OpenStack-Mitaka
一、Cloud 基础概念
- IAAS:Infrastructre As A Service 基础架构及服务,OpenStack,CloudStack
- PAAS:Platform As A Service 平台及服务,Docker
- SAAS:Software As A Service 软件及服务
- FWaas,DBaas,LBaas,...
- Private Cloud
- Public Cloud
- Hybrid Cloud
二、OpenStack
官方站点:https://www.openstack.org/
安装文档:https://docs.openstack.org/mitaka/install-guide-rdo/
中文文档:https://docs.openstack.org/mitaka/zh_CN/install-guide-rdo/
环境:
- controller:192.168.100.11(管理网络) 172.16.100.11(服务网络)
- compute:192.168.100.12(管理网络) 172.16.100.12(服务网络)
- block:192.168.100.14
- OpenStack版本:Mitaka
三、基础环境
1、NTP
- controller节点
[root@controller ~]# yum install chrony
[root@controller ~]# vim /etc/chrony.conf
server ntp.aliyun.com iburst
allow 192.168.100.0/24
[root@controller ~]# systemctl enable chronyd.service
[root@controller ~]# systemctl restart chronyd.service
- controller节点
[root@compute1 ~]# yum install chrony
server controller iburst
[root@compute1 ~]# systemctl enable chronyd.service
[root@compute1 ~]# systemctl start chronyd.service
[root@compute1 ~]# chronyc sources #对比本地时间和服务器时间差
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? controller 3 6 1 1 -731us[ -731us] +/- 12ms
2、配置yum源
3、安装数据库
- controller
[root@controller ~]# yum install mariadb mariadb-server python2-PyMySQL
[root@controller ~]# vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.100.11
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
[root@controller ~]# vim /etc/my.cnf
[mysqld]
skip_name_resolve
[root@controller ~]# systemctl start mariadb.service
四、Identity认证服务
- User:一个user可以关联至多个tenant
- Tanant:租户,一个tenant对应于一个project,或者一个组织
- Role:角色
- Token:令牌,用于认证和授权
- Service:服务
- Endpoint:端点,服务的访问入口
- 在controller节点上安装keystone
[root@controller ~]# mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'keystone';
[root@controller ~]# yum install python-openstackclient -y
[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y
[root@controller ~]# openssl rand -hex 10 > mytoken
[root@controller ~]# cat mytoken
7a1da5ba2fe4c69eea05
[root@controller ~]# vim /etc/keystone/keystone.conf
[DEFAULT]
admin_token = 7a1da5ba2fe4c69eea05
[database]
connection = mysql+pymysql://keystone:keystone@controller/keystone
[token]
provider = fernet
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# vim /etc/httpd/conf/httpd.conf
ServerName controller
[root@controller ~]# vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
[root@controller ~]# systemctl enable httpd.service
[root@controller ~]# systemctl start httpd.service
- 配置
[root@controller ~]# export OS_TOKEN=`cat mytoken`
[root@controller ~]# export |grep OS_TOKEN
declare -x OS_TOKEN="7a1da5ba2fe4c69eea05"
[root@controller ~]# export OS_URL=http://controller:35357/v3
[root@controller ~]# export OS_IDENTITY_API_VERSION=3
[root@controller ~]# openstack service create \
> --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | b37f52dd30654076b151a852afeeee7e |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> identity public http://controller:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 10b3925aea3b44bc9fe7dcf4fc93697a |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b37f52dd30654076b151a852afeeee7e |
| service_name | keystone |
| service_type | identity |
| url | http://controller:5000/v3 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> identity internal http://controller:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 4749500493f94ea89f2b33e675fae051 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b37f52dd30654076b151a852afeeee7e |
| service_name | keystone |
| service_type | identity |
| url | http://controller:5000/v3 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> identity admin http://controller:35357/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | e76140cd04494699ba7e434f297ce291 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b37f52dd30654076b151a852afeeee7e |
| service_name | keystone |
| service_type | identity |
| url | http://controller:35357/v3 |
+--------------+----------------------------------+
[root@controller ~]# openstack domain create --description "Default Domain" default
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Default Domain |
| enabled | True |
| id | c121b35fd0314f16827a85fdb61bf94b |
| name | default |
+-------------+----------------------------------+
[root@controller ~]# openstack project create --domain default \
> --description "Admin Project" admin
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Admin Project |
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled | True |
| id | 3a76f6def02b417d91ec9278b7bff6f2 |
| is_domain | False |
| name | admin |
| parent_id | c121b35fd0314f16827a85fdb61bf94b |
+-------------+----------------------------------+
[root@controller ~]# openstack user create --domain default \
> --password-prompt admin
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled | True |
| id | 5643b73e9be142bc806ce6db0c853150 |
| name | admin |
+-----------+----------------------------------+
[root@controller ~]# openstack role create admin
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 6b8aadf364be463886296a4125eadb0b |
| name | admin |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project admin --user admin admin
[root@controller ~]# openstack project create --domain default \
> --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled | True |
| id | 32e1692c57ac4f2db2bb52163cf09ac4 |
| is_domain | False |
| name | service |
| parent_id | c121b35fd0314f16827a85fdb61bf94b |
+-------------+----------------------------------+
[root@controller ~]# openstack project create --domain default \
> --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled | True |
| id | d94a719f93844a2e90da8ee3ec95a999 |
| is_domain | False |
| name | demo |
| parent_id | c121b35fd0314f16827a85fdb61bf94b |
+-------------+----------------------------------+
[root@controller ~]# openstack user create --domain default \
> --password-prompt demo
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled | True |
| id | 4af0aec1e50742cd88f3d1b426424c9f |
| name | demo |
+-----------+----------------------------------+
[root@controller ~]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 43777741cd66492b824d734a36a01cfd |
| name | user |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project demo --user demo user
[root@controller ~]# openstack service list
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| b37f52dd30654076b151a852afeeee7e | keystone | identity |
+----------------------------------+----------+----------+
[root@controller ~]# openstack endpoint list
+--------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+--------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
| 10b3925aea3b44bc9fe7dcf4 | RegionOne | keystone | identity | True | public | http://controller:5000/v3 |
| fc93697a | | | | | | |
| 4749500493f94ea89f2b33e6 | RegionOne | keystone | identity | True | internal | http://controller:5000/v3 |
| 75fae051 | | | | | | |
| e76140cd04494699ba7e434f | RegionOne | keystone | identity | True | admin | http://controller:35357/v |
| 297ce291 | | | | | | 3 |
+--------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
[root@controller ~]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 4af0aec1e50742cd88f3d1b426424c9f | demo |
| 5643b73e9be142bc806ce6db0c853150 | admin |
+----------------------------------+-------+
[root@controller ~]# openstack domain list
+----------------------------------+---------+---------+----------------+
| ID | Name | Enabled | Description |
+----------------------------------+---------+---------+----------------+
| c121b35fd0314f16827a85fdb61bf94b | default | True | Default Domain |
+----------------------------------+---------+---------+----------------+
[root@controller ~]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 32e1692c57ac4f2db2bb52163cf09ac4 | service |
| 3a76f6def02b417d91ec9278b7bff6f2 | admin |
| d94a719f93844a2e90da8ee3ec95a999 | demo |
+----------------------------------+---------+
- 配置认证
编辑 /etc/keystone/keystone-paste.ini 文件,从``[pipeline:public_api]``,[pipeline:admin_api]``和``[pipeline:api_v3]``部分删除``admin_token_auth 。
[root@controller ~]# unset OS_TOKEN OS_URL
[root@controller ~]# openstack --os-auth-url http://controller:35357/v3 \
> --os-project-domain-name default --os-user-domain-name default \
> --os-project-name admin --os-username admin token issue
Password:
+------------+---------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+---------------------------------------------------------------------------------------------------------+
| expires | 2019-03-31T08:59:20.930753Z |
| id | gAAAAABcoHNYAlA--SMCscCnp8EgqsZEwdD8Zt-AxaWqxVI-BYCrAPgVkOpy4tZbDfcuzgVRaYdHQ17a0QcRmD5GczM2TDIDrZh_N5e |
| | iwMgZGd_ZYVujJwWXMWgE7aVwah3WXOrIxSavBwrQgw51aRSbu9aRDRuNxCfVyZRh5h2-0Qcc6x5S7KU |
| project_id | 3a76f6def02b417d91ec9278b7bff6f2 |
| user_id | 5643b73e9be142bc806ce6db0c853150 |
+------------+---------------------------------------------------------------------------------------------------------+
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \
> --os-project-domain-name default --os-user-domain-name default \
> --os-project-name demo --os-username demo token issue
Password:
+------------+---------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+---------------------------------------------------------------------------------------------------------+
| expires | 2019-03-31T08:59:58.926501Z |
| id | gAAAAABcoHN-h-fvwJtU3mEwx0ZjaXC85hptKUDp2SXKCkuh64kE6aBLC75SWKQVKebK4RSHs9YHfupaTeC7ayEpLnzH1YB9la8K8CH |
| | vFAbXigraC4-ExHNNdZzGK3n57IR_EZoO4pTXRmv8GUIyry7nwoHYyCSjMe0zcSrDDotJvqwSWZykzVg |
| project_id | d94a719f93844a2e90da8ee3ec95a999 |
| user_id | 4af0aec1e50742cd88f3d1b426424c9f |
+------------+---------------------------------------------------------------------------------------------------------+
[root@controller ~]# vim admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@controller ~]# vim demo-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@controller ~]# source admin-openrc
[root@controller ~]# openstack token issue
+------------+---------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+---------------------------------------------------------------------------------------------------------+
| expires | 2019-03-31T09:03:03.526342Z |
| id | gAAAAABcoHQ3Rgtrx-5SEiyZ4nYiWB1wG2CWXU9RVgOFaNggiUYy8o_-MzVhFGmlrjLCEWDbB7Jf4LTVUos- |
| | 078UIGPCyFSd91wdEKKHSWbJMy-lOOt3eu_kauDL-GDbx5JA4cRdD4yzOyM1dHpRrGy5zL2s4f_jOuQzdEjTreKVyS88wfV_PEw |
| project_id | 3a76f6def02b417d91ec9278b7bff6f2 |
| user_id | 5643b73e9be142bc806ce6db0c853150 |
+------------+---------------------------------------------------------------------------------------------------------+
[root@controller ~]# source demo-openrc
[root@controller ~]# openstack token issue
+------------+---------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+---------------------------------------------------------------------------------------------------------+
| expires | 2019-03-31T09:02:07.204901Z |
| id | gAAAAABcoHP_cFN8-o_9eljXOpHg1801dDM9Fl5c0RoWJ5PWw0oMx-VOdOGGisCeXqwY16Q3WncLTiUwt6-0RddWpE0fMNtO854_gTy |
| | PHdDSFLmWR_YHSLtJb7qYVkQz7n3JYlTRTACp7mKPGxXKG290nBWBkIXUdYpdIz1BFr2fnXUEOrEG5m0 |
| project_id | d94a719f93844a2e90da8ee3ec95a999 |
| user_id | 4af0aec1e50742cd88f3d1b426424c9f |
+------------+---------------------------------------------------------------------------------------------------------+
五、Glance镜像服务
- 注册认证信息
[root@controller ~]# mysql -u root -p
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY 'glance';
[root@controller ~]# . admin-openrc
[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled | True |
| id | facce294374f4dd68616a4f0c6881e7e |
| name | glance |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project service --user glance admin
[root@controller ~]# openstack service create --name glance \
> --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | ebad348788cb4f9fbd4396ed8a9423dc |
| name | glance |
| type | image |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | fe627e6b04784e278e1acc7fadaa3027 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ebad348788cb4f9fbd4396ed8a9423dc |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 404e5b9ad5134a7998abf614373138d0 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ebad348788cb4f9fbd4396ed8a9423dc |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | cc98e57149b544db819ced2a2de560d5 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ebad348788cb4f9fbd4396ed8a9423dc |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
- 安装配置glance
[root@controller ~]# yum install openstack-glance -y
[database]
connection = mysql+pymysql://glance:glance@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[root@controller ~]# vim /etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:glance@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
[root@controller ~]# systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
[root@controller ~]# systemctl start openstack-glance-api.service \
openstack-glance-registry.service
- 验证
[root@controller ~]# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
[root@controller ~]# qemu-img info cirros-0.3.4-x86_64-disk.img
image: cirros-0.3.4-x86_64-disk.img
file format: qcow2
virtual size: 39M (41126400 bytes)
disk size: 13M
cluster_size: 65536
Format specific information:
compat: 0.10
refcount bits: 16
[root@controller ~]# openstack image create "cirros" \
> --file cirros-0.3.4-x86_64-disk.img \
> --disk-format qcow2 --container-format bare \
> --public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2019-03-31T08:30:12Z |
| disk_format | qcow2 |
| file | /v2/images/78acfd89-fbe8-4009-90ba-fcda26d2a107/file |
| id | 78acfd89-fbe8-4009-90ba-fcda26d2a107 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | 3a76f6def02b417d91ec9278b7bff6f2 |
| protected | False |
| schema | /v2/schemas/image |
| size | 13287936 |
| status | active |
| tags | |
| updated_at | 2019-03-31T08:30:12Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 78acfd89-fbe8-4009-90ba-fcda26d2a107 | cirros | active |
+--------------------------------------+--------+--------+
六、Compute计算服务
1、Controller节点
- controller注册
[root@controller ~]# mysql -u root -p
CREATE DATABASE nova_api;
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY 'nova';
[root@controller ~]# . admin-openrc
[root@controller ~]# openstack user create --domain default \
> --password-prompt nova
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled | True |
| id | 4e58c5b06038436fbf427ab5b06ce31c |
| name | nova |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project service --user nova admin
[root@controller ~]# openstack service create --name nova \
> --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 89fccdcdb1bb4e869bb15e756e0469f5 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute public http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 9d69264950994bcfad490d3bc50f4164 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 89fccdcdb1bb4e869bb15e756e0469f5 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute internal http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 7f1a7bf4d72c48da8c75ebf1a3ebb5f1 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 89fccdcdb1bb4e869bb15e756e0469f5 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute admin http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | b58bd319647f49329fd9dce3bb8e191c |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 89fccdcdb1bb4e869bb15e756e0469f5 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
- 安装Nova
[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor \
> openstack-nova-console openstack-nova-novncproxy \
> openstack-nova-scheduler -y
[root@controller ~]# vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 192.168.100.11
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]
connection = mysql+pymysql://nova:nova@controller/nova_api
[database]
connection = mysql+pymysql://nova:nova@controller/nova
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
[root@controller ~]# systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller ~]# systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
- 安装rabbitmq
[root@controller ~]# yum install rabbitmq-server -y
[root@controller ~]# rabbitmq-plugins enable rabbitmq_management
[root@controller ~]# systemctl enable rabbitmq-server.service
[root@controller ~]# systemctl start rabbitmq-server.service
[root@controller ~]# rabbitmqctl add_user openstack openstack
[root@controller ~]# rabbitmqctl set_user_tags openstack administrator
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
[root@controller ~]# rabbitmqctl list_users
Listing users ...
openstack [administrator]
guest [administrator]
2、Compute节点
[root@compute1 ~]# yum install openstack-nova-compute -y
[root@compute1 ~]# vim /etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 192.168.100.12
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[libvirt]
virt_type=kvm
[root@compute1 ~]# egrep -c '(vmx|svm)' /proc/cpuinfo
[root@compute1 ~]# systemctl enable libvirtd.service openstack-nova-compute.service
[root@compute1 ~]# systemctl start libvirtd.service openstack-nova-compute.service
3、在controller上验证
[root@controller ~]# openstack compute service list
+----+------------------+------------+----------+---------+-------+----------------------------+
| Id | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+------------+----------+---------+-------+----------------------------+
| 1 | nova-consoleauth | controller | internal | enabled | up | 2019-03-31T15:47:13.000000 |
| 2 | nova-conductor | controller | internal | enabled | up | 2019-03-31T15:47:13.000000 |
| 3 | nova-scheduler | controller | internal | enabled | up | 2019-03-31T15:47:13.000000 |
| 6 | nova-compute | compute1 | nova | enabled | up | 2019-03-31T15:47:14.000000 |
+----+------------------+------------+----------+---------+-------+----------------------------+
七、Neutron网络服务
1、Controller节点
- 配置认证
[root@controller ~]# mysql -u root -p
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'neutron';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'neutron';
[root@controller ~]# . admin-openrc
[root@controller ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled | True |
| id | 7cf18301eb244ab488718d36e5031a94 |
| name | neutron |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project service --user neutron admin
[root@controller ~]# openstack service create --name neutron \
> --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 7e91416ee62f47b392bcf17c23a53e4a |
| name | neutron |
| type | network |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 12344ed6417b47be8b66736aecd9e2d6 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 7e91416ee62f47b392bcf17c23a53e4a |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | bb92e479e0dd4ed89f5dec5b51b78d2d |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 7e91416ee62f47b392bcf17c23a53e4a |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | eb661eb09d5c48c3885fa8d99edf70cc |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 7e91416ee62f47b392bcf17c23a53e4a |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
- 安装配置
[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 \
> openstack-neutron-linuxbridge ebtables -y
[root@controller ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
[database]
connection = mysql+pymysql://neutron:neutron@controller/neutron
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = True
[root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1
[vxlan]
enable_vxlan = True
local_ip = 192.168.100.11
l2_population = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[root@controller ~]# vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge = #此选项特意设置成缺省值,这样就可以在一个代理上允许多种外部网络
[root@controller ~]# vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
[root@controller ~]# vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_ip = controller
metadata_proxy_shared_secret = METADATA_SECRET
[root@controller ~]# vim /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
> --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
[root@controller ~]# systemctl restart openstack-nova-api.service
[root@controller ~]# systemctl enable neutron-server.service \
> neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
> neutron-metadata-agent.service
[root@controller ~]# systemctl start neutron-server.service \
> neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
> neutron-metadata-agent.service
[root@controller ~]# systemctl enable neutron-l3-agent.service
[root@controller ~]# systemctl start neutron-l3-agent.service
2、Compute节点
- 安装配置
[root@compute1 ~]# yum install openstack-neutron-linuxbridge ebtables ipset -y
[root@compute1 ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[root@compute1 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1
[vxlan]
enable_vxlan = True
local_ip = 192.168.100.12
l2_population = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[root@compute1 ~]# vim /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
[root@compute1 ~]# systemctl restart openstack-nova-compute.service
[root@compute1 ~]# systemctl enable neutron-linuxbridge-agent.service
[root@compute1 ~]# systemctl start neutron-linuxbridge-agent.service
- 验证
[root@controller ~]# . admin-openrc
[root@controller ~]# neutron ext-list
+---------------------------+-----------------------------------------------+
| alias | name |
+---------------------------+-----------------------------------------------+
| default-subnetpools | Default Subnetpools |
| network-ip-availability | Network IP Availability |
| network_availability_zone | Network Availability Zone |
| auto-allocated-topology | Auto Allocated Topology Services |
| ext-gw-mode | Neutron L3 Configurable external gateway mode |
| binding | Port Binding |
| agent | agent |
| subnet_allocation | Subnet Allocation |
| l3_agent_scheduler | L3 Agent Scheduler |
| tag | Tag support |
| external-net | Neutron external network |
| net-mtu | Network MTU |
| availability_zone | Availability Zone |
| quotas | Quota management support |
| l3-ha | HA Router extension |
| provider | Provider Network |
| multi-provider | Multi Provider Network |
| address-scope | Address scope |
| extraroute | Neutron Extra Route |
| timestamp_core | Time Stamp Fields addition for core resources |
| router | Neutron L3 Router |
| extra_dhcp_opt | Neutron Extra DHCP opts |
| dns-integration | DNS Integration |
| security-group | security-group |
| dhcp_agent_scheduler | DHCP Agent Scheduler |
| router_availability_zone | Router Availability Zone |
| rbac-policies | RBAC Policies |
| standard-attr-description | standard-attr-description |
| port-security | Port Security |
| allowed-address-pairs | Allowed Address Pairs |
| dvr | Distributed Virtual Router |
+---------------------------+-----------------------------------------------+
[root@controller ~]# neutron agent-list
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| id | agent_type | host | availability_zone | alive | admin_state_up | binary |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| 0c22170c-cdbd-40db-b3f8-5f248d3c3df1 | Linux bridge agent | controller | | :-) | True | neutron-linuxbridge-agent |
| 5bb07134-1fb2-4f68-876c-62b939572034 | L3 agent | controller | nova | :-) | True | neutron-l3-agent |
| 786ecf78-00aa-4f4a-bc40-73b7f1549d4c | DHCP agent | controller | nova | :-) | True | neutron-dhcp-agent |
| d20c1f79-479c-4136-b322-8e7322673fe4 | Metadata agent | controller | | :-) | True | neutron-metadata-agent |
| daab7305-88e5-40a3-a42f-9ea55d5d2ad2 | Linux bridge agent | compute1 | | :-) | True | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
3、创建一个实例
- 创建规格、添加安全组规则、创建秘钥
[root@controller ~]# . admin-openrc
[root@controller ~]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
+----+-----------+-------+------+-----------+-------+-----------+
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 78acfd89-fbe8-4009-90ba-fcda26d2a107 | cirros | active |
+--------------------------------------+--------+--------+
[root@controller ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
+----------------------------+---------+
| Field | Value |
+----------------------------+---------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 1 |
| id | 0 |
| name | m1.nano |
| os-flavor-access:is_public | True |
| ram | 64 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+---------+
[root@controller ~]# . demo-openrc
[root@controller ~]# ssh-keygen -q -N ""
[root@controller ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | 3f:e6:e2:86:d9:06:42:90:0d:8c:c2:5e:17:cd:c6:3d |
| name | mykey |
| user_id | 4af0aec1e50742cd88f3d1b426424c9f |
+-------------+-------------------------------------------------+
[root@controller ~]# openstack keypair list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | 3f:e6:e2:86:d9:06:42:90:0d:8c:c2:5e:17:cd:c6:3d |
+-------+-------------------------------------------------+
[root@controller ~]# openstack security group rule create --proto icmp default
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| id | 391b2fbe-e5b5-4b46-b2c7-75d027f52ed0 |
| ip_protocol | icmp |
| ip_range | 0.0.0.0/0 |
| parent_group_id | a692a42c-bd57-430f-acbc-5473bf925c8c |
| port_range | |
| remote_security_group | |
+-----------------------+--------------------------------------+
[root@controller ~]# openstack security group rule create --proto tcp --dst-port 22 default
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| id | 7549cdf2-754e-4b8f-b538-ab349513b689 |
| ip_protocol | tcp |
| ip_range | 0.0.0.0/0 |
| parent_group_id | a692a42c-bd57-430f-acbc-5473bf925c8c |
| port_range | 22:22 |
| remote_security_group | |
+-----------------------+--------------------------------------+
[root@controller ~]# openstack security group rule list
+--------------------------------------+-------------+-----------+------------+-----------------------+--------------------------------------+
| ID | IP Protocol | IP Range | Port Range | Remote Security Group | Security Group |
+--------------------------------------+-------------+-----------+------------+-----------------------+--------------------------------------+
| 391b2fbe-e5b5-4b46-b2c7-75d027f52ed0 | icmp | 0.0.0.0/0 | | | a692a42c-bd57-430f-acbc-5473bf925c8c |
| 7549cdf2-754e-4b8f-b538-ab349513b689 | tcp | 0.0.0.0/0 | 22:22 | | a692a42c-bd57-430f-acbc-5473bf925c8c |
| 799f8b91-2e84-4031-8fe7-08ddfe50681b | | | | default | a692a42c-bd57-430f-acbc-5473bf925c8c |
| 8b3acaec-8dc8-41bb-98a5-2aac5aa5b8bd | | | | default | a692a42c-bd57-430f-acbc-5473bf925c8c |
+--------------------------------------+-------------+-----------+------------+-----------------------+--------------------------------------+
- 创建网络(Provider Network)
[root@controller ~]# . admin-openrc
[root@controller ~]# neutron net-create --shared --provider:physical_network provider \
> --provider:network_type flat provider
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2019-04-09T14:10:04 |
| description | |
| id | 99870bf3-69f2-4784-b381-543031698ba6 |
| ipv4_address_scope | |
| ipv6_address_scope | |
| mtu | 1500 |
| name | provider |
| port_security_enabled | True |
| provider:network_type | flat |
| provider:physical_network | provider |
| provider:segmentation_id | |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | 3a76f6def02b417d91ec9278b7bff6f2 |
| updated_at | 2019-04-09T14:10:04 |
+---------------------------+--------------------------------------+
[root@controller ~]# neutron net-list
+--------------------------------------+----------+---------+
| id | name | subnets |
+--------------------------------------+----------+---------+
| 99870bf3-69f2-4784-b381-543031698ba6 | provider | |
+--------------------------------------+----------+---------+
[root@controller ~]# neutron subnet-create --name provider \
> --allocation-pool start=192.168.124.51,end=192.168.124.100 \
> --dns-nameserver 114.114.114.114 --gateway 192.168.124.1 \
> provider 192.168.124.0/16
Created a new subnet:
+-------------------+-------------------------------------------------------+
| Field | Value |
+-------------------+-------------------------------------------------------+
| allocation_pools | {"start": "192.168.124.51", "end": "192.168.124.100"} |
| cidr | 192.168.0.0/16 |
| created_at | 2019-04-09T14:13:08 |
| description | |
| dns_nameservers | 114.114.114.114 |
| enable_dhcp | True |
| gateway_ip | 192.168.124.1 |
| host_routes | |
| id | 991405b9-4f87-415e-b3ef-6a613e5a8b7d |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | provider |
| network_id | 99870bf3-69f2-4784-b381-543031698ba6 |
| subnetpool_id | |
| tenant_id | 3a76f6def02b417d91ec9278b7bff6f2 |
| updated_at | 2019-04-09T14:13:08 |
+-------------------+-------------------------------------------------------+
- 创建网络(Self-Service Network)
[root@controller ~]# . demo-openrc
[root@controller ~]# neutron net-create selfservice
Created a new network:
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2019-04-09T14:16:16 |
| description | |
| id | 5267421c-d411-48c2-ac0d-9f14cd4659d7 |
| ipv4_address_scope | |
| ipv6_address_scope | |
| mtu | 1450 |
| name | selfservice |
| port_security_enabled | True |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | d94a719f93844a2e90da8ee3ec95a999 |
| updated_at | 2019-04-09T14:16:16 |
+-------------------------+--------------------------------------+
[root@controller ~]# neutron subnet-create --name selfservice \
> --dns-nameserver 114.114.114.114 --gateway 172.16.1.1 \
> selfservice 172.16.1.0/24
Created a new subnet:
+-------------------+------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------+
| allocation_pools | {"start": "172.16.1.2", "end": "172.16.1.254"} |
| cidr | 172.16.1.0/24 |
| created_at | 2019-04-09T14:18:08 |
| description | |
| dns_nameservers | 114.114.114.114 |
| enable_dhcp | True |
| gateway_ip | 172.16.1.1 |
| host_routes | |
| id | 9d27bc42-e396-4a5a-a9cc-753c4c1e4f65 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | selfservice |
| network_id | 5267421c-d411-48c2-ac0d-9f14cd4659d7 |
| subnetpool_id | |
| tenant_id | d94a719f93844a2e90da8ee3ec95a999 |
| updated_at | 2019-04-09T14:18:08 |
+-------------------+------------------------------------------------+
[root@controller ~]# . admin-openrc
[root@controller ~]# neutron net-update provider --router:external
Updated network: provider
[root@controller ~]# . demo-openrc
[root@controller ~]# neutron router-create router
Created a new router:
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| description | |
| external_gateway_info | |
| id | fe27e064-3549-414a-9ddf-df8d26bde1c7 |
| name | router |
| routes | |
| status | ACTIVE |
| tenant_id | d94a719f93844a2e90da8ee3ec95a999 |
+-------------------------+--------------------------------------+
[root@controller ~]# neutron router-interface-add router selfservice
Added interface 64df9078-607d-4564-919d-cb1f4fa97856 to router router.
[root@controller ~]# neutron router-gateway-set router provider
Set gateway for router router
[root@controller ~]# . admin-openrc
[root@controller ~]# ip netns #查看网络名称空间
qrouter-fe27e064-3549-414a-9ddf-df8d26bde1c7 (id: 2)
qdhcp-5267421c-d411-48c2-ac0d-9f14cd4659d7 (id: 1)
qdhcp-99870bf3-69f2-4784-b381-543031698ba6 (id: 0)
[root@controller ~]# neutron router-port-list router
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+
| 1e2a8c51-6bc7-4a01-9ded-6ce90d611b15 | | fa:16:3e:77:cc:cc | {"subnet_id": "991405b9-4f87-415e-b3ef-6a613e5a8b7d", "ip_address": "192.168.124.52"} |
| 64df9078-607d-4564-919d-cb1f4fa97856 | | fa:16:3e:39:4e:15 | {"subnet_id": "9d27bc42-e396-4a5a-a9cc-753c4c1e4f65", "ip_address": "172.16.1.1"} |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+
- 创建一个实例
[root@controller ~]# . demo-openrc
[root@controller ~]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
+----+-----------+-------+------+-----------+-------+-----------+
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 78acfd89-fbe8-4009-90ba-fcda26d2a107 | cirros | active |
+--------------------------------------+--------+--------+
[root@controller ~]# openstack network list
+--------------------------------------+-------------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+-------------+--------------------------------------+
| 99870bf3-69f2-4784-b381-543031698ba6 | provider | 991405b9-4f87-415e-b3ef-6a613e5a8b7d |
| 5267421c-d411-48c2-ac0d-9f14cd4659d7 | selfservice | 9d27bc42-e396-4a5a-a9cc-753c4c1e4f65 |
+--------------------------------------+-------------+--------------------------------------+
[root@controller ~]# openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+
| ID | Name | Description | Project |
+--------------------------------------+---------+------------------------+----------------------------------+
| a692a42c-bd57-430f-acbc-5473bf925c8c | default | Default security group | d94a719f93844a2e90da8ee3ec95a999 |
+--------------------------------------+---------+------------------------+----------------------------------+
[root@controller ~]# openstack server create --flavor m1.tiny --image cirros \
> --nic net-id=5267421c-d411-48c2-ac0d-9f14cd4659d7 --security-group default \
> --key-name mykey selfservice-instance
+--------------------------------------+-----------------------------------------------+
| Field | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | NH7zMf4swBAm |
| config_drive | |
| created | 2019-04-09T14:50:33Z |
| flavor | m1.tiny (1) |
| hostId | |
| id | 2665c153-e26d-4b58-952f-3ee67f1954dc |
| image | cirros (78acfd89-fbe8-4009-90ba-fcda26d2a107) |
| key_name | mykey |
| name | selfservice-instance |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | d94a719f93844a2e90da8ee3ec95a999 |
| properties | |
| security_groups | [{u'name': u'default'}] |
| status | BUILD |
| updated | 2019-04-09T14:50:33Z |
| user_id | 4af0aec1e50742cd88f3d1b426424c9f |
+--------------------------------------+-----------------------------------------------+
[root@controller ~]# openstack server list
八、Dashboard
[root@controller ~]# yum install openstack-dashboard -y
[root@controller ~]# vim /etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*', ]
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'default'
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
'enable_router': False,
'enable_quotas': False,
'enable_ipv6': True,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
'default_ipv4_subnet_pool_label': None,
'default_ipv6_subnet_pool_label': None,
'profile_support': None,
'supported_provider_types': ['*'],
'supported_vnic_types': ['*'],
}
TIME_ZONE = "Asia/Shanghai"
[root@controller ~]# yum install memcached -y
[root@controller ~]# systemctl enable httpd.service memcached.service
[root@controller ~]# systemctl restart httpd.service memcached.service
访问:http://controller/dashboard default/admin/admin