在 CentOS7.2 上安装 OpenStack Liberty 版
在 CentOS7.2 上安装 OpenStack Liberty 版一、约定二、概述openstack 主要服务组件http://www.infocool.net/u/cms/www/201609/07120201ku9p.png三、环境准备本次实验在虚拟机里面安装,共两个节点 controller、 compute1,每个节点设置两个IP地址,其中一个网段是可以上网的,另一个网段用来管理,我这里只用了一个网卡,只安装核心的几个组件 keystone、glance、nova、neutron
[*]Controller Node: 1 processor, 4 GB memory, and 5 GB storage
[*]Compute Node: 1 processor, 2 GB memory, and 10 GB storage
http://www.infocool.net/u/cms/www/201609/07120202rn2w.png3.1 安全Password name DescriptionDatabase password (no variable used) Root password for the databaseADMIN_PASSPassword of user adminCEILOMETER_DBPASS Database password for the Telemetry serviceCEILOMETER_PASS Password of Telemetry service user ceilometerCINDER_DBPASS Database password for the Block Storage serviceCINDER_PASS Password of Block Storage service user cinderDASH_DBPASS Database password for the dashboardDEMO_PASS Password of user demoGLANCE_DBPASS Database password for Image serviceGLANCE_PASS Password of Image service user glanceHEAT_DBPASS Database password for the Orchestration serviceHEAT_DOMAIN_PASS Password of Orchestration domainHEAT_PASS Password of Orchestration service user heatKEYSTONE_DBPASS Database password of Identity serviceNEUTRON_DBPASSDatabase password for the Networking serviceNEUTRON_PASS Password of Networking service user neutronNOVA_DBPASS Database password for Compute serviceNOVA_PASS Password of Compute service user novaRABBIT_PASS Password of user guest of RabbitMQSWIFT_PASSPassword of Object Storage service user swift3.2 网络关闭网络管理工具关闭防火墙和SELinux(两端)# systemctl stop iptablesFailed to stop iptables.service: Unit iptables.service not loaded.# systemctl stop firewalldFailed to stop firewalld.service: Unit firewalld.service not loaded.# setenforce 0添加IP地址(controller)# vim /etc/sysconfig/network-scripts/ifcfg-eno16777736 #修改/添加如下内容BOOTPROTO=noneONBOOT=yes####第一个IP地址,用于对外服务####IPADDR0=192.168.100.130NETMASK0=255.255.255.0GATEWAY0=192.168.100.2####第二个IP地址,用于管理####IPADDR1=10.0.0.11NETMASK1=255.255.255.0添加IP地址(compute)# vim /etc/sysconfig/network-scripts/ifcfg-eno16777736 #修改/添加如下内容BOOTPROTO=noneONBOOT=yes####第一个IP地址,用于对外服务####IPADDR0=192.168.100.131NETMASK0=255.255.255.0GATEWAY0=192.168.100.2####第二个IP地址,用于管理####IPADDR1=10.0.0.31NETMASK1=255.255.255.0配置hosts(两端)# echo "10.0.0.11 controller" >> /etc/hosts# echo "10.0.0.31 compute1" >> /etc/hosts3.3 NTPCentOS7 中时间服务变为 chrony 了服务端操作# yum install -y chrony# vim /etc/chrony.conf#添加如下行allow 192.168.100.0/24allow 10.0.0.0/24# systemctl enable chronyd.service# systemctl start chronyd.service客户端操作# yum install -y chrony# vim /etc/chrony.conf#注释掉默认的NTP服务器#server 0.centos.pool.ntp.org iburst#server 1.centos.pool.ntp.org iburst#server 2.centos.pool.ntp.org iburst#server 3.centos.pool.ntp.org iburst#添加下面这行server controller iburst# systemctl enable chronyd.service# systemctl start chronyd.service验证# chronyc sources210 Number of sources = 4MS Name/IP address Stratum Poll Reach LastRx Last sample===============================================================================^? 202.118.1.130 0 8 0 10y +0ns[ +0ns] +/- 0ns^? news.neu.edu.cn 0 8 0 10y +0ns[ +0ns] +/- 0ns^? dns1.synet.edu.cn 0 8 0 10y +0ns[ +0ns] +/- 0ns^* time5.aliyun.com 2 6 377 16 -71us[ -243us] +/- 24ms# chronyc sources210 Number of sources = 1MS Name/IP address Stratum Poll Reach LastRx Last sample===============================================================================^* controller 3 6 17 42+1644ns[ -117us] +/- 26ms3.4 OpenStack安装包(两端)首先要禁用系统原有的epel源安装OpenStack提供的epel源# yum install -y centos-release-openstack-liberty# yum install -y https://rdoproject.org/repos/openstack-liberty/rdo-release-liberty.rpm安装 python-openstackclient# yum install -y python-openstackclient(可选)如果在yum安装过程中遇到问题,可以改用阿里源# vim CentOS-OpenStack-liberty.repo name=CentOS-7 - OpenStack libertybaseurl=http://mirrors.aliyun.com/centos/7/cloud/$basearch/openstack-liberty/gpgcheck=1enabled=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloudname=CentOS-7 - OpenStack liberty Testingbaseurl=http://buildlogs.centos.org/centos/7/cloud/$basearch/openstack-liberty/gpgcheck=0enabled=0# cat rdo-release.repo name=OpenStack Liberty Repositorybaseurl=http://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-liberty/gpgcheck=1enabled=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud升级系统# yum upgrade如果之前没有禁用SELinux,则安装 openstack-selinux 软件包,这个包会自动为openstack管理SELinux# yum install -y openstack-selinux3.5 SQL数据库大多数的openstack服务都是采用SQL数据库来存储数据,支持mysql和PostgreSQL,通常的做法是安装在 controller 节点上。这里数据库密码设置为 rootroot# yum install mariadb mariadb-server MySQL-python# vim /etc/my.cnf.d/mariadb_openstack.cnfbind-address = 10.0.0.11default-storage-engine = innodbinnodb_file_per_tablecollation-server = utf8_general_ciinit-connect = 'SET NAMES utf8'character-set-server = utf8# systemctl enable mariadb.serviceCreated symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.# systemctl start mariadb.service3.6 NoSQL部署了 Telemetry 服务才会需要NoSQL本次不部署3.7 消息队列OpenStack 使用消息队列来协调操作和状态信息,通常的做法是安装在 controller 节点上,OpenStack支持的消息队列服务含 RabbitMQ, Qpid 和 ZeroMQ,然而大多数 OpenStack 服务模块都只支持某种特定的消息队列服务,这里选择 RabbitMQ,因为所有的 openstack 模块都支持它。# yum install rabbitmq-server# systemctl enable rabbitmq-server.service# systemctl start rabbitmq-server.service添加 openstack 用户:# rabbitmqctl add_user openstack RABBIT_PASSCreating user "openstack" ...授权用户 openstack 读、写、配置的权限# rabbitmqctl set_permissions openstack ".*" ".*" ".*"Setting permissions for user "openstack" in vhost "/" ...四、认证服务(keystone)keystone 安装在 controller 节点,为了提高服务性能,使用 apache 提供WEB请求,由 memcached 来保存 Token 信息4.2 安装与配置
[*]为keystone 建一个数据库$ mysql -u root -pCREATE DATABASE keystone;GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \IDENTIFIED BY 'KEYSTONE_DBPASS';GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \IDENTIFIED BY 'KEYSTONE_DBPASS';
[*]安装软件包# yum install openstack-keystone httpd mod_wsgi \memcached python-memcached# systemctl enable memcached.service# systemctl start memcached.service
[*]配置 keystone注意:不同版本号的keystone,其默认配置可能会有所不同admin_token = ADMIN_TOKENverbose = Trueconnection = mysql://keystone:KEYSTONE_DBPASS@controller/keystoneservers = localhost:11211provider = uuiddriver = memcachedriver = sql
[*]初始化数据库# su -s /bin/sh -c "keystone-manage db_sync" keystone
[*]配置HTTP服务器修改服务器名# vim /etc/httpd/conf/httpd.confServerName controller添加 keystone 的服务# vim /etc/httpd/conf.d/wsgi-keystone.confListen 5000Listen 35357<VirtualHost *:5000> WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public WSGIScriptAlias / /usr/bin/keystone-wsgi-public WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On <IfVersion >= 2.4> ErrorLogFormat "%{cu}t %M" </IfVersion> ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory></VirtualHost><VirtualHost *:35357> WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-admin WSGIScriptAlias / /usr/bin/keystone-wsgi-admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On <IfVersion >= 2.4> ErrorLogFormat "%{cu}t %M" </IfVersion> ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory></VirtualHost>
[*]启动HTTP服务器# systemctl enable httpd.service# systemctl start httpd.service
[*]验证# ss -ntl | grep -E "5000|35357"LISTEN 0 128 :::35357 :::* LISTEN 0 128 :::5000 :::*
4.3 注册服务实体及API
[*]配置环境变量# vim admin.rcexport OS_TOKEN=ADMIN_TOKENexport OS_URL=http://controller:35357/v3export OS_IDENTITY_API_VERSION=3# source admin.rc
[*]服务注册# openstack service create \ --name keystone --description "OpenStack Identity" identity+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | OpenStack Identity || enabled | True || id | c9c8ca22d2a54c9fa1f3c77e1af7037d || name | keystone || type | identity |+-------------+----------------------------------+
[*]API注册openstack为每一服务提供三种API,admin、public、internal# openstack endpoint create --region RegionOne \ identity public http://controller:5000/v2.0+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id | 866c0c3f786c4f8c8c34d47c00ef2851 || interface | public || region | RegionOne || region_id | RegionOne || service_id | c9c8ca22d2a54c9fa1f3c77e1af7037d || service_name | keystone || service_type | identity || url | http://controller:5000/v2.0 |+--------------+----------------------------------+# openstack endpoint create --region RegionOne \ identity internal http://controller:5000/v2.0+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id | e6893e1876ac4eca9e0de360c8ee71cc || interface | internal || region | RegionOne || region_id | RegionOne || service_id | c9c8ca22d2a54c9fa1f3c77e1af7037d || service_name | keystone || service_type | identity || url | http://controller:5000/v2.0 |+--------------+----------------------------------+# openstack endpoint create --region RegionOne \ identity admin http://controller:35357/v2.0+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id | b16d1443007b4d0cb126a354ec70c0f5 || interface | admin || region | RegionOne || region_id | RegionOne || service_id | c9c8ca22d2a54c9fa1f3c77e1af7037d || service_name | keystone || service_type | identity || url | http://controller:35357/v2.0 |+--------------+----------------------------------+
4.4 创建项目、用户及规则
[*]创建 admin 项目# openstack project create --domain default \ --description "Admin Project" admin+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | Admin Project || domain_id | default || enabled | True || id | 2e7ff30adaa74c1eacbfb6568e76a70c || is_domain | False || name | admin || parent_id | None |+-------------+----------------------------------+
[*]创建 admin 用户这里输入的密码是 openstack# openstack user create --domain default \ --password-prompt adminUser Password:Repeat User Password:+-----------+----------------------------------+| Field | Value |+-----------+----------------------------------+| domain_id | default || enabled | True || id | 28927d1a28b34c09bf13413907a57b76 || name | admin |+-----------+----------------------------------+
[*]创建 admin 规则# openstack role create admin+-------+----------------------------------+| Field | Value |+-------+----------------------------------+| id | 62d1f3434ed746d580d771de68c0e459 || name| admin |+-------+----------------------------------+
[*]把 admin 项目、admin 规则、admin 用户关联起来# openstack role add --project admin --user admin admin
[*]创建 service 项目# openstack project create --domain default \ --description "Service Project" service+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | Service Project || domain_id | default || enabled | True || id | a794f7f642264b718023387f306f8d04 || is_domain | False || name | service || parent_id | None |+-------------+----------------------------------+
[*]创建 demo 项目# openstack project create --domain default \ --description "Demo Project" demo+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | Demo Project || domain_id | default || enabled | True || id | 9dad05492aa2462d83cbcb60fa4234c5 || is_domain | False || name | demo || parent_id | None |+-------------+----------------------------------+
[*]创建 demo 用户这里设置的密码也是 openstack# openstack user create --domain default \ --password-prompt demoUser Password:Repeat User Password:+-----------+----------------------------------+| Field | Value |+-----------+----------------------------------+| domain_id | default || enabled | True || id | 1fa35f1441b64169a9c82176f6ca3b43 || name | demo |+-----------+----------------------------------+
[*]创建 user 规则# openstack role create user+-------+----------------------------------+| Field | Value |+-------+----------------------------------+| id | d41c2832666240aca1a020cb4753baf2 || name| user |+-------+----------------------------------+
[*]把 demo 项目、user 规则、demo 用户关联起来# openstack role add --project demo --user demo user
4.5 验证
[*]出于安全考虑,修改配置编辑 /usr/share/keystone/keystone-dist-paste.ini ,从 、 和 这三部分内容中删除 admin_token_auth
[*]为了验证,临时改环境变量# unset OS_TOKEN OS_URL
[*]为 admin 用户请求 token# openstack --os-auth-url http://controller:35357/v3 \ --os-project-domain-id default --os-user-domain-id default \ --os-project-name admin --os-username admin --os-auth-type password \ token issuePassword: +------------+----------------------------------+| Field | Value |+------------+----------------------------------+| expires | 2016-08-29T01:48:02.212203Z || id | ebe202fdc5c84af180e89f1a9f67f7af || project_id | 2e7ff30adaa74c1eacbfb6568e76a70c || user_id | 28927d1a28b34c09bf13413907a57b76 |+------------+----------------------------------+
4.6 使用环境变量脚本从上一节的验证部分可以发现,openstack 的命令有很多参数,如果每一次输入命令都要带上所有的参数,那就太麻烦了,解决此问题的方法就是使用环境变量,只要设置了相关的环境变量,输入命令时就可以省略相应的参数
[*]创建 admin 用户的环境脚本# vim admin-openrc.shexport OS_PROJECT_DOMAIN_ID=defaultexport OS_USER_DOMAIN_ID=defaultexport OS_PROJECT_NAME=adminexport OS_TENANT_NAME=adminexport OS_USERNAME=adminexport OS_PASSWORD=openstackexport OS_AUTH_URL=http://controller:35357/v3export OS_IDENTITY_API_VERSION=3
[*]创建 demo 用户的环境脚本# vim demo-openrc.shexport OS_PROJECT_DOMAIN_ID=defaultexport OS_USER_DOMAIN_ID=defaultexport OS_PROJECT_NAME=demoexport OS_TENANT_NAME=demoexport OS_USERNAME=demoexport OS_PASSWORD=openstackexport OS_AUTH_URL=http://controller:5000/v3export OS_IDENTITY_API_VERSION=3
[*]使用脚本# source admin-openrc.sh # openstack token issue+------------+----------------------------------+| Field | Value |+------------+----------------------------------+| expires | 2016-08-29T02:02:19.471758Z || id | 91890941cacd4e849197aeaff18d13fe || project_id | 2e7ff30adaa74c1eacbfb6568e76a70c || user_id | 28927d1a28b34c09bf13413907a57b76 |+------------+----------------------------------+
五、安装镜像服务(glance)glance为用户提供虚拟机镜像的发现、注册和取回服务。默认把镜像存放在 /var/lib/glance/images/ 目录下5.1 环境准备
[*]数据库准备# mysql -u root -pCREATE DATABASE glance;GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \IDENTIFIED BY 'GLANCE_DBPASS';GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \IDENTIFIED BY 'GLANCE_DBPASS';
[*]使用 admin 权限# source admin-openrc.sh
[*]创建 glance 用户密码设置为 openstack# openstack user create --domain default --password-prompt glanceUser Password:Repeat User Password:+-----------+----------------------------------+| Field | Value |+-----------+----------------------------------+| domain_id | default || enabled | True || id | addd4b136dd848709a8510a7a51880c4 || name | glance |+-----------+----------------------------------+
[*]把 service 项目、admin 规则、glance 用户关联起来 # openstack role add --project service --user glance admin
[*]注册名为 image 的服务# openstack service create --name glance \ --description "OpenStack Image service" image+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | OpenStack Image service || enabled | True || id | fbe45ebea79b49ef8dcf7ddb126e2da9 || name | glance || type | image |+-------------+----------------------------------+
[*]注册API端点# openstack endpoint create --region RegionOne \ image public http://controller:9292+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id | 8f3c456c8a6b4697a79b649637438682 || interface | public || region | RegionOne || region_id | RegionOne || service_id | fbe45ebea79b49ef8dcf7ddb126e2da9 || service_name | glance || service_type | image || url | http://controller:9292 |+--------------+----------------------------------+# openstack endpoint create --region RegionOne \ image internal http://controller:9292+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id | df2c31ab52c9447da812040c4feff203 || interface | internal || region | RegionOne || region_id | RegionOne || service_id | fbe45ebea79b49ef8dcf7ddb126e2da9 || service_name | glance || service_type | image || url | http://controller:9292 |+--------------+----------------------------------+# openstack endpoint create --region RegionOne \ image admin http://controller:9292+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id | da36d20ff8964595b874112921d72eff || interface | admin || region | RegionOne || region_id | RegionOne || service_id | fbe45ebea79b49ef8dcf7ddb126e2da9 || service_name | glance || service_type | image || url | http://controller:9292 |+--------------+----------------------------------+
5.2 安装与配置
[*]安装程序包# yum install openstack-glance python-glance python-glanceclient
[*]编辑 /etc/glance/glance-api.confnotification_driver = noopverbose = Trueconnection = mysql://glance:GLANCE_DBPASS@controller/glanceauth_uri = http://controller:5000auth_url = http://controller:35357auth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultproject_name = serviceusername = glancepassword = openstackflavor = keystonedefault_store = filefilesystem_store_datadir = /var/lib/glance/images/
[*]编辑 /etc/glance/glance-registry.confnotification_driver = noopverbose = Trueconnection = mysql://glance:GLANCE_DBPASS@controller/glanceauth_uri = http://controller:5000auth_url = http://controller:35357auth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultproject_name = serviceusername = glancepassword = openstackflavor = keystone
[*]导入数据# su -s /bin/sh -c "glance-manage db_sync" glanceNo handlers could be found for logger "oslo_config.cfg"这个错误可以忽略
5.3 完成安装 # systemctl enable openstack-glance-api.service \ openstack-glance-registry.service # systemctl start openstack-glance-api.service \ openstack-glance-registry.service5.4 验证我们使用一个非常小的系统镜像来验证 glance 是否成功部署
[*]修改环境变量脚本# echo "export OS_IMAGE_API_VERSION=2" \ | tee -a admin-openrc.sh demo-openrc.sh
[*]使用 admin 权限# source admin-openrc.sh
[*]下载镜像# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img如果上面的镜像访问不了,可以使用下面这个https://launchpadlibrarian.net/83305348/cirros-0.3.0-x86_64-disk.img
[*]上传镜像给 glance# glance image-create --name "cirros" \ --file cirros-0.3.4-x86_64-disk.img \ --disk-format qcow2 --container-format bare \ --visibility public --progress[=============================>] 100%+------------------+--------------------------------------+| Property | Value |+------------------+--------------------------------------+| checksum | b085f55ed9f8dde416520d901b23ac4d || container_format | bare || created_at | 2016-08-29T02:45:11Z || disk_format | qcow2 || id | 2569f637-f41c-4747-8f53-fa6a687840c7 || min_disk | 0 || min_ram | 0 || name | cirros || owner | 2e7ff30adaa74c1eacbfb6568e76a70c || protected | False || size | 16384 || status | active || tags | [] || updated_at | 2016-08-29T02:45:12Z || virtual_size | None || visibility | public |+------------------+--------------------------------------+
[*]查看已上传的镜像# glance image-list+--------------------------------------+--------+| ID | Name |+--------------------------------------+--------+| 2569f637-f41c-4747-8f53-fa6a687840c7 | cirros |+--------------------------------------+--------+
六、安装计算服务(nova)6.1 安装及配置控制节点(controller)这一部分讲述的是 nova 在控制节点(compute)上的部署
[*]创建数据库# mysql -u root -pCREATE DATABASE nova;GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \IDENTIFIED BY 'NOVA_DBPASS';GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \IDENTIFIED BY 'NOVA_DBPASS';
[*]使用 admin 用户权限#source admin-openrc.sh
[*]创建 nova 用户这里密码设为: openstack# openstack user create --domain default --password-prompt novaUser Password:Repeat User Password:+-----------+----------------------------------+| Field | Value |+-----------+----------------------------------+| domain_id | default || enabled | True || id | d51a6e818f4746028b67bbe8d04c2436 || name | nova |+-----------+----------------------------------+
[*]添加规则# openstack role add --project service --user nova admin
[*]创建服务# openstack service create --name nova \ --description "OpenStack Compute" compute+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | OpenStack Compute || enabled | True || id | 982dd382eacc434cafb2f18626e40e47 || name | nova || type | compute |+-------------+----------------------------------+
[*]注册API#openstack endpoint create --region RegionOne \ compute public http://controller:8774/v2/%\(tenant_id\)s+--------------+-----------------------------------------+| Field | Value |+--------------+-----------------------------------------+| enabled | True || id | cc57d697e613465980060e3fa3499908 || interface | public || region | RegionOne || region_id | RegionOne || service_id | 982dd382eacc434cafb2f18626e40e47 || service_name | nova || service_type | compute || url | http://controller:8774/v2/%(tenant_id)s |+--------------+-----------------------------------------+# openstack endpoint create --region RegionOne \ compute internal http://controller:8774/v2/%\(tenant_id\)s+--------------+-----------------------------------------+| Field | Value |+--------------+-----------------------------------------+| enabled | True || id | 04f6ad7243e74f86b315a95e210a9c96 || interface | internal || region | RegionOne || region_id | RegionOne || service_id | 982dd382eacc434cafb2f18626e40e47 || service_name | nova || service_type | compute || url | http://controller:8774/v2/%(tenant_id)s |+--------------+-----------------------------------------+# openstack endpoint create --region RegionOne \ compute admin http://controller:8774/v2/%\(tenant_id\)s+--------------+-----------------------------------------+| Field | Value |+--------------+-----------------------------------------+| enabled | True || id | ebced03a21d94259801222520503033c || interface | admin || region | RegionOne || region_id | RegionOne || service_id | 982dd382eacc434cafb2f18626e40e47 || service_name | nova || service_type | compute || url | http://controller:8774/v2/%(tenant_id)s |+--------------+-----------------------------------------+
[*]安装以及配置组件# yum install openstack-nova-api openstack-nova-cert \ openstack-nova-conductor openstack-nova-console \ openstack-nova-novncproxy openstack-nova-scheduler \ python-novaclient
[*]编辑 /etc/nova/nova.confnetwork_api_class = nova.network.neutronv2.api.APIsecurity_group_api = neutronlinuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriverfirewall_driver = nova.virt.firewall.NoopFirewallDriverrpc_backend = rabbitauth_strategy = keystonemy_ip = 10.0.0.11enabled_apis=osapi_compute,metadataverbose = Truerabbit_host = controllerrabbit_userid = openstackrabbit_password = RABBIT_PASSconnection = mysql://nova:NOVA_DBPASS@controller/novaauth_uri = http://controller:5000auth_url = http://controller:35357auth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultproject_name = serviceusername = novapassword = openstack #NOVA_PASSvncserver_listen = $my_ipvncserver_proxyclient_address = $my_iphost = controllerlock_path = /var/lib/nova/tmp
[*]数据导入# su -s /bin/sh -c "nova-manage db sync" novaNo handlers could be found for logger "oslo_config.cfg"
[*]完成安装# systemctl enable openstack-nova-api.service \openstack-nova-cert.service openstack-nova-consoleauth.service \openstack-nova-scheduler.service openstack-nova-conductor.service \openstack-nova-novncproxy.service# systemctl start openstack-nova-api.service \openstack-nova-cert.service openstack-nova-consoleauth.service \openstack-nova-scheduler.service openstack-nova-conductor.service \openstack-nova-novncproxy.service
6.2 安装及配置计算节点(compute)这一部分讲述的是 nova 在计算节点(compute)上的部署
[*]安装# yum install openstack-nova-compute sysfsutils
[*]编辑 /etc/nova/nova.confrpc_backend = rabbitauth_strategy = keystonemy_ip = 10.0.0.31network_api_class = nova.network.neutronv2.api.APIsecurity_group_api = neutronlinuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriverfirewall_driver = nova.virt.firewall.NoopFirewallDriververbose = Truerabbit_host = controllerrabbit_userid = openstackrabbit_password = RABBIT_PASSauth_uri = http://controller:5000auth_url = http://controller:35357auth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultproject_name = serviceusername = novapassword = openstackenabled = Truevncserver_listen = 0.0.0.0vncserver_proxyclient_address = $my_ipnovncproxy_base_url = http://controller:6080/vnc_auto.htmlhost = controllerlock_path = /var/lib/nova/tmp
[*]检查服务器是否支持硬件虚拟化# egrep -c '(vmx|svm)' /proc/cpuinfo1如果显示的数字是0,则表示不支持硬件虚拟化,需要设置服务器使支持,或者使用qemu,方法如下# vim /etc/nova/nova.confvirt_type = qemu
[*]完成安装# systemctl enable libvirtd.service openstack-nova-compute.service# systemctl start libvirtd.service openstack-nova-compute.service
[*]验证拉取环境变量配置脚本# scp controller:~/*openrc.sh .root@controller's password: admin-openrc.sh 100%289 0.3KB/s 00:00 demo-openrc.sh 100%285 0.3KB/s 00:00使用环境变量# source admin-openrc.sh 查看 nova 服务组件# nova service-list+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+| Id | Binary | Host | Zone | Status| State | Updated_at | Disabled Reason |+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+| 1| nova-conductor | controller | internal | enabled | up | 2016-08-29T06:29:36.000000 | - || 2| nova-consoleauth | controller | internal | enabled | up | 2016-08-29T06:29:36.000000 | - || 3| nova-cert | controller | internal | enabled | up | 2016-08-29T06:29:37.000000 | - || 4| nova-scheduler | controller | internal | enabled | up | 2016-08-29T06:29:37.000000 | - || 5| nova-compute | compute1 | nova | enabled | up | 2016-08-29T06:29:41.000000 | - |+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+查看API端点(可以忽 WARNING 级别的信息)# nova endpointsWARNING: nova has no endpoint in ! Available endpoints for this service:+-----------+------------------------------------------------------------+| nova | Value |+-----------+------------------------------------------------------------+| id | 04f6ad7243e74f86b315a95e210a9c96 || interface | internal || region | RegionOne || region_id | RegionOne || url | http://controller:8774/v2/2e7ff30adaa74c1eacbfb6568e76a70c |+-----------+------------------------------------------------------------++-----------+------------------------------------------------------------+| nova | Value |+-----------+------------------------------------------------------------+| id | cc57d697e613465980060e3fa3499908 || interface | public || region | RegionOne || region_id | RegionOne || url | http://controller:8774/v2/2e7ff30adaa74c1eacbfb6568e76a70c |+-----------+------------------------------------------------------------++-----------+------------------------------------------------------------+| nova | Value |+-----------+------------------------------------------------------------+| id | ebced03a21d94259801222520503033c || interface | admin || region | RegionOne || region_id | RegionOne || url | http://controller:8774/v2/2e7ff30adaa74c1eacbfb6568e76a70c |+-----------+------------------------------------------------------------+WARNING: keystone has no endpoint in ! Available endpoints for this service:+-----------+----------------------------------+| keystone| Value |+-----------+----------------------------------+| id | 866c0c3f786c4f8c8c34d47c00ef2851 || interface | public || region | RegionOne || region_id | RegionOne || url | http://controller:5000/v2.0 |+-----------+----------------------------------++-----------+----------------------------------+| keystone| Value |+-----------+----------------------------------+| id | b16d1443007b4d0cb126a354ec70c0f5 || interface | admin || region | RegionOne || region_id | RegionOne || url | http://controller:35357/v2.0 |+-----------+----------------------------------++-----------+----------------------------------+| keystone| Value |+-----------+----------------------------------+| id | e6893e1876ac4eca9e0de360c8ee71cc || interface | internal || region | RegionOne || region_id | RegionOne || url | http://controller:5000/v2.0 |+-----------+----------------------------------+WARNING: glance has no endpoint in ! Available endpoints for this service:+-----------+----------------------------------+| glance | Value |+-----------+----------------------------------+| id | 8f3c456c8a6b4697a79b649637438682 || interface | public || region | RegionOne || region_id | RegionOne || url | http://controller:9292 |+-----------+----------------------------------++-----------+----------------------------------+| glance | Value |+-----------+----------------------------------+| id | da36d20ff8964595b874112921d72eff || interface | admin || region | RegionOne || region_id | RegionOne || url | http://controller:9292 |+-----------+----------------------------------++-----------+----------------------------------+| glance | Value |+-----------+----------------------------------+| id | df2c31ab52c9447da812040c4feff203 || interface | internal || region | RegionOne || region_id | RegionOne || url | http://controller:9292 |+-----------+----------------------------------+查看镜像# nova image-list+--------------------------------------+--------+--------+--------+| ID | Name | Status | Server |+--------------------------------------+--------+--------+--------+| 2569f637-f41c-4747-8f53-fa6a687840c7 | cirros | ACTIVE | |+--------------------------------------+--------+--------+--------+
七、安装网络组件(neutron)7.1 安装及配置 controller 节点
[*]数据库#mysql -u root -pCREATE DATABASE neutron;GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \IDENTIFIED BY 'NEUTRON_DBPASS';GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \IDENTIFIED BY 'NEUTRON_DBPASS';
[*]使用 admin 权限# source admin-openrc.sh
[*]创建服务凭证创建 neutron 用户,这里密码设置为: openstack# openstack user create --domain default --password-prompt neutronUser Password:Repeat User Password:+-----------+----------------------------------+| Field | Value |+-----------+----------------------------------+| domain_id | default || enabled | True || id | 26c2d483816443c69ebd68a2a0f7661f || name | neutron |+-----------+----------------------------------+添加规则# openstack role add --project service --user neutron admin注册 neutron 服务# openstack service create --name neutron \ --description "OpenStack Networking" network+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | OpenStack Networking || enabled | True || id | 7fe502d073214afda58b7b250ae9e962 || name | neutron || type | network |+-------------+----------------------------------+
[*]创建API# openstack endpoint create --region RegionOne \ network public http://controller:9696+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id | b3c540fa5b54492cba3dd1f79b3bd51c || interface | public || region | RegionOne || region_id | RegionOne || service_id | 7fe502d073214afda58b7b250ae9e962 || service_name | neutron || service_type | network || url | http://controller:9696 |+--------------+----------------------------------+# openstack endpoint create --region RegionOne \ network internal http://controller:9696+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id | fa2a872165b54ce3ad453a733dbafb7b || interface | internal || region | RegionOne || region_id | RegionOne || service_id | 7fe502d073214afda58b7b250ae9e962 || service_name | neutron || service_type | network || url | http://controller:9696 |+--------------+----------------------------------+# openstack endpoint create --region RegionOne \ network admin http://controller:9696+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id | 64b2d00beda044099dfa90bc0feac9b5 || interface | admin || region | RegionOne || region_id | RegionOne || service_id | 7fe502d073214afda58b7b250ae9e962 || service_name | neutron || service_type | network || url | http://controller:9696 |+--------------+----------------------------------+
[*]配置网络根据使用场景的不同,网络配置分两种类型1: Provider networks #这种最简单,下面的安装步骤就基于这种类型2: Self-service networks
[*]安装相关组件# yum install openstack-neutron openstack-neutron-ml2 \ openstack-neutron-linuxbridge python-neutronclient ebtables ipset
[*]配置 neutron 服务端组件服务端组件配置包含数据库、认证、消息队列、拓朴变化通知、插件编辑 /etc/neutron/neutron.confcore_plugin = ml2service_plugins =rpc_backend = rabbitauth_strategy = keystonenotify_nova_on_port_status_changes = Truenotify_nova_on_port_data_changes = Truenova_url = http://controller:8774/v2verbose = Trueconnection = mysql://neutron:NEUTRON_DBPASS@controller/neutronrabbit_host = controllerrabbit_userid = openstackrabbit_password = RABBIT_PASSlock_path = /var/lib/neutron/tmpauth_uri = http://controller:5000auth_url = http://controller:35357auth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultproject_name = serviceusername = neutronpassword = openstackauth_url = http://controller:35357auth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultregion_name = RegionOneproject_name = serviceusername = novapassword = openstack
[*]配置 ML2 plug-in编辑 /etc/neutron/plugins/ml2/ml2_conf.ini# 注意:启用ML2后,如果删除了type_drivers的值将导致数据库异常type_drivers = flat,vlantenant_network_types =mechanism_drivers = linuxbridgeextension_drivers = port_securityflat_networks = publicenable_ipset = True
[*]配置 Linux bridge agent编辑 /etc/neutron/plugins/ml2/linuxbridge_agent.iniphysical_interface_mappings = public:eno16777736enable_vxlan = Falseprevent_arp_spoofing = Trueenable_security_group = Truefirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[*]配置 DHCP Agent编辑 /etc/neutron/dhcp_agent.iniinterface_driver = neutron.agent.linux.interface.BridgeInterfaceDriverdhcp_driver = neutron.agent.linux.dhcp.Dnsmasqenable_isolated_metadata = Trueverbose = True
[*]配置 metadata agent编辑 /etc/neutron/metadata_agent.iniauth_uri = http://controller:5000auth_url = http://controller:35357auth_region = RegionOneauth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultproject_name = serviceusername = neutronpassword = openstacknova_metadata_ip = controllermetadata_proxy_shared_secret = METADATA_SECRETverbose = True
[*]配置 nova 使 compute 节点可以使用网络编辑 /etc/nova/nova.confurl = http://controller:9696auth_url = http://controller:35357auth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultregion_name = RegionOneproject_name = serviceusername = neutronpassword = openstackservice_metadata_proxy = Truemetadata_proxy_shared_secret = METADATA_SECRET
[*]完成安装建立链接# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini同步数据# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron重启 nova-api 服务# systemctl restart openstack-nova-api.service启动及配置开机启动# systemctl enable neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service# systemctl start neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service
7.2 安装及配置 compute 节点
[*]组件安装# yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset
[*]公共组件配置网络公共组件配置包含认证、消息队列和插件编辑 /etc/neutron/neutron.confrpc_backend = rabbitauth_strategy = keystoneverbose = Truerabbit_host = controllerrabbit_userid = openstackrabbit_password = RABBIT_PASSlock_path = /var/lib/neutron/tmp# 注释掉该模块的所有配置,因不需要 compute 节点直接连接数据库auth_uri = http://controller:5000auth_url = http://controller:35357auth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultproject_name = serviceusername = neutronpassword = openstack
[*]配置网络选项根据网络类型不同,compute节点也有两种配置方法,要和controller节点一样1: Provider networks #我们的选择2: Self-service networks
[*]配置 Linux bridge agent编辑 /etc/neutron/plugins/ml2/linuxbridge_agent.iniphysical_interface_mappings = public:eno16777736enable_vxlan = Falseprevent_arp_spoofing = Trueenable_security_group = Truefirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[*]配置compute节点使用网络编辑 /etc/nova/nova.confurl = http://controller:9696auth_url = http://controller:35357auth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultregion_name = RegionOneproject_name = serviceusername = neutronpassword = openstack
[*]完成安装重启 compute 服务# systemctl restart openstack-nova-compute.service启动 Linux bridge agent 并设置开机自启动# systemctl enable neutron-linuxbridge-agent.service# systemctl start neutron-linuxbridge-agent.service
7.3 验证以下命令在controller节点上执行 # source admin-openrc.sh # neutron ext-list +-----------------------+--------------------------+ | alias | name | +-----------------------+--------------------------+ | flavors | Neutron Service Flavors| | security-group | security-group | | dns-integration | DNS Integration | | net-mtu | Network MTU | | port-security | Port Security | | binding | Port Binding | | provider | Provider Network | | agent | agent | | quotas | Quota management support | | subnet_allocation | Subnet Allocation | | dhcp_agent_scheduler| DHCP Agent Scheduler | | rbac-policies | RBAC Policies | | external-net | Neutron external network | | multi-provider | Multi Provider Network | | allowed-address-pairs | Allowed Address Pairs | | extra_dhcp_opt | Neutron Extra DHCP opts| +-----------------------+--------------------------+ # neutron agent-list +--------------------------------------+--------------------+------------+-------+----------------+---------------------------+ | id | agent_type | host | alive | admin_state_up | binary | +--------------------------------------+--------------------+------------+-------+----------------+---------------------------+ | 14707d27-e2ff-4444-9653-3082877e3e6e | DHCP agent | controller | :-) | True | neutron-dhcp-agent | | 6b3da4d5-d162-4756-8b01-a61000401140 | Linux bridge agent | compute1 | :-) | True | neutron-linuxbridge-agent | | 80b833cd-4733-4da7-8f6b-09a00408a0e2 | Metadata agent | controller | :-) | True | neutron-metadata-agent | | 83489ddc-36a1-46b9-94dc-afd2e36694be | Linux bridge agent | controller | :-) | True | neutron-linuxbridge-agent | +--------------------------------------+--------------------+------------+-------+----------------+---------------------------+下面这个应该能看到4个agent,3个在controller节点,1个在compute1节点八、控制面板(horizon)基于WEB的管理界面,用来管理openstack,通过API交互。一般安装在 controller 节点上。
[*]安装程序# yum install openstack-dashboard
[*]编辑 /etc/openstack-dashboard/local_settingsOPENSTACK_HOST = "controller"ALLOWED_HOSTS = ['*', ]CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': '127.0.0.1:11211', }}OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = TrueOPENSTACK_API_VERSIONS = { "identity": 3, "volume": 2,}OPENSTACK_NEUTRON_NETWORK = { ... 'enable_router': False, 'enable_quotas': False, 'enable_distributed_router': False, 'enable_ha_router': False, 'enable_lb': False, 'enable_firewall': False, 'enable_vpn': False, 'enable_fip_topology_check': False,}#时区设置TIME_ZONE = "UTC"
[*]完成安装# systemctl enable httpd.service memcached.service# systemctl restart httpd.service memcached.service
[*]验证用浏览器打开:http://controller/dashboard域: default用户: admin 或 demon
九、启动虚拟机实例http://www.infocool.net/u/cms/www/201609/07120204ahri.pnghttp://www.infocool.net/u/cms/www/201609/07120206p9jy.png9.1 创建虚拟网络9.1.1 使用 admin 权限# source admin-openrc.sh9.1.2 创建共享网络# neutron net-create public --shared --provider:physical_network public \ --provider:network_type flatCreated a new network:+---------------------------+--------------------------------------+| Field | Value |+---------------------------+--------------------------------------+| admin_state_up | True || id | 5be95c56-3ce8-4f97-84dd-283652e7c995 || mtu | 0 || name | public || port_security_enabled | True || provider:network_type | flat || provider:physical_network | public || provider:segmentation_id| || router:external | False || shared | True || status | ACTIVE || subnets | || tenant_id | 2e7ff30adaa74c1eacbfb6568e76a70c |+---------------------------+--------------------------------------+--shared 表示允许所有的项目使用该网络9.1.3 创建子网# neutron subnet-create public 192.168.100.0/24 --name public \ --allocation-pool start=192.168.100.50,end=192.168.100.99\ --dns-nameserver 211.162.66.66 --gateway 192.168.100.2Created a new subnet:+-------------------+------------------------------------------------------+| Field | Value |+-------------------+------------------------------------------------------+| allocation_pools| {"start": "192.168.100.50", "end": "192.168.100.99"} || cidr | 192.168.100.0/24 || dns_nameservers | 211.162.66.66 || enable_dhcp | True || gateway_ip | 192.168.100.2 || host_routes | || id | 14982f32-9365-4931-ad55-be6b82361ae4 || ip_version | 4 || ipv6_address_mode | || ipv6_ra_mode | || name | public || network_id | 5be95c56-3ce8-4f97-84dd-283652e7c995 || subnetpool_id | || tenant_id | 2e7ff30adaa74c1eacbfb6568e76a70c |+-------------------+------------------------------------------------------+9.2 生成密钥对9.2.1 使用 demo 权限# source demo-openrc.sh 9.2.2 生成密钥对如果已有密钥,则可以不使用 ssh-keygen 重新生成# ssh-keygen -q -N ""Enter file in which to save the key (/root/.ssh/id_rsa): # nova keypair-add --pub-key ~/.ssh/id_rsa.pub mykey9.2.3 查看有哪些可用的密钥# nova keypair-list+-------+-------------------------------------------------+| Name| Fingerprint |+-------+-------------------------------------------------+| mykey | f1:78:45:e2:a8:70:dc:cd:53:c1:69:04:26:df:97:96 |+-------+-------------------------------------------------+9.3 添加安全规则组默认情况下,安全规则组 default 会应用到所有的实例当中,它会通过防火墙规则来拒绝所有的远程访问。一般来说,我们通常会放行 ICMP 和 SSH 这两种协议的访问。9.3.1 放行 ICMP 协议# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0+-------------+-----------+---------+-----------+--------------+| IP Protocol | From Port | To Port | IP Range| Source Group |+-------------+-----------+---------+-----------+--------------+| icmp | -1 | -1 | 0.0.0.0/0 | |+-------------+-----------+---------+-----------+--------------+9.3.2 放行 SSH 协议# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0+-------------+-----------+---------+-----------+--------------+| IP Protocol | From Port | To Port | IP Range| Source Group |+-------------+-----------+---------+-----------+--------------+| tcp | 22 | 22 | 0.0.0.0/0 | |+-------------+-----------+---------+-----------+--------------+9.4 启动虚拟机实例9.4.1 确定创建虚拟机实例所需要的相关组件及参数
[*]使用 demo 权限# source demo-openrc.sh
[*]查看预定义虚拟机硬件配置# nova flavor-list+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+| ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+| 1| m1.tiny | 512 | 1 | 0 | | 1 | 1.0 | True || 2| m1.small| 2048 | 20 | 0 | | 1 | 1.0 | True || 3| m1.medium | 4096 | 40 | 0 | | 2 | 1.0 | True || 4| m1.large| 8192 | 80 | 0 | | 4 | 1.0 | True || 5| m1.xlarge | 16384 | 160| 0 | | 8 | 1.0 | True |+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+在这里我们将选择 m1.tiny
[*]查看可用镜像#nova image-list+--------------------------------------+--------+--------+--------+| ID | Name | Status | Server |+--------------------------------------+--------+--------+--------+| 2569f637-f41c-4747-8f53-fa6a687840c7 | cirros | ACTIVE | |+--------------------------------------+--------+--------+--------+
[*]查看可用的网络# neutron net-list+--------------------------------------+--------+-------------------------------------------------------+| id | name | subnets |+--------------------------------------+--------+-------------------------------------------------------+| 5be95c56-3ce8-4f97-84dd-283652e7c995 | public | 14982f32-9365-4931-ad55-be6b82361ae4 192.168.100.0/24 |+--------------------------------------+--------+-------------------------------------------------------+这是之前我们创建的 public 网络,但必须使用 id 来调用网络
9.4.2 启动实例# nova boot --flavor m1.tiny --image cirros --nic net-id=5be95c56-3ce8-4f97-84dd-283652e7c995 \ --security-group default --key-name mykey public-instance+--------------------------------------+-----------------------------------------------+| Property | Value |+--------------------------------------+-----------------------------------------------+| OS-DCF:diskConfig | MANUAL || OS-EXT-AZ:availability_zone | || OS-EXT-STS:power_state | 0 || OS-EXT-STS:task_state | scheduling || OS-EXT-STS:vm_state | building || OS-SRV-USG:launched_at | - || OS-SRV-USG:terminated_at | - || accessIPv4 | || accessIPv6 | || adminPass | Lps33tUD5Rwz || config_drive | || created | 2016-08-30T05:03:21Z || flavor | m1.tiny (1) || hostId | || id | faad8a82-acf6-454a-80ea-366ce42986c4 || image | cirros (2569f637-f41c-4747-8f53-fa6a687840c7) || key_name | mykey || metadata | {} || name | public-instance || os-extended-volumes:volumes_attached | [] || progress | 0 || security_groups | default || status | BUILD || tenant_id | 9dad05492aa2462d83cbcb60fa4234c5 || updated | 2016-08-30T05:03:21Z || user_id | 1fa35f1441b64169a9c82176f6ca3b43 |+--------------------------------------+-----------------------------------------------+命令里的 5be95c56-3ce8-4f97-84dd-283652e7c995 就是之前通过 neutron net-list 查询到的网络ID9.4.3 查看实例状态# nova list+--------------------------------------+-----------------+--------+------------+-------------+-----------------------+| ID | Name | Status | Task State | Power State | Networks |+--------------------------------------+-----------------+--------+------------+-------------+-----------------------+| faad8a82-acf6-454a-80ea-366ce42986c4 | public-instance | ACTIVE | - | Running | public=192.168.100.51 |+--------------------------------------+-----------------+--------+------------+-------------+-----------------------+实例启动完成后,状态会由 BUILD 变为 ACTIVE9.5 通过虚拟控制台访问实例9.5.1 通过浏览器访问VNC# nova get-vnc-console public-instance novnc+-------+---------------------------------------------------------------------------------+| Type| Url |+-------+---------------------------------------------------------------------------------+| novnc | http://controller:6080/vnc_auto.html?token=54f74d29-43bd-4928-96a7-28ae19617ae2 |+-------+---------------------------------------------------------------------------------+如果浏览器所在的主机不能解析 controller 则可以替换成IP地址9.5.2 SSH登录测试# ssh cirros@192.168.100.52The authenticity of host '192.168.100.52 (192.168.100.52)' can't be established.RSA key fingerprint is 43:5c:b8:69:46:d4:70:ef:7e:79:8b:b2:4a:11:02:e6.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '192.168.100.52' (RSA) to the list of known hosts.cirros@192.168.100.52's password: $ $ ls$ pwd/home/cirros$ cat /etc/issuelogin as 'cirros' user. default password: 'cubswin:)'. use 'sudo' for root.$ 默认用户 cirros ,密码 cubswin:)===================http://www.infocool.net/u/cms/www/201609/07120207aa1g.png1.官方镜像下载: http://docs.openstack.org/image-guide/obtain-images.html2. 快照功能: 做快照会把实例关闭的,然后再快照生成镜像,快照完成后不会自动启动实例3. 软重启和硬重启: 软重启是正常的通知系统启动系统;硬重启是直接断电,再启动系统。
摘自:http://www.infocool.net/kb/OpenStack/201609/187078.html
在 CentOS7.2 上安装 OpenStack Liberty 版
页:
[1]