0.3-1.el7.noarch.rpm
python-nose-1.3.7-7.el7.noarch.rpm
python-nova-13.1.2-1.el7.noarch.rpm
python-oauthlib-0.7.2-5.20150520git514cad7.el7.noarch.rpm
python-openstackclient-2.3.0-1.el7.noarch.rpm
python-osprofiler-1.2.0-1.el7.noarch.rpm
python-paramiko-1.15.1-1.el7.noarch.rpm
python-paste-deploy-1.5.2-6.el7.noarch.rpm
python-pathlib-1.0.1-1.el7.noarch.rpm
python-pbr-1.8.1-2.el7.noarch.rpm
python-pint-0.6-2.el7.noarch.rpm
python-posix_ipc-0.9.8-1.el7.x86_64.rpm
python-prettytable-0.7.2-1.el7.noarch.rpm
python-pycadf-common-2.2.0-1.el7.noarch.rpm
python-pygments-2.0.2-4.el7.noarch.rpm
python-repoze-lru-0.4-3.el7.noarch.rpm
python-repoze-who-2.1-1.el7.noarch.rpm
python-retrying-1.2.3-4.el7.noarch.rpm
python-routes-1.13-2.el7.noarch.rpm
python-ryu-common-4.3-2.el7.noarch.rpm
python-semantic_version-2.4.2-1.el7.noarch.rpm
python-simplegeneric-0.8-7.el7.noarch.rpm
python-simplejson-3.5.3-5.el7.x86_64.rpm
python-six-1.10.0-3.el7.noarch.rpm
python-sqlalchemy-1.0.11-1.el7.x86_64.rpm
python-sqlparse-0.1.18-5.el7.noarch.rpm
python-tablib-0.10.0-1.el7.noarch.rpm
python-tempita-0.5.1-8.el7.noarch.rpm
python-testtools-1.8.0-2.el7.noarch.rpm
python-tooz-1.34.0-1.el7.noarch.rpm
python-traceback2-1.4.0-2.el7.noarch.rpm
python-unicodecsv-0.14.1-1.el7.noarch.rpm
python-unittest2-1.0.1-1.el7.noarch.rpm
python-versiontools-1.9.1-4.el7.noarch.rpm
python-voluptuous-0.8.9-1.el7.noarch.rpm
python-waitress-0.8.9-5.el7.noarch.rpm
python-warlock-1.0.1-1.el7.noarch.rpm
python-webob-1.4.1-2.el7.noarch.rpm
python-websockify-0.8.0-1.el7.noarch.rpm
python-webtest-2.0.23-1.el7.noarch.rpm
python-wrapt-1.10.8-2.el7.x86_64.rpm
python-XStatic-Angular-1.3.7.0-4.el7.noarch.rpm
python-XStatic-Angular-Bootstrap-0.11.0.2-1.el7.noarch.rpm
python-XStatic-Angular-Gettext-2.1.0.2-1.el7.noarch.rpm
python-XStatic-Angular-lrdragndrop-1.0.2.2-2.el7.noarch.rpm
python-XStatic-Angular-Mock-1.2.1.1-2.el7.noarch.rpm
python-XStatic-Bootstrap-Datepicker-1.3.1.0-1.el7.noarch.rpm
python-XStatic-Bootstrap-SCSS-3.2.0.0-1.el7.noarch.rpm
python-XStatic-D3-3.1.6.2-2.el7.noarch.rpm
python-XStatic-Font-Awesome-4.3.0.0-1.el7.noarch.rpm
python-XStatic-Hogan-2.0.0.2-2.el7.noarch.rpm
python-XStatic-Jasmine-1.3.1.1-2.el7.noarch.rpm
python-XStatic-jQuery-1.10.2.1-1.el7.noarch.rpm
python-XStatic-JQuery-Migrate-1.2.1.1-2.el7.noarch.rpm
python-XStatic-JQuery-quicksearch-2.0.3.1-2.el7.noarch.rpm
python-XStatic-JQuery-TableSorter-2.14.5.1-2.el7.noarch.rpm
python-XStatic-jquery-ui-1.10.4.1-1.el7.noarch.rpm
python-XStatic-JSEncrypt-2.0.0.2-2.el7.noarch.rpm
python-XStatic-Magic-Search-0.2.0.1-2.el7.noarch.rpm
python-XStatic-QUnit-1.14.0.2-2.el7.noarch.rpm
python-XStatic-Rickshaw-1.5.0.0-4.el7.noarch.rpm
python-XStatic-smart-table-1.4.5.3-5.el7.1.noarch.rpm
python-XStatic-Spin-1.2.5.2-2.el7.noarch.rpm
python-XStatic-termjs-0.0.4.2-2.el7.noarch.rpm
python-zope-interface-4.0.5-4.el7.x86_64.rpm
rabbitmq-server-3.6.5-1.el7.noarch.rpm
repodata
roboto-fontface-common-0.4.3.2-8.el7.noarch.rpm
roboto-fontface-fonts-0.4.3.2-8.el7.noarch.rpm
web-assets-filesystem-5-1.el7.noarch.rpm

[root@controller ~]# vim /etc/yum.repos.d/openstack.repo
[root@controller ~]# cat /etc/yum.repos.d/openstack.repo
[openstack]
name=mitaka
baseurl=http://172.25.3.250/mitaka
gpgcheck=0

[root@controller ~]# yum repolist
[root@controller ~]# yum upgrade
[root@controller ~]# yum install python-openstackclient -y

1.4 SQL数据库

大多数 OpenStack 服务使用 SQL 数据库来存储信息。 典型地,数据库运行在控制节点上。

[root@controller ~]# yum install mariadb mariadb-server python2-PyMySQL -y
[root@controller ~]# vim /etc/myf.d/openstackf
[root@controller ~]# cat /etc/myf.d/openstackf
[mysqld]
bind-address = 172.25.3.1
default-storage-engine = innodb##默认引擎
innodb_file_per_table
max_connections = 4096##最大连接数
collation-server = utf8_general_ci
character-set-server = utf8
[root@controller ~]# systemctl enable --now mariadb.service 
[root@controller ~]# mysql_secure_installation ##数据库安全初始化,密码之后都是y
包含选项: 提示输入密码,没有密码就直接回车
提示设置root user密码  Y
生产环境建议删除系统创建的匿名用户  Y
禁止root用户远程登录  Y
删除test数据库  Y
重载权限表  Y

1.5 消息队列

OpenStack 使用 message queue 协调操作和各服务的状态信息。消息队列服务一般运行在控制节点上。

[root@controller ~]# yum install rabbitmq-server -y
[root@controller ~]# systemctl enable --now rabbitmq-server.service
##添加 openstack 用户,用户和密码都是openstack
[root@controller ~]# rabbitmqctl add_user openstack openstack
##给``openstack``用户配置写和读权限
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
[root@controller ~]# rabbitmq-plugins enable rabbitmq_management
[root@controller ~]# netstat -antlp
tcp        0      0 0.0.0.0:15672           0.0.0.0:*               LISTEN  

网页访问http://172.25.3.1:15672,用户和密码是guest

[root@controller ~]# rabbitmqctl --help
[root@controller ~]# rabbitmqctl list_users
[root@controller ~]# rabbitmqctl list_user_permissions openstack
Listing permissions for user "openstack" ...
/	.*	.*	.*
[root@controller ~]# rabbitmqctl authenticate_user openstack openstack

1.6 memcached

认证服务认证缓存使用Memcached缓存令牌

[root@controller ~]# yum install memcached python-memcached -y
[root@controller ~]# vim /etc/sysconfig/memcached 
#OPTIONS="-l 127.0.0.1,::1"##注释监听本机,就可以监听所有端口
[root@controller ~]# systemctl enable --now memcached.service
[root@controller ~]# netstat -antlp|grep :11211
tcp        0      0 0.0.0.0:11211           0.0.0.0:*               LISTEN      17596/memcached     
tcp6       0      0 :::11211                :::*                    LISTEN      17596/memcached    

2.认证服务

2.1 安装和配置

1)先决条件

##创建一个数据库

[root@controller ~]# mysql -u root -pwestos
MariaDB [(none)]> CREATE DATABASE keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
    ->   IDENTIFIED BY 'keystone';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
    ->   IDENTIFIED BY 'keystone';

###生成一个随机值在初始的配置中作为管理员的令牌token

[root@controller ~]# openssl rand -hex 10
0c933701b5bf4cbc08f1
2)安全并配置组件
[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y
[root@controller ~]# grep -v ^# /etc/keystone/keystone.conf |uniq
[root@controller ~]# vim /etc/keystone/keystone.conf
##定义初始管理令牌的值
[DEFAULT]
admin_token =  0c933701b5bf4cbc08f1
##配置数据库访问
[database]
connection = mysql+pymysql://keystone:keystone@controller/keystone
##配置Fernet UUID令牌的提供者
[token]
provider = fernet

##初始化身份认证服务的数据库
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync"  keystone##这里的keystone是系统用户,还有一个mysql用户keystone
[root@controller ~]# id keystone
uid=163(keystone) gid=163(keystone) groups=163(keystone)

[root@controller ~]# mysql -pwestos
MariaDB [(none)]> use keystone
MariaDB [keystone]> show tables;

##初始化Fernet keys
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# cd /etc/keystone/
[root@controller keystone]# ll
drwx------ 2 keystone keystone    24 May  1 11:36 fernet-keys
3)配置 Apache HTTP 服务器
[root@controller ~]# vim /etc/httpd/conf/httpd.conf
ServerName controller
[root@controller ~]# vim  /etc/httpd/conf.d/wsgi-keystone.conf
[root@controller ~]# cat /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000##普通用户
Listen 35357##admin

<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

[root@controller ~]# systemctl enable --now httpd.service
[root@controller ~]# netstat -antlp
tcp6       0      0 :::35357                :::*                    LISTEN      17916/httpd 

2.2 创建服务实体和API端点

身份认证服务提供服务的目录和他们的位置。每个你添加到OpenStack环境中的服务在目录中需要一个 service 实体和一些 API endpoints 。
###api端点的连接:外部public、内部internal、管理员admin

[root@controller ~]# export OS_TOKEN=0c933701b5bf4cbc08f1#配置认证令牌
[root@controller ~]# export OS_URL=http://controller:35357/v3#配置端点URL
[root@controller ~]# export OS_IDENTITY_API_VERSION=3#配置认证 API 版本
#在你的Openstack环境中,认证服务管理服务目录。服务使用这个目录来决定您的环境中可用的服务。
#创建服务实体和身份认证服务
[root@controller ~]# openstack service create \
>   --name keystone --description "OpenStack Identity" ident^Cy
[root@controller ~]# openstack service create \
>   --name keystone --description "OpenStack Identity" identity
[root@controller ~]# openstack service list
+----------------------------------+----------+----------+
| ID                               | Name     | Type     |
+----------------------------------+----------+----------+
| 5232fb6e30374396ba3a236b11e2a8ee | keystone | identity |
+----------------------------------+----------+----------+
[root@controller ~]# openstack service  --help
身份认证服务管理了一个与您环境相关的 API 端点的目录。服务使用这个目录来决定如何与您环境中的其他服务进行通信。
##创建认证服务的 API 端点
[root@controller ~]# openstack endpoint create --region RegionOne \
>   identity public http://controller:5000/v3
[root@controller ~]# openstack endpoint create --region RegionOne \
>   identity internal http://controller:5000/v3
[root@controller ~]# openstack endpoint create --region RegionOne \
>   identity admin http://controller:35357/v3

2.3 创建域、项目、用户和角色

##创建域``default`
[root@controller ~]# openstack domain create --description "Default Domain" default
##创建 admin 项目
[root@controller ~]# openstack project create --domain default \
>   --description "Admin Project" admin
##创建 admin 用户
[root@controller ~]# openstack user create --domain default --password admin admin
##创建 admin 角色
[root@controller ~]# openstack role create admin
##添加``admin`` 角色到 admin 项目和用户上
[root@controller ~]# openstack role add --project admin --user admin admin

##创建``service``项目:
[root@controller ~]# openstack project create --domain default \
>   --description "Service Project" service
#创建``demo`` 项目
[root@controller ~]# openstack project create --domain default \
>   --description "Demo Project" demo
[root@controller ~]# openstack user create --domain default --password demo demo

[root@controller ~]# openstack role create user
[root@controller ~]# openstack role add --project demo --user demo user

2.3 验证操作

[root@controller ~]# unset OS_TOKEN OS_URL
[root@controller ~]# openstack --os-auth-url http://controller:35357/v3 \
>   --os-project-domain-name default --os-user-domain-name default \
>   --os-project-name admin --os-username admin token issue
Password: admin
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \
>   --os-project-domain-name default --os-user-domain-name default \
>   --os-project-name demo --os-username demo token issue
Password: demo

2.4 创建 OpenStack 客户端环境脚本

[root@controller ~]# vim admin-openrc
[root@controller ~]# cat admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

[root@controller ~]# vim demo-openrc
[root@controller ~]# cat demo-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

[root@controller ~]# source admin-openrc
[root@controller ~]# openstack user list
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 40f72c8ca6e849d18dc4ea61f4caff03 | demo  |
| 909c05b0de4e47f48edf41b547dc1058 | admin |
+----------------------------------+-------+
[root@controller ~]# openstack project list
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 3bcddbdc48bc4de5889a9b3385e886f1 | admin   |
| 632e549039cc4a5d9bb68eca19807845 | service |
| 7279bbbaa2cc482f8b02e879b1ffe378 | demo    |
+----------------------------------+---------+
[root@controller ~]# source demo-openrc##没权限
[root@controller ~]# openstack user list
You are not authorized to perform the requested action: identity:list_users (HTTP 403) (Request-ID: req-f4c91ca1-afa1-4392-a1c6-bb7db0e3467e)
[root@controller ~]# openstack project list
You are not authorized to perform the requested action: identity:list_projects (HTTP 403) (Request-ID: req-c0b9b96e-d430-4ea6-8701-178a7dda995c)
[root@controller ~]# source admin-openrc

3 镜像服务

3.1 安装和配置

创建 glance 数据库,对``glance``数据库授予恰当的权限
[root@controller ~]# mysql -pwestos
MariaDB [(none)]> CREATE DATABASE glance;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
    ->   IDENTIFIED BY 'glance';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%'    IDENTIFIED BY 'glance';

创建 glance 用户
[root@controller ~]# openstack user create --domain default --password glance glance
添加 admin 角色到 glance 用户和 service 项目上
[root@controller ~]# openstack role add --project service --user glance admin
[root@controller ~]# openstack service create --name glance \
>   --description "OpenStack Image" image
#创建镜像服务的 API 端点
[root@controller ~]# openstack endpoint create --region RegionOne \
>   image public http://controller:9292
[root@controller ~]# openstack endpoint create --region RegionOne \
>   image internal http://controller:9292
[root@controller ~]# openstack endpoint create --region RegionOne \
>   image admin http://controller:9292

3.2 安全并配置组件

[root@controller ~]# yum install openstack-glance -y
[root@controller ~]# vim /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:glance@controller/glance

[keystone_authtoken]
uth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance

[paste_deploy]
flavor = keystone

[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/


[root@controller ~]# vim /etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:glance@controller/glance

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance

[paste_deploy]
flavor = keystone

[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
[root@controller ~]# systemctl enable --now openstack-glance-api.service openstack-glance-registry.service

3.3 验证操作

[root@controller ~]# wget http://download.cirros-cloud/0.3.4/cirros-0.3.4-x86_64-disk.img
[root@controller ~]# ls##下载镜像
cirros-0.4.0-x86_64-disk.img 
##使用 QCOW2 磁盘格式, bare 容器格式上传镜像到镜像服务并设置公共可见,这样所有的项目都可以访问它
[root@controller ~]# openstack image create "cirros" \
>   --file cirros-0.4.0-x86_64-disk.img \
>   --disk-format qcow2 --container-format bare \
>   --public

[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| b6822af6-9d93-44e9-99a2-a19017f3ad20 | cirros | active |
+--------------------------------------+--------+--------+
[root@controller ~]# ls /var/lib/glance/images/
b6822af6-9d93-44e9-99a2-a19017f3ad20

4.计算服务nova

4.1 安装并配置控制节点

[root@controller ~]# mysql -pwestos
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%'    IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost'    IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%'    IDENTIFIED BY 'nova'; 


[root@controller ~]# openstack user create --domain default --password nova nova

[root@controller ~]# openstack role add --project service --user nova admin
##创建 nova 服务实体
[root@controller ~]# openstack service create --name nova --description "OpenStack Compute" compute

##创建 Compute 服务 API 端点 3个
[root@controller ~]# openstack endpoint create --region RegionOne \
>   compute public http://controller:8774/v2.1/%\(tenant_id\)s
[root@controller ~]# openstack endpoint create --region RegionOne \
>   compute internal http://controller:8774/v2.1/%\(tenant_id\)s
[root@controller ~]# openstack endpoint create --region RegionOne \
>   compute admin http://controller:8774/v2.1/%\(tenant_id\)s

###安全并配置组件

[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor \
>   openstack-nova-console openstack-nova-novncproxy \
>   openstack-nova-scheduler -y

[root@controller ~]# vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 172.25.3.1
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[api_database]
connection = mysql+pymysql://nova:nova@controller/nova_api

[database]
connection = mysql+pymysql://nova:nova@controller/nova

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova

[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip

[glance]
api_servers = http://controller:9292

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
[root@controller ~]# systemctl enable openstack-nova-api.service \
>   openstack-nova-consoleauth.service openstack-nova-scheduler.service \
>   openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller ~]# systemctl start openstack-nova-api.service \
>   openstack-nova-consoleauth.service openstack-nova-scheduler.service \
>   openstack-nova-conductor.service openstack-nova-novncproxy.service

4.2 安装并配置计算节点

###新建一个快照server2,内存2048,两个虚拟网卡,2个CPU,模式是直通host-passthrough

1)计算节点server2环境部署

%%%网络
[root@server2 ~]# ip addr
[root@server2 ~]# cd /etc/sysconfig/network-scripts/
[root@server2 network-scripts]# cp ifcfg-eth0 ifcfg-eth1
[root@server2 network-scripts]# vim ifcfg-eth1
[root@server2 network-scripts]# cat ifcfg-eth1
BOOTPROTO=none
DEVICE=eth1
ONBOOT=yes
[root@server2 network-scripts]# ifup eth1##启动eth1
[root@server2 network-scripts]# ip addr show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

[root@compute1 ~]# hosnamectl set-hostname compute1

%%%解析
[root@compute1 ~]# vim /etc/hosts
172.25.3.1 controller
172.25.3.2 compute1
172.25.3.3 block1

%%%%时间同步
[root@compute1 ~]# yum install -y chrony
[root@controller ~]# vim /etc/chrony.conf
##第三行添加
server 172.25.3.250 iburst
[root@compute1 ~]# systemctl enable --now chronyd
[root@controller ~]# scp /etc/yum.repos.d/openstack.repo compute1:/etc/yum.repos.d/openstack.repo

2)安装和配置计算节点
[root@compute1 ~]# yum install openstack-nova-compute -y
[root@compute1 ~]# vim /etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 172.25.3.2
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova

[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html

[glance]
api_servers = http://controller:9292

[oslo_concurrency]
lock_path = /var/lib/nova/tmp
3)验证操作
[root@compute1 ~]# egrep -c '(vmx|svm)' /proc/cpuinfo
2
[root@compute1 ~]# systemctl enable --now libvirtd.service openstack-nova-compute.service 
[root@controller ~]# openstack compute service list##都是up

5.Networking 服务

5.1 安装并配置控制节点

[root@controller ~]# mysql -pwestos
MariaDB [(none)]> CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';


[root@controller ~]# openstack user create --domain default --password neutron neutron
[root@controller ~]# openstack role add --project service --user neutron admin

[root@controller ~]# openstack service create --name neutron \
>   --description "OpenStack Networking" network

##创建网络服务API端点
[root@controller ~]# openstack endpoint create --region RegionOne \
>   network public http://controller:9696
[root@controller ~]# openstack endpoint create --region RegionOne \
>   network internal http://controller:9696
[root@controller ~]# openstack endpoint create --region RegionOne \
>   network admin http://controller:9696

5.2 网络选项1:公共网络

[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 \
>   openstack-neutron-linuxbridge ebtables -y
%配置服务组件
[root@controller ~]# vim /etc/neutron/neutron.conf 
[database]
connection = mysql+pymysql://neutron:neutron@controller/neutron

[DEFAULT]
core_plugin = ml2
service_plugins =
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron

[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

%配置 Modular Layer 2 (ML2) 插件

[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini 
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security

[ml2_type_flat]
flat_networks = provider

[securitygroup]
enable_ipset = True


%配置Linuxbridge代理

[root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini 
[linux_bridge]
physical_interface_mappings = provider:eth1

[vxlan]
enable_vxlan = False

[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

%配置DHCP代理
[root@controller ~]# vim /etc/neutron/dhcp_agent.ini 
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True

5.3 继续配置控制节点

%配置元数据代理

[root@controller ~]# vim /etc/neutron/metadata_agent.ini 
[DEFAULT]
nova_metadata_ip = controller
metadata_proxy_shared_secret = westos

%为计算节点配置网络服务

[root@controller ~]# vim /etc/nova/nova.conf 
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron

service_metadata_proxy = True 
metadata_proxy_shared_secret = westos

[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
同步数据库
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

[root@controller ~]# systemctl restart openstack-nova-api.service
[root@controller ~]# systemctl enable --now neutron-server.service   neutron-linuxbridge-agent.service neutron-dhcp-agent.service   neutron-metadata-agent.service

5.4 安装和配置计算节点

[root@compute1 ~]# yum install openstack-neutron-linuxbridge ebtables ipset -y

%配置通用组件
[root@compute1 ~]# vim /etc/neutron/neutron.conf 
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password =  openstack

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

5.5 网络选项1:公共网络

%配置Linuxbridge代理

[root@compute1 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini 
[linux_bridge]
physical_interface_mappings = provider:eth1

[vxlan]
enable_vxlan = False

[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

5.6 继续配置计算节点

%为计算节点配置网络服务

[root@compute1 ~]# vim /etc/nova/nova.conf 
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron

[root@compute1 ~]# systemctl restart openstack-nova-compute.service
[root@compute1 ~]# systemctl enable --now neutron-linuxbridge-agent.service

5.7 验证操作

[root@controller ~]# neutron agent-list

输出结果应该包括控制节点上的三个代理和每个计算节点上的一个代理

6.启动一个实例

1)提供者网络

%创建提供者网络

[root@controller ~]# neutron net-create --shared --provider:physical_network provider \
>   --provider:network_type flat provider
[root@controller ~]# neutron subnet-create --name provider  --allocation-pool start=172.25.3.100,end=172.25.3.200 --dns-nameserver 114.114.114.114 --gateway 172.25.3.250 provider 172.25.3.0/24

下面继续启动一个实例

2)创建m1.nano规格的主机
[root@controller ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
[root@controller ~]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name      |   RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 0  | m1.nano   |    64 |    1 |         0 |     1 | True      |
| 1  | m1.tiny   |   512 |    1 |         0 |     1 | True      |
| 2  | m1.small  |  2048 |   20 |         0 |     1 | True      |
| 3  | m1.medium |  4096 |   40 |         0 |     2 | True      |
| 4  | m1.large  |  8192 |   80 |         0 |     4 | True      |
| 5  | m1.xlarge | 16384 |  160 |         0 |     8 | True      |
+----+-----------+-------+------+-----------+-------+-----------+
3)生成一个键值对
[root@controller ~]# source demo-openrc 
[root@controller ~]# ssh-keygen -q -N ""
[root@controller ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey##
[root@controller ~]#  openstack keypair list

4)增加安全组规则
[root@controller ~]# openstack security group rule create --proto icmp default
[root@controller ~]# openstack security group rule create --proto tcp --dst-port 22 default
5)启动一个实例
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| b6822af6-9d93-44e9-99a2-a19017f3ad20 | cirros | active |
+--------------------------------------+--------+--------+
[root@controller ~]# openstack network list
+-------------------------------------+----------+--------------------------------------+
| ID                                  | Name     | Subnets                              |
+-------------------------------------+----------+--------------------------------------+
| 3d677349-45f9-4509-a307-8477dd630d8 | provider | 0405e3ce-700f-4fe4-9606-e70aeea2a6ac |
| 1                                   |          |                                      |
+-------------------------------------+----------+--------------------------------------+
[root@controller ~]# openstack security group list
+-------------------------+---------+------------------------+-------------------------+
| ID                      | Name    | Description            | Project                 |
+-------------------------+---------+------------------------+-------------------------+
| eca05701-794e-          | default | Default security group | 7279bbbaa2cc482f8b02e87 |
| 41d6-bb65-fa062e1272d8  |         |                        | 9b1ffe378               |
+-------------------------+---------+------------------------+-------------------------+

[root@controller ~]# openstack server create --flavor m1.tiny --image cirros --nic net-id=3d677349-45f9-4509-a307-8477dd630d81 --security-group default --key-name mykey provider-instance

检查实例的状态
[root@controller ~]# openstack server list

[root@controller ~]# openstack console url show provider-instance
+-------+---------------------------------------------------------------------------------+
| Field | Value                                                                           |
+-------+---------------------------------------------------------------------------------+
| type  | novnc                                                                           |
| url   | http://controller:6080/vnc_auto.html?token=cbc719a4-5ea9-4502-b7c9-b9fbe2549f71 |
+-------+---------------------------------------------------------------------------------+

[root@zhenji ~]# vim /etc/hosts
172.25.3.1 controller

网页访问http://controller:6080/vnc_auto.html?token=cbc719a4-5ea9-4502-b7c9-b9fbe2549f71
##虚拟机界面,用户cirros,密码gocubsgo
此时云主机框架部署成功

[root@controller ~]# ssh cirros@172.25.3.101##普通用户连接
$ ip addr
    inet 172.25.3.101/24 brd 172.25.3.255 scope global eth0

7.dashboard可视化界面

7.1 安全并配置组件

[root@controller ~]# yum install openstack-dashboard -y
[root@controller ~]# vim /etc/openstack-dashboard/local_settings 
OPENSTACK_HOST = "controller"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

ALLOWED_HOSTS = ['*', ]

#CACHES = {
#    'default': {
#        'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
#    },
#}
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'controller:11211',
    }
}

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

#OPENSTACK_API_VERSIONS = {
#    "data-processing": 1.1,
#    "identity": 3,
#    "volume": 2,
#    "compute": 2,
#}
OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 2,
}

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'default'

OPENSTACK_NEUTRON_NETWORK = {
    'enable_router': False,
    'enable_quotas': False,
    'enable_ipv6': False,
    'enable_distributed_router': False,
    'enable_ha_router': False,
    'enable_lb': False,
    'enable_firewall': False,
    'enable_vpn': False,
    'enable_fip_topology_check': False,

TIME_ZONE = "Asia/Shanghai"


[root@controller ~]# systemctl restart httpd.service memcached.service

7.2 验证操作

网页访问http://controller/dashboard

网页操作:删除、创建云主机步骤

  • 1)Domain(域):default;user:demo;passwd:demo普通用户登陆,先删除云主机

  • 2)设置中文

  • 3)Domain(域):default;user:demo;passwd:demo,普通用户登陆,先删除云主机
  • 4)Domain(域):default;user:admin;passwd:admin管理员登陆,删除子网,再删除网络

  • 5)管理员登陆,创建网络,创建子网

  • 6)普通用户登陆创建云主机




8 dashboard可视化界面添加私有网络配置

8.1 控制节点->网络选项2:私有网络

%配置服务组件

[root@controller ~]# vim /etc/neutron/neutron.conf 
[DEFAULT]
service_plugins = router
allow_overlapping_ips = True

%配置 Modular Layer 2 (ML2) 插件
ML2插件使用Linuxbridge机制来为实例创建layer-2虚拟网络基础设施

[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini 
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population

[ml2_type_vxlan]
vni_ranges = 1:1000

%配置Linuxbridge代理
Linuxbridge代理为实例建立layer-2虚拟网络并且处理安全组规则

[root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini 
[vxlan]
enable_vxlan = True
local_ip = 172.25.3.1
l2_population = True

%配置layer-3代理
##Layer-3代理为私有虚拟网络提供路由和NAT服务

[root@controller ~]# vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =

[root@controller ~]# systemctl restart neutron-server.service neutron-linuxbridge-agent.service
[root@controller ~]# systemctl enable --now neutron-l3-agent.service

8.2 计算节点网络选项2:私有网络

%配置Linuxbridge代理

[root@compute1 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[vxlan]
enable_vxlan = True
local_ip = 172.25.3.2
l2_population = True
 
[root@compute1 ~]# systemctl restart neutron-linuxbridge-agent.service 
[root@controller ~]# vim /etc/openstack-dashboard/local_settings 
OPENSTACK_NEUTRON_NETWORK = {
    'enable_router': True,
    'enable_quotas': True,
    'enable_ipv6': True,
    'enable_distributed_router': True,
    'enable_ha_router': True,
    'enable_lb': True,
    'enable_firewall': True,
    'enable_vpn': True,
    'enable_fip_topology_check': True,

[root@controller ~]# systemctl restart httpd memcached

网页操作:

  • 网页访问http://controller/dashboard,管理员admin登陆:网络:编辑网络->勾选外部网络

  • 网页访问http://controller/dashboard,demo登陆:网络:创建网络private


  • 创建云主机



  • 路由:新建路由
  • 增加路由接口

  • 控制台查看网络通不通

此时10.0.0.3能ping通172.25.3.101,但172.25.3.101不能ping通10.0.0.3,需要在vm2中管理浮动IP:点+号申请合法ip分配ip,此时便能ping通浮动ip,浮动ip连接的就是10.0.0.3
点+号分配ip



[root@controller ~]# ssh cirros@172.25.3.103
$ ip addr
    inet 10.0.0.3/24 brd 10.0.0.255 scope global eth0

[root@zhenji ~]# which virsh
/usr/bin/virsh
[root@zhenji ~]# rpm -qf /usr/bin/virsh
libvirt-client-4.5.0-42.module+el8.2.0+6024+15a2423f.x86_64
[root@compute1 ~]# yum install -y libvirt-client
[root@compute1 ~]# virsh list
 Id    Name                           State
----------------------------------------------------
 2     instance-00000002              running
 3     instance-00000003              running

9.镜像服务

https://docs.openstack/image-guide/centos-image.html

9.1 安装虚拟机






手动分区,全部分在根下


关掉selinux


连接新建虚拟机localhost
[root@localhost ~]# vi /etc/yum.repos.d/dvd.repo
[root@localhost ~]# cat /etc/yum.repos.d/dvd.repo
[dvd]
name=rhel7.6
baseurl=http://172.25.3.250/rhel7.6
gpgcheck=0
[root@localhost ~]# vi /etc/yum.repos.d/dvd.repo
[root@localhost ~]# yum repolist

https://docs.openstack/image-guide/centos-image.html
[root@localhost ~]# yum install acpid -y
[root@localhost ~]# systemctl enable acpid

[root@zhenji isos]# cd /var/www/html/
[root@zhenji html]# ls
4.0        docker.repo    image   rhel7    small.qcow2       upload
docker-ce  get-docker.sh  mitaka  rhel7.6  softare_packages  westos
[root@zhenji html]# lftp 172.25.254.250
lftp 172.25.254.250:~> cd pub/cloud-init/
lftp 172.25.254.250:/pub/cloud-init> ls
drwxr-xr-x    3 0        0            4096 Mar 16  2018 rhel6
drwxr-xr-x    3 0        0            4096 Mar 16  2018 rhel7
lftp 172.25.254.250:/pub/cloud-init> mirror  rhel7
Total: 1 directory, 34 files, 0 symlinks                   
lftp 172.25.254.250:/pub/cloud-init> exit
[root@zhenji html]# ls
4.0        docker.repo    image   rhel7  


[root@localhost ~]# vi /etc/yum.repos.d/cloud.repo
[root@localhost ~]# cat /etc/yum.repos.d/cloud.repo
[cloud]
name=cloud-init
baseurl=http://172.25.3.250/rhel7
gpgcheck=0
[root@localhost ~]# yum install -y cloud-init cloud-utils-growpart
[root@localhost cloud]# echo "NOZEROCONF=yes" >> /etc/sysconfig/network

[root@localhost cloud]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 
BOOTPROTO=dhcp
DEVICE=eth0
ONBOOT=tes
[root@localhost cloud]# poweroff

##清理,压缩,
[root@zhenji html]# cd /var/lib/libvirt/images/
[root@zhenji images]# ls
small.qcow2
[root@zhenji images]# virt-sysprep -d small
[root@zhenji images]# du -h small.qcow2 
5.1G	small.qcow2
[root@zhenji images]# virt-sparsify --compress small.qcow2 /var/www/html/small.qcow2

9.2 上传镜像

网页访问http://controller/dashboard,管理员admin登陆:镜像:创建镜像->云主机类型:创建云主机类型


网页访问http://controller/dashboard,管理员demo登陆:创建云主机






启动主机->控制台:root登陆,查看ip,根被拉伸到10G

10.块存储服务

10.1 先决条件

##新建server3,hostname=block1,添加一个10G的硬盘

[root@block1 ~]# vim /etc/hosts
[root@block1 ~]# cat /etc/hosts
172.25.3.1 controller
172.25.3.2 compute1
172.25.3.3 block1

[root@controller ~]# scp /etc/yum.repos.d/openstack.repo block1:/etc/yum.repos.d/openstack.repo
##时间同步
[root@block1 ~]# yum install chrony -y
[root@block1 ~]# vim /etc/chrony.conf 
server 172.25.3.250 iburst
[root@block1 ~]# systemctl enable --now chronyd


[root@controller ~]# mysql -pwestos
MariaDB [(none)]> CREATE DATABASE cinder;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \
    ->   IDENTIFIED BY 'cinder';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%'    IDENTIFIED BY 'cinder'; 

10.2 安装并配置控制节点

%要创建服务证书
[root@controller ~]# openstack user create --domain default --password cinder cinder
[root@controller ~]# openstack role add --project service --user cinder admin
[root@controller ~]# openstack service create --name cinder \
  --description "OpenStack Block Storage" volume

[root@controller ~]# openstack service create --name cinderv2 \
  --description "OpenStack Block Storage" volumev2

%创建块设备存储服务的 API 入口点
[root@controller ~]# openstack endpoint create --region RegionOne \
  volume public http://controller:8776/v1/%\(tenant_id\)s
[root@controller ~]# openstack endpoint create --region RegionOne \
  volume internal http://controller:8776/v1/%\(tenant_id\)s

[root@controller ~]# openstack endpoint create --region RegionOne \
  volume admin http://controller:8776/v1/%\(tenant_id\)s

[root@controller ~]# openstack endpoint create --region RegionOne \
  volumev2 public http://controller:8776/v2/%\(tenant_id\)s

[root@controller ~]# openstack endpoint create --region RegionOne \
  volumev2 internal http://controller:8776/v2/%\(tenant_id\)s

[root@controller ~]# openstack endpoint create --region RegionOne \
  volumev2 admin http://controller:8776/v2/%\(tenant_id\)s

[root@controller ~]# yum install openstack-cinder -y


[root@controller ~]# vim /etc/cinder/cinder.conf 
[database]
connection = mysql+pymysql://cinder:cinder@controller/cinder

[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 172.25.3.1

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = cinder

[oslo_concurrency]
lock_path = /var/lib/cinder/tmp


[root@controller ~]# su -s /bin/sh -c "cinder-manage db sync" cinder



[root@controller ~]# vim /etc/nova/nova.conf 
[cinder]
os_region_name = RegionOne
[root@controller ~]# systemctl restart openstack-nova-api.service
[root@controller ~]# systemctl enable --now openstack-cinder-api.service openstack-cinder-scheduler.service

[root@block1 ~]# yum install lvm2 -y
[root@block1 ~]# systemctl enable lvm2-lvmetad.service
[root@block1 ~]# pvcreate /dev/vdb
[root@block1 ~]# vgcreate cinder-volumes /dev/vdb

[root@block1 ~]# vim /etc/lvm/lvm.conf

        # filter = [ "a|.*/|" ]
        filter = [ "a/vdb/","a/vdb/", "r/.*/"]

[root@block1 ~]# yum install openstack-cinder targetcli python-keystone -y



[database]
connection = mysql+pymysql://cinder:cinder@controller/cinder

[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 
enabled_backends = lvm
glance_api_servers = http://controller:9292

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = cinder
#最后添加
[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm

[oslo_concurrency]
lock_path = /var/lib/cinder/tmp

[root@block1 ~]# systemctl enable --now openstack-cinder-volume.service target.service
[root@controller ~]# cinder service-list

网页访问http://controller/dashboard,管理员demo登陆:创建云硬盘->管理以连接硬盘->vm3的控制台:
mkfs.xfs /dev/vdb
mkdir /data
mount /dev/vdb /data/
cd /data
cp /etc/* .
ls
umount /data



网页访问http://controller/dashboard,管理员demo登陆:分离刚才创建的云硬盘

发布评论

评论列表 (0)

  1. 暂无评论