Just talk about this shit
To put it simply, it is a cloud, a cloud platform of its own. The original version of openstack is Amazon Cloud. It can be said that openstack is a plagiarized product of Rackspace and NASA.
Officially speaking, a project managed by a cloud platform is not a piece of software. This project is composed of several main components to complete some specific work. Help service providers and enterprises implement cloud infrastructure services (Infrastructure as a Service) similar to Amazon ec2 and S3. Openstack consists of two main modules: Nova and Swift. The former is a virtual server deployment and business computing module developed by NASA; the latter is a distributed cloud storage module developed by Backpack. The two can be used together or separately. Openstack is an open source project. In addition to the strong support of Rackspace and NASA, there are also contributions and support from heavyweight companies such as Dell, Citrix, and Cisco Canonical. The development speed is very fast, and it has replaced Eucalyptus, another industry-leading open source platform. situation.
Plagiarism can still be so popular, I am also drunk, there is no way to write whoever is popular... Hee hee~
Edible ingredient
OpenStack covers all aspects of networking, virtualization, operating systems, servers, and more. It is a cloud computing platform project under development, which is decomposed into core projects, incubation projects, supporting projects and related projects according to the degree of maturity and importance. Each project has its own committee and project technical director, and each project is not static. Incubation projects can be transformed into core projects according to the maturity and importance of development.
- Identity Service: Keystone. Provides functions of authentication, service rules and service tokens for other OpenStack services, and manages Domains, Projects, Users, Groups, and Roles. Integrated into the project since the Essex version.
- Compute: Nova. A set of controllers is used to manage the entire life cycle of a virtual machine instance for a single user or a group of users, and provide virtual services according to user needs. Responsible for creating, starting, shutting down, suspending, suspending, adjusting, migrating, restarting, and destroying virtual machines, and configuring information specifications such as CPU and memory. Integrated into the project since the Austin version.
- Network & address management (Network): Neutron. Provides network virtualization technology for cloud computing, and provides network connection services for other OpenStack services. Provide interfaces for users, define Network, Subnet, and Router, configure DHCP, DNS, load balancing, and L3 services, and the network supports GRE and VLAN. The plug-in architecture supports many mainstream network manufacturers and technologies, such as OpenvSwitch. Integrated into the project since the Folsom version.
- Object Storage: Swift. A system for object storage in massively scalable systems with built-in redundancy and high fault tolerance, allowing files to be stored or retrieved. It can provide mirror storage for Glance and volume backup service for Cinder. Integrated into the project since the Austin version.
- Image Service: Glance. A set of virtual machine image search and retrieval system that supports multiple virtual machine image formats (AKI, AMI, ARI, ISO, QCOW2, Raw, VDI, VHD, VMDK), with functions for creating and uploading images, deleting images, and editing basic information of images Function. Integrated into the project since Bexar version.
- Block Storage: Cinder. It provides stable data block storage services for running instances. Its plug-in driver architecture facilitates the creation and management of block devices, such as creating volumes, deleting volumes, and mounting and unmounting volumes on instances. Integrated into the project since the Folsom version.
- UI interface (Dashboard): Horizon. The web management portal of various services in OpenStack is used to simplify user operations on services, such as: starting instances, assigning IP addresses, configuring access control, etc. Integrated into the project since the Essex version.
- Metering: Ceilometer. Like a funnel, it can collect almost all events that occur inside OpenStack, and then provide data support for billing, monitoring, and other services. Integrated into the project since the Havana version.
- Deployment Orchestration (Orchestration): Heat. Provides a collaborative deployment method defined by templates to realize automatic deployment of cloud infrastructure software operating environments (computing, storage, and network resources). Integrated into the project since the Havana version.
- Database Service: Trove. Provide users with scalable and reliable relational and non-relational database engine services in the OpenStack environment. Integrated into the project since the Icehouse version.
The most important ones are Keystone, Nova, Neutron, and of course other assistance such as: MySQL, RabbitMQ, etc.
The process of creating a cloud host
In order to better understand the framework of the entire OpenStack, it is extremely important to understand the birth process of a cloud host. Let’s talk about it here
The first stage
- The user controls Openstack through the Dashboard UI interface or the command line (CLI), but needs to verify with Keystone before the control. After successful verification, Keystone will return an auth_token to the user, and the user will carry out the next step with the auth_token
- The user requests nova_api to create a cloud host with auth_token
- nova_api sends the received user auth_token to Keystone for verification to ensure that it is valid, and the next step will not proceed until Keystone verifies that the token is valid
second stage
- nova_api records the request to create a cloud host into the nova database, which contains information about the cloud host, such as instance CPU size, memory size, disk space, mirror usage, etc.
- nova_api transfers information to the RabbitMQ message queue in the form of rpc_call to make queue requests
- nova_scheduler will listen to nova_api requests in the RabbitMQ message queue
- After nova_scheduler receives the nova_api request in the RabbitMQ message queue, it will query the relevant information in the nova database and then schedule
- After the nova_scheduler scheduling information is confirmed, the information will clarify which nova_compute is responsible, and the information will be sent to RabbitMQ
- nova_compute will listen to the nova_scheduler scheduling information in the RabbitMQ message queue
- nova_compute will go to nova_conductor to inquire about cloud host information, waiting for a reply
- nova_conductor goes to the nova database to query relevant information, and returns the information to the RabbitMQ message queue
- nova_compute gets the nova_conductor reply message in the RabbitMQ message queue
The third phase
- nova_compute initiates an api request to Glance to get the image
- Glance takes the received api request to Keystone for verification, and returns the image information after the verification is completed
- nova_compute initiates an api request to Neutron to get the network interface
- Neutron takes the received api request to Keystone for verification, and returns the interface information after the verification is completed
- nova_compute initiates an api request to Cinder to get the cloud disk
- Cinder takes the received api request to Keystone for verification, and returns the cloud disk information after the verification is completed
- Nova_compute will call the underlying hypervisor to generate cloud hosts after obtaining the resources
- nova_api will continuously poll the status when nova_compute creates the cloud host until the cloud host is completed
*Note: In order to prevent nova_compute from directly accessing the database, nova_conductor is needed to help query
Edible Tutorial—Environment Preparation
This tutorial uses the Openstack Queens version, and other versions are roughly the same
Configure domain name resolution on the control node
[root@openstack ~]# vim /etc/hosts
[root@openstack ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.31.4 openstack.if010.com
192.168.31.5 openstack-node01.if010.com
Configure Compute Node Domain Name Resolution
[root@openstack-node01 ~]# vim /etc/hosts
[root@openstack-node01 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.31.4 openstack.if010.com
192.168.31.5 openstack-node01.if010.com
Turn off the control node selinux and firewall
[root@openstack ~]# vim /etc/sysconfig/selinux
SELINUX=disabled
SELINUXTYPE=targeted
[root@openstack ~]# systemctl stop firewalld.service
Shut down compute node selinux and firewall
[root@openstack-node01 ~]# vim /etc/sysconfig/selinux
SELINUX=disabled
SELINUXTYPE=targeted
[root@openstack-node01 ~]# systemctl stop firewalld.service
Install and configure the time synchronization service of the control node
[root@openstack ~]# yum install -y chrony
[root@openstack ~]# vim /etc/chrony.conf
[root@openstack ~]# cat /etc/chrony.conf | grep -v "#" | grep -v "^$"
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
allow 192.168.31.0/24
logdir /var/log/chrony
[root@openstack ~]# systemctl enable chronyd.service
[root@openstack ~]# systemctl start chronyd.service
[root@openstack ~]# timedatectl set-timezone Asia/Shanghai
[root@openstack ~]# date
2022年 06月 04日 星期六 21:51:55 CST
Install and configure time synchronization service for compute nodes
[root@openstack-node01 ~]# yum install -y chrony
[root@openstack-node01 ~]# vim /etc/chrony.conf
[root@openstack-node01 ~]# cat /etc/chrony.conf | grep -v "#" | grep -v "^$"
server openstack.if010.com
[root@openstack-node01 ~]# systemctl enable chronyd.service
[root@openstack-node01 ~]# systemctl start chronyd.service
[root@openstack-node01 ~]# timedatectl set-timezone Asia/Shanghai
[root@openstack-node01 ~]# date
2022年 06月 04日 星期六 21:51:55 CST
Execute this command on the control node to verify the time synchronization service
[root@openstack ~]# chronyc sources
210 Number of sources = 4
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 139.199.215.251 2 10 375 994 +2175us[+2316us] +/- 18ms
^- time.cloudflare.com 3 10 377 170m +9674us[ +10ms] +/- 75ms
^- a.chl.la 2 10 377 1059 -884us[ -743us] +/- 123ms
^+ time.neu.edu.cn 1 10 377 289 +17ms[ +17ms] +/- 50ms
Execute the command on the computing node to verify the time synchronization service
[root@openstack-node01 ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* openstack.if010.com 3 9 377 421 +15us[ -87us] +/- 15ms
add yum source
#计算节点
[root@openstack ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[root@openstack ~]# yum install -y centos-release-openstack-queens.noarch
#控制节点
[root@openstack-node01 ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[root@openstack-node01 ~]# yum install -y centos-release-openstack-queens.noarch
Install MySQL database service and configure
[root@openstack ~]# yum install -y mariadb mariadb-server MySQL-python
[root@openstack ~]# cp /usr/share/mysql/my-medium.cnf /etc/my.cnf
[root@openstack ~]# cat /etc/my.cnf | grep -v "#" | grep -v "^$"
[client]
port = 3306
socket = /var/lib/mysql/mysql.sock
[mysqld]
default-storage-engine = innodb #使用innodb引擎
innodb_file_per_table #使用独享的表空间
max_connections = 4096 #设置最大连接数
collation-server = utf8_general_ci #设置校对字符集
init-connect = 'SET NAMES utf8' #设置连接初始化的字符集
character-set-server = utf8 #设置数据库的字符集
port = 3306
socket = /var/lib/mysql/mysql.sock
skip-external-locking
key_buffer_size = 16M
max_allowed_packet = 1M
table_open_cache = 64
sort_buffer_size = 512K
net_buffer_length = 8K
read_buffer_size = 256K
read_rnd_buffer_size = 512K
myisam_sort_buffer_size = 8M
log-bin=mysql-bin
binlog_format=mixed
server-id = 1
[mysqldump]
quick
max_allowed_packet = 16M
[mysql]
no-auto-rehash
[myisamchk]
key_buffer_size = 20M
sort_buffer_size = 20M
read_buffer = 2M
write_buffer = 2M
[mysqlhotcopy]
interactive-timeout
[root@openstack ~]# systemctl enable mariadb.service
[root@openstack ~]# systemctl start mariadb.service
In order to ensure the security of the database service, run mysql_secure_installationthe script. In particular, to set an appropriate password for the root user of the database, openssl rand -hex 10a 10-digit password can be generated using
[root@openstack ~]# openssl rand -hex 10
38ad89f42d765b1eb3b0
[root@openstack ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): #输入root密码,刚刚安装是没有密码的,所以直接回车即可
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] Y #设置root密码
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y #是否移除匿名用户
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y #是否禁止root远程登录
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y #是否移除test数据库
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y #是否刷新权限表
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
Install RabbitMQ message queue and configure
[root@openstack ~]# yum install -y rabbitmq-server
[root@openstack ~]# systemctl enable rabbitmq-server.service
[root@openstack ~]# systemctl start rabbitmq-server.service
[root@openstack ~]# rabbitmqctl add_user openstack 1735e32955b2ef18362e
Creating user "openstack" ...
...done.
[root@openstack ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...
...done.
#启用web管理模块
[root@openstack ~]# rabbitmq-plugins enable rabbitmq_management
The following plugins have been enabled:
mochiweb
webmachine
rabbitmq_web_dispatch
amqp_client
rabbitmq_management_agent
rabbitmq_management
Plugin configuration has changed. Restart RabbitMQ for changes to take effect.
[root@openstack ~]# systemctl restart rabbitmq-server.service
Browser access configuration, Admin->Update this user, label the openstack user as the Administrator group
http://192.168.31.4:15672
Default management account password: guest/guest
Edible Tutorial—KeyStone
Create KeyStone database and authorize
[root@openstack ~]# openssl rand -hex 10
9b7976d96ef6ecadccce
[root@openstack ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '9b7976d96ef6ecadccce';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '9b7976d96ef6ecadccce';
yum install KeyStone and Memcached
[root@openstack ~]# yum install -y openstack-keystone python-openstackclient httpd mod_wsgi memcached python-memcached
Start Memcached and set it to start automatically
[root@openstack ~]# systemctl enable memcached.service
[root@openstack ~]# systemctl start memcached.service
Generate an admin_token
[root@openstack keystone]# openssl rand -hex 10
58d48e8481d5f01b6ca0
Configure the keystone.conf file
[root@openstack ~]# vim /etc/keystone/keystone.conf
[DEFAULT] #定义初始管理令牌的值
admin_token = 58d48e8481d5f01b6ca0
[database] #配置数据库访问
connection = mysql+pymysql://keystone:[email protected]/keystone
[revoke] #配置回滚驱动
driver = sql
[token] #配置Fernet UUID令牌的提供者
provider = fernet
Initialize the database of the authentication service
[root@openstack ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
Initialize Fernet keys
[root@openstack ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
Configure the Apache HTTP server
[root@openstack ~]# vim /etc/httpd/conf/httpd.conf
ServerName controller
[root@openstack ~]# vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
Start Apache HTTP and set it to start automatically
[root@openstack ~]# systemctl enable httpd.service
[root@openstack ~]# systemctl start httpd.service
Set OpenStack environment variables
[root@openstack ~]# export OS_TOKEN=58d48e8481d5f01b6ca0
[root@openstack ~]# export OS_URL=http://openstack.if010.com:35357/v3
[root@openstack ~]# export OS_IDENTITY_API_VERSION=3
Create service entity and identity authentication service
[root@openstack ~]# openstack service create --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | 4ddaae90388b4ebc9d252ec2252d8d10 |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
Create an API endpoint for the authentication service
[root@openstack ~]# openstack endpoint create --region RegionOne identity public http://openstack.if010.com:5000/v3
+--------------+------------------------------------+
| Field | Value |
+--------------+------------------------------------+
| enabled | True |
| id | 30fff543e7dc4b7d9a0fb13791b78bf4 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8c8c0927262a45ad9066cfe70d46892c |
| service_name | keystone |
| service_type | identity |
| url | http://openstack.if010.com:5000/v3 |
+--------------+------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne identity internal http://openstack.if010.com:5000/v3
+--------------+------------------------------------+
| Field | Value |
+--------------+------------------------------------+
| enabled | True |
| id | 57cfa543e7dc4b712c0ab137911bc4fe |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6f8de927262ac12f6066cfe70d99ac51 |
| service_name | keystone |
| service_type | identity |
| url | http://openstack.if010.com:5000/v3 |
+--------------+------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne identity admin http://openstack.if010.com:35357/v3
+--------------+-------------------------------------+
| Field | Value |
+--------------+-------------------------------------+
| enabled | True |
| id | 78c3dfa3e7dc44c98ab1b1379122ecb1 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 34ab3d27262ac449cba6cfe704dbc11f |
| service_name | keystone |
| service_type | identity |
| url | http://openstack.if010.com:35357/v3 |
+--------------+-------------------------------------+
create default domain
[root@openstack ~]# openstack domain create --description "Default Domain" default
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Default Domain |
| enabled | True |
| id | e0353a670a9e496da891347c589539e9 |
| name | default |
+-------------+----------------------------------+
Create admin project
[root@openstack ~]# openstack project create --domain default --description "Admin Project" admin
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Admin Project |
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled | True |
| id | 343d245e850143a096806dfaefa9afdc |
| is_domain | False |
| name | admin |
| parent_id | None |
+-------------+----------------------------------+
Create an admin user and set a password
[root@openstack ~]# openstack user create --domain default --password-prompt admin
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled | True |
| id | ac3377633149401296f6c0d92d79dc16 |
| name | admin |
+-----------+----------------------------------+
Create the admin role
[root@openstack ~]# openstack role create admin
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | cd2cb9a39e874ea69e5d4b896eb16128 |
| name | admin |
+-----------+----------------------------------+
Add the admin role to the admin project and user
[root@openstack ~]# openstack role add --project admin --user admin admin
Create a service project
[root@openstack ~]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled | True |
| id | 894cdfa366d34e9d835d3de01e752262 |
| is_domain | False |
| name | service |
| parent_id | None |
+-------------+----------------------------------+
Create a demo project
[root@openstack ~]# openstack project create --domain default --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled | True |
| id | ed0b60bf607743088218b0a533d5943f |
| is_domain | False |
| name | demo |
| parent_id | None |
+-------------+----------------------------------+
Create a demo user and set a password
[root@openstack ~]# openstack user create --domain default --password-prompt demo
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled | True |
| id | 58126687cbcc4888bfa9ab73a2256f27 |
| name | demo |
+-----------+----------------------------------+
Create a user role
[root@openstack ~]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 997ce8d05fc143ac97d83fdfb5998552 |
| name | user |
+-----------+----------------------------------+
Add user role to demo project and user
[root@openstack ~]# openstack role add --project demo --user demo user
verify operation
#进行验证作为admin用户,请求认证令牌
[root@openstack ~]# unset OS_TOKEN OS_URL
[root@openstack ~]# openstack --os-auth-url http://openstack.if010.com:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue
Password:
+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:14:07.056119Z |
| id | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
| | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
| | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws |
| project_id | 343d245e850143a096806dfaefa9afdc |
| user_id | ac3377633149401296f6c0d92d79dc16 |
+------------+-----------------------------------------------------------------+
# 作为demo用户,请求认证令牌
[root@openstack ~]# openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name demo --os-username demo token issue
Password:
+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:15:39.014479Z |
| id | gAAAAABWvi9bsh7vkiby5BpCCnc-JkbGhm9wH3fabS_cY7uabOubesi-Me6IGWW |
| | yQqNegDDZ5jw7grI26vvgy1J5nCVwZ_zFRqPiz_qhbq29mgbQLglbkq6FQvzBRQ |
| | JcOzq3uwhzNxszJWmzGC7rJE_H0A_a3UFhqv8M4zMRYSbS2YF0MyFmp_U |
| project_id | ed0b60bf607743088218b0a533d5943f |
| user_id | 58126687cbcc4888bfa9ab73a2256f27 |
+------------+-----------------------------------------------------------------+
Create an OpenStack client environment script
[root@openstack keystone]# vim admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=yy99..
export OS_AUTH_URL=http://openstack.if010.com:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@openstack keystone]# vim demo-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://openstack.if010.com:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@openstack ~]# source admin-openrc
[root@openstack ~]# openstack token issue
+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:44:35.659723Z |
| id | gAAAAABWvjYj-Zjfg8WXFaQnUd1DMYTBVrKw4h3fIagi5NoEmh21U72SrRv2trl |
| | JWFYhLi2_uPR31Igf6A8mH2Rw9kv_bxNo1jbLNPLGzW_u5FC7InFqx0yYtTwa1e |
| | eq2b0f6-18KZyQhs7F3teAta143kJEWuNEYET-y7u29y0be1_64KYkM7E |
| project_id | 343d245e850143a096806dfaefa9afdc |
| user_id | ac3377633149401296f6c0d92d79dc16 |
+------------+-----------------------------------------------------------------+
Edible Tutorial—Glance
##Create Glance database and authorize
[root@openstack ~]# openssl rand -hex 10
a92e900d1dc37b94f347
[root@openstack ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE glance;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'127.0.0.1' IDENTIFIED BY 'a92e900d1dc37b94f347';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'a92e900d1dc37b94f347';
Get admin credentials
[root@openstack ~]# source admin-openrc
Create a glance user and set a password
[root@openstack ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled | True |
| id | e38230eeff474607805b596c91fa15d9 |
| name | glance |
+-----------+----------------------------------+
Add admin role to glance user and service project
[root@openstack ~]# openstack role add --project service --user glance admin
Create glance service entity
[root@openstack ~]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| name | glance |
| type | image |
+-------------+----------------------------------+
Create an API endpoint for the mirror service
[root@openstack ~]# openstack endpoint create --region RegionOne image public http://openstack.if010.com:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 340be3625e9b4239a6415d034e98aace |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| service_name | glance |
| service_type | image |
| url | http://openstack.if010.com:9292 |
+--------------+----------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne image internal http://openstack.if010.com:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | a6e4b153c2ae4c919eccfdbb7dceb5d2 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| service_name | glance |
| service_type | image |
| url | http://openstack.if010.com:9292 |
+--------------+----------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne image admin http://openstack.if010.com:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0c37ed58103f4300a84ff125a539032d |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| service_name | glance |
| service_type | image |
| url | http://openstack.if010.com:9292 |
+--------------+----------------------------------+
yum install Glance service
[root@openstack ~]# yum install -y openstack-glance python-glance python-glanceclient
#配置 /etc/glance/glance-api.conf 文件
[root@openstack ~]# vim /etc/glance/glance-api.conf
[database] #配置数据库访问
connection = mysql+pymysql://glance:[email protected]/glance
[glance_store] #配置本地文件系统存储和镜像文件位置
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images
[keystone_authtoken] #配置认证服务访问
auth_uri = http://openstack.if010.com:5000
auth_url = http://openstack.if010.com:35357
memcached_servers = openstack.if010.com:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance@If010 #glance用户的密码
[paste_deploy] #配置认证的方式
flavor = keystone
#配置 /etc/glance/glance-registry.conf 文件
[root@openstack ~]# vim /etc/glance/glance-registry.conf
[database] #配置数据库访问
connection = mysql+pymysql://glance:[email protected]/glance
[keystone_authtoken] #配置认证服务访问
auth_uri = http://openstack.if010.com:5000
auth_url = http://openstack.if010.com:35357
memcached_servers = openstack.if010.com:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance@If010 #glance用户的密码
[paste_deploy] #配置认证的方式
flavor = keystone
Initialize the database of the mirror service:
[root@openstack ~]# su -s /bin/sh -c "glance-manage db_sync" glance
Start the mirror service, configure them to start randomly
[root@openstack ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service
[root@openstack ~]# systemctl restart openstack-glance-api.service openstack-glance-registry.service
verify image
#下载镜像,这个镜像好像需要翻墙才能下载,可以使用别的镜像测试
[root@openstack ~]# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
#用 QCOW2 磁盘格式, bare 容器格式上传镜像到镜像服务并设置公共可见,这样所有的项目都可以访问它
[root@openstack ~]# openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2022-06-05T05:22:14Z |
| disk_format | qcow2 |
| file | /v2/images/1bf99dfb-6943-4b9d-bb00-dafc0d70c6d7/file |
| id | 1bf99dfb-6943-4b9d-bb00-dafc0d70c6d7 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | a71798a89caf4ad094fdf16e253f00ea |
| protected | False |
| schema | /v2/schemas/image |
| size | 13287936 |
| status | active |
| tags | |
| updated_at | 2022-06-05T05:22:14Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
#确认镜像的上传并验证属性
[root@openstack ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 1bf99dfb-6943-4b9d-bb00-dafc0d70c6d7 | cirros | active |
+--------------------------------------+--------+--------+
Edible Tutorial—Nova
Install and configure the control node
Create Nova database and authorize
[root@openstack ~]# openssl rand -hex 10
e528734fc653231683c9
[root@openstack ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'e528734fc653231683c9';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'e528734fc653231683c9';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'e528734fc653231683c9';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'e528734fc653231683c9';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'e528734fc653231683c9';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'e528734fc653231683c9';
Get admin credentials
[root@openstack ~]# source admin-openrc
Create nova and set a password
[root@openstack ~]# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled | True |
| id | 8c46e4760902464b889293a74a0c90a8 |
| name | nova |
+-----------+----------------------------------+
Add the admin role to the nova user:
[root@openstack ~]# openstack role add --project service --user nova admin
Create nova service entity:
[root@openstack ~]# openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 060d59eac51b4594815603d75a00aba2 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
Create the Compute service API endpoint:
[root@openstack ~]# openstack endpoint create --region RegionOne compute public http://openstack.if010.com:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------------+
| Field | Value |
+--------------+----------------------------------------------------+
| enabled | True |
| id | 3c1caa473bfe4390a11e7177894bcc7b |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e702f6f497ed42e6a8ae3ba2e5871c78 |
| service_name | nova |
| service_type | compute |
| url | http://openstack.if010.com:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne compute internal http://openstack.if010.com:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------------+
| Field | Value |
+--------------+----------------------------------------------------+
| enabled | True |
| id | e3c918de680746a586eac1f2d9bc10ab |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e702f6f497ed42e6a8ae3ba2e5871c78 |
| service_name | nova |
| service_type | compute |
| url | http://openstack.if010.com:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne compute admin http://openstack.if010.com:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------------+
| Field | Value |
+--------------+----------------------------------------------------+
| enabled | True |
| id | 38f7af91666a47cfb97b4dc790b94424 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e702f6f497ed42e6a8ae3ba2e5871c78 |
| service_name | nova |
| service_type | compute |
| url | http://openstack.if010.com:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------------+
Create placement and set password
[root@openstack ~]# openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled | True |
| id | 8c46e4760902464b889293a74a0c90a8 |
| name | placement |
+-----------+----------------------------------+
Add the admin role to the placement user:
[root@openstack ~]# openstack role add --project service --user placement admin
Create a placement service entity:
[root@openstack ~]# openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | 060d59eac51b4594815603d75a00aba2 |
| name | placement |
| type | placement |
+-------------+----------------------------------+
Create the Compute service API endpoint:
[root@openstack ~]# openstack endpoint create --region RegionOne placement public http://openstack.if010.com:8778
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 3c1caa473bfe4390a11e7177894bcc7b |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e702f6f497ed42e6a8ae3ba2e5871c78 |
| service_name | placement |
| service_type | placement |
| url | http://openstack.if010.com:8778 |
+--------------+-------------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne placement internal http://openstack.if010.com:8778
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | e3c918de680746a586eac1f2d9bc10ab |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e702f6f497ed42e6a8ae3ba2e5871c78 |
| service_name | placement |
| service_type | placement |
| url | http://openstack.if010.com:8778 |
+--------------+-------------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne placement admin http://openstack.if010.com:8778
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 38f7af91666a47cfb97b4dc790b94424 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e702f6f497ed42e6a8ae3ba2e5871c78 |
| service_name | placement |
| service_type | placement |
| url | http://openstack.if010.com:8778 |
+--------------+-------------------------------------------+
Nova control node installation and configuration
[root@openstack ~]# yum install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient openstack-nova-placement-api
#配置/etc/nova/nova.conf文件
[root@openstack ~]# vim /etc/nova/nova.conf
[DEFAULT]
block_device_allocate_retries=180
my_ip=192.168.31.4 #配置my_ip来使用控制节点的管理接口的IP地址
use_neutron=True
firewall_driver=nova.virt.firewall.NoopFirewallDriver #配置防火墙驱动
enabled_apis=osapi_compute,metadata #启用计算和元数据API
transport_url=rabbit://openstack:[email protected] #配置RabbitMQ消息队列访问
rpc_backend=rabbit #配置RabbitMQ消息队列访问
auth_strategy=keystone #配置认证服务访问
[api]
auth_strategy=keystone
[api_database] #配置数据库的连接
connection=mysql+pymysql://nova:[email protected]/nova_api
[cinder]
os_region_name=RegionOne
[database] #配置数据库的连接
connection=mysql+pymysql://nova:[email protected]/nova
[glance] #配置镜像服务API的地址
api_servers=http://openstack.if010.com:9292
[keystone_authtoken] #配置认证服务访问
auth_uri=http://openstack.if010.com:5000
auth_url=http://openstack.if010.com:35357
memcached_servers=openstack.if010.com:11211
auth_type=password
project_domain_name=default
user_domain_name=default
project_name=service
username=nova
password=nova@If010 #nova用户的密码
[libvirt]
virt_type=kvm
inject_password=true
cpu_mode=host-passthrough
[neutron]
url = http://openstack.if010.com:9696
auth_url = http://openstack.if010.com:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron@If010
service_metadata_proxy = True
metadata_proxy_shared_secret = neutron
[oslo_concurrency] #配置锁路径
lock_path=/var/lib/nova/tmp
[oslo_messaging_rabbit] #配置RabbitMQ消息队列访问
rabbit_host=127.0.0.1
rabbit_port=5672
rabbit_userid=openstack
rabbit_password=1735e32955b2ef18362e #RabbitMQ的openstack用户的密码
[placement] #配置placement认证
os_region_name=RegionOne
auth_type=password
auth_url=http://openstack.if010.com:35357/v3
project_name=service
project_domain_name=Default
username=placement
user_domain_name=Default
password=placement@If010 #placement用户的密码
[scheduler]
discover_hosts_in_cells_interval=300
[vnc] #配置VNC代理使用控制节点的管理接口IP地址
enabled=true
server_listen=$my_ip
server_proxyclient_address=$my_ip
novncproxy_base_url=http://192.168.31.4:6080/vnc_auto.html
#配置00-nova-placement-api.conf文件
[root@openstack ~]# vim /etc/httpd/conf.d/00-nova-placement-api.conf
...
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
Restart the httpd service
[root@openstack ~]# systemctl restart httpd.service
Synchronize the Nova database:
#同步nova_api数据
[root@openstack ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
# 注册cell0数据库
[root@openstack ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
# 创建cell0的单元格
[root@openstack ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
#同步nova数据
[root@openstack ~]# su -s /bin/sh -c "nova-manage db sync" nova
Verify that nova cell0 and cell1 are registered correctly
[root@openstack ~]# nova-manage cell_v2 list_cells
+-------+--------------------------------------+-----------------------------------+------------------------------------------------+
| 名称 | UUID | Transport URL | 数据库连接 |
+-------+--------------------------------------+-----------------------------------+------------------------------------------------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@127.0.0.1/nova_cell0 |
| cell1 | 7d6f800c-2c16-4d15-8b75-0ce02a1af13f | rabbit://openstack:****@127.0.0.1 | mysql+pymysql://nova:****@127.0.0.1/nova |
+-------+--------------------------------------+-----------------------------------+------------------------------------------------+
Start the Compute service and set it to start with the system:
[root@openstack ~]# systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@openstack ~]# systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
The content of nova.conf is configured in advance, such as neutron service, cinder service, etc., which may affect the startup of the service
Install and configure compute nodes
[root@openstack-node01 ~]# yum install openstack-nova-compute
#配置/etc/nova/nova.conf文件
[root@openstack-node01 ~]# vim /etc/nova/nova.conf
[DEFAULT]
transport_url=rabbit://openstack:[email protected] #配置RabbitMQ消息队列访问
auth_strategy=keystone #配置认证服务访问
my_ip=192.168.31.4 #配置my_ip来使用控制节点的管理接口的IP地址
use_neutron=True
firewall_driver=nova.virt.firewall.NoopFirewallDriver #配置防火墙驱动
[oslo_messaging_rabbit] #配置RabbitMQ消息队列访问
rabbit_host=openstack.if010.com
rabbit_userid=openstack
rabbit_password=1735e32955b2ef18362e
[keystone_authtoken] #配置认证服务访问
auth_uri=http://openstack.if010.com:5000
auth_url=http://openstack.if010.com:35357
memcached_servers=openstack.if010.com:11211
auth_type=password
project_domain_name=default
user_domain_name=default
project_name=service
username=nova
password=nova@If010 #nova用户的密码
[vnc] #配置VNC代理使用控制节点的管理接口IP地址
enabled=True
vncserver_listen=0.0.0.0
vncserver_proxyclient_address=$my_ip
novncproxy_base_url=http://openstack.if010.com:6080/vnc_auto.html
[glance] #配置镜像服务API的地址
api_servers=http://openstack.if010.com:9292
[oslo_concurrency] #配置锁路径
lock_path=/var/lib/nova/tmp
[placement] #配置placement认证
os_region_name=RegionOne
project_domain_name=Default
project_name=service
auth_type=password
user_domain_name=Default
auth_url=http://openstack.if010.com:35357/v3
username=placement
password=placement@If010 #placement用户的密码
[libvirt] #配置支持虚拟机的硬件加速
virt_type=kvm
Note: The configuration of the libvirt item determines whether your computing node supports hardware acceleration of virtual machines "
egrep -c '(vmx|svm)' /proc/cpuinfo`If
this command returns a value of one or greater, then your computing node Hardware acceleration is supported and no additional configuration is required.
If this command returns a value of zero, then your compute node does not support hardware acceleration. You must configure libvirt to use QEMU instead of KVM[/collapse]
Start the compute service and its dependencies and configure it to start automatically with the system
[root@openstack-node01 ~]# systemctl enable libvirtd.service openstack-nova-compute.service
[root@openstack-node01 ~]# systemctl start libvirtd.service openstack-nova-compute.service
verify operation
Discover Computing Host Operations
[root@openstack ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
*Note: When you add new compute nodes, you must run on the controller node to register these new compute nodes. Or you can edit /etc/nova/nova.conf to set the appropriate interval in:
[scheduler]
...
discover_hosts_in_cells_interval=300
Confirm whether there is a computing host in the database
[root@openstack ~]# openstack compute service list --service nova-compute
+----+--------------+----------------------------+------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+--------------+----------------------------+------+---------+-------+----------------------------+
| 12 | nova-compute | openstack-node01.if010.com | nova | enabled | up | 2022-06-12T07:16:23.000000 |
+----+--------------+----------------------------+------+---------+-------+----------------------------+
List service components to verify successful startup and registration of each process:
[root@openstack ~]# openstack compute service list
+----+------------------+----------------------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+----------------------------+----------+---------+-------+----------------------------+
| 1 | nova-consoleauth | openstack.if010.com | internal | enabled | up | 2022-06-12T07:17:42.000000 |
| 2 | nova-conductor | openstack.if010.com | internal | enabled | up | 2022-06-12T07:17:41.000000 |
| 3 | nova-scheduler | openstack.if010.com | internal | enabled | up | 2022-06-12T07:17:33.000000 |
| 12 | nova-compute | openstack-node01.if010.com | nova | enabled | up | 2022-06-12T07:17:33.000000 |
+----+------------------+----------------------------+----------+---------+-------+----------------------------+
List API endpoints in Identity Service to verify connection to Identity Service
[root@openstack ~]# openstack catalog list
+-----------+-----------+-----------------------------------------------------------------------------------+
| Name | Type | Endpoints |
+-----------+-----------+-----------------------------------------------------------------------------------+
| placement | placement | RegionOne |
| | | public: http://openstack.if010.com:8778 |
| | | RegionOne |
| | | admin: http://openstack.if010.com:8778 |
| | | RegionOne |
| | | internal: http://openstack.if010.com:8778 |
| | | |
| nova | compute | RegionOne |
| | | admin: http://openstack.if010.com:8774/v2.1/9193663417bd4262944a2480e253cb38 |
| | | RegionOne |
| | | public: http://openstack.if010.com:8774/v2.1/9193663417bd4262944a2480e253cb38 |
| | | RegionOne |
| | | internal: http://openstack.if010.com:8774/v2.1/9193663417bd4262944a2480e253cb38 |
| | | |
| glance | image | RegionOne |
| | | public: http://openstack.if010.com:9292 |
| | | RegionOne |
| | | admin: http://openstack.if010.com:9292 |
| | | RegionOne |
| | | internal: http://openstack.if010.com:9292 |
| | | |
| keystone | identity | RegionOne |
| | | public: http://openstack.if010.com:5000/v3 |
| | | RegionOne |
| | | admin: http://openstack.if010.com:35357/v3 |
| | | RegionOne |
| | | internal: http://openstack.if010.com:5000/v3 |
| | | |
+-----------+-----------+-----------------------------------------------------------------------------------+
List the images in the Image service to verify connectivity to the Image service:
[root@openstack ~]# openstack image list
+--------------------------------------+----------+--------+
| ID | Name | Status |
+--------------------------------------+----------+--------+
| e0f5041e-db3b-4e65-9ef3-39ad1b8b0b1f | CentOS 7 | active |
+--------------------------------------+----------+--------+
Check that the cells and placement APIs are running successfully:
[root@openstack ~]# nova-status upgrade check
+-------------------------------+
| 升级检查结果 |
+-------------------------------+
| 检查: Cells v2 |
| 结果: 成功 |
| 详情: None |
+-------------------------------+
| 检查: Placement API |
| 结果: 成功 |
| 详情: None |
+-------------------------------+
| 检查: Resource Providers |
| 结果: 成功 |
| 详情: None |
+-------------------------------+
| 检查: Ironic Flavor Migration |
| 结果: 成功 |
| 详情: None |
+-------------------------------+
| 检查: API Service Version |
| 结果: 成功 |
| 详情: None |
+-------------------------------+
Edible Tutorial—Neutron
The configuration in this tutorial is a public network, that is, a single flat network. Friends who need it can study the private network by themselves.
Neutron control node installation and configuration
Create a Neutron database and authorize
[root@openstack ~]# openssl rand -hex 10
e528734fc653231683c9
[root@openstack ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'e528734fc653231683c9';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'e528734fc653231683c9';
Get admin credentials
[root@openstack ~]# source admin-openrc
Create a neutron user and set
[root@openstack ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled | True |
| id | b20a6692f77b4258926881bf831eb683 |
| name | neutron |
+-----------+----------------------------------+
Add the admin role to the neutron user:
[root@openstack ~]# openstack role add --project service --user neutron admin
Create a neutron service entity:
[root@openstack ~]# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | f71529314dab4a4d8eca427e701d209e |
| name | neutron |
| type | network |
+-------------+----------------------------------+
Create a web service API endpoint:
[root@openstack ~]# openstack endpoint create --region RegionOne network public http://openstack.if010.com:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 85d80a6d02fc4b7683f611d7fc1493a3 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron |
| service_type | network |
| url | http://openstack.if010.com:9696 |
+--------------+----------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne network internal http://openstack.if010.com:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 09753b537ac74422a68d2d791cf3714f |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron |
| service_type | network |
| url | http://openstack.if010.com:9696 |
+--------------+----------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne network admin http://openstack.if010.com:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 1ee14289c9374dffb5db92a5c112fc4e |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron |
| service_type | network |
| url | http://openstack.if010.com:9696 |
+--------------+----------------------------------+
Install and configure compute nodes
[root@openstack ~]# yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
#配置/etc/neutron/neutron.conf文件
[root@openstack ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
auth_strategy = keystone #配置认证服务访问
core_plugin = ml2 #启用ML2插件
service_plugins = #禁用其他插件
notify_nova_on_port_status_changes = True #配置网络服务来通知计算节点的网络拓扑变化
notify_nova_on_port_data_changes = True ##配置网络服务来通知计算节点的网络拓扑变化
transport_url = rabbit://openstack:[email protected] #配置RabbitMQ消息队列访问
rpc_backend = rabbit #配置RabbitMQ消息队列访问
[database] #配置数据库的连接
connection = mysql+pymysql://neutron:[email protected]/neutron
[keystone_authtoken] #配置认证服务访问
auth_uri = http://openstack.if010.com:5000
auth_url = http://openstack.if010.com:35357
memcached_servers = openstack.if010.com:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron@If010 #neutron用户的密码
[nova] #配置nova服务访问
auth_url = http://openstack.if010.com:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova@If010 #nova用户的密码
[oslo_concurrency] #配置锁路径
lock_path = /var/lib/neutron/tmp
[oslo_messaging_rabbit] #配置RabbitMQ消息队列访问
rabbit_host = 127.0.0.1
rabbit_port = 5672
rabbit_userid = openstack
rabbit_password = 1735e32955b2ef18362e
#配置ml2_conf.ini文件
[root@openstack ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan #启用flat和VLAN网络
tenant_network_types = #禁用私有网络
mechanism_drivers = linuxbridge #启用Linuxbridge机制
extension_drivers = port_security #启用端口安全扩展驱动
[ml2_type_flat] #配置公共虚拟网络为flat网络
flat_networks = provider
[securitygroup] #启用ipset增加安全组规则的高效性
enable_ipset = true
#配置linuxbridge_agent.ini文件
[root@openstack ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1 //将eth1替换成自己本身的网卡接口,ip addr可查看网卡名称
[securitygroup] #启用安全组并配置Linuxbridge iptables firewall driver
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
enable_security_group = true
[vxlan]
enable_vxlan = false #禁止VXLAN覆盖网络
#配置dhcp_agent.ini文件
*配置Linuxbridge驱动接口,DHCP驱动并启用隔离元数据,这样在公共网络上的实例就可以通过网络来访问元数据
[root@openstack ~]# vim /etc/neutron/dhcp_agent.ini
[DEFAULT] #配置DHCP代理
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
#配置metadata_agent.ini文件
[root@openstack ~]# vim /etc/neutron/metadata_agent.ini
[DEFAULT] #配置元数据主机以及共享密码
nova_metadata_host = openstack.if010.com
metadata_proxy_shared_secret = neutron
#配置nova使用neutron服务
[root@openstack ~]# vim /etc/nova/nova.conf
[neutron]
url = http://openstack.if010.com:9696
auth_url = http://openstack.if010.com:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron@If010
service_metadata_proxy = true
metadata_proxy_shared_secret = neutron
link plugin.ini file
The web service init script requires /etc/neutron/plugin.ini to point to a symlink to the ML2 plugin configuration file /etc/neutron/plugins/ml2ml2_conf.ini. If this symlink does not exist, create it with the following command:
[root@openstack ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
Initialize the neutron database
[root@openstack ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
Restart Compute Nova API service
[root@openstack ~]# systemctl restart openstack-nova-api.service
Start the network service and configure it to start at system startup
[root@openstack ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
[root@openstack ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
Neutron computing node installation and configuration
[root@openstack-node01 ~]# yum installopenstack-neutron-linuxbridge ebtables ipset
#配置/etc/neutron/neutron.conf文件
[root@openstack-node01 ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:[email protected]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://openstack.if010.com:5000
auth_url = http://openstack.if010.com:35357
memcached_servers = openstack.if010.com:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron@If010
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
#配置linuxbridge_agent.ini文件
[root@openstack-node01 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1 //将eth1替换为自己的网卡接口
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
#配置计算服务使用网络服务
[root@openstack-node01 ~]# vim /etc/nova/nova.conf
[neutron]
url = http://openstack.if010.com:9696
auth_url = http://openstack.if010.com:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron@If010
Restart the compute service:
[root@openstack-node01 ~]# systemctl restart openstack-nova-compute.service
Start the Linux bridge agent and configure it to start on system boot:
[root@openstack-node01 ~]# systemctl enable neutron-linuxbridge-agent.service
[root@openstack-node01 ~]# systemctl start neutron-linuxbridge-agent.service
verify operation
#列出加载的扩展以验证neutron-server过程的成功启动
[root@openstack ~]# openstack extension list --network
#验证 neutron agent成功
[root@openstack ~]# openstack network agent list
Edible Tutorial—Cinder
Control node installation and configuration
Create cinder database and authorize
[root@openstack ~]# openssl rand -hex 10
8ef194ead24acb67de4c
[root@openstack ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE cinder;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY '8ef194ead24acb67de4c';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY '8ef194ead24acb67de4c';
Get admin credentials
[root@openstack ~]# source admin-openrc
###Create cinder user and set password
[root@openstack ~]# openstack user create --domain default --password-prompt cinder
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled | True |
| id | bb279f8ffc444637af38811a5e1f0562 |
| name | cinder |
+-----------+----------------------------------+
Add the admin role to the cinder user:
[root@openstack ~]# openstack role add --project service --user cinder admin
Create cinder service entity:
[root@openstack ~]# openstack service create --name cinder --description "OpenStack Block Storage" volume
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Block Storage |
| enabled | True |
| id | ab3bbbef780845a1a283490d281e7fda |
| name | cinder |
| type | volume |
+-------------+----------------------------------+
[root@openstack ~]# openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Block Storage |
| enabled | True |
| id | eb9fd245bdbc414695952e93f29fe3ac |
| name | cinderv2 |
| type | volumev2 |
+-------------+----------------------------------+
[root@openstack ~]# openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Block Storage |
| enabled | True |
| id | eb9fd245bdbc414695952e93f29fe3ac |
| name | cinderv3 |
| type | volumev3 |
+-------------+----------------------------------+
Create a web service API endpoint:
[root@openstack ~]# openstack endpoint create --region RegionOne volume public http://openstack.if010.com:8776/v1/%\(tenant_id\)s
+--------------+--------------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------------+
| enabled | True |
| id | 03fa2c90153546c295bf30ca86b1344b |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ab3bbbef780845a1a283490d281e7fda |
| service_name | cinder |
| service_type | volume |
| url | http://openstack.if010.com:8776/v1/%(tenant_id)s |
+--------------+-----------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne volume internal http://openstack.if010.com:8776/v1/%\(tenant_id\)s
+--------------+--------------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------------+
| enabled | True |
| id | 94f684395d1b41068c70e4ecb11364b2 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ab3bbbef780845a1a283490d281e7fda |
| service_name | cinder |
| service_type | volume |
| url | http://openstack.if010.com:8776/v1/%(tenant_id)s |
+--------------+---------------------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne volume admin http://openstack.if010.com:8776/v1/%\(tenant_id\)s
+--------------+--------------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------------+
| enabled | True |
| id | 4511c28a0f9840c78bacb25f10f62c98 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ab3bbbef780845a1a283490d281e7fda |
| service_name | cinder |
| service_type | volume |
| url | http://openstack.if010.com:8776/v1/%(tenant_id)s |
+--------------+--------------------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne volumev2 public http://openstack.if010.com:8776/v2/%\(tenant_id\)s
+--------------+--------------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------------+
| enabled | True |
| id | 513e73819e14460fb904163f41ef3759 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | eb9fd245bdbc414695952e93f29fe3ac |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://openstack.if010.com:8776/v2/%(tenant_id)s |
+--------------+--------------------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne volumev2 internal http://openstack.if010.com:8776/v2/%\(tenant_id\)s
+--------------+--------------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------------+
| enabled | True |
| id | 513e73819e14460fb904163f41ef3759 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | eb9fd245bdbc414695952e93f29fe3ac |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://openstack.if010.com:8776/v2/%(tenant_id)s |
+--------------+--------------------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne volumev2 admin http://openstack.if010.com:8776/v2/%\(tenant_id\)s
+--------------+--------------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------------+
| enabled | True |
| id | 513e73819e14460fb904163f41ef3759 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | eb9fd245bdbc414695952e93f29fe3ac |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://openstack.if010.com:8776/v2/%(tenant_id)s |
+--------------+--------------------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne volumev3 public http://openstack.if010.com:8776/v3/%\(tenant_id\)s
+--------------+--------------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------------+
| enabled | True |
| id | 513e73819e14460fb904163f41ef3759 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | eb9fd245bdbc414695952e93f29fe3ac |
| service_name | cinderv3 |
| service_type | volumev3 |
| url | http://openstack.if010.com:8776/v2/%(tenant_id)s |
+--------------+--------------------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne volumev3 internal http://openstack.if010.com:8776/v3/%\(tenant_id\)s
+--------------+--------------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------------+
| enabled | True |
| id | 513e73819e14460fb904163f41ef3759 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | eb9fd245bdbc414695952e93f29fe3ac |
| service_name | cinderv3 |
| service_type | volumev3 |
| url | http://openstack.if010.com:8776/v2/%(tenant_id)s |
+--------------+--------------------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne volumev3 admin http://openstack.if010.com:8776/v3/%\(tenant_id\)s
+--------------+--------------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------------+
| enabled | True |
| id | 513e73819e14460fb904163f41ef3759 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | eb9fd245bdbc414695952e93f29fe3ac |
| service_name | cinderv3 |
| service_type | volumev3 |
| url | http://openstack.if010.com:8776/v2/%(tenant_id)s |
+--------------+--------------------------------------------------+
Install and configure the control node
[root@openstack ~]# yum install -y openstack-cinder
#配置/etc/cinder/cinder.conf文件
[DEFAULT]
glance_api_servers = http://openstack.if010.com:9292
auth_strategy = keystone #配置认证服务访问
enabled_backends = lvm
cinder_internal_tenant_project_id = 926b3127ab004702a50c969fa629022b #service的项目ID
cinder_internal_tenant_user_id = de788c0a0f77469b9e8285052e50fd60 #cinder的用户ID
transport_url = rabbit://openstack:[email protected]
rpc_backend = rabbit #配置RabbitMQ消息队列访问
my_ip = 192.168.31.4 #配置管理接口的IP 地址
[database] #配置数据库访问
connection = mysql+pymysql://cinder:[email protected]/cinder
[keystone_authtoken] #配置认证服务访问
auth_uri = http://openstack.if010.com:5000
auth_url = http://openstack.if010.com:35357
memcached_servers = openstack.if010.com:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = cinder@If010 #cinder用户的密码
[oslo_concurrency] #配置硕路径
lock_path = /var/lib/cinder/tmp
[oslo_messaging_rabbit] #配置RabbitMQ消息队列访问
rabbit_host = openstack.if010.com
rabbit_port = 5672
rabbit_userid = openstack
rabbit_password = 1735e32955b2ef18362e
[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm
image_volume_cache_max_size_gb = 200
image_volume_cache_max_count = 50
image_volume_cache_enabled = True
#配置nova使用cinder模块
[root@openstack ~]# vim /etc/nova/nova.conf
[cinder]
os_region_name = RegionOne
Initialize the database for the block device service:
[root@openstack ~]# su -s /bin/sh -c "cinder-manage db sync" cinder
Restart the Compute API service:
[root@openstack ~]# systemctl restart openstack-nova-api.service
Start the block device storage service and configure it to start on boot:
[root@openstack ~]# systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
[root@openstack ~]# systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
Storage Node Installation and Configuration
HDD initialization preparation
#安装LVM包:
[root@openstack ~]# yum install -y lvm2
#启动LVM的metadata服务并且设置该服务随系统启动:
[root@openstack ~]# systemctl enable lvm2-lvmetad.service
[root@openstack ~]# systemctl start lvm2-lvmetad.service
#创建LVM物理卷 /dev/sda2
[root@openstack ~]# pvcreate /dev/sdb
#创建LVM卷组cinder-volumes
[root@openstack ~]# vgcreate cinder-volumes /dev/sdb
[root@openstack ~]# vim /etc/lvm/lvm.conf
devices {
...
filter = [ "a/sdb/", "r/.*/"]
}
Install and configure components
[root@openstack ~]# yum install -y openstack-cinder targetcli python-keystone
#配置/etc/cinder/cinder.conf文件
[root@openstack ~]# vim /etc/cinder/cinder.conf
[DEFAULT]
enabled_backends = lvm
glance_api_servers = http://openstack.if010.com:9292
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm
*[lvm]直接在文件最后追加
Start the Block Storage Volume service and its dependent services, and configure them to start with the system:
[root@openstack ~]# systemctl enable openstack-cinder-volume.service target.service
[root@openstack ~]# systemctl start openstack-cinder-volume.service target.service
verify operation
[root@openstack ~]# cinder service-list
+------------------+-------------------------+------+---------+-------+----------------------------+-----------------+
| Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |
+------------------+-------------------------+------+---------+-------+----------------------------+-----------------+
| cinder-scheduler | openstack.if010.com | nova | enabled | up | 2022-06-12T10:02:09.000000 | - |
| cinder-volume | openstack.if010.com@lvm | nova | enabled | up | 2022-06-12T10:02:04.000000 | - |
+------------------+-------------------------+------+---------+-------+----------------------------+-----------------+
Edible Tutorial—Dashboard
install and configure
[root@openstack ~]# yum install -y openstack-dashboard
[root@openstack ~]# vim /etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*', ]
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
TIME_ZONE = "Asia/Shanghai"
Restart the web server and session storage service:
[root@openstack ~]# systemctl restart httpd.service memcached.service
Browser access configuration
http://192.168.31.4/dashboard/
Default management account password: admin/123456 (admin username and password created by registration on keystone)
Edible Tutorial—Designate
Create Designate database and authorize
[root@openstack ~]# openssl rand -hex 10
669569abe0ff510a6a69
[root@openstack ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE designate CHARACTER SET utf8 COLLATE utf8_general_ci;;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON designate.* TO 'designate'@'localhost' IDENTIFIED BY '669569abe0ff510a6a69';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON designate.* TO 'designate'@'%' IDENTIFIED BY '669569abe0ff510a6a69';
Get admin credentials
[root@openstack ~]# source admin-openrc
Create a designate user and set a password
[root@openstack ~]# openstack user create --domain default --password-prompt designate
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled | True |
| id | ca2e175b851943349be29a328cc5e360 |
| name | designat |
+-----------+----------------------------------+
Add the admin role to the designate user
[root@openstack ~]# openstack role add --project service --user designate admin
Create a designate service entity
[root@openstack ~]# openstack service create --name designate --description "DNS" dns
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | DNS |
| enabled | True |
| id | 727841c6f5df4773baa4e8a5ae7d72eb |
| name | designate |
| type | dns |
+-------------+----------------------------------+
Create an API endpoint for the designate service
[root@openstack ~]# openstack endpoint create --region RegionOne dns public http://openstack.if010.com:9001/
+--------------+--------------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------------+
| enabled | True |
| id | 3f4dab34624e4be7b000265f25049609 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 727841c6f5df4773baa4e8a5ae7d72eb |
| service_name | dns |
| service_type | orchestration |
| url | http://openstack.if010.com:9001/ |
+--------------+--------------------------------------------------+
Install components
[root@openstack ~]# yum install -y openstack-designate\* bind bind-utils
Create RNDC key
[root@openstack ~]# rndc-confgen -a -k designate -c /etc/designate/rndc.key -r /dev/urandom
Configure the named.conf file
[root@openstack ~]# cat /etc/named.conf
include "/etc/designate/rndc.key";
options {
listen-on port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-new-zones yes;
request-ixfr no;
recursion no;
allow-query { 127.0.0.1; 192.168.31.4; localhost; };
dnssec-enable yes;
dnssec-validation yes;
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "designate"; };
};
Start the DNS service and add self-starting
[root@openstack ~]# systemctl enable named
[root@openstack ~]# systemctl start named
Configure the designate.conf file
[root@openstack ~]# vim /etc/designate/designate.conf
[DEFAULT]
transport_url = rabbit://openstack: [email protected]
[keystone_authtoken]
auth_type = password
username = designate
password = designate@If010
project_name = service
project_domain_name = default
user_domain_name = default
www_authenticate_uri = http://openstack.if010.com:5000/
auth_url = http://openstack.if010.com:5000/
memcached_servers = 127.0.0.1:11211
[service:api]
enable_host_header = true
listen = 0.0.0.0:9001
auth_strategy = keystone
enable_api_v2 = true
enable_api_admin = true
enabled_extensions_admin = quotas,reports
[service:worker]
enabled = true
notify = true
[storage:sqlalchemy]
connection = mysql+pymysql://designate:[email protected]/designate
##Sync database
[root@openstack ~]# su -s /bin/sh -c "designate-manage database sync" designate
Start the specified center and API services and add self-starting
[root@openstack ~]# systemctl enable designate-central designate-api
[root@openstack ~]# systemctl start designate-central designate-api
Create pools.yaml file
[root@openstack ~]# vim /etc/designate/pools.yaml
- name: default
# The name is immutable. There will be no option to change the name after
# creation and the only way will to change it will be to delete it
# (and all zones associated with it) and recreate it.
description: Default Pool
attributes: {}
# List out the NS records for zones hosted within this pool
# This should be a record that is created outside of designate, that
# points to the public IP of the controller node.
ns_records:
- hostname: ns1-1.example.org.
priority: 1
# List out the nameservers for this pool. These are the actual BIND servers.
# We use these to verify changes have propagated to all nameservers.
nameservers:
- host: 127.0.0.1
port: 53
# List out the targets for this pool. For BIND there will be one
# entry for each BIND server, as we have to run rndc command on each server
targets:
- type: bind9
description: BIND9 Server 1
# List out the designate-mdns servers from which BIND servers should
# request zone transfers (AXFRs) from.
# This should be the IP of the controller node.
# If you have multiple controllers you can add multiple masters
# by running designate-mdns on them, and adding them here.
masters:
- host: 127.0.0.1
port: 5354
# BIND Configuration options
options:
host: 127.0.0.1
port: 53
rndc_host: 127.0.0.1
rndc_port: 953
rndc_key_file: /etc/designate/rndc.key
update pool
[root@openstack ~]# su -s /bin/sh -c "designate-manage pool update" designate
Start specified and mDNS services
[root@openstack ~]# systemctl start designate-worker designate-producer designate-mdns
[root@openstack ~]# systemctl enable designate-worker designate-producer designate-mdns
Configure neutron to use the designate service
[root@openstack ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
external_dns_driver = designate
dns_domain = if010.com.
[designate]
url = http://openstack.if010.com:9001/v2
auth_type = password
auth_url = http://openstack.if010.com:5000
username = designate
password = designate@If010
project_name = service
project_domain_name = default
user_domain_name = default
allow_reverse_dns_lookup = True
ipv4_ptr_zone_prefix_size = 24
ipv6_ptr_zone_prefix_size = 116
Configure neutron to use the ml2 module
[root@openstack ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
extension_drivers = port_security,qos,dns
Here you need to use
neutron ext-listthe command dns-integration to see if it supports extensions, and he needs a replacement for a private network
Restart the neutron service
[root@openstack ~]# systemctl restart neutron-*
verify operation
[root@openstack ~]# ps -aux | grep designate
../usr/bin/python /usr/bin/designate-mdns --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-central --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-agent --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-api --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-worker --config-file /etc/designate/designate.conf
../usr/bin/python /usr/bin/designate-producer --config-file /etc/designate/designate.conf
[root@openstack ~]# openstack dns service list
+--------------------------------------+---------------------+--------------+--------+-------+--------------+
| id | hostname | service_name | status | stats | capabilities |
+--------------------------------------+---------------------+--------------+--------+-------+--------------+
| e29fe05a-4ef8-4fe5-9e6d-bf8be29b4fb2 | openstack.if010.com | worker | UP | - | - |
| 5c6802ab-05a0-4238-a15b-12f3239282d5 | openstack.if010.com | api | UP | - | - |
| 1c649421-f58b-44f9-8c82-19f50a8ea7cf | openstack.if010.com | mdns | UP | - | - |
| 1fab1750-215e-41f4-be42-0956f59cd2bd | openstack.if010.com | producer | UP | - | - |
| 6ea46d05-e9dc-49dd-a66d-8887d1049f7f | openstack.if010.com | central | UP | - | - |
+--------------------------------------+---------------------+--------------+--------+-------+--------------+
##Create a zone area
[root@openstack ~]# openstack zone create [email protected] if010.com.
+----------------+--------------------------------------+
| Field | Value |
+----------------+--------------------------------------+
| action | CREATE |
| attributes | |
| created_at | 2022-09-29T09:30:08.000000 |
| description | None |
| email | [email protected] |
| id | 8d381343-5e55-49f8-9cad-1f559d2aaa1e |
| masters | |
| name | if010.com. |
| pool_id | 794ccc2c-d751-44fe-b57f-8894c9f5c842 |
| project_id | 6f827144ec354bafb697983463d0078a |
| serial | 1664443808 |
| status | PENDING |
| transferred_at | None |
| ttl | 3600 |
| type | PRIMARY |
| updated_at | None |
| version | 1 |
+----------------+--------------------------------------+
关联网络,不然的话创建了虚拟机也是不会有记录的
neutron net-update 38c5e950-b450-4c30-83d4-ee181c28aad3 --dns_domain if010.com.
[root@openstack ~]# openstack zone list
+--------------------------------------+------------+---------+------------+--------+--------+
| id | name | type | serial | status | action |
+--------------------------------------+------------+---------+------------+--------+--------+
| 8d381343-5e55-49f8-9cad-1f559d2aaa1e | if010.com. | PRIMARY | 1664446134 | ACTIVE | NONE |
+--------------------------------------+------------+---------+------------+--------+--------+
Edible Tutorial—Heat
Create Heat database and authorize
[root@openstack ~]# openssl rand -hex 10
fd0bf116b91362e17446
[root@openstack ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE heat;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'fd0bf116b91362e17446';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'fd0bf116b91362e17446';
Get admin credentials
[root@openstack ~]# source admin-openrc
Create a heat user and set a password
[root@openstack ~]# openstack user create --domain default --password-prompt heat
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled | True |
| id | ca2e175b851943349be29a328cc5e360 |
| name | heat |
+-----------+----------------------------------+
Add admin role to heat user
[root@openstack ~]# openstack role add --project service --user heat admin
Create heat service entity
[root@openstack ~]# openstack service create --name heat --description "Orchestration" orchestration
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Orchestration |
| enabled | True |
| id | 727841c6f5df4773baa4e8a5ae7d72eb |
| name | heat |
| type | orchestration |
+-------------+----------------------------------+
[root@openstack ~]# openstack service create --name heat-cfn --description "Orchestration" cloudformation
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Orchestration |
| enabled | True |
| id | c42cede91a4e47c3b10c8aedc8d890c6 |
| name | heat-cfn |
| type | cloudformation |
+-------------+----------------------------------+
Create an API endpoint for the Orchestration service
[root@openstack ~]# openstack endpoint create --region RegionOne orchestration public http://openstack.if010.com:8004/v1/%\(tenant_id\)s
+--------------+--------------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------------+
| enabled | True |
| id | 3f4dab34624e4be7b000265f25049609 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 727841c6f5df4773baa4e8a5ae7d72eb |
| service_name | heat |
| service_type | orchestration |
| url | http://openstack.if010.com:8004/v1/%(tenant_id)s |
+--------------+--------------------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne orchestration internal http://openstack.if010.com:8004/v1/%\(tenant_id\)s
+--------------+--------------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------------+
| enabled | True |
| id | 9489f78e958e45cc85570fec7e836d98 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 727841c6f5df4773baa4e8a5ae7d72eb |
| service_name | heat |
| service_type | orchestration |
| url | http://openstack.if010.com:8004/v1/%(tenant_id)s |
+--------------+--------------------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne orchestration admin http://openstack.if010.com:8004/v1/%\(tenant_id\)s
+--------------+--------------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------------+
| enabled | True |
| id | 76091559514b40c6b7b38dde790efe99 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 727841c6f5df4773baa4e8a5ae7d72eb |
| service_name | heat |
| service_type | orchestration |
| url | http://openstack.if010.com:8004/v1/%(tenant_id)s |
+--------------+--------------------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne cloudformation public http://openstack.if010.com:8000/v1
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | b3ea082e019c4024842bf0a80555052c |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | c42cede91a4e47c3b10c8aedc8d890c6 |
| service_name | heat-cfn |
| service_type | cloudformation |
| url | http://openstack.if010.com:8000/v1 |
+--------------+-------------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne cloudformation internal http://openstack.if010.com:8000/v1
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 169df4368cdc435b8b115a9cb084044e |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | c42cede91a4e47c3b10c8aedc8d890c6 |
| service_name | heat-cfn |
| service_type | cloudformation |
| url | http://openstack.if010.com:8000/v1 |
+--------------+-------------------------------------------+
[root@openstack ~]# openstack endpoint create --region RegionOne cloudformation admin http://openstack.if010.com:8000/v1
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 3d3edcd61eb343c1bbd629aa041ff88b |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | c42cede91a4e47c3b10c8aedc8d890c6 |
| service_name | heat-cfn |
| service_type | cloudformation |
| url | http://openstack.if010.com:8000/v1 |
+--------------+-------------------------------------------+
Create heat fields for stacks containing projects and users
[root@openstack ~]# openstack domain create --description "Stack projects and users" heat
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Stack projects and users |
| enabled | True |
| id | 0f4d1bd326f2454dacc72157ba328a47 |
| name | heat |
+-------------+----------------------------------+
Create a heat_domain_admin user for managing projects and users in the heat domain and set a password
[root@openstack ~]# openstack user create --domain heat --password-prompt heat_domain_admin
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 0f4d1bd326f2454dacc72157ba328a47 |
| enabled | True |
| id | b7bd1abfbcf64478b47a0f13cd4d970a |
| name | heat_domain_admin |
+-----------+----------------------------------+
Add the admin role to the heat_domain_admin user in the heat domain, and enable the management rights of the heat_domain_admin user management stack
[root@openstack ~]# openstack role add --domain heat --user-domain heat --user heat_domain_admin admin
Create heat_stack_owner role
[root@openstack ~]# openstack role create heat_stack_owner
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 15e34f0c4fed4e68b3246275883c8630 |
| name | heat_stack_owner |
+-----------+----------------------------------+
Add heat_stack_owner role to demo project and user, enable demo user management stack
[root@openstack ~]# openstack role add --project demo --user demo heat_stack_owner
Create heat_stack_user role
[root@openstack ~]# openstack role create heat_stack_user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 88849d41a55d4d1d91e4f11bffd8fc5c |
| name | heat_stack_user |
+-----------+----------------------------------+
Install and configure components
[root@openstack ~]# yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine openstack-heat-ui
# 配置 /etc/heat/heat.conf 文件
[root@openstack ~]# vim /etc/heat/heat.conf
[DEFAULT]
heat_metadata_server_url = http://openstack.if010.com:8000 #配置元数据Url
heat_waitcondition_server_url = http://openstack.if010.com:8000/v1/waitcondition #配置等待条件Url
stack_user_domain_name = heat #配置栈域
stack_domain_admin = heat_domain_admin #配置栈域与管理凭据用户
stack_domain_admin_password = stack_domain_admin@If010 #配置栈域与管理凭据密码
transport_url = rabbit://openstack:[email protected] #配置RabbitMQ消息队列访问
rpc_backend = rabbit #配置RabbitMQ消息队列访问
[clients_keystone] #认证服务访问
auth_uri = http://openstack.if010.com:35357
[database] #配置数据库的连接
connection = mysql+pymysql://heat:[email protected]/heat
[ec2authtoken] #认证服务访问
auth_uri = http://openstack.if010.com:5000/v2.0
[oslo_messaging_rabbit] #配置RabbitMQ消息队列访问
rabbit_host = 127.0.0.1
rabbit_port = 5672
rabbit_userid = openstack
rabbit_password = 1735e32955b2ef18362e
[trustee] #认证服务访问
auth_plugin = password
auth_url = http://openstack.if010.com:35357
username = heat
password = heat@If010 #heat用户的密码
user_domain_name = default
[keystone_authtoken] #配置认证服务访问
auth_uri = http://openstack.if010.com:5000
auth_url = http://openstack.if010.com:35357
memcached_servers = openstack.if010.com:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = heat
password = heat@If010 #heat用户的密码
sync database
[root@openstack ~]# su -s /bin/sh -c "heat-manage db_sync" heat
Start the Orchestration service and set it to start with the system
[root@openstack ~]# systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service
[root@openstack ~]# systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service
Restart the Http web service to display and manage Heat on the horizon
[root@openstack ~]# systemctl restart openstack-heat*
[root@openstack ~]# systemctl restart httpd
verify operation
[root@openstack ~]# openstack orchestration service list
+---------------------+-------------+--------------------------------------+---------------------+--------+----------------------------+--------+
| Hostname | Binary | Engine ID | Host | Topic | Updated At | Status |
+---------------------+-------------+--------------------------------------+---------------------+--------+----------------------------+--------+
| openstack.if010.com | heat-engine | 290417fa-3930-43ac-aca2-af574b91ff0f | openstack.if010.com | engine | 2022-06-24T13:05:47.000000 | up |
| openstack.if010.com | heat-engine | 9d112d09-5133-4f4e-8976-678346fd53c9 | openstack.if010.com | engine | 2022-06-24T13:05:47.000000 | up |
| openstack.if010.com | heat-engine | 2ee0f328-f4bf-49b2-a0fe-205255811c8b | openstack.if010.com | engine | 2022-06-24T14:18:43.000000 | up |
| openstack.if010.com | heat-engine | bfadeb82-2631-498c-8d8d-7870b73cfbec | openstack.if010.com | engine | 2022-06-24T13:05:47.000000 | up |
+---------------------+-------------+--------------------------------------+---------------------+--------+----------------------------+--------+
start an instance
get credentials
[root@openstack ~]# source admin-openrc
Create a virtual network
[root@openstack ~]# neutron net-create --shared --provider:physical_network provider --provider:network_type flat provider
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 0e62efcd-8cee-46c7-b163-d8df05c3c5ad |
| mtu | 1500 |
| name | provider |
| port_security_enabled | True |
| provider:network_type | flat |
| provider:physical_network | provider |
| provider:segmentation_id | |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | |
| tenant_id | d84313397390425c8ed50b2f6e18d092 |
+---------------------------+--------------------------------------+
[root@openstack ~]# neutron subnet-create --name provider \
--allocation-pool start=192.168.31.100,end=192.168.31.200 \
--dns-nameserver 8.8.8.8 --gateway 192.168.31.1 \
provider 192.168.31.0/24
+-------------------+------------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------------+
| allocation_pools | {"start": "192.168.31.100", "end": "192.168.31.200"} |
| cidr | 192.168.31.0/24 |
| dns_nameservers | 8.8.8.8 |
| enable_dhcp | True |
| gateway_ip | 192.168.31.1 |
| host_routes | |
| id | 5cc70da8-4ee7-4565-be53-b9c011fca011 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | provider |
| network_id | 0e62efcd-8cee-46c7-b163-d8df05c3c5ad |
| subnetpool_id | |
| tenant_id | d84313397390425c8ed50b2f6e18d092 |
+-------------------+------------------------------------------------------+
Create a host specification
[root@openstack ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
+----------------------------+---------+
| Field | Value |
+----------------------------+---------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 1 |
| id | 0 |
| name | m1.nano |
| os-flavor-access:is_public | True |
| ram | 64 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+---------+
Recommended Specifications for Production Environments
openstack flavor create --vcpus 1 --ram 512 ecs.c1.nano
openstack flavor create --vcpus 1 --ram 1024 ecs.c1.tiny
openstack flavor create --vcpus 1 --ram 2048 ecs.c1.small
openstack flavor create --vcpus 1 --ram 4096 ecs.c1.medium
openstack flavor create --vcpus 1 --ram 8192 ecs.c1.large
openstack flavor create --vcpus 1 --ram 16384 ecs.c1.xlarge
openstack flavor create --vcpus 2 --ram 512 ecs.c2.nano
openstack flavor create --vcpus 2 --ram 1024 ecs.c2.tiny
openstack flavor create --vcpus 2 --ram 2048 ecs.c2.small
openstack flavor create --vcpus 2 --ram 4096 ecs.c2.medium
openstack flavor create --vcpus 2 --ram 8192 ecs.c2.large
openstack flavor create --vcpus 2 --ram 16384 ecs.c2.xlarge
openstack flavor create --vcpus 4 --ram 512 ecs.c4.nano
openstack flavor create --vcpus 4 --ram 1024 ecs.c4.tiny
openstack flavor create --vcpus 4 --ram 2048 ecs.c4.small
openstack flavor create --vcpus 4 --ram 4096 ecs.c4.medium
openstack flavor create --vcpus 4 --ram 8192 ecs.c4.large
openstack flavor create --vcpus 4 --ram 16384 ecs.c4.xlarge
openstack flavor create --vcpus 8 --ram 512 ecs.c8.nano
openstack flavor create --vcpus 8 --ram 1024 ecs.c8.tiny
openstack flavor create --vcpus 8 --ram 2048 ecs.c8.small
openstack flavor create --vcpus 8 --ram 4096 ecs.c8.medium
openstack flavor create --vcpus 8 --ram 8192 ecs.c8.large
openstack flavor create --vcpus 8 --ram 16384 ecs.c8.xlarge
Generate a key-value pair
[root@openstack ~]# ssh-keygen -q -N ""
[root@openstack ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | ee:3d:2e:97:d4:e2:6a:54:6d:0d:ce:43:39:2c:ba:4d |
| name | mykey |
| user_id | 58126687cbcc4888bfa9ab73a2256f27 |
+-------------+-------------------------------------------------+
#验证公钥的添加#
[root@openstack ~]# openstack keypair list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | ee:3d:2e:97:d4:e2:6a:54:6d:0d:ce:43:39:2c:ba:4d |
+-------+-------------------------------------------------+
Add security group rules
By default, the default security group applies to all instances and includes firewall rules that deny remote access to instances. For Linux images such as CirrOS, we recommend allowing at least ICMP (ping) and secure shell (SSH) rules.
#允许 ICMP (ping):
[root@openstack ~]# openstack security group rule create --proto icmp default
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| id | a1876c06-7f30-4a67-a324-b6b5d1309546 |
| ip_protocol | icmp |
| ip_range | 0.0.0.0/0 |
| parent_group_id | b0d53786-5ebb-4729-9e4a-4b675016a958 |
| port_range | |
| remote_security_group | |
+-----------------------+--------------------------------------+
#允许安全 shell (SSH) 的访问:
[root@openstack ~]# openstack security group rule create --proto tcp --dst-port 22 default
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| id | 3d95e59c-e98d-45f1-af04-c750af914f14 |
| ip_protocol | tcp |
| ip_range | 0.0.0.0/0 |
| parent_group_id | b0d53786-5ebb-4729-9e4a-4b675016a958 |
| port_range | 22:22 |
| remote_security_group | |
+-----------------------+--------------------------------------+
Create block device storage
[root@openstack ~]# openstack volume create --size 1 volume1
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2016-03-08T14:30:48.391027 |
| description | None |
| encrypted | False |
| id | a1e8be72-a395-4a6f-8e07-856a57c39524 |
| multiattach | False |
| name | volume1 |
| properties | |
| replication_status | disabled |
| size | 1 |
| snapshot_id | None |
| source_volid | None |
| status | creating |
| type | None |
| updated_at | None |
| user_id | 684286a9079845359882afc3aa5011fb |
+---------------------+--------------------------------------+
#等待Status状态从creating变成available
[root@openstack ~]# openstack volume list
+--------------------------------------+--------------+-----------+------+-------------+
| ID | Display Name | Status | Size | Attached to |
+--------------------------------------+--------------+-----------+------+-------------+
| a1e8be72-a395-4a6f-8e07-856a57c39524 | volume1 | available | 1 | |
+--------------------------------------+--------------+-----------+------+-------------+
#附加卷到一个实例上
openstack server add volume provider-instance volume1
#列出卷
[root@openstack ~]# openstack volume list
+--------------------------------------+--------------+--------+------+--------------------------------------------+
| ID | Display Name | Status | Size | Attached to |
+--------------------------------------+--------------+--------+------+--------------------------------------------+
| a1e8be72-a395-4a6f-8e07-856a57c39524 | volume1 | in-use | 1 | Attached to provider-instance on /dev/vdb |
+--------------------------------------+--------------+--------+------+--------------------------------------------+
create instance
#列出可用类型
[root@openstack ~]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
+----+-----------+-------+------+-----------+-------+-----------+
#列出可用镜像
[root@openstack ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 390eb5f7-8d49-41ec-95b7-68c0d5d54b34 | cirros | active |
+--------------------------------------+--------+--------+
#列出可用网络
[root@openstack ~]# openstack network list
+--------------------------------------+--------------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+--------------+--------------------------------------+
| b5b6993c-ddf9-40e7-91d0-86806a42edb8 | provider | 310911f6-acf0-4a47-824e-3032916582ff |
+--------------------------------------+--------------+--------------------------------------+
#列出可用的安全组
[root@openstack ~]# openstack security group list
+--------------------------------------+---------+------------------------+
| ID | Name | Description |
+--------------------------------------+---------+------------------------+
| dd2b614c-3dad-48ed-958b-b155a3b38515 | default | Default security group |
+--------------------------------------+---------+------------------------+
Create an instance based on the results of the above query
[root@openstack ~]# openstack server create --flavor m1.tiny --image cirros \
--nic net-id=b5b6993c-ddf9-40e7-91d0-86806a42edb8 --security-group default \
--key-name mykey provider-instance
+--------------------------------------+-----------------------------------------------+
| Property | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | hdF4LMQqC5PB |
| config_drive | |
| created | 2015-09-17T21:58:18Z |
| flavor | m1.tiny (1) |
| hostId | |
| id | 181c52ba-aebc-4c32-a97d-2e8e82e4eaaf |
| image | cirros (38047887-61a7-41ea-9b49-27987d5e8bb9) |
| key_name | mykey |
| metadata | {} |
| name | provider-instance |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | default |
| status | BUILD |
| tenant_id | f5b2ccaa75ac413591f12fcaa096aa5c |
| updated | 2015-09-17T21:58:18Z |
| user_id | 684286a9079845359882afc3aa5011fb |
+--------------------------------------+-----------------------------------------------+
检查实例的状态
[root@openstack ~]# openstack server list
+--------------------------------------+-------------------+--------+---------------------------------+
| ID | Name | Status | Networks |
+--------------------------------------+-------------------+--------+---------------------------------+
| 181c52ba-aebc-4c32-a97d-2e8e82e4eaaf | provider-instance | ACTIVE | provider=192.168.31.101 |
+--------------------------------------+-------------------+--------+---------------------------------+
获取你实例的VNC会话URL并从web浏览器访问它
[root@openstack ~]# openstack console url show provider-instance
+-------+------------------------------------------------------------------------------------------+
| Field | Value |
+-------+------------------------------------------------------------------------------------------+
| type | novnc |
| url | http://openstack.if010.com:6080/vnc_auto.html?token=5eeccb47-525c-4918-ac2a-3ad1e9f1f493 |
+-------+------------------------------------------------------------------------------------------+
final summary
The ports used so far are listed below for your query
# 远程访问服务
# sshd.service
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1220/sshd
tcp6 0 0 :::22 :::* LISTEN 1220/sshd
# 时间同步服务
# chronyd.service
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 0.0.0.0:123 0.0.0.0:* 1954/chronyd
udp 0 0 127.0.0.1:323 0.0.0.0:* 1954/chronyd
udp6 0 0 ::1:323 :::* 1954/chronyd
# 数据库服务
# mariadb.service
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp6 0 0 :::3306 :::* LISTEN 2368/mysqld
# 消息队列服务
# rabbitmq-server.service
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 3775/beam.smp(web)
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 3775/beam.smp
tcp6 0 0 :::5672 :::* LISTEN 3775/beam.smp
# 分布式内存服务
# memcached.service
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 6032/memcached
tcp6 0 0 ::1:11211 :::* LISTEN 6032/memcached
# 站点服务
# httpd.service
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp6 0 0 :::80 :::* LISTEN 7138/httpd(default)
tcp6 0 0 :::35357 :::* LISTEN 7138/httpd
tcp6 0 0 :::5000 :::* LISTEN 7138/httpd
# 镜像服务
# openstack-glance-api.service、openstack-glance-registry.service
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:9191 0.0.0.0:* LISTEN 10683/python2
tcp 0 0 0.0.0.0:9292 0.0.0.0:* LISTEN 10649/python2
# 计算服务
# openstack-nova-api.service、openstack-nova-consoleauth.service、openstack-nova-scheduler.service、openstack-nova-conductor.service、openstack-nova-novncproxy.service
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:6080 0.0.0.0:* LISTEN 28341/python2(vnc)
tcp 0 0 0.0.0.0:8774 0.0.0.0:* LISTEN 28337/python2
tcp 0 0 0.0.0.0:8775 0.0.0.0:* LISTEN 28337/python2
tcp6 0 0 :::8778 :::* LISTEN 14667/httpd
# 网络服务
# neutron-server.service、neutron-linuxbridge-agent.service、neutron-dhcp-agent.service、neutron-metadata-agent.service
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:9696 0.0.0.0:* LISTEN 10916/python2
# 存储服务
# openstack-cinder-api.service、openstack-cinder-scheduler.service、lvm2-lvmetad.service
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8776 0.0.0.0:* LISTEN 25496/python2
# 编排服务
# openstack-heat-api.service、openstack-heat-api-cfn.service、openstack-heat-engine.service
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 29142/python
tcp 0 0 0.0.0.0:8004 0.0.0.0:* LISTEN 29141/python
This is the end of the consumption of OpenStack, as well as billing, database, etc. If I have time, I will make up for it~~~