ubuntu16.04 openstack newton 环境搭建教程


注: 所有命令都要切换到 root 用户下执行,通过 sudo su 命令可切换到 root 用户 ,这样就不需要在每条命令中输入 sudo
在命令行中 通过 ctrl+shift+c复制,通过 ctrl+shift+v粘贴


1. 配置vnc(所有节点)

  • 设置共享桌面
  1. ubuntu 桌面左上角 Search your computer => Desktop Sharing
    image.png
  2. 勾选 Sharing->Allow other users to view your desktopSharing->Allow other users to control your desktop
  3. 取消勾选 Security->You must confirm each access to this machine
    image.png
  • 设置免登录 (因为 ubuntu 在登录的时候没有打开vnc,因而连不上远程桌面,所以使用免登录)

1.ubuntu 桌面左上角 Search your computer => System Settings

image.png

2.点击 User Accounts
image.png

3. 点击 Unlock 解锁, 设置 Automatic LoginON
image.png

  • 下载 vnc4server
  1. apt-get install xrdp vnc4server xbase-clients
    apt-get install dconf-editor
  2. ubuntu 桌面左上角 Search your computer=>dconf Editor
    image.png
  3. org=>gnome=>desktop=>remote-access=>取消勾选 require-encryption
    image.png

2. 配置网卡(所有节点)

  • 把默认的 ens 改成 eth (通过 ifconfig命令可以查看到默认网卡是 ens格式 ,现在要改成 eth)
  1. gedit /etc/default/grub

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"

image.png
  1. 重新生成 grub 文件
    update-grub
    grub-mkconfig -o /boot/grub/grub.cfg
  • 添加 eth0网卡
  1. /etc/network/interfaces

auto eth0
iface eth0 inet static
address 192.168.0.200
netmask 255.255.255.0
gateway 192.168.0.1
dns-nameserver 192.168.0.1

注:controller 节点用 192.168.0.200, compute1 节点用 192.168.0.203

  1. 重启 reboot

3. 设置 hosts 和 hostname (所有节点)

  • 设置 hosts
  1. gedit /etc/hosts

注掉 127.0.1.1
192.168.0.200 controller
192.168.0.203 compute1

image.png
  • 设置 hostname
  1. gedit /etc/hostname
    controller 节点上是 controller,compute1 节点上 是 conpute1
    image.png
  2. 重启 reboot

4. 换源

  • 换阿里源
  1. gedit /etc/apt/sources.list
    注:文件中的其他内容全部删除

deb-src http://archive.ubuntu.com/ubuntu xenial main restricted
deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted
deb-src http://mirrors.aliyun.com/ubuntu/ xenial main restricted multiverse universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted multiverse universe
deb http://mirrors.aliyun.com/ubuntu/ xenial universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe
deb http://mirrors.aliyun.com/ubuntu/ xenial multiverse
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates multiverse
deb http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse
deb http://archive.canonical.com/ubuntu xenial partner
deb-src http://archive.canonical.com/ubuntu xenial partner
deb http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted multiverse universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-security universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-security multiverse

  1. 更新
    apt update
    apt upgrade
    apt dist-upgrade
    apt autoremove
  2. 重启 reboot(现在就可以通过 vnc viewer 连接这些节点了)

5. 时间服务器 ntp

  • controller 节点
  1. 下载并配置
    apt install chrony
    gedit /etc/chrony/chrony.conf

allow 192.168.0.0/24
server ntp1.aliyun.com iburst

image.png
  1. 重启 ntp
    service chrony restart
  2. 验证
    chronyc sources
    image.png
  • 其他节点
  1. 下载并配置
    apt install chrony
    gedit /etc/chrony/chrony.conf

注释掉 pool 2.debian.pool.ntp.org offline iburst
server controller iburst

image.png
  1. 重启 ntp
    service chrony restart
  2. 验证
    chronyc sources
    image.png

5. OpenStack 所需要的包(所有节点)

  • 所有节点
  1. apt install software-properties-common
    add-apt-repository cloud-archive:newton
    apt update && apt dist-upgrade
    apt install python-openstackclient

6. 配置数据库(仅controller 节点)

  • controller 节点
  1. 下载和配置
    apt install mariadb-server python-pymysql
    gedit /etc/mysql/mariadb.conf.d/99-openstack.cnf
    注:99-openstack.cnf 并不存在,这步操作新建了一个文件

[mysqld]
bind-address = 192.168.0.200
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

  1. 重启 service mysql restart

7. 配置消息队列(仅controller 节点)

  • controller 节点
  1. 下载
    apt install rabbitmq-server
  2. 添加 openstack 用户
    rabbitmqctl add_user openstack 123456
    image.png

    注: openstack 是用户, 123456 是密码
  3. 为 openstack 用户设置 读写访问权限
    rabbitmqctl set_permissions openstack ".*" ".*" ".*"
    image.png

8. 配置 Memcached(仅controller 节点)

  • controller 节点
  1. 下载
    apt install memcached python-memcache
  2. 配置
    gedit /etc/memcached.conf

-l 192.168.0.200

image.png
  1. 重启 service memcached restart

9. 配置身份服务(仅 Controller 节点)

  • 创建数据库 keystone

1.登入sql: mysql -uroot -p123456
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123456';
退出sql:exit

  • 下载和配置 keystone

1.下载
apt install keystone

  1. 配置
    gedit /etc/keystone/keystone.conf

[database]
...
connection = mysql+pymysql://keystone:123456@controller/keystone

[token]
...
provider = fernet

注:注释掉[database]中其他的connectionprovider 有多个,注意一定要是 [token]

image.png

  1. 根据配置填充数据库keystone 数据
    su -s /bin/sh -c "keystone-manage db_sync" keystone
  2. 初始化Fernet密钥存储库:
    keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
    keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
  3. 初始化身份服务
    keystone-manage bootstrap --bootstrap-password 123456 --bootstrap-admin-url http://controller:35357/v3/ --bootstrap-internal-url http://controller:35357/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne
    注:123456 是自定义的密码
  • 配置 apache
  1. 配置
    gedit /etc/apache2/apache2.conf

ServerName controller

image.png
  1. 重启 service apache2 restart
  • 配置管理账户
  1. 删除 默认数据库 rm -f /var/lib/keystone/keystone.db
  2. 配置管理账户(通过设置 环境变量的方式)
    export OS_USERNAME=admin
    export OS_PASSWORD=123456
    export OS_PROJECT_NAME=admin
    export OS_USER_DOMAIN_NAME=Default
    export OS_PROJECT_DOMAIN_NAME=Default
    export OS_AUTH_URL=http://controller:35357/v3
    export OS_IDENTITY_API_VERSION=3
    注:123456 是前面 初始化身份服务 中的 密码
  • 创建 domain, projects, users, and roles
  1. 创建 service project
    openstack project create --domain default --description "Service Project" service
    image.png
  2. 创建 demo(因为 openstack 的常规操作不能用 admin 账户)
    创建 demo project: openstack project create --domain default --description "Demo Project" demo
    image.png

    创建 demo user: openstack user create --domain default --password-prompt demo
    image.png

    创建 user role:openstack role create user
    image.png

    user 角色 和 demo project 和 demo user 关联起来
    openstack role add --project demo --user demo user
  • 配置
  1. gedit /etc/keystone/keystone-paste.ini

删掉 [pipeline:public_api][pipeline:admin_api][pipeline:api_v3] 中的 admin_token_auth

image.png
  • 验证
  1. 清除环境变量
    unset OS_AUTH_URL OS_PASSWORD
  2. 验证 admin
    openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
    image.png

3.验证 demo
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name demo --os-username demo token issue

image.png

  • 配置登录脚本
  1. 配置 admin
    在当前用户目录下
    image.png

    gedit admin-openrc

export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

  1. 配置 demo
    在当前用户目录下
    gedit demo-openrc

export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=123456
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

  1. 验证
    登录 . admin-openrc. demo-openrc
    验证 openstack token issue
    image.png

9. 配置镜像服务(仅 Controller 节点)

  • 创建数据库 glance

1.登入sql: mysql -uroot -p123456
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123456';
退出sql:exit

  • 创建 glance 账户
  1. 登录 :. admin-openrc
  2. 创建 glance
    创建 glance user:openstack user create --domain default --password-prompt glance
    image.png

    admin 角色 和 service project 和 glance user 关联起来:
    openstack role add --project service --user glance admin
    创建 glance service:
    openstack service create --name glance --description "OpenStack Image" image
    image.png

    创建镜像服务API(public internal admin ):
    openstack endpoint create --region RegionOne image public http://controller:9292
    image.png

    openstack endpoint create --region RegionOne image internal http://controller:9292
    image.png

    openstack endpoint create --region RegionOne image admin http://controller:9292
    image.png
  • 下载和配置 glance
  1. 下载
    apt install glance
  2. 配置
    gedit /etc/glance/glance-api.conf

[database]
...
connection = mysql+pymysql://glance:123456@controller/glance

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = 123456

[paste_deploy]
...
flavor = keystone

[glance_store]
...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

注:[keystone_authtoken] 的所有其他选项都要删掉

image.png

image.png

gedit /etc/glance/glance-registry.conf

[database]
...
connection = mysql+pymysql://glance:123456@controller/glance

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = 123456

[paste_deploy]
...
flavor = keystone

注:[keystone_authtoken] 的所有其他选项都要删掉

  1. 填充镜像服务数据库
    su -s /bin/sh -c "glance-manage db_sync" glance
  2. 重启服务
    service glance-registry restart
    service glance-api restart
  3. 验证
    登录:. admin-openrc
    下载:wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img

注:可以通过 openssh从其他主机上传入镜像
apt-get install openssh-server
service ssh start

上传:openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public

image.png

查看:openstack image list
image.png

9. 配置计算服务(Controller 节点)

  • 创建数据库 nova

1.登入sql: mysql -uroot -p123456
CREATE DATABASE nova_api;
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '123456';
退出sql:exit

  • 创建 nova账户
  1. 登录 :. admin-openrc
  2. 创建 nova
    创建 nova user:openstack user create --domain default --password-prompt nova
    image.png

    admin 角色 和 nova user 关联起来:
    openstack role add --project service --user nova admin
    创建 nova service:
    openstack service create --name nova --description "OpenStack Compute" compute
    image.png

    创建计算服务服务API(public internal admin ):
    openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1/%\(tenant_id\)s
    image.png

    openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1/%\(tenant_id\)s
    image.png

    openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1/%\(tenant_id\)s
    image.png
  • 下载和配置 nova
  1. 下载
    apt install nova-api nova-conductor nova-consoleauth nova-novncproxy nova-scheduler
  2. 配置
    gedit /etc/nova/nova.conf

注释掉 [DEFAULT]中的 log-dir
[api_database]
...
connection = mysql+pymysql://nova:123456@controller/nova_api

[database]
...
connection = mysql+pymysql://nova:123456@controller/nova

[DEFAULT]
...
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
my_ip = 192.168.0.200
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 123456

[vnc]
...
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip

[glance]
...
api_servers = http://controller:9292

[oslo_concurrency]
...
lock_path = /var/lib/nova/tmp

注:[keystone_authtoken] 的所有其他选项都要删掉

image.png

  1. 填充数据库
    su -s /bin/sh -c "nova-manage api_db sync" nova
    su -s /bin/sh -c "nova-manage db sync" nova
  2. 重启服务
    service nova-api restart
    service nova-consoleauth restart
    service nova-scheduler restart
    service nova-conductor restart
    service nova-novncproxy restart

10. 配置计算服务( compute1 节点)

  • 下载和配置 nova
  1. 下载
    apt install nova-compute
  2. 配置
    gedit /etc/nova/nova.conf

注释掉 [DEFAULT]中的 log-dir
[DEFAULT]
...
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
my_ip = 192.168.0.203
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 123456

[vnc]
...
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html

[glance]
...
api_servers = http://controller:9292

[oslo_concurrency]
...
lock_path = /var/lib/nova/tmp

注:[keystone_authtoken] 的所有其他选项都要删掉

image.png

  1. 重启服务
    service nova-compute restart
  2. 验证(controller 节点)
    登录:. admin-openrc
    查看服务列表:openstack compute service list
    image.png

11. 配置网络服务(Controller 节点)

  • 创建数据库 neutron

1.登入sql: mysql -uroot -p123456
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '123456';
退出sql:exit

  • 创建 nova账户
  1. 登录 :. admin-openrc
  2. 创建 neutron
    创建 neutron user:openstack user create --domain default --password-prompt neutron
    image.png

    admin 角色 和 neutron user 关联起来:
    openstack role add --project service --user neutron admin
    创建 neutron service:
    openstack service create --name neutron --description "OpenStack Networking" network
    image.png

    创建计算网络服务API(public internal admin ):
    openstack endpoint create --region RegionOne network public http://controller:9696
    image.png

    openstack endpoint create --region RegionOne network internal http://controller:9696
    image.png

    openstack endpoint create --region RegionOne network admin http://controller:9696
    image.png
  • 下载和配置 neutron
  1. 下载
    apt install neutron-server neutron-plugin-ml2 neutron-linuxbridge-agent neutron-dhcp-agent neutron-metadata-agent
  2. 配置(Provider networks)
    gedit /etc/neutron/neutron.conf

[database]
...
connection = mysql+pymysql://neutron:123456@controller/neutron

[DEFAULT]
...
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = 123456

[nova]
...
auth_url = http://controller:35357
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = nova
password = 123456
注:transport_url 有2个 ,一定要选 [DEFAULT]中的;[keystone_authtoken] 的所有其他选项都要删掉

image.png

image.png

gedit /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
...
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security

[ml2_type_flat]
...
flat_networks = provider

[securitygroup]
...
enable_ipset = True

gedit /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:eth0
[vxlan]
enable_vxlan = False
[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

gedit /etc/neutron/dhcp_agent.ini

[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True

  1. 配置

gedit /etc/neutron/metadata_agent.ini

[DEFAULT]
...
nova_metadata_ip = controller
metadata_proxy_shared_secret = 123456

gedit /etc/nova/nova.conf

[neutron]
...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = 123456
service_metadata_proxy = True
metadata_proxy_shared_secret = 123456

  1. 填充数据库
    su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
  2. 重启服务
    service nova-api restart
    service neutron-server restart
    service neutron-linuxbridge-agent restart
    service neutron-dhcp-agent restart
    service neutron-metadata-agent restart

12. 配置网络服务( compute1 节点)

  • 下载和配置 neutron
  1. 下载
    apt install neutron-linuxbridge-agent
  2. 配置
    gedit /etc/neutron/neutron.conf

[DEFAULT]
...
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = 123456

注:transport_url 有2个 ,一定要选 [DEFAULT]中的;[keystone_authtoken] 的所有其他选项都要删掉

  1. 配置(Provider networks)
    gedit /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:eth0

[vxlan]
enable_vxlan = False

[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

  1. 配置
    gedit /etc/nova/nova.conf

[neutron]
...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = 123456

  1. 重启服务
    service nova-compute restart
    service neutron-linuxbridge-agent restart
  2. 验证(controller 节点)
    登录:. admin-openrc
    查看服务列表:openstack network agent list
    image.png

13. 配置仪表盘(仅 controller 节点)

  • 下载和配置 dashboard
  1. 下载
    apt install openstack-dashboard
  2. 配置
    gedit /etc/openstack-dashboard/local_settings.py

OPENSTACK_HOST = "controller"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

ALLOWED_HOSTS = ['*', ]

SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"

OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_ipv6': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}

TIME_ZONE = "UTC"

image.png

gedit /etc/apache2/conf-available/openstack-dashboard.conf

WSGIApplicationGroup %{GLOBAL}

image.png
  1. 重启 service apache2 reload
  2. 访问 http://192.168.0.200/horizon
    image.png

14. 开始一个 instance(仅 controller 节点)

  • 创建虚拟网络(Provider network)
  1. 登录:. admin-openrc
  2. 创建网络:openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider
    image.png
  3. 子网:openstack subnet create --network provider --allocation-pool start=192.168.0.220,end=192.168.0.229 --dns-nameserver 192.168.0.1 --gateway 192.168.0.1 --subnet-range 192.168.0.0/24 provider
    image.png
  • 创建 flavor
  1. openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
    image.png

    注:flavor 可以在 dashboard 中创建
    image.png
  • 生成一个密钥
  1. 登录:. demo-openrc
  2. 创建:
    ssh-keygen -q -N ""
    image.png

    openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
    image.png
  3. 查看秘钥:openstack keypair list
    image.png
  • 添加安全组规则(security group rules)
  1. 允许 ICMP
    openstack security group rule create --proto icmp default
    image.png
  2. 允许 SSH
    openstack security group rule create --proto tcp --dst-port 22 default
    image.png
  • 创建一个 instance
  1. 登录:


    image.png
  2. 创建


    image.png

    image.png

    image.png
  3. 查看
    image.png

    image.png

    注:因为查看的时候url用的 是 http://controller:6080/ ,所以需要修改 C:\Windows\System32\drivers\etc\hosts,添加 192.168.0.200 controller

15. 块存储(Controller 节点)

  • 创建数据库 cinder

1.登入sql: mysql -uroot -p123456
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY '123456';
退出:exit

  • 创建 cinder
  1. 登录:. admin-openrc
    创建 cinder user:
    openstack user create --domain default --password-prompt cinder
    关联 admin 角色 与 cinder user
    openstack role add --project service --user cinder admin
  2. 创建 cindercinderv2 service
    openstack service create --name cinder --description "OpenStack Block Storage" volume
    openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
  3. 创建 API
    openstack endpoint create --region RegionOne volume public http://controller:8776/v1/%\(tenant_id\)s
    openstack endpoint create --region RegionOne volume internal http://controller:8776/v1/%\(tenant_id\)s
    openstack endpoint create --region RegionOne volume admin http://controller:8776/v1/%\(tenant_id\)s
    openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(tenant_id\)s
    openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(tenant_id\)s
    openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(tenant_id\)s
  4. 安装和配置
    安装:apt install cinder-api cinder-scheduler
    配置:gedit /etc/cinder/cinder.conf

[database]
...
connection = mysql+pymysql://cinder:123456@controller/cinder

[DEFAULT]
...
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
my_ip = 192.168.0.200

[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = cinder
password = 123456

[oslo_concurrency]
...
lock_path = /var/lib/cinder/tmp

创建数据库表:su -s /bin/sh -c "cinder-manage db sync" cinder

  1. 配置 nova
    gedit /etc/nova/nova.conf

[cinder]
os_region_name = RegionOne

  1. 重启
    service nova-api restart
    service cinder-scheduler restart
    service cinder-api restart

16. 块存储(block 节点 192.168.0.204)

  • 配置
  1. 安装 lvm2
    apt install lvm2
  2. 创建 volume
    pvcreate /dev/sda4
  3. 创建 group
    vgcreate cinder-volumes /dev/sda4
  4. 配置 lvm
    gedit /etc/lvm/lvm.conf

devices {
...
filter = [ "a/sda4/", "r/.*/"]

  1. 下载和配置 cinder
    下载:apt install cinder-volume
    配置:gedit /etc/cinder/cinder.conf

[database]
...
connection = mysql+pymysql://cinder:123456@controller/cinder

[DEFAULT]
...
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
my_ip = 192.168.0.204
enabled_backends = lvm
glance_api_servers = http://controller:9292

[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = cinder
password = 123456

[lvm]
...
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = tgtadm

[oslo_concurrency]
...
lock_path = /var/lib/cinder/tmp

重启: service tgt restart
service cinder-volume restart

  1. 验证(controller 节点)
    登录:. admin-openrc
    验证:openstack volume service list
    image.png

    7.使用 (controller 节点)
    登录:. demo-openrc
    创建卷:openstack volume create --size 1 volume1
    或者用dashboard
    image.png

连接 volumeinstance 上:

image.png

instance (192.168.0.218) 中查看:
fdisk -l
image.png

17. 对象存储(Controller 节点)

  • 创建
  1. 创建 swift
    登录:. admin-openrc
    创建swift user:
    openstack user create --domain default --password-prompt swift
    关联 swift 用户和 admin 角色:openstack role add --project service --user swift admin
    创建 swift service:openstack service create --name swift --description "OpenStack Object Storage" object-store
    创建 api
    openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\(tenant_id\)s
    openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\(tenant_id\)s
    openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1
  • 安装和配置
  1. 安装:
    apt-get install swift swift-proxy python-swiftclient python-keystoneclient python-keystonemiddleware memcached
  2. git 获取配置文件
    创建 /etc/swift 目录:
    mkdir /etc/swift
    获取配置文件proxy-server.conf
    curl -o /etc/swift/proxy-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/proxy-server.conf-sample
    注:安装curlapt install curl
  3. 配置
    gedit /etc/swift/proxy-server.conf

[DEFAULT]
...
bind_port = 8080
user = swift
swift_dir = /etc/swift

[pipeline:main] 中删除 tempurltempauth模块,添加 authtokenkeystoneauth 模块
[pipeline:main]
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server

[app:proxy-server]
use = egg:swift#proxy
...
account_autocreate = True

[filter:keystoneauth]
use = egg:swift#keystoneauth
...
operator_roles = admin,user

[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = swift
password = 123456
delay_auth_decision = True

[filter:cache]
use = egg:swift#memcache
...
memcache_servers = controller:11211

17. 对象存储(object 节点 192.168.0.205)

  • 安装和配置 rsync

注:分区工具
apt-get install gparted
gparted

  1. 安装:apt-get install xfsprogs rsync
    格式化盘:
    mkfs.xfs /dev/sda5
    mkfs.xfs /dev/sda6
    创建 mount 目录:
    mkdir -p /srv/node/sda5
    mkdir -p /srv/node/sda6
    配置/etc/fstab
    gedit /etc/fstab

...
/dev/sda5 /srv/node/sda5 xfs noatime,nodiratime,nobarrier,logbufs=8 0 2
/dev/sda6 /srv/node/sda6 xfs noatime,nodiratime,nobarrier,logbufs=8 0 2

挂载:
mount /srv/node/sd5
mount /srv/node/sd6
创建/etc/rsyncd.conf
gedit /etc/rsyncd.conf

uid = swift
gid = swift
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
address = 192.168.0.205

[account]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/account.lock

[container]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/container.lock

[object]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/object.lock

配置 /etc/default/rsync
gedit /etc/default/rsync

RSYNC_ENABLE=true

开始:service rsync start

  • 安装和配置 swift
  1. 安装:apt-get install swift swift-account swift-container swift-object
  2. 下载配置文件:
    curl -o /etc/swift/account-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/account-server.conf-sample?h=stable/mitaka
    curl -o /etc/swift/container-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/container-server.conf-sample?h=stable/mitaka
    curl -o /etc/swift/object-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/object-server.conf-sample?h=stable/mitaka
  3. 配置 /etc/swift/account-server.conf
    gedit /etc/swift/account-server.conf

[DEFAULT]
...
bind_ip = 192.168.0.205
bind_port = 6202
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True

[pipeline:main]
pipeline = healthcheck recon account-server

[filter:recon]
use = egg:swift#recon
...
recon_cache_path = /var/cache/swift

  1. 配置 /etc/swift/container-server.conf
    gedit /etc/swift/container-server.conf

[DEFAULT]
...
bind_ip = 192.168.0.205
bind_port = 6201
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True

[pipeline:main]
pipeline = healthcheck recon container-server

[filter:recon]
use = egg:swift#recon
...
recon_cache_path = /var/cache/swift

  1. 配置/etc/swift/object-server.conf
    gedit /etc/swift/object-server.conf

[DEFAULT]
...
bind_ip = 192.168.0.205
bind_port = 6200
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True

[pipeline:main]
pipeline = healthcheck recon object-server

[filter:recon]
use = egg:swift#recon
...
recon_cache_path = /var/cache/swift
recon_lock_path = /var/lock

  1. 配置 mount目录权限:chown -R swift:swift /srv/node
  2. 创建 recon 目录:
    mkdir -p /var/cache/swift
    chown -R root:swift /var/cache/swift
    chmod -R 775 /var/cache/swift
最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
  • 序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 214,313评论 6 496
  • 序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 91,369评论 3 389
  • 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 159,916评论 0 349
  • 文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 57,333评论 1 288
  • 正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 66,425评论 6 386
  • 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 50,481评论 1 292
  • 那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 39,491评论 3 412
  • 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 38,268评论 0 269
  • 序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 44,719评论 1 307
  • 正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 37,004评论 2 328
  • 正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 39,179评论 1 342
  • 序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 34,832评论 4 337
  • 正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 40,510评论 3 322
  • 文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 31,153评论 0 21
  • 文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 32,402评论 1 268
  • 我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 47,045评论 2 365
  • 正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 44,071评论 2 352

推荐阅读更多精彩内容