- 环境准备
- 192.168.80.0/24">Allow NTP client access from local network.
allow 192.168.80.0/24 - 在 controller 上
- http://192.168.80.80:2380“
ETCD_LISTEN_CLIENT_URLS=”http://192.168.80.80:2379“
ETCD_NAME=”controller”
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS=”http://192.168.80.80:2380“
ETCD_ADVERTISE_CLIENT_URLS=”http://192.168.80.80:2379“
ETCD_INITIAL_CLUSTER=”controller=http://192.168.80.80:2380“
ETCD_INITIAL_CLUSTER_TOKEN=”etcd-cluster-01”
ETCD_INITIAL_CLUSTER_STATE=”new”">[Member]
ETCD_DATA_DIR=”/var/lib/etcd/default.etcd”
ETCD_LISTEN_PEER_URLS=”http://192.168.80.80:2380“
ETCD_LISTEN_CLIENT_URLS=”http://192.168.80.80:2379“
ETCD_NAME=”controller”
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS=”http://192.168.80.80:2380“
ETCD_ADVERTISE_CLIENT_URLS=”http://192.168.80.80:2379“
ETCD_INITIAL_CLUSTER=”controller=http://192.168.80.80:2380“
ETCD_INITIAL_CLUSTER_TOKEN=”etcd-cluster-01”
ETCD_INITIAL_CLUSTER_STATE=”new” - 在 compute1 和 compute2 上
- 在 cinder 上
- 启动 openstack 示例">启动 openstack 示例
环境准备
- 配置各节点 IP 地址和主机名(相互能 ping 通 ip)
cinder 192.168.80.83
注意:Ens37的网关、DNS不需要设置 - 配置各节点主机名解析文件(相互能 ping 通主机名)
vim /etc/hosts
192.168.80.80 controller
192.168.80.81 compute1
192.168.80.82 compute2192.168.80.83 cinder - 安装 NTP 服务
- 在 controller 上
- 安装 NTP
yum install chrony - 修改 NTP 配置文件
vim /etc/chrony.conf
- 安装 NTP
- 在 controller 上
Allow NTP client access from local network.
allow 192.168.80.0/24
- 重启服务<br />systemctl restart chronyd.service
- 查看服务状态<br />chronyc sources
- 查看服务状态![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470583754-1f632662-3660-4b6b-879b-382eac688b5a.jpeg#align=left&display=inline&height=106&margin=%5Bobject%20Object%5D&originHeight=154&originWidth=737&size=0&status=done&style=none&width=507)<br />chronyc sources
- compute1、compute2 和 cinder 上
- 安装 NTP<br />yum install chrony -y
- 修改 NTP 配置文件<br />vim /etc/chrony.conf
删掉开头前面几行,改为:server controller iburst
- 重启 chrony 服务<br />systemctl restart chronyd.service
- 查看服务状态![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470577227-22b80c7b-8d63-4119-bc5f-7dc23ec832ce.jpeg#align=left&display=inline&height=67&margin=%5Bobject%20Object%5D&originHeight=96&originWidth=755&size=0&status=done&style=none&width=526)<br />chronyc sources
- 安装 OpenStack 包(rocky 版本)
yum install centos-release-openstack-rocky -y 在 controller、compute1 和 compute2 上
安装配置关系型数据库(MySQL)
- 安装数据库包
yum install -y mariadb mariadb-server python2-PyMySQL - 修改配置文件
vim /etc/my.cnf.d/openstack.cnf
- 安装数据库包
[mysqld]
bind-address = 192.168.80.80
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
- 启动数据库服务<br />systemctl enable mariadb.service<br />systemctl start mariadb.service
- 查看数据库状态![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470577323-d2e1cc60-113b-4d18-9f0b-36e4c649f22d.jpeg#align=left&display=inline&height=152&margin=%5Bobject%20Object%5D&originHeight=222&originWidth=890&size=0&status=done&style=none&width=609)<br />systemctl status mariadb.service
- 初始化数据库<br />mysql_secure_installation
- 安装配置消息队列(rabbit)
- 安装 rabbit 包
yum install rabbitmq-server - 启动 rabbit 服务
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service - 查看 rabbit 状态
systemctl status rabbitmq-server.service - 添加 opentack 用户
rabbitmqctl add_user openstack RABBIT_PASS - 为 openstack 用户配置读写权限
rabbitmqctl set_permissions openstack “.“ “.“ “.*”
- 安装 rabbit 包
- 安装配置 NoSQL 数据库(memcached)
- 安装 memcached
yum install memcached python-memcached - 修改配置文件
vim /etc/sysconfig/memcached
- 安装 memcached
OPTIONS=”-l 127.0.0.1,::1,controller”
- 启动 memcached 服务<br />systemctl enable memcached.service<br />systemctl start memcached.service
- 查看 memcached 服务状态<br />systemctl status memcached.service
- 安装配置分布式数据库(etcd)
- 安装 etcd
yum install etcd - 修改配置文件
vim /etc/etcd/etcd.conf
- 安装 etcd
[Member]
ETCD_DATA_DIR=”/var/lib/etcd/default.etcd”
ETCD_LISTEN_PEER_URLS=”http://192.168.80.80:2380“
ETCD_LISTEN_CLIENT_URLS=”http://192.168.80.80:2379“
ETCD_NAME=”controller”
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS=”http://192.168.80.80:2380“
ETCD_ADVERTISE_CLIENT_URLS=”http://192.168.80.80:2379“
ETCD_INITIAL_CLUSTER=”controller=http://192.168.80.80:2380“
ETCD_INITIAL_CLUSTER_TOKEN=”etcd-cluster-01”
ETCD_INITIAL_CLUSTER_STATE=”new”
- 启动 etcd 服务<br />systemctl enable etcd<br />systemctl start etcd
- 查看 etcd 服务状态![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470577309-9152d4db-bf2b-4f66-ac29-d90bb80cb444.jpeg#align=left&display=inline&height=69&margin=%5Bobject%20Object%5D&originHeight=153&originWidth=1219&size=0&status=done&style=none&width=546)<br />systemctl status etcd
- 查看端口监听状态![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470584524-80caa435-e503-402e-85da-40c4e3fa73da.jpeg#align=left&display=inline&height=49&margin=%5Bobject%20Object%5D&originHeight=72&originWidth=828&size=0&status=done&style=none&width=563)<br />netstat -anlp | grep 2379 |grep LISTEN<br />netstat -anlp | grep 2380 |grep LISTEN
- 安装配置身份服务(keystone)https://docs.openstack.org/keystone/rocky/install/keystone-install-rdo.html
- 创建 keystone 数据库和用户
- 连接数据库
mysql -u root -proot - 创建数据库
CREATE DATABASE keystone; - 创建用户并授权
GRANT ALL PRIVILEGES ON keystone. TO ‘keystone’@’localhost‘ \IDENTIFIED BY ‘KEYSTONE_DBPASS’;GRANT ALL PRIVILEGES ON keystone. TO ‘keystone’@’%’ \IDENTIFIED BY ‘KEYSTONE_DBPASS’; - 刷新权限
flush privileges; - 退出数据库,用新建的用户登录测试
mysql -ukeystone -pKEYSTONE_DBPASS
- 连接数据库
- 安装和配置环境
- 安装相 keystone 关包
yum install openstack-keystone httpd mod_wsgi -y - 修改配置文件
vim /etc/keystone/keystone.conf
- 安装相 keystone 关包
- 创建 keystone 数据库和用户
[database]
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
[token]
provider = fernet
- 初始化数据库<br />su -s /bin/sh -c "keystone-manage db_sync" keystone
- 初始化密钥<br />keystone-manage fernet_setup --keystone-user keystone --keystone-group keystonekeystone-manage credential_setup --keystone-user keystone --keystone-group keystone
- 查看写入的数据库表
- 登录数据库<br />mysql -ukeystone -pKEYSTONE_DBPASS
- 切换到 keystone 数据库<br />use keystone;
- 查看数据库表<br />show tables;
- 引导身份服务<br />keystone-manage bootstrap --bootstrap-password ADMIN_PASS \ --bootstrap-admin-url http://controller:5000/v3/ \ --bootstrap-internal-url http://controller:5000/v3/ \ --bootstrap-public-url http://controller:5000/v3/ \ --bootstrap-region-id RegionOne
- 配置 Apache HTTP 服务器
- 编辑 Apache 配置文件(配置 ServerName选项,以引用控制器节点)<br />vim /etc/httpd/conf/httpd.conf<br />ServerName controller
- 创建 /usr/share/keystone/wsgi-keystone.conf 文件链接<br />ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
- 启动Apache HTTP服务,并设置为开机启动<br />systemctl enable httpd.servicesystemctl start httpd.service
- 查看 Apache HTTP 服务状态![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470577362-c5cf1ecc-74c8-4c14-beb5-ef61c04f021a.jpeg#align=left&display=inline&height=279&margin=%5Bobject%20Object%5D&originHeight=386&originWidth=826&size=0&status=done&style=none&width=596)<br />systemctl status httpd.service
- 查看 5000 端口监听状态![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470577247-d2427eb2-0468-4c82-8f26-6db02d14207c.jpeg#align=left&display=inline&height=36&margin=%5Bobject%20Object%5D&originHeight=36&originWidth=851&size=0&status=done&style=none&width=634)<br />netstat -anlp | grep 5000 | grep LISTEN
- 配置管理账户<br />export OS_USERNAME=adminexport OS_PASSWORD=ADMIN_PASSexport OS_PROJECT_NAME=adminexport OS_USER_DOMAIN_NAME=Defaultexport OS_PROJECT_DOMAIN_NAME=Defaultexport OS_AUTH_URL=http://controller:5000/v3export OS_IDENTITY_API_VERSION=3
- 在终端中访问测试<br />curl `echo $OS_AUTH_URL`
- 创建域,项目,用户和角色
- 创建一个 example 域<br />openstack domain create --description "An Example Domain" example
- 创建一个 service 项目(服务项目)![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470577275-af464fa4-d088-4862-ad26-baa723d9eacc.jpeg#align=left&display=inline&height=207&margin=%5Bobject%20Object%5D&originHeight=321&originWidth=718&size=0&status=done&style=none&width=464)<br />openstack project create --domain default \ <br />--description "Service Project" service
- 创建一个 myproject 项目(常规项目)![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470577283-45502a58-1af2-40c2-8680-1cc4d045fcc7.jpeg#align=left&display=inline&height=196&margin=%5Bobject%20Object%5D&originHeight=320&originWidth=719&size=0&status=done&style=none&width=440)<br />openstack project create --domain default \ <br /> --description "Demo Project" myproject
- 创建 myuser 用户![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470577280-51646ad5-aa64-400c-8d73-f0ccdbf54e29.jpeg#align=left&display=inline&height=192&margin=%5Bobject%20Object%5D&originHeight=321&originWidth=753&size=0&status=done&style=none&width=450)<br />openstack user create --domain default \ <br />--password-prompt myuser手动输入密码:MYUSER_PASS
- 创建 myrole 角色![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470577307-a3365465-375a-4f7b-b884-3d7fc2cdb432.jpeg#align=left&display=inline&height=151&margin=%5Bobject%20Object%5D&originHeight=188&originWidth=567&size=0&status=done&style=none&width=454)<br />openstack role create myrole
- 将 myrole 角色添加到 myproject 项目和 myuser 用户<br />openstack role add --project myproject --user myuser myrole
- 验证身份服务
- 取消设置临时变量 OS_AUTH_URL 和 OS_PASSWORD 环境变量<br />unset OS_AUTH_URL OS_PASSWORD
- 以 admin 用户身份请求身份验证令牌![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470577275-fac486bd-2c78-4631-9566-ad87017f2ac9.jpeg#align=left&display=inline&height=237&margin=%5Bobject%20Object%5D&originHeight=463&originWidth=1121&size=0&status=done&style=none&width=575)<br />openstack --os-auth-url http://controller:5000/v3 \ <br />--os-project-domain-name Default --os-user-domain-name Default \ <br />--os-project-name admin --os-username admin token issue<br />输入密码:ADMIN_PASS
- 以 myuser 用户身份请求身份验证令牌![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470577286-7bc83cf1-cc7b-4c6c-bc55-1248511a0327.jpeg#align=left&display=inline&height=233&margin=%5Bobject%20Object%5D&originHeight=463&originWidth=1124&size=0&status=done&style=none&width=566)<br />openstack --os-auth-url http://controller:5000/v3 \ <br />--os-project-domain-name Default --os-user-domain-name Default \ <br />--os-project-name myproject --os-username myuser token issue<br />输入密码:MYUSER_PASS
- 创建 OpenStack 客户端环境脚本[https://docs.openstack.org/keystone/rocky/install/keystone-openrc-rdo.html](https://docs.openstack.org/keystone/rocky/install/keystone-openrc-rdo.html)
- 创建脚本mkdir -p /scripts <br />cd /scripts
- 新建 admin-openrc 文件<br />vim admin-openrc<br />export OS_PROJECT_DOMAIN_NAME=Default<br />export OS_USER_DOMAIN_NAME=Default<br />export OS_PROJECT_NAME=admin<br />export OS_USERNAME=admin<br />export OS_PASSWORD=ADMIN_PASS<br />export OS_AUTH_URL=http://controller:5000/v3<br />export OS_IDENTITY_API_VERSION=3<br />export OS_IMAGE_API_VERSION=2
- 新建 demo-openrc 文件<br />vim demo-openrc <br />export OS_PROJECT_DOMAIN_NAME=Default<br />export OS_USER_DOMAIN_NAME=Default<br />export OS_PROJECT_NAME=myproject<br />export OS_USERNAME=myuser<br />export OS_PASSWORD=MYUSER_PASS<br />export OS_AUTH_URL=http://controller:5000/v3<br />export OS_IDENTITY_API_VERSION=3<br />export OS_IMAGE_API_VERSION=2
- 使用脚本
- 加载 admin-openrc 文件<br />. admin-openrc
- 请求身份验证令牌![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470583207-9659c13d-4029-41b4-8b88-e65201d29094.jpeg#align=left&display=inline&height=250&margin=%5Bobject%20Object%5D&originHeight=353&originWidth=616&size=0&status=done&style=none&width=436)<br />openstack token issue
- 加载 demo-openrc 文件<br />. demo-openrc
- 请求身份令牌![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470577355-20e9b129-b30b-4f78-b167-aeb35505a49f.jpeg#align=left&display=inline&height=235&margin=%5Bobject%20Object%5D&originHeight=332&originWidth=628&size=0&status=done&style=none&width=444)<br />openstack token issue
- 安装配置镜像服务(glance)https://docs.openstack.org/glance/rocky/install/install-rdo.html
- 创建数据库,服务凭证和 API 端点
- 创建数据库
- 使用数据库访问客户端以root用户身份连接到数据库服务器
mysql -u root -p - 创建glance数据库
CREATE DATABASE glance; - 授予对glance数据库的适当访问权限
GRANT ALL PRIVILEGES ON glance. TO ‘glance’@’localhost‘ \ IDENTIFIED BY ‘GLANCE_DBPASS’;GRANT ALL PRIVILEGES ON glance. TO ‘glance’@’%’ \ IDENTIFIED BY ‘GLANCE_DBPASS’;
- 使用数据库访问客户端以root用户身份连接到数据库服务器
- 加载 admin-openrc 文件
cd /scripts
. admin-openrc - 创建服务凭证
- 创建 glance 用户
openstack user create —domain default —password-prompt glance输入密码:GLANCE_PASS - 将 admin 角色添加到 glance 用户和 service 项目
openstack role add —project service —user glance admin - 创建 glance 服务实体
openstack service create —name glance --description “OpenStack Image” image
- 创建 glance 用户
- 创建镜像服务 API 端点
- public
openstack endpoint create —region RegionOne \image public http://controller:9292 - internal
openstack endpoint create —region RegionOne \image internal http://controller:9292 - admin
openstack endpoint create —region RegionOne \image admin http://controller:9292
- public
- 创建数据库
- 安装和配置组件
- 安装 glance 包
yum install openstack-glance -y - 修改配置文件
- glance-api.conf 文件
- 修改 glance-api.conf 文件
vim /etc/glance/glance-api.conf
- 修改 glance-api.conf 文件
- glance-api.conf 文件
- 安装 glance 包
- 创建数据库,服务凭证和 API 端点
[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]www_authenticate_uri = http://controller:5000auth_url = http://controller:5000memcached_servers = controller:11211auth_type = passwordproject_domain_name = Defaultuser_domain_name = Defaultproject_name = serviceusername = glancepassword = GLANCE_PASS
[paste_deploy]
flavor = keystone
[glance_store]stores = file,httpdefault_store = filefilesystem_store_datadir = /var/lib/glance/images/
- 验证 glance-api.conf 文件![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470577332-412350f3-eebf-467e-b33e-930d5f64e61b.jpeg#align=left&display=inline&height=64&margin=%5Bobject%20Object%5D&originHeight=156&originWidth=1637&size=0&status=done&style=none&width=673)<br />curl http://controller:5000<br />netstat -anlp | grep 11211 | grep LISTEN
- 查看服务状态![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470577363-630a3b64-ef9a-4496-b949-54bf74fe29f9.jpeg#align=left&display=inline&height=206&margin=%5Bobject%20Object%5D&originHeight=392&originWidth=1189&size=0&status=done&style=none&width=626)<br />systemctl status openstack-glance-api
- glance-registry.conf 文件
- 修改 glance-registry.conf 文件<br />vim /etc/glance/glance-registry.conf<br />[database]connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance<br />[keystone_authtoken]www_authenticate_uri = http://controller:5000auth_url = http://controller:5000memcached_servers = controller:11211auth_type = passwordproject_domain_name = Defaultuser_domain_name = Defaultproject_name = serviceusername = glancepassword = GLANCE_PASS
[paste_deploy]flavor = keystone
- 查看服务状态![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470577389-8107b9f8-66d3-4256-8e82-3d22d80345f8.jpeg#align=left&display=inline&height=188&margin=%5Bobject%20Object%5D&originHeight=409&originWidth=1249&size=0&status=done&style=none&width=573)<br />systemctl status openstack-glance-registry
- 创建远程镜像目录并授权<br />mkdir -p /var/lib/glance/imageschown -Rhf glance:nobody /var/lib/glance/images/
- 同步数据库![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470577331-f9819b85-5c36-4386-adb8-f6f0bdb4085b.jpeg#align=left&display=inline&height=286&margin=%5Bobject%20Object%5D&originHeight=721&originWidth=1636&size=0&status=done&style=none&width=648)<br />su -s /bin/sh -c "glance-manage db_sync" glance
- 查看数据库表![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470577341-fb13c901-9f1e-49eb-9d77-994499043d05.jpeg#align=left&display=inline&height=218&margin=%5Bobject%20Object%5D&originHeight=390&originWidth=1114&size=0&status=done&style=none&width=624)<br />mysql -uglance -pGLANCE_DBPASS -hcontroller -e "use glance; show tables"
- 启动镜像服务<br />systemctl enable openstack-glance-api.service \openstack-glance-registry.service<br />systemctl start openstack-glance-api.service \ <br />openstack-glance-registry.service
- 验证镜像服务
- 加载 admin-openrc 文件<br />cd /scripts<br />. admin-openrc
- 下载镜像到本地<br />mkdir -p /images<br />cd /imageswget [http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img](http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img)
- 查看下载的镜像![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470577291-5c6aa9fa-e866-4c7e-850b-006c7b18530e.jpeg#align=left&display=inline&height=34&margin=%5Bobject%20Object%5D&originHeight=39&originWidth=476&size=0&status=done&style=none&width=414)<br />ls /images
- 上传镜像到 openstack![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470577378-4d2dd267-d6fd-41ef-b5f4-8f3a0c042c39.jpeg#align=left&display=inline&height=498&margin=%5Bobject%20Object%5D&originHeight=763&originWidth=830&size=0&status=done&style=none&width=542)<br />openstack image create "cirros" \ <br />--file cirros-0.4.0-x86_64-disk.img \ <br />--disk-format qcow2 --container-format bare \--public
- 查看上传的镜像![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470577331-cdf44fb4-6893-4cbb-80c2-91f6003d7a48.jpeg#align=left&display=inline&height=35&margin=%5Bobject%20Object%5D&originHeight=59&originWidth=981&size=0&status=done&style=none&width=577)<br />ll /var/lib/glance/images
- 查看镜像属性<br />openstack image list
- 安装配置计算服务(nova)https://docs.openstack.org/nova/rocky/install/controller-install-rdo.html#install-and-configure-components
- 创建数据库,服务凭证和API端点
- 创建数据库
- 连接数据库
mysql -u root -proot - 创建nova_api,nova,nova_cell0,和placement数据库
CREATE DATABASE nova_api;CREATE DATABASE nova;CREATE DATABASE nova_cell0;CREATE DATABASE placement; - 对数据库授权
GRANT ALL PRIVILEGES ON nova_api. TO ‘nova’@’localhost‘ \ IDENTIFIED BY ‘NOVA_DBPASS’;GRANT ALL PRIVILEGES ON nova_api. TO ‘nova’@’%’ \ IDENTIFIED BY ‘NOVA_DBPASS’;
GRANT ALL PRIVILEGES ON nova. TO ‘nova’@’localhost‘ \ IDENTIFIED BY ‘NOVA_DBPASS’;GRANT ALL PRIVILEGES ON nova. TO ‘nova’@’%’ \ IDENTIFIED BY ‘NOVA_DBPASS’;
- 连接数据库
- 创建数据库
- 创建数据库,服务凭证和API端点
GRANT ALL PRIVILEGES ON nova_cell0. TO ‘nova’@’localhost‘ \ IDENTIFIED BY ‘NOVA_DBPASS’;GRANT ALL PRIVILEGES ON nova_cell0. TO ‘nova’@’%’ \ IDENTIFIED BY ‘NOVA_DBPASS’;
GRANT ALL PRIVILEGES ON placement. TO ‘placement’@’localhost‘ \ IDENTIFIED BY ‘PLACEMENT_DBPASS’;GRANT ALL PRIVILEGES ON placement. TO ‘placement’@’%’ \ IDENTIFIED BY ‘PLACEMENT_DBPASS’;
- 使用 nova 用户连接数据库测试<br />mysql -unova -pNOVA_DBPASS
- 加载 admin-openrc 文件<br />cd /scripts<br />. admin-openrc
- 创建计算服务凭证
- 创建nova用户![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470577470-afb0cc0d-bcde-4b54-a1d1-7b8813686f22.jpeg#align=left&display=inline&height=154&margin=%5Bobject%20Object%5D&originHeight=252&originWidth=1009&size=0&status=done&style=none&width=617)<br />openstack user create --domain default --password-prompt nova<br />输入密码:NOVA_PASS
- admin向nova用户添加角色<br />openstack role add --project service --user nova admin
- 创建nova服务实体<br />openstack service create --name nova \--description "OpenStack Compute" compute
- 创建Compute API服务端点<br />openstack endpoint create --region RegionOne \compute public http://controller:8774/v2.1<br />openstack endpoint create --region RegionOne \compute internal http://controller:8774/v2.1<br />openstack endpoint create --region RegionOne \compute admin http://controller:8774/v2.1
- 创建 placement 用户<br />openstack user create --domain default --password-prompt placement输入密码:PLACEMENT_PASS
- 添加 placement 用户到 service 项目中<br />openstack role add --project service --user placement admin
- 在 servcie 中创建Placement API<br />openstack service create --name placement \ <br />--description "Placement API" placement
- 创建Placement API服务端点<br />openstack endpoint create --region RegionOne \placement public http://controller:8778<br />openstack endpoint create --region RegionOne \placement internal http://controller:8778
openstack endpoint create —region RegionOne \placement admin http://controller:8778
- 安装和配置组件
- 安装软件包<br />yum install openstack-nova-api openstack-nova-conductor \openstack-nova-console openstack-nova-novncproxy \openstack-nova-scheduler openstack-nova-placement-api
- 修改 nova.conf 文件<br />vim /etc/nova/nova.conf
[DEFAULT]enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:RABBIT_PASS@controller
my_ip = 192.168.80.80
use_neutron = truefirewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
[database]connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova
[placement_database]connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement
[api]auth_strategy = keystone
[keystone_authtoken]auth_url = http://controller:5000/v3memcached_servers = controller:11211auth_type = passwordproject_domain_name = Defaultuser_domain_name = Defaultproject_name = serviceusername = novapassword = NOVA_PASS
[vnc]enabled = trueserver_listen = $my_ipserver_proxy
client_address = $my_ip
[glance]api_servers = http://controller:9292
[oslo_concurrency]lock_path = /var/lib/nova/tmp
[placement]region_name = RegionOneproject_domain_name = Defaultproject_name = serviceauth_type = passworduser_domain_name = Defaultauth_url = http://controller:5000/v3username = placementpassword = PLACEMENT_PASS
- 修改 00-nova-placement-api.conf 文件,启用对Placement API的访问<br />在最后添加:<Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion></Directory>
- 重新启动httpd服务<br />systemctl restart httpd
- 同步 nova-api 和 placement 数据库<br />su -s /bin/sh -c "nova-manage api_db sync" nova
- 注册cell0数据库<br />su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
- 创建cell1<br />su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
- 同步 nova 数据库<br />su -s /bin/sh -c "nova-manage db sync" nova
- 验证nova cell0和cell1是否正确注册<br />su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
- 启动服务<br />systemctl enable openstack-nova-api.service \openstack-nova-consoleauth openstack-nova-scheduler.service \openstack-nova-conductor.service openstack-nova-novncproxy.service<br />systemctl start openstack-nova-api.service \openstack-nova-consoleauth openstack-nova-scheduler.service \openstack-nova-conductor.service openstack-nova-novncproxy.service
- 安装配置网络服务(neutron)https://docs.openstack.org/neutron/rocky/install/controller-install-rdo.html
- 先决条件
- 连接到数据库
mysql -uroot -proot - 创建 neutron 数据库
CREATE DATABASE neutron; - 授予对 neutron 数据库的适当访问权限
GRANT ALL PRIVILEGES ON neutron. TO ‘neutron’@’localhost‘ \ IDENTIFIED BY ‘NEUTRON_DBPASS’;GRANT ALL PRIVILEGES ON neutron. TO ‘neutron’@’%’ \ IDENTIFIED BY ‘NEUTRON_DBPASS’; - 加载 admin-openrc 文件
cd /scripts
. admin-openrc - 创建 neutron 用户
openstack user create —domain default —password-prompt neutron输入密码:NEUTRON_PASS - admin 向 neutron 用户添加角色
openstack role add —project service —user neutron admin - 创建 neutron 服务实体
openstack service create —name neutron --description “OpenStack Networking” network - 创建网络服务 API 端点
openstack endpoint create —region RegionOne \network public http://controller:9696
- 连接到数据库
- 先决条件
openstack endpoint create —region RegionOne \network internal http://controller:9696
openstack endpoint create —region RegionOne \network admin http://controller:9696
- 配置网络选项([联网选项2:自助服务网络](https://docs.openstack.org/neutron/rocky/install/controller-install-option2-rdo.html))
- 安装组件<br />yum install openstack-neutron openstack-neutron-ml2 \openstack-neutron-linuxbridge ebtables
- 配置服务器组件<br />vim /etc/neutron/neutron.conf<br />[database]<br />connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
[DEFAULT]
core_plugin = ml2service_plugins = routerallow_overlapping_ips = true
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystonenotify_nova_on_port_status_changes = truenotify_nova_on_port_data_changes = true
[keystone_authtoken]www_authenticate_uri = http://controller:5000auth_url = http://controller:5000memcached_servers = controller:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = neutronpassword = NEUTRON_PASS
[nova]auth_url = http://controller:5000auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultregion_name = RegionOneproject_name = serviceusername = novapassword = NOVA_PASS
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
- 配置 ML2 插件<br />vim /etc/neutron/plugins/ml2/ml2_conf.ini<br />[ml2]<br />type_drivers = flat,vlan,vxlan<br />tenant_network_types = vxlan<br />mechanism_drivers = linuxbridge,l2population<br />extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = true
- 配置 Linux 网桥代理<br />vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]physical_interface_mappings = provider:ens37
[vxlan]enable_vxlan = truelocal_ip = 192.168.80.80
l2_population = true
[securitygroup]enable_security_group = truefirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
- 设置 sysctl 值
- 查看 br_netfilter 模块是否加载<br />lsmod | grep br_netfilter
- 加载 br_netfilter 模块(若未加载)<br />modprobe br_netfilter
- 编辑配置文件<br />vim /etc/sysctl.conf <br />net.bridge.bridge-nf-call-iptables=1<br />net.bridge.bridge-nf-call-ip6tables=1
- 配置生效<br />sysctl -p
- 查看修改的配置![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470577350-f8dd63c0-6548-4c37-8c45-8bdf47a8257a.jpeg#align=left&display=inline&height=137&margin=%5Bobject%20Object%5D&originHeight=192&originWidth=828&size=0&status=done&style=none&width=590)<br />sysctl -a | grep net.bridge.bridge-nf-call-ip
- 配置 3 层代理<br />vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = linuxbridge
- 配置 DHCP 代理<br />vim /etc/neutron/dhcp_agent.ini
[DEFAULT]nova_metadata_host = controllermetadata_proxy_shared_secret = METADATA_SECRET
- 配置元数据代理<br />vim /etc/neutron/metadata_agent.ini
[DEFAULT]nova_metadata_host = controllermetadata_proxy_shared_secret = METADATA_SECRET
- 配置计算服务以使用网络服务<br />vim /etc/nova/nova.conf
[neutron]url = http://controller:9696auth_url = http://controller:5000auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultregion_name = RegionOneproject_name = serviceusername = neutronpassword = NEUTRON_PASSservice_metadata_proxy = truemetadata_proxy_shared_secret = METADATA_SECRET
- 确定安装
- 创建符号连接文件<br />ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
- 同步数据库<br />su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
- 重新启动 Compute API 服务<br />systemctl restart openstack-nova-api.service
- 启动网络服务,并将其配置为在系统引导时启动<br />systemctl enable neutron-server.service \neutron-linuxbridge-agent.service neutron-dhcp-agent.service \neutron-metadata-agent.service<br />systemctl start neutron-server.service \neutron-linuxbridge-agent.service neutron-dhcp-agent.service \neutron-metadata-agent.service<br />systemctl enable neutron-l3-agent.servicesystemctl start neutron-l3-agent.service
- 安装配置控制面板服务(dashboard)https://docs.openstack.org/horizon/rocky/install/install-rdo.html
- 安装配置组件
- 安装软件包
yum install openstack-dashboard -y - 修改 mysql-clients.cnf 文件
cd /etc/my.cnf.d/vim mysql-clients.cnf
[mysql]
default-character-set = utf8 - 重启数据库
systemctl restart mariadb - 修改 local_settings 文件
vim /etc/openstack-dashboard/local_settings
OPENSTACK_HOST = “controller”
ALLOWED_HOSTS = [‘*’]
SESSION_ENGINE = ‘django.contrib.sessions.backends.cache’
CACHES = { ‘default’: { ‘BACKEND’: ‘django.core.cache.backends.memcached.MemcachedCache’, ‘LOCATION’: ‘controller:11211’,
}}
- 安装软件包
- 安装配置组件
OPENSTACK_KEYSTONE_URL = “http://%s:5000/v3“ % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = { “identity”: 3, “image”: 2, “volume”: 2,}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = “Default”
OPENSTACK_KEYSTONE_DEFAULT_ROLE = “user”
- 修改 <br />vim /etc/httpd/conf.d/openstack-dashboard.conf<br />WSGIApplicationGroup %{GLOBAL}
- 确定安装<br />systemctl restart httpd.service memcached.service
- 验证
- 访问 [http://192.168.80.80/dashboard](http://192.168.80.80/dashboard)<br />域:Default<br />用户名:admin<br />密码:ADMIN_PASS
- dashboard 界面![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470577364-e0b95e81-ea04-468c-9ef2-4dbc86ac32ad.jpeg#align=left&display=inline&height=369&margin=%5Bobject%20Object%5D&originHeight=994&originWidth=1910&size=0&status=done&style=none&width=709)
- 安装配置块存储服务(cinder)https://docs.openstack.org/cinder/rocky/install/cinder-controller-install-rdo.html
- 先决条件
- 创建 cinder 数据库
mysql -u root -prootCREATE DATABASE cinder; - 创建用户并授权 cinder 数据库
GRANT ALL PRIVILEGES ON cinder. TO ‘cinder’@’localhost‘ \IDENTIFIED BY ‘CINDER_DBPASS’;
GRANT ALL PRIVILEGES ON cinder. TO ‘cinder’@’%’ \IDENTIFIED BY ‘CINDER_DBPASS’; - 访问测试
mysql -ucinder -pCINDER_DBPASS -hcontroller
use cinder;
show tables; - 加载 admin-openrc 文件
. /scripts/admin-openrc - 创建一个 cinder 用户
openstack user create —domain default —password-prompt cinder输入密码:CINDER_PASS - admin 向 cinder 用户添加角色
openstack role add —project service —user cinder admin - 创建cinderv2和cinderv3服务实体
openstack service create —name cinderv2 --description “OpenStack Block Storage” volumev2
openstack service create —name cinderv3 --description “OpenStack Block Storage” volumev3 - 创建块存储服务API端点
openstack endpoint create —region RegionOne \volumev2 public http://controller:8776/v2/%\(project_id\)s
openstack endpoint create —region RegionOne \volumev2 internal http://controller:8776/v2/%\(project_id\)s
- 创建 cinder 数据库
- 先决条件
openstack endpoint create —region RegionOne \volumev2 admin http://controller:8776/v2/%\(project_id\)s
openstack endpoint create —region RegionOne \volumev3 public http://controller:8776/v3/%\(project_id\)s
openstack endpoint create —region RegionOne \volumev3 internal http://controller:8776/v3/%\(project_id\)s
openstack endpoint create —region RegionOne \volumev3 admin http://controller:8776/v3/%\(project_id\)s
- 安装配置组件
- 安装软件包<br />yum install openstack-cinder -y
- 编辑 cinder.conf 文件<br />vim /etc/cinder/cinder.conf
[database]connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder
[DEFAULT]transport_url = rabbit://openstack:RABBIT_PASS@controllerauth_strategy = keystonemy_ip = 192.168.80.80
[keystone_authtoken]www_authenticate_uri = http://controller:5000auth_url = http://controller:5000memcached_servers = controller:11211auth_type = passwordproject_domain_id = defaultuser_domain_id = defaultproject_name = serviceusername = cinderpassword = CINDER_PASS
[oslo_concurrency]lock_path = /var/lib/cinder/tmp
- 填充块存储数据库<br />su -s /bin/sh -c "cinder-manage db sync" cinder
- 查看数据库表<br />mysql -ucinder -pCINDER_DBPASS -hcontroller -e "use cinder; show tables" | wc -l显示为:36
- 配置计算以使用块存储<br />vim /etc/nova/nova.conf
[cinder]os_region_name = RegionOne
- 完成安装
- 重新启动 Compute API 服务<br />systemctl restart openstack-nova-api.service
- 启动块存储服务,并将其配置为在系统引导时启动<br />systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service<br />systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
在 compute1 和 compute2 上
- 安装配置计算服务(compute)https://docs.openstack.org/nova/rocky/install/compute-install-rdo.html
- 安装配置组件
- 安装 openstack-nova-compute 包
yum install openstack-nova-compute -y - 修改 nova.conf 文件
vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadatatransport_url = rabbit://openstack:RABBIT_PASS@controllermy_ip = 192.168.80.81 或 192.168.80.82
use_neutron = truefirewall_driver = nova.virt.firewall.NoopFirewallDriver
- 安装 openstack-nova-compute 包
- 安装配置组件
[api]auth_strategy = keystone
[keystone_authtoken]auth_url = http://controller:5000/v3memcached_servers = controller:11211auth_type = passwordproject_domain_name = Defaultuser_domain_name = Defaultproject_name = serviceusername = novapassword = NOVA_PASS
[vnc]enabled = trueserver_listen = 0.0.0.0
server_proxyclient_address = $my_ipnovncproxy_base_url = http://controller:6080/vnc_auto.html
[glance]api_servers = http://controller:9292
[oslo_concurrency]lock_path = /var/lib/nova/tmp
[placement]region_name = RegionOneproject_domain_name = Defaultproject_name = serviceauth_type = passworduser_domain_name = Defaultauth_url = http://controller:5000/v3username = placementpassword = PLACEMENT_PASS
[libvirt]virt_type = qemu
- 启动服务<br />systemctl enable libvirtd.service openstack-nova-compute.service<br />systemctl start libvirtd.service openstack-nova-compute.service
- 将计算节点添加到单元数据库中(在 controller 上添加)
- 加载 admin-openrc 文件<br />cd /scripts<br />. admin-openrc
- 确认数据库中有计算节点![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470577367-53bc1d2a-dbc9-46f4-8aee-173d3d059589.jpeg#align=left&display=inline&height=90&margin=%5Bobject%20Object%5D&originHeight=140&originWidth=967&size=0&status=done&style=none&width=620)<br />openstack compute service list --service nova-compute
- 发现计算节点![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470577366-7dbc2ff0-fcfb-41bc-9173-4ca4c7fb4a1c.jpeg#align=left&display=inline&height=112&margin=%5Bobject%20Object%5D&originHeight=196&originWidth=1070&size=0&status=done&style=none&width=611)<br />su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
- 验证计算服务(在 controller 上验证)[https://docs.openstack.org/nova/rocky/install/verify.html](https://docs.openstack.org/nova/rocky/install/verify.html)
- 加载 admin-openrc 文件<br />cd /scripts. admin-openrc
- 列出服务组件,以验证每个进程的成功启动和注册![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470577343-027f5e15-262b-43ea-9848-478ed71f1012.jpeg#align=left&display=inline&height=110&margin=%5Bobject%20Object%5D&originHeight=190&originWidth=1082&size=0&status=done&style=none&width=629)<br />openstack compute service list
- 列出身份服务中的API端点,以验证与身份服务的连接性![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470583191-24f7e848-8a0a-403d-bbf3-3843a80a1885.jpeg#align=left&display=inline&height=403&margin=%5Bobject%20Object%5D&originHeight=643&originWidth=762&size=0&status=done&style=none&width=477)<br />openstack catalog list
- 列出镜像服务中的镜像,以验证与镜像服务的连接性![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470577350-a572a529-55c3-4d5e-ad1e-4efab3bd79d2.jpeg#align=left&display=inline&height=84&margin=%5Bobject%20Object%5D&originHeight=116&originWidth=664&size=0&status=done&style=none&width=482)<br />openstack image list
- 检查 cells 和 placement API![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470577393-2e331b21-0dd4-42c1-bbf9-ba2fd4664bfe.jpeg#align=left&display=inline&height=454&margin=%5Bobject%20Object%5D&originHeight=622&originWidth=605&size=0&status=done&style=none&width=442)<br />nova-status upgrade check
- 安装配置网络服务(neutron)https://docs.openstack.org/neutron/rocky/install/compute-install-rdo.html
- 安装配置组件
- 安装组件
yum install openstack-neutron-linuxbridge ebtables ipset -y - 配置身份验证机制和消息队列
vim /etc/neutron/neutron.conf
- 安装组件
- 安装配置组件
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000auth_url = http://controller:5000memcached_servers = controller:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = neutronpassword = NEUTRON_PASS
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
- 配置网络选项([联网选项2:自助服务网络](https://docs.openstack.org/neutron/rocky/install/compute-install-option2-rdo.html))——配置Linux网桥代理
- 修改配置文件<br />vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini<br />[linux_bridge]physical_interface_mappings = provider:ens37
[vxlan]enable_vxlan = truelocal_ip = 192.168.80.81 或 192.168.80.82
l2_population = true
[securitygroup]
enable_security_group = truefirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
- 设置 sysctl 值
- 查看是否有 br_netfilter 模块<br />lsmod | grep br_netfilter
- 加载 br_netfilter 模块(若无)<br />modprobe br_netfilter
- 修改配置文件<br />vim /etc/sysctl.conf <br />net.bridge.bridge-nf-call-iptables=1<br />net.bridge.bridge-nf-call-ip6tables=1
- 配置生效<br />sysctl -p
- 查看修改的配置<br />sysctl -a | grep net.bridge.bridge-nf-call-ip
- 配置计算服务以使用网络服务<br />vim /etc/nova/nova.conf<br />[neutron]<br />url = http://controller:9696auth_url = http://controller:5000auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultregion_name = RegionOneproject_name = serviceusername = neutronpassword = NEUTRON_PASS
- 完成安装
- 重新启动计算服务<br />systemctl restart openstack-nova-compute.service
- 启动Linux网桥代理,并将其配置为在系统引导时启动<br />systemctl enable neutron-linuxbridge-agent.servicesystemctl start neutron-linuxbridge-agent.service
- 验证网络服务(在 controller 上验证)
- 加载 admin-openrc 文件<br />. /admin-openrc
- 列出已加载的扩展,以验证该 neutron-server 过程是否成功启动<br />openstack extension list --network
在 cinder 上
- 安装配置块存储服务(cinder)
- 先决条件
- 安装支持的实用程序包
- 安装LVM软件包
yum install lvm2 device-mapper-persistent-data -y - 启动LVM元数据服务,并将其配置为在系统引导时启动
systemctl enable lvm2-lvmetad.servicesystemctl start lvm2-lvmetad.service
- 安装LVM软件包
- 创建LVM物理卷/dev/sdb
pvcreate /dev/sdb - 创建LVM卷组cinder-volumes
vgcreate cinder-volumes /dev/sdb - 修改 lvm.conf 文件(在 cinder、compute1 和 compute2上都要修改)
vim /etc/lvm/lvm.conffilter = [ “a/sda/“, “a/sdb/“, “r/.*/“]
- 安装支持的实用程序包
- 安装和配置组件
- 安装软件包
yum install openstack-cinder targetcli python-keystone -y - 修改 /etc/cinder/cinder.conf 文件
vim /etc/cinder/cinder.conf
[database]connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder
- 安装软件包
- 先决条件
[DEFAULT]transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
my_ip = 192.168.80.83
enabled_backends = lvm
glance_api_servers = http://controller:9292
[keystone_authtoken]www_authenticate_uri = http://controller:5000auth_url = http://controller:5000memcached_servers = controller:11211auth_type = passwordproject_domain_id = defaultuser_domain_id = defaultproject_name = serviceusername = cinderpassword = CINDER_PASS
[lvm]volume_driver = cinder.volume.drivers.lvm.LVMVolumeDrivervolume_group = cinder-volumesiscsi_protocol = iscsiiscsi_helper = lioadm
注意:[lvm]原文件中不存在,需要创建,可放到文件最后
[oslo_concurrency]lock_path = /var/lib/cinder/tmp
- 完成安装
- 启动块存储卷服务及其相关性,并将其配置为在系统启动时启动<br />systemctl enable openstack-cinder-volume.service target.servicesystemctl start openstack-cinder-volume.service target.service
- [验证 cinder 服务](https://docs.openstack.org/cinder/rocky/install/cinder-verify.html)(在 controller 上验证)
- 加载 admin-openrc 文件<br />. /scripts/admin-openrc
- 列出服务组件以验证每个进程是否成功启动![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470577360-2a7a6320-c973-4acc-add3-fbba7db449eb.jpeg#align=left&display=inline&height=177&margin=%5Bobject%20Object%5D&originHeight=289&originWidth=977&size=0&status=done&style=none&width=599)<br />openstack volume service list
启动 openstack 示例
- 在 controller 上 创建虚拟网络(自服务网络)
- 创建提供商网络
- 获取管理员凭证
. /scripts/admin-openrc - 创建 provider 网络
openstack network create —share —external --provider-physical-network provider --provider-network-type flat provider - 查看网络
openstack network list - 查看网络代理
openstack network agent list - 在 provider 网络上创建并查看子网
openstack subnet create —network provider \
—allocation-pool start=193.168.80.101,end=193.168.80.250 \
—dns-nameserver 8.8.4.4 —gateway 193.168.80.81 \
—subnet-range 193.168.80.0/24 provider
openstack subnet list
- 获取管理员凭证
- 创建提供商网络
openstack network list
- 创建自服务网络
- 获取 demo 凭证<br />. /scripts/demo-openrc
- 创建网络<br />openstack network create selfservice
- 在网络上创建一个子网![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470616089-f9ee30f5-4762-4ac0-90b6-2a1a58f1bc3a.jpeg#align=left&display=inline&height=340&margin=%5Bobject%20Object%5D&originHeight=429&originWidth=608&size=0&status=done&style=none&width=482)<br />openstack subnet create --network selfservice \--dns-nameserver [8.8.4.4](http://8.8.4.4/) --gateway [172.16.1.1](http://172.16.1.1/) \--subnet-range [172.16.1.0/24](http://172.16.1.0/24) selfservice
- 创建路由器
- 获取 demo 凭证<br />. /scripts/demo-openrc
- 创建路由器![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470616054-53af8467-2699-4ca1-b9e4-7ed83391f38b.jpeg#align=left&display=inline&height=260&margin=%5Bobject%20Object%5D&originHeight=307&originWidth=594&size=0&status=done&style=none&width=503)<br />openstack router create router
- 将自助服务网络子网添加为路由器上的接口<br />openstack router add subnet router selfservice
- 在路由器的提供者网络上设置网关<br />openstack router set router --external-gateway provider
- 验证操作
- 获取管理员凭证<br />. /scripts/admin-openrc
- 列出网络名称空间![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470616028-02c08e9e-f929-4c83-844b-b4c0ef12f78d.jpeg#align=left&display=inline&height=59&margin=%5Bobject%20Object%5D&originHeight=64&originWidth=474&size=0&status=done&style=none&width=435)<br />ip netns
- 列出路由器上的端口,以确定提供商网络上的网关IP地址![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470625166-43cffd66-4d1d-411b-8d6e-3b2b9beb86c0.jpeg#align=left&display=inline&height=55&margin=%5Bobject%20Object%5D&originHeight=109&originWidth=1393&size=0&status=done&style=none&width=702)<br />openstack port list --router router
- 从控制器节点或物理提供商网络上的任何主机ping此IP地址![](https://cdn.nlark.com/yuque/0/2020/jpeg/335089/1602470622433-67c41014-78e1-48ba-9f33-847d21225180.jpeg#align=left&display=inline&height=48&margin=%5Bobject%20Object%5D&originHeight=67&originWidth=559&size=0&status=done&style=none&width=400)<br />ping [193.168.80.102](http://193.168.80.102/)
- 创建最小实例风格
- 创建一个 m1.nano 实例风格
openstack flavor create —id 0 —vcpus 1 —ram 64 —disk 1 m1.nano
- 创建一个 m1.nano 实例风格
- 生成密钥对
- 获取 demo 凭证
. /sccripts/demo-openrc - 生成密钥对
ssh-keygen -q -N “” - 添加公共密钥
openstack keypair create —public-key ~/.ssh/id_rsa.pub mykey - 验证添加的密钥对
openstack keypair list
- 获取 demo 凭证
- 添加安全组规则(将规则添加到 default 安全组)
- 允许ICMP(ping)
openstack security group rule create —proto icmp default - 允许 shell(ssh)
openstack security group rule create —proto tcp —dst-port 22 default - 查看 default 安全组规则
openstack security group rule list default
- 允许ICMP(ping)
- 启动一个实例(在自助服务网络上启动实例)
- 确定实例的选项
- 获取 demo 凭证
. /scripts/demo-openrc - 列出可用实例风格
openstack flavor list - 列出可用镜像
openstack image list - 列出可用网络
openstack network list - 列出可用安全组
openstack security group list - 启动实例
openstack server create —flavor m1.nano —image cirros —nic net-id=17ffc771-88a1-48d1-9cbe-cad8cc082091 —security-group default —key-name mykey selfservice-instance - 查看实例的状态
openstack server list
- 获取 demo 凭证
- 使用虚拟控制台访问实例
- 获取实例的 VNC URL
openstack console url show selfservice-instance - 验证对自助服务网络网关的访问
ping -c 4 172.16.1.1
- 获取实例的 VNC URL
- 远程访问实例
- 在提供者虚拟网络上创建一个浮动IP地址
openstack floating ip create provider - 将浮动IP地址与实例相关联
openstack server add floating ip selfservice-instance 193.168.80.109 - 检查浮动IP地址的状态
openstack server list - 在实例中 ping 浮动 ip
ping 193.168.80.109 - 从控制器节点或提供程序物理网络上的任何主机使用SSH访问您的实例
ssh cirros@193.168.80.109
- 在提供者虚拟网络上创建一个浮动IP地址
- 确定实例的选项