OpenStack-Mitaka

一、Cloud 基础概念

  • IAAS:Infrastructre As A Service 基础架构及服务,OpenStack,CloudStack
  • PAAS:Platform As A Service 平台及服务,Docker
  • SAAS:Software As A Service 软件及服务
  • FWaas,DBaas,LBaas,...
  • Private Cloud
  • Public Cloud
  • Hybrid Cloud

二、OpenStack

官方站点:https://www.openstack.org/

安装文档:https://docs.openstack.org/mitaka/install-guide-rdo/

中文文档:https://docs.openstack.org/mitaka/zh_CN/install-guide-rdo/

环境:

  • controller:192.168.100.11(管理网络) 172.16.100.11(服务网络)
  • compute:192.168.100.12(管理网络) 172.16.100.12(服务网络)
  • block:192.168.100.14
  • OpenStack版本:Mitaka

三、基础环境

1、NTP

  • controller节点
[root@controller ~]# yum install chrony
[root@controller ~]# vim /etc/chrony.conf
server ntp.aliyun.com iburst
allow 192.168.100.0/24
[root@controller ~]# systemctl enable chronyd.service
[root@controller ~]# systemctl restart chronyd.service
  • controller节点
[root@compute1 ~]# yum install chrony
server controller iburst
[root@compute1 ~]# systemctl enable chronyd.service
[root@compute1 ~]# systemctl start chronyd.service
[root@compute1 ~]# chronyc sources  #对比本地时间和服务器时间差
210 Number of sources = 1
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^? controller                    3   6     1     1   -731us[ -731us] +/-   12ms

2、配置yum源

3、安装数据库

  • controller
[root@controller ~]# yum install mariadb mariadb-server python2-PyMySQL
[root@controller ~]# vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.100.11
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
[root@controller ~]# vim /etc/my.cnf
[mysqld]
skip_name_resolve
[root@controller ~]# systemctl start mariadb.service

四、Identity认证服务

  1. User:一个user可以关联至多个tenant
  2. Tanant:租户,一个tenant对应于一个project,或者一个组织
  3. Role:角色
  4. Token:令牌,用于认证和授权
  5. Service:服务
  6. Endpoint:端点,服务的访问入口
  • 在controller节点上安装keystone
[root@controller ~]# mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
  IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
  IDENTIFIED BY 'keystone';
[root@controller ~]# yum install python-openstackclient -y
[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y
[root@controller ~]# openssl rand -hex 10 > mytoken
[root@controller ~]# cat mytoken
7a1da5ba2fe4c69eea05
[root@controller ~]# vim /etc/keystone/keystone.conf
[DEFAULT]
admin_token = 7a1da5ba2fe4c69eea05
[database]
connection = mysql+pymysql://keystone:keystone@controller/keystone
[token]
provider = fernet
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# vim /etc/httpd/conf/httpd.conf
ServerName controller
[root@controller ~]# vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357

<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>
[root@controller ~]# systemctl enable httpd.service
[root@controller ~]# systemctl start httpd.service
  • 配置
[root@controller ~]# export OS_TOKEN=`cat mytoken`
[root@controller ~]# export |grep OS_TOKEN
declare -x OS_TOKEN="7a1da5ba2fe4c69eea05"
[root@controller ~]# export OS_URL=http://controller:35357/v3
[root@controller ~]# export OS_IDENTITY_API_VERSION=3
[root@controller ~]# openstack service create \
>   --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Identity               |
| enabled     | True                             |
| id          | b37f52dd30654076b151a852afeeee7e |
| name        | keystone                         |
| type        | identity                         |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   identity public http://controller:5000/v3
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 10b3925aea3b44bc9fe7dcf4fc93697a |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | b37f52dd30654076b151a852afeeee7e |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://controller:5000/v3        |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   identity internal http://controller:5000/v3
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 4749500493f94ea89f2b33e675fae051 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | b37f52dd30654076b151a852afeeee7e |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://controller:5000/v3        |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   identity admin http://controller:35357/v3
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | e76140cd04494699ba7e434f297ce291 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | b37f52dd30654076b151a852afeeee7e |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://controller:35357/v3       |
+--------------+----------------------------------+
[root@controller ~]# openstack domain create --description "Default Domain" default
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Default Domain                   |
| enabled     | True                             |
| id          | c121b35fd0314f16827a85fdb61bf94b |
| name        | default                          |
+-------------+----------------------------------+
[root@controller ~]# openstack project create --domain default \
>   --description "Admin Project" admin
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Admin Project                    |
| domain_id   | c121b35fd0314f16827a85fdb61bf94b |
| enabled     | True                             |
| id          | 3a76f6def02b417d91ec9278b7bff6f2 |
| is_domain   | False                            |
| name        | admin                            |
| parent_id   | c121b35fd0314f16827a85fdb61bf94b |
+-------------+----------------------------------+
[root@controller ~]# openstack user create --domain default \
>   --password-prompt admin
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled   | True                             |
| id        | 5643b73e9be142bc806ce6db0c853150 |
| name      | admin                            |
+-----------+----------------------------------+
[root@controller ~]# openstack role create admin
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 6b8aadf364be463886296a4125eadb0b |
| name      | admin                            |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project admin --user admin admin
[root@controller ~]# openstack project create --domain default \
>   --description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | c121b35fd0314f16827a85fdb61bf94b |
| enabled     | True                             |
| id          | 32e1692c57ac4f2db2bb52163cf09ac4 |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | c121b35fd0314f16827a85fdb61bf94b |
+-------------+----------------------------------+
[root@controller ~]# openstack project create --domain default \
>   --description "Demo Project" demo
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Demo Project                     |
| domain_id   | c121b35fd0314f16827a85fdb61bf94b |
| enabled     | True                             |
| id          | d94a719f93844a2e90da8ee3ec95a999 |
| is_domain   | False                            |
| name        | demo                             |
| parent_id   | c121b35fd0314f16827a85fdb61bf94b |
+-------------+----------------------------------+
[root@controller ~]# openstack user create --domain default \
>   --password-prompt demo
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled   | True                             |
| id        | 4af0aec1e50742cd88f3d1b426424c9f |
| name      | demo                             |
+-----------+----------------------------------+
[root@controller ~]# openstack role create user
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 43777741cd66492b824d734a36a01cfd |
| name      | user                             |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project demo --user demo user

[root@controller ~]# openstack service list
+----------------------------------+----------+----------+
| ID                               | Name     | Type     |
+----------------------------------+----------+----------+
| b37f52dd30654076b151a852afeeee7e | keystone | identity |
+----------------------------------+----------+----------+
[root@controller ~]# openstack endpoint list
+--------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
| ID                       | Region    | Service Name | Service Type | Enabled | Interface | URL                       |
+--------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
| 10b3925aea3b44bc9fe7dcf4 | RegionOne | keystone     | identity     | True    | public    | http://controller:5000/v3 |
| fc93697a                 |           |              |              |         |           |                           |
| 4749500493f94ea89f2b33e6 | RegionOne | keystone     | identity     | True    | internal  | http://controller:5000/v3 |
| 75fae051                 |           |              |              |         |           |                           |
| e76140cd04494699ba7e434f | RegionOne | keystone     | identity     | True    | admin     | http://controller:35357/v |
| 297ce291                 |           |              |              |         |           | 3                         |
+--------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
[root@controller ~]# openstack user list
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 4af0aec1e50742cd88f3d1b426424c9f | demo  |
| 5643b73e9be142bc806ce6db0c853150 | admin |
+----------------------------------+-------+
[root@controller ~]# openstack domain list
+----------------------------------+---------+---------+----------------+
| ID                               | Name    | Enabled | Description    |
+----------------------------------+---------+---------+----------------+
| c121b35fd0314f16827a85fdb61bf94b | default | True    | Default Domain |
+----------------------------------+---------+---------+----------------+
[root@controller ~]# openstack project list
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 32e1692c57ac4f2db2bb52163cf09ac4 | service |
| 3a76f6def02b417d91ec9278b7bff6f2 | admin   |
| d94a719f93844a2e90da8ee3ec95a999 | demo    |
+----------------------------------+---------+
  • 配置认证
编辑 /etc/keystone/keystone-paste.ini 文件,从``[pipeline:public_api]``,[pipeline:admin_api]``和``[pipeline:api_v3]``部分删除``admin_token_auth 。
[root@controller ~]# unset OS_TOKEN OS_URL
[root@controller ~]# openstack --os-auth-url http://controller:35357/v3 \
>   --os-project-domain-name default --os-user-domain-name default \
>   --os-project-name admin --os-username admin token issue
Password:
+------------+---------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                   |
+------------+---------------------------------------------------------------------------------------------------------+
| expires    | 2019-03-31T08:59:20.930753Z                                                                             |
| id         | gAAAAABcoHNYAlA--SMCscCnp8EgqsZEwdD8Zt-AxaWqxVI-BYCrAPgVkOpy4tZbDfcuzgVRaYdHQ17a0QcRmD5GczM2TDIDrZh_N5e |
|            | iwMgZGd_ZYVujJwWXMWgE7aVwah3WXOrIxSavBwrQgw51aRSbu9aRDRuNxCfVyZRh5h2-0Qcc6x5S7KU                        |
| project_id | 3a76f6def02b417d91ec9278b7bff6f2                                                                        |
| user_id    | 5643b73e9be142bc806ce6db0c853150                                                                        |
+------------+---------------------------------------------------------------------------------------------------------+
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \
>   --os-project-domain-name default --os-user-domain-name default \
>   --os-project-name demo --os-username demo token issue
Password:
+------------+---------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                   |
+------------+---------------------------------------------------------------------------------------------------------+
| expires    | 2019-03-31T08:59:58.926501Z                                                                             |
| id         | gAAAAABcoHN-h-fvwJtU3mEwx0ZjaXC85hptKUDp2SXKCkuh64kE6aBLC75SWKQVKebK4RSHs9YHfupaTeC7ayEpLnzH1YB9la8K8CH |
|            | vFAbXigraC4-ExHNNdZzGK3n57IR_EZoO4pTXRmv8GUIyry7nwoHYyCSjMe0zcSrDDotJvqwSWZykzVg                        |
| project_id | d94a719f93844a2e90da8ee3ec95a999                                                                        |
| user_id    | 4af0aec1e50742cd88f3d1b426424c9f                                                                        |
+------------+---------------------------------------------------------------------------------------------------------+
[root@controller ~]# vim admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@controller ~]# vim demo-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@controller ~]# source admin-openrc
[root@controller ~]# openstack token issue
+------------+---------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                   |
+------------+---------------------------------------------------------------------------------------------------------+
| expires    | 2019-03-31T09:03:03.526342Z                                                                             |
| id         | gAAAAABcoHQ3Rgtrx-5SEiyZ4nYiWB1wG2CWXU9RVgOFaNggiUYy8o_-MzVhFGmlrjLCEWDbB7Jf4LTVUos-                    |
|            | 078UIGPCyFSd91wdEKKHSWbJMy-lOOt3eu_kauDL-GDbx5JA4cRdD4yzOyM1dHpRrGy5zL2s4f_jOuQzdEjTreKVyS88wfV_PEw     |
| project_id | 3a76f6def02b417d91ec9278b7bff6f2                                                                        |
| user_id    | 5643b73e9be142bc806ce6db0c853150                                                                        |
+------------+---------------------------------------------------------------------------------------------------------+
[root@controller ~]# source demo-openrc
[root@controller ~]# openstack token issue
+------------+---------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                   |
+------------+---------------------------------------------------------------------------------------------------------+
| expires    | 2019-03-31T09:02:07.204901Z                                                                             |
| id         | gAAAAABcoHP_cFN8-o_9eljXOpHg1801dDM9Fl5c0RoWJ5PWw0oMx-VOdOGGisCeXqwY16Q3WncLTiUwt6-0RddWpE0fMNtO854_gTy |
|            | PHdDSFLmWR_YHSLtJb7qYVkQz7n3JYlTRTACp7mKPGxXKG290nBWBkIXUdYpdIz1BFr2fnXUEOrEG5m0                        |
| project_id | d94a719f93844a2e90da8ee3ec95a999                                                                        |
| user_id    | 4af0aec1e50742cd88f3d1b426424c9f                                                                        |
+------------+---------------------------------------------------------------------------------------------------------+

五、Glance镜像服务

  • 注册认证信息
[root@controller ~]# mysql -u root -p
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
  IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
  IDENTIFIED BY 'glance';
[root@controller ~]# . admin-openrc
[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled   | True                             |
| id        | facce294374f4dd68616a4f0c6881e7e |
| name      | glance                           |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project service --user glance admin
[root@controller ~]# openstack service create --name glance \
>   --description "OpenStack Image" image
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Image                  |
| enabled     | True                             |
| id          | ebad348788cb4f9fbd4396ed8a9423dc |
| name        | glance                           |
| type        | image                            |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   image public http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | fe627e6b04784e278e1acc7fadaa3027 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | ebad348788cb4f9fbd4396ed8a9423dc |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   image internal http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 404e5b9ad5134a7998abf614373138d0 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | ebad348788cb4f9fbd4396ed8a9423dc |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   image admin http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | cc98e57149b544db819ced2a2de560d5 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | ebad348788cb4f9fbd4396ed8a9423dc |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+

  • 安装配置glance
[root@controller ~]# yum install openstack-glance -y
[database]
connection = mysql+pymysql://glance:glance@controller/glance

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance

[paste_deploy]
flavor = keystone

[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

[root@controller ~]# vim /etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:glance@controller/glance

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance

[paste_deploy]
flavor = keystone
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
[root@controller ~]# systemctl enable openstack-glance-api.service \
  openstack-glance-registry.service
[root@controller ~]# systemctl start openstack-glance-api.service \
  openstack-glance-registry.service
  • 验证
[root@controller ~]# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
[root@controller ~]# qemu-img info cirros-0.3.4-x86_64-disk.img
image: cirros-0.3.4-x86_64-disk.img
file format: qcow2
virtual size: 39M (41126400 bytes)
disk size: 13M
cluster_size: 65536
Format specific information:
    compat: 0.10
    refcount bits: 16
[root@controller ~]# openstack image create "cirros" \
>   --file cirros-0.3.4-x86_64-disk.img \
>   --disk-format qcow2 --container-format bare \
>   --public
+------------------+------------------------------------------------------+
| Field            | Value                                                |
+------------------+------------------------------------------------------+
| checksum         | ee1eca47dc88f4879d8a229cc70a07c6                     |
| container_format | bare                                                 |
| created_at       | 2019-03-31T08:30:12Z                                 |
| disk_format      | qcow2                                                |
| file             | /v2/images/78acfd89-fbe8-4009-90ba-fcda26d2a107/file |
| id               | 78acfd89-fbe8-4009-90ba-fcda26d2a107                 |
| min_disk         | 0                                                    |
| min_ram          | 0                                                    |
| name             | cirros                                               |
| owner            | 3a76f6def02b417d91ec9278b7bff6f2                     |
| protected        | False                                                |
| schema           | /v2/schemas/image                                    |
| size             | 13287936                                             |
| status           | active                                               |
| tags             |                                                      |
| updated_at       | 2019-03-31T08:30:12Z                                 |
| virtual_size     | None                                                 |
| visibility       | public                                               |
+------------------+------------------------------------------------------+
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| 78acfd89-fbe8-4009-90ba-fcda26d2a107 | cirros | active |
+--------------------------------------+--------+--------+

六、Compute计算服务

1、Controller节点

  • controller注册
[root@controller ~]# mysql -u root -p
CREATE DATABASE nova_api;
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
  IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
  IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
  IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
  IDENTIFIED BY 'nova';
[root@controller ~]# . admin-openrc
[root@controller ~]# openstack user create --domain default \
>   --password-prompt nova
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled   | True                             |
| id        | 4e58c5b06038436fbf427ab5b06ce31c |
| name      | nova                             |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project service --user nova admin
[root@controller ~]# openstack service create --name nova \
>   --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Compute                |
| enabled     | True                             |
| id          | 89fccdcdb1bb4e869bb15e756e0469f5 |
| name        | nova                             |
| type        | compute                          |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   compute public http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field        | Value                                     |
+--------------+-------------------------------------------+
| enabled      | True                                      |
| id           | 9d69264950994bcfad490d3bc50f4164          |
| interface    | public                                    |
| region       | RegionOne                                 |
| region_id    | RegionOne                                 |
| service_id   | 89fccdcdb1bb4e869bb15e756e0469f5          |
| service_name | nova                                      |
| service_type | compute                                   |
| url          | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   compute internal http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field        | Value                                     |
+--------------+-------------------------------------------+
| enabled      | True                                      |
| id           | 7f1a7bf4d72c48da8c75ebf1a3ebb5f1          |
| interface    | internal                                  |
| region       | RegionOne                                 |
| region_id    | RegionOne                                 |
| service_id   | 89fccdcdb1bb4e869bb15e756e0469f5          |
| service_name | nova                                      |
| service_type | compute                                   |
| url          | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   compute admin http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field        | Value                                     |
+--------------+-------------------------------------------+
| enabled      | True                                      |
| id           | b58bd319647f49329fd9dce3bb8e191c          |
| interface    | admin                                     |
| region       | RegionOne                                 |
| region_id    | RegionOne                                 |
| service_id   | 89fccdcdb1bb4e869bb15e756e0469f5          |
| service_name | nova                                      |
| service_type | compute                                   |
| url          | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
  • 安装Nova
[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor \
>   openstack-nova-console openstack-nova-novncproxy \
>   openstack-nova-scheduler -y
[root@controller ~]# vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 192.168.100.11
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[api_database]
connection = mysql+pymysql://nova:nova@controller/nova_api

[database]
connection = mysql+pymysql://nova:nova@controller/nova

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova

[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip

[glance]
api_servers = http://controller:9292

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
[root@controller ~]# systemctl enable openstack-nova-api.service \
  openstack-nova-consoleauth.service openstack-nova-scheduler.service \
  openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller ~]# systemctl start openstack-nova-api.service \
  openstack-nova-consoleauth.service openstack-nova-scheduler.service \
  openstack-nova-conductor.service openstack-nova-novncproxy.service
  • 安装rabbitmq
[root@controller ~]# yum install rabbitmq-server -y
[root@controller ~]# rabbitmq-plugins enable rabbitmq_management
[root@controller ~]# systemctl enable rabbitmq-server.service
[root@controller ~]# systemctl start rabbitmq-server.service
[root@controller ~]# rabbitmqctl add_user openstack openstack
[root@controller ~]# rabbitmqctl set_user_tags openstack administrator
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
[root@controller ~]# rabbitmqctl list_users
Listing users ...
openstack       [administrator]
guest   [administrator]

2、Compute节点

[root@compute1 ~]# yum install openstack-nova-compute -y
[root@compute1 ~]# vim /etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 192.168.100.12
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack

[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html

[glance]
api_servers = http://controller:9292

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

[libvirt]
virt_type=kvm
[root@compute1 ~]# egrep -c '(vmx|svm)' /proc/cpuinfo
[root@compute1 ~]# systemctl enable libvirtd.service openstack-nova-compute.service
[root@compute1 ~]# systemctl start libvirtd.service openstack-nova-compute.service

3、在controller上验证

[root@controller ~]# openstack compute service list
+----+------------------+------------+----------+---------+-------+----------------------------+
| Id | Binary           | Host       | Zone     | Status  | State | Updated At                 |
+----+------------------+------------+----------+---------+-------+----------------------------+
|  1 | nova-consoleauth | controller | internal | enabled | up    | 2019-03-31T15:47:13.000000 |
|  2 | nova-conductor   | controller | internal | enabled | up    | 2019-03-31T15:47:13.000000 |
|  3 | nova-scheduler   | controller | internal | enabled | up    | 2019-03-31T15:47:13.000000 |
|  6 | nova-compute     | compute1   | nova     | enabled | up    | 2019-03-31T15:47:14.000000 |
+----+------------------+------------+----------+---------+-------+----------------------------+

七、Neutron网络服务

1、Controller节点

  • 配置认证
[root@controller ~]# mysql -u root -p
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
  IDENTIFIED BY 'neutron';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
  IDENTIFIED BY 'neutron';
[root@controller ~]# . admin-openrc
[root@controller ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled   | True                             |
| id        | 7cf18301eb244ab488718d36e5031a94 |
| name      | neutron                          |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project service --user neutron admin
[root@controller ~]# openstack service create --name neutron \
>   --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Networking             |
| enabled     | True                             |
| id          | 7e91416ee62f47b392bcf17c23a53e4a |
| name        | neutron                          |
| type        | network                          |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   network public http://controller:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 12344ed6417b47be8b66736aecd9e2d6 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 7e91416ee62f47b392bcf17c23a53e4a |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   network internal http://controller:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | bb92e479e0dd4ed89f5dec5b51b78d2d |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 7e91416ee62f47b392bcf17c23a53e4a |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   network admin http://controller:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | eb661eb09d5c48c3885fa8d99edf70cc |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 7e91416ee62f47b392bcf17c23a53e4a |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+
  • 安装配置
[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 \
>   openstack-neutron-linuxbridge ebtables -y
[root@controller ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True

[database]
connection = mysql+pymysql://neutron:neutron@controller/neutron

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron

[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security

[ml2_type_flat]
flat_networks = provider

[ml2_type_vxlan]
vni_ranges = 1:1000

[securitygroup]
enable_ipset = True
[root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1

[vxlan]
enable_vxlan = True
local_ip = 192.168.100.11
l2_population = True

[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[root@controller ~]# vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =   #此选项特意设置成缺省值,这样就可以在一个代理上允许多种外部网络
[root@controller ~]# vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
[root@controller ~]# vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_ip = controller
metadata_proxy_shared_secret = METADATA_SECRET
[root@controller ~]# vim /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
>   --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
[root@controller ~]# systemctl restart openstack-nova-api.service
[root@controller ~]# systemctl enable neutron-server.service \
>   neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
>   neutron-metadata-agent.service
[root@controller ~]# systemctl start neutron-server.service \
>   neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
>   neutron-metadata-agent.service
[root@controller ~]# systemctl enable neutron-l3-agent.service
[root@controller ~]# systemctl start neutron-l3-agent.service

2、Compute节点

  • 安装配置
[root@compute1 ~]# yum install openstack-neutron-linuxbridge ebtables ipset -y
[root@compute1 ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[root@compute1 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1

[vxlan]
enable_vxlan = True
local_ip = 192.168.100.12
l2_population = True

[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[root@compute1 ~]# vim /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
[root@compute1 ~]# systemctl restart openstack-nova-compute.service
[root@compute1 ~]# systemctl enable neutron-linuxbridge-agent.service
[root@compute1 ~]# systemctl start neutron-linuxbridge-agent.service
  • 验证
[root@controller ~]# . admin-openrc
[root@controller ~]# neutron ext-list
+---------------------------+-----------------------------------------------+
| alias                     | name                                          |
+---------------------------+-----------------------------------------------+
| default-subnetpools       | Default Subnetpools                           |
| network-ip-availability   | Network IP Availability                       |
| network_availability_zone | Network Availability Zone                     |
| auto-allocated-topology   | Auto Allocated Topology Services              |
| ext-gw-mode               | Neutron L3 Configurable external gateway mode |
| binding                   | Port Binding                                  |
| agent                     | agent                                         |
| subnet_allocation         | Subnet Allocation                             |
| l3_agent_scheduler        | L3 Agent Scheduler                            |
| tag                       | Tag support                                   |
| external-net              | Neutron external network                      |
| net-mtu                   | Network MTU                                   |
| availability_zone         | Availability Zone                             |
| quotas                    | Quota management support                      |
| l3-ha                     | HA Router extension                           |
| provider                  | Provider Network                              |
| multi-provider            | Multi Provider Network                        |
| address-scope             | Address scope                                 |
| extraroute                | Neutron Extra Route                           |
| timestamp_core            | Time Stamp Fields addition for core resources |
| router                    | Neutron L3 Router                             |
| extra_dhcp_opt            | Neutron Extra DHCP opts                       |
| dns-integration           | DNS Integration                               |
| security-group            | security-group                                |
| dhcp_agent_scheduler      | DHCP Agent Scheduler                          |
| router_availability_zone  | Router Availability Zone                      |
| rbac-policies             | RBAC Policies                                 |
| standard-attr-description | standard-attr-description                     |
| port-security             | Port Security                                 |
| allowed-address-pairs     | Allowed Address Pairs                         |
| dvr                       | Distributed Virtual Router                    |
+---------------------------+-----------------------------------------------+
[root@controller ~]# neutron agent-list
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| id                                   | agent_type         | host       | availability_zone | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| 0c22170c-cdbd-40db-b3f8-5f248d3c3df1 | Linux bridge agent | controller |                   | :-)   | True           | neutron-linuxbridge-agent |
| 5bb07134-1fb2-4f68-876c-62b939572034 | L3 agent           | controller | nova              | :-)   | True           | neutron-l3-agent          |
| 786ecf78-00aa-4f4a-bc40-73b7f1549d4c | DHCP agent         | controller | nova              | :-)   | True           | neutron-dhcp-agent        |
| d20c1f79-479c-4136-b322-8e7322673fe4 | Metadata agent     | controller |                   | :-)   | True           | neutron-metadata-agent    |
| daab7305-88e5-40a3-a42f-9ea55d5d2ad2 | Linux bridge agent | compute1   |                   | :-)   | True           | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+

3、创建一个实例

  • 创建规格、添加安全组规则、创建秘钥
[root@controller ~]# . admin-openrc
[root@controller ~]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name      |   RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 1  | m1.tiny   |   512 |    1 |         0 |     1 | True      |
| 2  | m1.small  |  2048 |   20 |         0 |     1 | True      |
| 3  | m1.medium |  4096 |   40 |         0 |     2 | True      |
| 4  | m1.large  |  8192 |   80 |         0 |     4 | True      |
| 5  | m1.xlarge | 16384 |  160 |         0 |     8 | True      |
+----+-----------+-------+------+-----------+-------+-----------+
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| 78acfd89-fbe8-4009-90ba-fcda26d2a107 | cirros | active |
+--------------------------------------+--------+--------+
[root@controller ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
+----------------------------+---------+
| Field                      | Value   |
+----------------------------+---------+
| OS-FLV-DISABLED:disabled   | False   |
| OS-FLV-EXT-DATA:ephemeral  | 0       |
| disk                       | 1       |
| id                         | 0       |
| name                       | m1.nano |
| os-flavor-access:is_public | True    |
| ram                        | 64      |
| rxtx_factor                | 1.0     |
| swap                       |         |
| vcpus                      | 1       |
+----------------------------+---------+
[root@controller ~]# . demo-openrc
[root@controller ~]# ssh-keygen -q -N ""
[root@controller ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field       | Value                                           |
+-------------+-------------------------------------------------+
| fingerprint | 3f:e6:e2:86:d9:06:42:90:0d:8c:c2:5e:17:cd:c6:3d |
| name        | mykey                                           |
| user_id     | 4af0aec1e50742cd88f3d1b426424c9f                |
+-------------+-------------------------------------------------+
[root@controller ~]# openstack keypair list
+-------+-------------------------------------------------+
| Name  | Fingerprint                                     |
+-------+-------------------------------------------------+
| mykey | 3f:e6:e2:86:d9:06:42:90:0d:8c:c2:5e:17:cd:c6:3d |
+-------+-------------------------------------------------+
[root@controller ~]# openstack security group rule create --proto icmp default
+-----------------------+--------------------------------------+
| Field                 | Value                                |
+-----------------------+--------------------------------------+
| id                    | 391b2fbe-e5b5-4b46-b2c7-75d027f52ed0 |
| ip_protocol           | icmp                                 |
| ip_range              | 0.0.0.0/0                            |
| parent_group_id       | a692a42c-bd57-430f-acbc-5473bf925c8c |
| port_range            |                                      |
| remote_security_group |                                      |
+-----------------------+--------------------------------------+
[root@controller ~]# openstack security group rule create --proto tcp --dst-port 22 default
+-----------------------+--------------------------------------+
| Field                 | Value                                |
+-----------------------+--------------------------------------+
| id                    | 7549cdf2-754e-4b8f-b538-ab349513b689 |
| ip_protocol           | tcp                                  |
| ip_range              | 0.0.0.0/0                            |
| parent_group_id       | a692a42c-bd57-430f-acbc-5473bf925c8c |
| port_range            | 22:22                                |
| remote_security_group |                                      |
+-----------------------+--------------------------------------+
[root@controller ~]# openstack security group rule list
+--------------------------------------+-------------+-----------+------------+-----------------------+--------------------------------------+
| ID                                   | IP Protocol | IP Range  | Port Range | Remote Security Group | Security Group                       |
+--------------------------------------+-------------+-----------+------------+-----------------------+--------------------------------------+
| 391b2fbe-e5b5-4b46-b2c7-75d027f52ed0 | icmp        | 0.0.0.0/0 |            |                       | a692a42c-bd57-430f-acbc-5473bf925c8c |
| 7549cdf2-754e-4b8f-b538-ab349513b689 | tcp         | 0.0.0.0/0 | 22:22      |                       | a692a42c-bd57-430f-acbc-5473bf925c8c |
| 799f8b91-2e84-4031-8fe7-08ddfe50681b |             |           |            | default               | a692a42c-bd57-430f-acbc-5473bf925c8c |
| 8b3acaec-8dc8-41bb-98a5-2aac5aa5b8bd |             |           |            | default               | a692a42c-bd57-430f-acbc-5473bf925c8c |
+--------------------------------------+-------------+-----------+------------+-----------------------+--------------------------------------+
  • 创建网络(Provider Network)
[root@controller ~]# . admin-openrc
[root@controller ~]# neutron net-create --shared --provider:physical_network provider \
>   --provider:network_type flat provider
Created a new network:
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| availability_zone_hints   |                                      |
| availability_zones        |                                      |
| created_at                | 2019-04-09T14:10:04                  |
| description               |                                      |
| id                        | 99870bf3-69f2-4784-b381-543031698ba6 |
| ipv4_address_scope        |                                      |
| ipv6_address_scope        |                                      |
| mtu                       | 1500                                 |
| name                      | provider                             |
| port_security_enabled     | True                                 |
| provider:network_type     | flat                                 |
| provider:physical_network | provider                             |
| provider:segmentation_id  |                                      |
| router:external           | False                                |
| shared                    | True                                 |
| status                    | ACTIVE                               |
| subnets                   |                                      |
| tags                      |                                      |
| tenant_id                 | 3a76f6def02b417d91ec9278b7bff6f2     |
| updated_at                | 2019-04-09T14:10:04                  |
+---------------------------+--------------------------------------+
[root@controller ~]# neutron net-list
+--------------------------------------+----------+---------+
| id                                   | name     | subnets |
+--------------------------------------+----------+---------+
| 99870bf3-69f2-4784-b381-543031698ba6 | provider |         |
+--------------------------------------+----------+---------+
[root@controller ~]# neutron subnet-create --name provider \
>   --allocation-pool start=192.168.124.51,end=192.168.124.100 \
>   --dns-nameserver 114.114.114.114 --gateway 192.168.124.1 \
>   provider 192.168.124.0/16
Created a new subnet:
+-------------------+-------------------------------------------------------+
| Field             | Value                                                 |
+-------------------+-------------------------------------------------------+
| allocation_pools  | {"start": "192.168.124.51", "end": "192.168.124.100"} |
| cidr              | 192.168.0.0/16                                        |
| created_at        | 2019-04-09T14:13:08                                   |
| description       |                                                       |
| dns_nameservers   | 114.114.114.114                                       |
| enable_dhcp       | True                                                  |
| gateway_ip        | 192.168.124.1                                         |
| host_routes       |                                                       |
| id                | 991405b9-4f87-415e-b3ef-6a613e5a8b7d                  |
| ip_version        | 4                                                     |
| ipv6_address_mode |                                                       |
| ipv6_ra_mode      |                                                       |
| name              | provider                                              |
| network_id        | 99870bf3-69f2-4784-b381-543031698ba6                  |
| subnetpool_id     |                                                       |
| tenant_id         | 3a76f6def02b417d91ec9278b7bff6f2                      |
| updated_at        | 2019-04-09T14:13:08                                   |
+-------------------+-------------------------------------------------------+
  • 创建网络(Self-Service Network)
[root@controller ~]# . demo-openrc
[root@controller ~]# neutron net-create selfservice
Created a new network:
+-------------------------+--------------------------------------+
| Field                   | Value                                |
+-------------------------+--------------------------------------+
| admin_state_up          | True                                 |
| availability_zone_hints |                                      |
| availability_zones      |                                      |
| created_at              | 2019-04-09T14:16:16                  |
| description             |                                      |
| id                      | 5267421c-d411-48c2-ac0d-9f14cd4659d7 |
| ipv4_address_scope      |                                      |
| ipv6_address_scope      |                                      |
| mtu                     | 1450                                 |
| name                    | selfservice                          |
| port_security_enabled   | True                                 |
| router:external         | False                                |
| shared                  | False                                |
| status                  | ACTIVE                               |
| subnets                 |                                      |
| tags                    |                                      |
| tenant_id               | d94a719f93844a2e90da8ee3ec95a999     |
| updated_at              | 2019-04-09T14:16:16                  |
+-------------------------+--------------------------------------+
[root@controller ~]# neutron subnet-create --name selfservice \
>   --dns-nameserver 114.114.114.114 --gateway 172.16.1.1 \
>   selfservice 172.16.1.0/24
Created a new subnet:
+-------------------+------------------------------------------------+
| Field             | Value                                          |
+-------------------+------------------------------------------------+
| allocation_pools  | {"start": "172.16.1.2", "end": "172.16.1.254"} |
| cidr              | 172.16.1.0/24                                  |
| created_at        | 2019-04-09T14:18:08                            |
| description       |                                                |
| dns_nameservers   | 114.114.114.114                                |
| enable_dhcp       | True                                           |
| gateway_ip        | 172.16.1.1                                     |
| host_routes       |                                                |
| id                | 9d27bc42-e396-4a5a-a9cc-753c4c1e4f65           |
| ip_version        | 4                                              |
| ipv6_address_mode |                                                |
| ipv6_ra_mode      |                                                |
| name              | selfservice                                    |
| network_id        | 5267421c-d411-48c2-ac0d-9f14cd4659d7           |
| subnetpool_id     |                                                |
| tenant_id         | d94a719f93844a2e90da8ee3ec95a999               |
| updated_at        | 2019-04-09T14:18:08                            |
+-------------------+------------------------------------------------+
[root@controller ~]# . admin-openrc
[root@controller ~]# neutron net-update provider --router:external
Updated network: provider
[root@controller ~]# . demo-openrc
[root@controller ~]# neutron router-create router
Created a new router:
+-------------------------+--------------------------------------+
| Field                   | Value                                |
+-------------------------+--------------------------------------+
| admin_state_up          | True                                 |
| availability_zone_hints |                                      |
| availability_zones      |                                      |
| description             |                                      |
| external_gateway_info   |                                      |
| id                      | fe27e064-3549-414a-9ddf-df8d26bde1c7 |
| name                    | router                               |
| routes                  |                                      |
| status                  | ACTIVE                               |
| tenant_id               | d94a719f93844a2e90da8ee3ec95a999     |
+-------------------------+--------------------------------------+
[root@controller ~]# neutron router-interface-add router selfservice
Added interface 64df9078-607d-4564-919d-cb1f4fa97856 to router router.
[root@controller ~]# neutron router-gateway-set router provider
Set gateway for router router
[root@controller ~]# . admin-openrc
[root@controller ~]# ip netns  #查看网络名称空间
qrouter-fe27e064-3549-414a-9ddf-df8d26bde1c7 (id: 2)
qdhcp-5267421c-d411-48c2-ac0d-9f14cd4659d7 (id: 1)
qdhcp-99870bf3-69f2-4784-b381-543031698ba6 (id: 0)
[root@controller ~]# neutron router-port-list router
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+
| id                                   | name | mac_address       | fixed_ips                                                                             |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+
| 1e2a8c51-6bc7-4a01-9ded-6ce90d611b15 |      | fa:16:3e:77:cc:cc | {"subnet_id": "991405b9-4f87-415e-b3ef-6a613e5a8b7d", "ip_address": "192.168.124.52"} |
| 64df9078-607d-4564-919d-cb1f4fa97856 |      | fa:16:3e:39:4e:15 | {"subnet_id": "9d27bc42-e396-4a5a-a9cc-753c4c1e4f65", "ip_address": "172.16.1.1"}     |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------------+
  • 创建一个实例
[root@controller ~]# . demo-openrc
[root@controller ~]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name      |   RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 0  | m1.nano   |    64 |    1 |         0 |     1 | True      |
| 1  | m1.tiny   |   512 |    1 |         0 |     1 | True      |
| 2  | m1.small  |  2048 |   20 |         0 |     1 | True      |
| 3  | m1.medium |  4096 |   40 |         0 |     2 | True      |
| 4  | m1.large  |  8192 |   80 |         0 |     4 | True      |
| 5  | m1.xlarge | 16384 |  160 |         0 |     8 | True      |
+----+-----------+-------+------+-----------+-------+-----------+
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| 78acfd89-fbe8-4009-90ba-fcda26d2a107 | cirros | active |
+--------------------------------------+--------+--------+
[root@controller ~]# openstack network list
+--------------------------------------+-------------+--------------------------------------+
| ID                                   | Name        | Subnets                              |
+--------------------------------------+-------------+--------------------------------------+
| 99870bf3-69f2-4784-b381-543031698ba6 | provider    | 991405b9-4f87-415e-b3ef-6a613e5a8b7d |
| 5267421c-d411-48c2-ac0d-9f14cd4659d7 | selfservice | 9d27bc42-e396-4a5a-a9cc-753c4c1e4f65 |
+--------------------------------------+-------------+--------------------------------------+
[root@controller ~]# openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+
| ID                                   | Name    | Description            | Project                          |
+--------------------------------------+---------+------------------------+----------------------------------+
| a692a42c-bd57-430f-acbc-5473bf925c8c | default | Default security group | d94a719f93844a2e90da8ee3ec95a999 |
+--------------------------------------+---------+------------------------+----------------------------------+
[root@controller ~]# openstack server create --flavor m1.tiny --image cirros \
>   --nic net-id=5267421c-d411-48c2-ac0d-9f14cd4659d7 --security-group default \
>   --key-name mykey selfservice-instance
+--------------------------------------+-----------------------------------------------+
| Field                                | Value                                         |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig                    | MANUAL                                        |
| OS-EXT-AZ:availability_zone          |                                               |
| OS-EXT-STS:power_state               | 0                                             |
| OS-EXT-STS:task_state                | scheduling                                    |
| OS-EXT-STS:vm_state                  | building                                      |
| OS-SRV-USG:launched_at               | None                                          |
| OS-SRV-USG:terminated_at             | None                                          |
| accessIPv4                           |                                               |
| accessIPv6                           |                                               |
| addresses                            |                                               |
| adminPass                            | NH7zMf4swBAm                                  |
| config_drive                         |                                               |
| created                              | 2019-04-09T14:50:33Z                          |
| flavor                               | m1.tiny (1)                                   |
| hostId                               |                                               |
| id                                   | 2665c153-e26d-4b58-952f-3ee67f1954dc          |
| image                                | cirros (78acfd89-fbe8-4009-90ba-fcda26d2a107) |
| key_name                             | mykey                                         |
| name                                 | selfservice-instance                          |
| os-extended-volumes:volumes_attached | []                                            |
| progress                             | 0                                             |
| project_id                           | d94a719f93844a2e90da8ee3ec95a999              |
| properties                           |                                               |
| security_groups                      | [{u'name': u'default'}]                       |
| status                               | BUILD                                         |
| updated                              | 2019-04-09T14:50:33Z                          |
| user_id                              | 4af0aec1e50742cd88f3d1b426424c9f              |
+--------------------------------------+-----------------------------------------------+
[root@controller ~]# openstack server list

八、Dashboard

[root@controller ~]# yum install openstack-dashboard -y
[root@controller ~]# vim /etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*', ]
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'controller:11211',
    }
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'default'
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
    'enable_router': False,
    'enable_quotas': False,
    'enable_ipv6': True,
    'enable_distributed_router': False,
    'enable_ha_router': False,
    'enable_lb': False,
    'enable_firewall': False,
    'enable_vpn': False,
    'enable_fip_topology_check': False,
    'default_ipv4_subnet_pool_label': None,
    'default_ipv6_subnet_pool_label': None,
    'profile_support': None,
    'supported_provider_types': ['*'],
    'supported_vnic_types': ['*'],
}
TIME_ZONE = "Asia/Shanghai"
[root@controller ~]# yum install memcached -y
[root@controller ~]# systemctl enable httpd.service memcached.service
[root@controller ~]# systemctl restart httpd.service memcached.service
访问:http://controller/dashboard  default/admin/admin
posted @ 2019-04-01 23:41  生生不息.连绵不绝  阅读(1451)  评论(0编辑  收藏  举报