Win10+VirtualBox+Openstack Mitaka
首先VirtualBox安裝的話,沒有什麼可演示的,去官網(https://www.virtualbox.org/wiki/Downloads)下載,或者可以去(https://www.virtualbox.org/wiki/Download_Old_Builds)下載舊版本。
接下來設置virtualbox的網路
這裡需要注意的是IP地址欄中的信息,必須全部刪除然後切換為英文輸入法,再次輸入。
接下來配置Host-Only
以下是確認沒有啟用DHCP
接下來就是安裝ubuntu了,
點擊新建虛擬機,選擇linux,發行版本選擇ubuntu 64 bit
這裡安裝過程不再演示,但是在配置網路的時候要安裝如下所示配置
網卡2的配置如下
接下來就是添加存儲,選擇之前下載好的ubuntu-14.04.5-server-amd64.iso鏡像文件,下載地址(http://mirrors.aliyun.com/ubuntu-releases/14.04/ubuntu-14.04.5-server-amd64.iso)
點擊「OK」之後,開啟虛擬機即可開始安裝
語言:English(回車)
Ubuntu: Install Ubuntu Server(回車)
接下來直接敲回車即可,直到:
由於需要使用Nat訪問外網,所以這裡選擇eth0.回車之後,直接選擇『cancel』,回車會告警,忽略這個告警直接點擊「continue」,會提示讓配置網路,選擇手動配置,回車:
IP address:10.0.3.10
Netmask: 255.255.255.0
Gateway:10.0.30.1
Name server addresses: 114.114.114.114
Hostname: controller
Domain name: 不設置,直接回車即可,
Full name for the new user: openstack
Username for your account: openstack
Choose a password for the new user: 123456
Re-enter password to verify: 123456
Use weak password? 選擇「yes」,回車
Encrypt your home directory? 選擇「No」,回車
接下來需要確認當前的時區是上海,如果是上海,選擇「yes」進行下一步;不是上海選擇「No」,然後在列表中選擇上海。
在Partition disks選項中,選擇「Guided - user entire disk",然後回車,回車,出現如下所示,選擇「Yes」,回車
Configure the package manager: 不設置HTTP proxy,直接選擇continue,回車
Configuring apt兩步直接回車取消掉即可
Configuring taskel: No automatic updates, 回車之後選擇安裝OpenSSH server
安裝已完成,系統會自動重啟,重啟完成,關機,然後進行克隆操作,由於我這裡安裝的virtualbox版本是6.0,所以菜單選項中沒有克隆這個選項,但是有複製,
確定之後選擇「完全複製」。
接下來開始配置系統環境,選擇剛剛創建好的虛擬機,點擊啟動,然後找到這個網址(https://github.com/JiYou/openstack-m/blob/master/os/interfaces)這是網卡配置文件,接下來開始查看並編輯網卡配置文件interfaces
openstack@controller:~$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 10.0.3.10
netmask 255.255.255.0
network 10.0.3.0
broadcast 10.0.3.255
gateway 10.0.3.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 114.114.114.114
auto eth1
iface eth1 inet static
address 192.168.56.10
netmask 255.255.255.0
gateway 192.168.56.1
dns-nameservers 114.114.114.114
重啟系統生效,然後使用xshell、putty或其他遠程管理工具,我這裡使用的是Gitbash,連接測試
xueji@xueji MINGW64 ~
$ ssh openstack@192.168.56.10
The authenticity of host "192.168.56.10 (192.168.56.10)" can"t be established.
ECDSA key fingerprint is SHA256:DvbqAHwl6bcmX3FcvaJZ1REpRR8Oup89ST+a8WFBY7Y.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added "192.168.56.10" (ECDSA) to the list of known hosts.
openstack@192.168.56.10"s password:
Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 4.4.0-31-generic x86_64)
* Documentation: https://help.ubuntu.com/
System information as of Tue Jan 15 00:56:14 CST 2019
System load: 0.11 Processes: 100
Usage of /: 0.6% of 193.78GB Users logged in: 0
Memory usage: 2% IP address for eth0: 10.0.3.10
Swap usage: 0% IP address for eth1: 192.168.56.10
Graph this data and manage this system at:
https://landscape.canonical.com/
186 packages can be updated.
0 updates are security updates.
New release "16.04.5 LTS" available.
Run "do-release-upgrade" to upgrade to it.
Last login: Tue Jan 15 00:56:14 2019
openstack@controller:~$ ifconfig
登錄成功,
接下來開始準備openstack的包
openstack@controller:~$ sudo -s
[sudo] password for openstack:
root@controller:~# apt-get update
root@controller:~# apt-get install -y software-properties-common
root@controller:~# add-apt-repository cloud-archive:mitaka
Ubuntu Cloud Archive for OpenStack Mitaka
More info: https://wiki.ubuntu.com/ServerTeam/CloudArchive
Press [ENTER] to continue or ctrl-c to cancel adding it
# 回車
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
ubuntu-cloud-keyring
0 upgraded, 1 newly installed, 0 to remove and 177 not upgraded.
Need to get 5,086 B of archives.
After this operation, 34.8 kB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com/ubuntu/ trusty/universe ubuntu-cloud-keyring all 2012.08.14 [5,086 B]
Fetched 5,086 B in 0s (11.0 kB/s)
Selecting previously unselected package ubuntu-cloud-keyring.
(Reading database ... 58744 files and directories currently installed.)
Preparing to unpack .../ubuntu-cloud-keyring_2012.08.14_all.deb ...
Unpacking ubuntu-cloud-keyring (2012.08.14) ...
Setting up ubuntu-cloud-keyring (2012.08.14) ...
Importing ubuntu-cloud.archive.canonical.com keyring
OK
Processing ubuntu-cloud.archive.canonical.com removal keyring
gpg: /etc/apt/trustdb.gpg: trustdb created
OK
root@controller:~# apt-get update && apt-get dist-upgrade
root@controller:~# apt-get install -y python-openstackclient
安裝NTP、MySQL
root@controller:~# hostname -I
10.0.3.10 192.168.56.10
root@controller:~# tail -n -2 /etc/hosts
10.0.3.10 controller
192.168.56.10 controller
root@controller:~# vim /etc/chrony/chrony.conf
# 注釋掉以下四行,接著在下面添加server controller iburst
#server 0.debian.pool.ntp.org offline minpoll 8
#server 1.debian.pool.ntp.org offline minpoll 8
#server 2.debian.pool.ntp.org offline minpoll 8
#server 3.debian.pool.ntp.org offline minpoll 8
server controller iburst
root@controller:~# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? controller 0 7 0 10y +0ns[ +0ns] +/- 0ns
安裝mysql
root@controller:~# apt-get install -y mariadb-server python-pymysql
在彈出的mysql資料庫密碼輸入框中輸入123456
root@controller:~# cd /etc/mysql/
root@controller:/etc/mysql# ls
conf.d debian.cnf debian-start my.cnf
root@controller:/etc/mysql# cp my.cnf{,.bak}
root@controller:/etc/mysql# vim my.cnf
[mysqld] #該行下面添加如下四行內容
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
bind-address = 0.0.0.0 #原值是127.0.0.1
重啟mysql
root@controller:/etc/mysql# service mariadb restart
mariadb: unrecognized service
root@controller:/etc/mysql# service mysql restart
* Stopping MariaDB database server mysqld [ OK ]
* Starting MariaDB database server mysqld [ OK ]
* Checking for corrupt, not cleanly closed and upgrade needing tables.
安全初始化
root@controller:/etc/mysql# mysql_secure_installation
/usr/bin/mysql_secure_installation: 393: /usr/bin/mysql_secure_installation: find_mysql_client: not found
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we"ll need the current
password for the root user. If you"ve just installed MariaDB, and
you haven"t set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
You already have a root password set, so you can safely answer "n".
Change the root password? [Y/n] n
... skipping.
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] n
... skipping.
Normally, root should only be allowed to connect from "localhost". This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n
... skipping.
By default, MariaDB comes with a database named "test" that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] n
... skipping.
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you"ve completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
測試連接
root@controller:/etc/mysql# mysql -uroot -p123456
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 30
Server version: 5.5.61-MariaDB-1ubuntu0.14.04.1 (Ubuntu)
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type "help;" or "h" for help. Type "c" to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)
MariaDB [(none)]> q
Bye
root@controller:/etc/mysql# mysql -uroot -p123456 -h10.0.3.10
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 31
Server version: 5.5.61-MariaDB-1ubuntu0.14.04.1 (Ubuntu)
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type "help;" or "h" for help. Type "c" to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)
MariaDB [(none)]> q
Bye
root@controller:/etc/mysql# mysql -uroot -p123456 -h192.168.56.10
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 32
Server version: 5.5.61-MariaDB-1ubuntu0.14.04.1 (Ubuntu)
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type "help;" or "h" for help. Type "c" to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)
MariaDB [(none)]> q
Bye
root@controller:/etc/mysql# mysql -uroot -p123456 -h127.0.0.1
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 33
Server version: 5.5.61-MariaDB-1ubuntu0.14.04.1 (Ubuntu)
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type "help;" or "h" for help. Type "c" to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)
MariaDB [(none)]> q
Bye
安裝mongodb
root@controller:~# apt-get install -y mongodb-server mongodb-clients python-pymongo
root@controller:~# cp /etc/mongodb.conf{,.bak}
root@controller:~# vim /etc/mongodb.conf
bind_ip = 0.0.0.0 #原值127.0.0.1
smallfiles = true #添加此行內容
root@controller:~# service mongodb stop
mongodb stop/waiting
root@controller:~# ls /var/lib/mongodb/journal/
# 如果這個目錄下有prealloc開頭的文件,全部刪除
root@controller:~# service mongodb start
mongodb start/running, process 5275
安裝rabbitmq
root@controller:~# apt-get install -y rabbitmq-server
添加openstack用戶
root@controller:~# rabbitmqctl add_user openstack 123456
Creating user "openstack" ...
賦予「openstack」用戶讀寫許可權
root@controller:~# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...
安裝memecached
root@controller:~# apt-get install -y memcached python-memcache
root@controller:~# cp /etc/memcached.conf{,.bak}
root@controller:~# vim /etc/memcached.conf
-l 0.0.0.0 #原值127.0.0.1
重啟memcache
root@controller:~# service memcached restart
Restarting memcached: memcached.
root@controller:~# service memcached status
* memcached is running
root@controller:~# ps aux | grep memcached
memcache 6975 0.0 0.0 63264 2612 ? Sl 03:08 0:00 /usr/bin/memcached -m 64 -p 11211 -u memcache -l 0.0.0.0
root 6994 0.0 0.0 11760 2120 pts/0 S+ 03:09 0:00 grep --color=auto memcached
開始安裝keystone
root@controller:~# mysql -uroot -p123456
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 34
Server version: 5.5.61-MariaDB-1ubuntu0.14.04.1 (Ubuntu)
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type "help;" or "h" for help. Type "c" to clear the current input statement.
MariaDB [(none)]> create database keystone;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on keystone.* to "keystone"@"localhost" identified by "123456";
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on keystone.* to "keystone"@"%" identified by "123456";
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> q
Bye
root@controller:~# mysql -ukeystone -p123456 -h 127.0.0.1
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 35
Server version: 5.5.61-MariaDB-1ubuntu0.14.04.1 (Ubuntu)
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type "help;" or "h" for help. Type "c" to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| keystone |
+--------------------+
2 rows in set (0.00 sec)
MariaDB [(none)]> q
Bye
root@controller:~# mysql -ukeystone -p123456 -h 10.0.3.10
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 36
Server version: 5.5.61-MariaDB-1ubuntu0.14.04.1 (Ubuntu)
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type "help;" or "h" for help. Type "c" to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| keystone |
+--------------------+
2 rows in set (0.00 sec)
MariaDB [(none)]> q
Bye
root@controller:~# mysql -ukeystone -p123456 -h 192.168.56.10
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 37
Server version: 5.5.61-MariaDB-1ubuntu0.14.04.1 (Ubuntu)
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type "help;" or "h" for help. Type "c" to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| keystone |
+--------------------+
2 rows in set (0.00 sec)
MariaDB [(none)]> q
Bye
# 連接都沒問題
接著安裝keystone軟體包
root@controller:~# echo "manual" > /etc/init/keystone.override
root@controller:~# apt-get install keystone apache2 libapache2-mod-wsgi
配置keystone.conf
root@controller:~# cp /etc/keystone/keystone.conf{,.bak}
root@controller:~# vim /etc/keystone/keystone.conf
admin_token = 123456
connection = mysql+pymysql://keystone:123456@controller/keystone
provider = fernet
# 同步資料庫
root@controller:~# su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化fernet-keys
root@controller:~# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
2019-01-15 03:43:34.134 9896 INFO keystone.token.providers.fernet.utils [-] [fernet_tokens] key_repository does not appear to exist; attempting to create it
2019-01-15 03:43:34.135 9896 INFO keystone.token.providers.fernet.utils [-] Created a new key: /etc/keystone/fernet-keys/0
2019-01-15 03:43:34.135 9896 INFO keystone.token.providers.fernet.utils [-] Starting key rotation with 1 key files: ["/etc/keystone/fernet-keys/0"]
2019-01-15 03:43:34.135 9896 INFO keystone.token.providers.fernet.utils [-] Current primary key is: 0
2019-01-15 03:43:34.136 9896 INFO keystone.token.providers.fernet.utils [-] Next primary key will be: 1
2019-01-15 03:43:34.136 9896 INFO keystone.token.providers.fernet.utils [-] Promoted key 0 to be the primary: 1
2019-01-15 03:43:34.137 9896 INFO keystone.token.providers.fernet.utils [-] Created a new key: /etc/keystone/fernet-keys/0
root@controller:~# echo $?
0
配置Apache HTTP
root@controller:~# cp /etc/apache2/apache2.conf{,.bak}
root@controller:~# vim /etc/apache2/apache2.conf
root@controller:~# grep "ServerName" /etc/apache2/apache2.conf
ServerName controller #末尾添加此行
配置Apache HTPP
root@controller:~# cp /etc/apache2/apache2.conf{,.bak}
root@controller:~# vim /etc/apache2/apache2.conf
root@controller:~# grep "ServerName" /etc/apache2/apache2.conf
ServerName controller
接著創建wsgi-keystone.conf文件
root@controller:~# vim /etc/apache2/sites-available/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/apache2/keystone.log
CustomLog /var/log/apache2/keystone_access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/apache2/keystone.log
CustomLog /var/log/apache2/keystone_access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
~
開啟認證服務虛擬主機
root@controller:~# ln -s /etc/apache2/sites-available/wsgi-keystone.conf /etc/apache2/sites-enabled
重啟apache
root@controller:~# service apache2 restart
* Restarting web server apache2 [ OK ]
root@controller:~# rm -rf /var/lib/keystone/keystone.db
root@controller:~# lsof -i:5000
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
apache2 10151 root 6u IPv6 27660 0t0 TCP *:5000 (LISTEN)
apache2 10164 www-data 6u IPv6 27660 0t0 TCP *:5000 (LISTEN)
apache2 10165 www-data 6u IPv6 27660 0t0 TCP *:5000 (LISTEN)
root@controller:~# lsof -i:35357
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
apache2 10151 root 8u IPv6 27664 0t0 TCP *:35357 (LISTEN)
apache2 10164 www-data 8u IPv6 27664 0t0 TCP *:35357 (LISTEN)
apache2 10165 www-data 8u IPv6 27664 0t0 TCP *:35357 (LISTEN)
安裝python-openstackclient
root@controller:~# apt-get install -y python-openstackclient
配置rootrc環境
root@controller:~# vim rootrc
root@controller:~# cat rootrc
export OS_TOKEN=123456
export OS_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export PS1="rootrc@u@h:w$"
# 載入rootrc環境
root@controller:~# source rootrc
向keystone中註冊服務
值得注意的是:35357一般為管理員登錄使用,5000埠一般發布到外部用戶使用
創建服務實體和API端點
adminrc@root@controller:~$source rootrc
rootrc@root@controller:~$openstack service create --name keystone --description "OpenStack Identify" identity
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Identify |
| enabled | True |
| id | 7052e2715c874ae18dc520ec21026a34 |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
rootrc@root@controller:~$openstack endpoint create --region RegionOne identity internal http://controller:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | ac731860b374450484034b024e643004 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 7052e2715c874ae18dc520ec21026a34 |
| service_name | keystone |
| service_type | identity |
| url | http://controller:5000/v3 |
+--------------+----------------------------------+
rootrc@root@controller:~$openstack endpoint create --region RegionOne identity public http://controller:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | d1f7296477a748ef82ad4970580d50b2 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 7052e2715c874ae18dc520ec21026a34 |
| service_name | keystone |
| service_type | identity |
| url | http://controller:5000/v3 |
+--------------+----------------------------------+
rootrc@root@controller:~$openstack endpoint create --region RegionOne identity admin http://controller:35357/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | df4eb1f2b08f474fa7b83ef979ebd0fb |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 7052e2715c874ae18dc520ec21026a34 |
| service_name | keystone |
| service_type | identity |
| url | http://controller:35357/v3 |
+--------------+----------------------------------+
接著創建域、項目、用戶和角色
rootrc@root@controller:~$openstack domain create --description "Default Domain" default
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Default Domain |
| enabled | True |
| id | 1495769d2bbb44d192eee4c9b2f91ca3 |
| name | default |
+-------------+----------------------------------+
rootrc@root@controller:~$openstack project create --domain default --description "Admin Project" admin
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Admin Project |
| domain_id | 1495769d2bbb44d192eee4c9b2f91ca3 |
| enabled | True |
| id | 29577090a0e8466ab49cc30a4305f5f8 |
| is_domain | False |
| name | admin |
| parent_id | 1495769d2bbb44d192eee4c9b2f91ca3 |
+-------------+----------------------------------+
rootrc@root@controller:~$openstack user create --domain default --password admin admin
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 1495769d2bbb44d192eee4c9b2f91ca3 |
| enabled | True |
| id | 653177098fac40a28734093706299e66 |
| name | admin |
+-----------+----------------------------------+
rootrc@root@controller:~$openstack role create admin
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 6abd897a6f134b8ea391377d1617a2f8 |
| name | admin |
+-----------+----------------------------------+
rootrc@root@controller:~$openstack role add --project admin --user admin admin
rootrc@root@controller:~$ #沒有提示就是最好的提示了
創建service項目
rootrc@root@controller:~$openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | 1495769d2bbb44d192eee4c9b2f91ca3 |
| enabled | True |
| id | 006a1ed36a0e4cbd8947d853b79d522c |
| is_domain | False |
| name | service |
| parent_id | 1495769d2bbb44d192eee4c9b2f91ca3 |
+-------------+----------------------------------+
rootrc@root@controller:~$openstack project create --domain default --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | 1495769d2bbb44d192eee4c9b2f91ca3 |
| enabled | True |
| id | ffc560f6a2604c3896df922115c6fc2a |
| is_domain | False |
| name | demo |
| parent_id | 1495769d2bbb44d192eee4c9b2f91ca3 |
+-------------+----------------------------------+
rootrc@root@controller:~$openstack user create --domain default --password demo demo
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 1495769d2bbb44d192eee4c9b2f91ca3 |
| enabled | True |
| id | c4de9fac882740838aa26e9119b30cb9 |
| name | demo |
+-----------+----------------------------------+
rootrc@root@controller:~$openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | e69817f50d6448fe888a64e51e025351 |
| name | user |
+-----------+----------------------------------+
rootrc@root@controller:~$openstack role add --project demo --user demo user
rootrc@root@controller:~$echo $?
0
驗證adminrc
rootrc@root@controller:~$vim adminrc
rootrc@root@controller:~$cat adminrc
unset OS_TOKEN
unset OS_URL
unset OS_IDENTITY_API_VERSION
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export PS1="adminrc@u@h:w$"
載入adminrc環境並嘗試獲取keystone token
rootrc@root@controller:~$source adminrc
adminrc@root@controller:~$openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2019-01-14T21:33:20.000000Z |
| id | gAAAAABcPPIQK270ipb9EgRW7feWYLunIVPaX9cTjhvgvTvMmpG8j8K_AkwPv5UL4WUFFzfDnO30A7WflnaOyufilAi7DCmbQ2YLlsGuAzgbCRYooV5pIJTkuqbhmRJDmFX068zliOri_rXL2CsTq9um3UtCPnOj7-7LxmXcFm5LwsP6OyzY4Ts |
| project_id | 29577090a0e8466ab49cc30a4305f5f8 |
| user_id | 653177098fac40a28734093706299e66 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
adminrc@root@controller:~$date
Tue Jan 15 04:34:10 CST 2019
驗證demorc
adminrc@root@controller:~$vim demorc
adminrc@root@controller:~$cat demorc
unset OS_TOKEN
unset OS_URL
unset OS_IDENTITY_API_VERSION
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export PS1="demorc@u@h:w$"
獲取demo用戶的token
adminrc@root@controller:~$source demorc
demorc@root@controller:~$openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2019-01-14T21:40:50.000000Z |
| id | gAAAAABcPPPSLXi6E581bb8P0MpmHOLg-p0_vt9YLNWXn6feHLF6QONWq3Ny8JT4ceOvkKiv5TltLA4WRyn6XghcvZn-X0tuhOl07Eh6KXxGiGtEwgZyPFO-AFhykXims1FH0Tz4lp-fI_ExelOAcT50OFeKC3bB5vlGlYgR0pmdiVj8L73Boiw |
| project_id | ffc560f6a2604c3896df922115c6fc2a |
| user_id | c4de9fac882740838aa26e9119b30cb9 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
demorc@root@controller:~$date
Tue Jan 15 04:40:56 CST 2019
開始安裝glance服務
demorc@root@controller:~$mysql -uroot -p123456
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 45
Server version: 5.5.61-MariaDB-1ubuntu0.14.04.1 (Ubuntu)
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type "help;" or "h" for help. Type "c" to clear the current input statement.
MariaDB [(none)]> create database glance;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on glance.* to "glance"@"localhost" identified by "123456";
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on glance.* to "glance"@"%" identified by "123456";
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> q
Bye
demorc@root@controller:~$source adminrc
adminrc@root@controller:~$
1111
rootrc@root@controller:~$source adminrc
adminrc@root@controller:~$openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 24eba17c530946fea53413104b8d2035 |
| name | glance |
| type | image |
+-------------+----------------------------------+
adminrc@root@controller:~$ps -aux | grep -v "grep" | grep keystone
keystone 10154 0.0 0.2 176340 7976 ? Sl 03:51 0:00 (wsgi:keystone-pu -k start
keystone 10155 0.0 3.0 367836 94348 ? Sl 03:51 0:01 (wsgi:keystone-pu -k start
keystone 10156 0.0 2.1 336084 65084 ? Sl 03:51 0:01 (wsgi:keystone-pu -k start
keystone 10157 0.0 0.2 176332 7976 ? Sl 03:51 0:00 (wsgi:keystone-pu -k start
keystone 10158 0.0 0.2 176332 7976 ? Sl 03:51 0:00 (wsgi:keystone-pu -k start
keystone 10159 0.0 3.1 368860 96008 ? Sl 03:51 0:01 (wsgi:keystone-ad -k start
keystone 10160 0.0 3.0 368348 94628 ? Sl 03:51 0:01 (wsgi:keystone-ad -k start
keystone 10161 0.0 2.2 353988 70496 ? Sl 03:51 0:01 (wsgi:keystone-ad -k start
keystone 10162 0.0 3.1 368604 95668 ? Sl 03:51 0:01 (wsgi:keystone-ad -k start
keystone 10163 0.0 3.1 368604 95732 ? Sl 03:51 0:01 (wsgi:keystone-ad -k start
adminrc@root@controller:~$lsof -i:5000
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
apache2 10151 root 6u IPv6 27660 0t0 TCP *:5000 (LISTEN)
apache2 10164 www-data 6u IPv6 27660 0t0 TCP *:5000 (LISTEN)
apache2 10165 www-data 6u IPv6 27660 0t0 TCP *:5000 (LISTEN)
adminrc@root@controller:~$lsof -i:35357
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
apache2 10151 root 8u IPv6 27664 0t0 TCP *:35357 (LISTEN)
apache2 10164 www-data 8u IPv6 27664 0t0 TCP *:35357 (LISTEN)
apache2 10165 www-data 8u IPv6 27664 0t0 TCP *:35357 (LISTEN)
adminrc@root@controller:~$tail /var/log/keystone/keystone-wsgi-admin.log
11111
adminrc@root@controller:~$openstack endpoint create --region RegionOne image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 83d13b44fbae4abbb89b7f1a9f1519d6 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 24eba17c530946fea53413104b8d2035 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
adminrc@root@controller:~$openstack endpoint create --region RegionOne image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | c9708f196a6946f987652cb40b9a8aea |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 24eba17c530946fea53413104b8d2035 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
111
adminrc@root@controller:~$openstack user create --domain default --password glance glance
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 1495769d2bbb44d192eee4c9b2f91ca3 |
| enabled | True |
| id | b9c7a987bc494e72899d6ffa7c68c3d0 |
| name | glance |
+-----------+----------------------------------+
adminrc@root@controller:~$openstack role add --project service --user glance admin
adminrc@root@controller:~$sudo -s
root@controller:~# apt-get install -y glance
root@controller:~# echo $?
0
配置glance-api.conf
root@controller:~# cp /etc/glance/glance-api.conf{,.bak}
root@controller:~# vim /etc/glance/glance-api.conf
......
connection = mysql+pymysql://glance:123456@controller/glance
......
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
配置
root@controller:~# cp /etc/glance/glance-registry.conf{,.bak}
root@controller:~# vim /etc/glance/glance-registry.conf
.......
connection = mysql+pymysql://glance:123456@localhost/glance
.......
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
........
[paste_deploy]
flavor = keystone
寫入鏡像服務資料庫中
root@controller:~# su -s /bin/sh -c "glance-manage db_sync" glance
............
2019-01-15 06:04:43.570 13286 INFO migrate.versioning.api [-] done
配置完成重啟服務
root@controller:~# service glance-registry restart
glance-registry stop/waiting
glance-registry start/running, process 13322
root@controller:~# service glance-api restart
glance-api stop/waiting
glance-api start/running, process 13351
獲取admin憑證來獲取只有管理員能執行的命令的訪問許可權
root@controller:~# source adminrc
adminrc@root@controller:~$wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
adminrc@root@controller:~$ls -al cirros-0.3.4-x86_64-disk.img
-rw-r--r-- 1 root root 13287936 May 8 2015 cirros-0.3.4-x86_64-disk.img
adminrc@root@controller:~$file cirros-0.3.4-x86_64-disk.img
cirros-0.3.4-x86_64-disk.img: QEMU QCOW Image (v2), 41126400 bytes
adminrc@root@controller:~$openstack image create "cirrors" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2019-01-14T22:55:08Z |
| disk_format | qcow2 |
| file | /v2/images/39d73bcf-e60b-4caf-8469-cca17de00d7e/file |
| id | 39d73bcf-e60b-4caf-8469-cca17de00d7e |
| min_disk | 0 |
| min_ram | 0 |
| name | cirrors |
| owner | 29577090a0e8466ab49cc30a4305f5f8 |
| protected | False |
| schema | /v2/schemas/image |
| size | 13287936 |
| status | active |
| tags | |
| updated_at | 2019-01-14T22:55:08Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
查看鏡像列表
adminrc@root@controller:~$openstack image list
+--------------------------------------+---------+--------+
| ID | Name | Status |
+--------------------------------------+---------+--------+
| 39d73bcf-e60b-4caf-8469-cca17de00d7e | cirrors | active |
+--------------------------------------+---------+--------+
也可以直接去機器上glance對應的的images目錄下查看
adminrc@root@controller:~$ls /var/lib/glance/images/
39d73bcf-e60b-4caf-8469-cca17de00d7e
遇到的問題
錯誤信息
adminrc@root@controller:~$openstack image create "cirrors" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
503 Service Unavailable: The server is currently unavailable. Please try again at a later time. (HTTP 503)
adminrc@root@controller:~$cd /var/log/glance/
adminrc@root@controller:/var/log/glance$ls
glance-api.log glance-registry.log
adminrc@root@controller:/var/log/glance$tail glance-api.log
2019-01-15 06:06:06.887 13351 INFO glance.common.wsgi [-] Started child 13359
2019-01-15 06:06:06.889 13359 INFO eventlet.wsgi.server [-] (13359) wsgi starting up on http://0.0.0.0:9292
2019-01-15 06:11:59.019 13359 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
2019-01-15 06:11:59.071 13359 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
2019-01-15 06:11:59.071 13359 CRITICAL keystonemiddleware.auth_token [-] Unable to validate token: Identity server rejected authorization necessary to fetch token data
2019-01-15 06:11:59.078 13359 INFO eventlet.wsgi.server [-] 10.0.3.10 - - [15/Jan/2019 06:11:59] "GET /v2/schemas/image HTTP/1.1" 503 370 0.170589
2019-01-15 06:15:01.259 13359 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
2019-01-15 06:15:01.301 13359 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
2019-01-15 06:15:01.302 13359 CRITICAL keystonemiddleware.auth_token [-] Unable to validate token: Identity server rejected authorization necessary to fetch token data
2019-01-15 06:15:01.306 13359 INFO eventlet.wsgi.server [-] 10.0.3.10 - - [15/Jan/2019 06:15:01] "GET /v2/schemas/image HTTP/1.1" 503 370 0.089388
adminrc@root@controller:/var/log/glance$grep -rHn "ERROR"
adminrc@root@controller:/var/log/glance$grep -rHn "error"
glance-api.log:12:2019-01-15 06:11:59.019 13359 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
glance-api.log:13:2019-01-15 06:11:59.071 13359 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
glance-api.log:16:2019-01-15 06:15:01.259 13359 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
glance-api.log:17:2019-01-15 06:15:01.301 13359 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
adminrc@root@controller:~$openstack image create "cirrors" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
503 Service Unavailable: The server is currently unavailable. Please try again at a later time. (HTTP 503)
adminrc@root@controller:~$tail /var/log/keystone/keystone-wsgi-admin.log
2019-01-15 06:30:32.353 10159 INFO keystone.token.providers.fernet.utils [req-749b2de5-d2be-47e8-9263-083c54fe488d - - - - -] Loaded 2 encryption keys (max_active_keys=3) from: /etc/keystone/fernet-keys/
2019-01-15 06:30:32.358 10161 INFO keystone.common.wsgi [req-62e3bb30-ef7b-476a-8f49-dc062c1a9452 - - - - -] POST http://controller:35357/v3/auth/tokens
2019-01-15 06:30:32.552 10161 INFO keystone.token.providers.fernet.utils [req-62e3bb30-ef7b-476a-8f49-dc062c1a9452 - - - - -] Loaded 2 encryption keys (max_active_keys=3) from: /etc/keystone/fernet-keys/
2019-01-15 06:30:32.561 10163 INFO keystone.token.providers.fernet.utils [req-2540636c-0a56-4549-adbc-deeaf0063210 - - - - -] Loaded 2 encryption keys (max_active_keys=3) from: /etc/keystone/fernet-keys/
2019-01-15 06:30:32.682 10163 INFO keystone.common.wsgi [req-2540636c-0a56-4549-adbc-deeaf0063210 653177098fac40a28734093706299e66 29577090a0e8466ab49cc30a4305f5f8 - 1495769d2bbb44d192eee4c9b2f91ca3 1495769d2bbb44d192eee4c9b2f91ca3] GET http://controller:35357/v3/services/image
2019-01-15 06:30:32.686 10163 WARNING keystone.common.wsgi [req-2540636c-0a56-4549-adbc-deeaf0063210 653177098fac40a28734093706299e66 29577090a0e8466ab49cc30a4305f5f8 - 1495769d2bbb44d192eee4c9b2f91ca3 1495769d2bbb44d192eee4c9b2f91ca3] Could not find service: image
2019-01-15 06:30:32.691 10160 INFO keystone.token.providers.fernet.utils [req-c4a9af14-d206-4551-a693-23055fcb16e3 - - - - -] Loaded 2 encryption keys (max_active_keys=3) from: /etc/keystone/fernet-keys/
2019-01-15 06:30:32.807 10160 INFO keystone.common.wsgi [req-c4a9af14-d206-4551-a693-23055fcb16e3 653177098fac40a28734093706299e66 29577090a0e8466ab49cc30a4305f5f8 - 1495769d2bbb44d192eee4c9b2f91ca3 1495769d2bbb44d192eee4c9b2f91ca3] GET http://controller:35357/v3/services?name=image
2019-01-15 06:30:32.816 10162 INFO keystone.token.providers.fernet.utils [req-cc99a9ba-db21-4186-9c32-4eb39b931efa - - - - -] Loaded 2 encryption keys (max_active_keys=3) from: /etc/keystone/fernet-keys/
2019-01-15 06:30:32.939 10162 INFO keystone.common.wsgi [req-cc99a9ba-db21-4186-9c32-4eb39b931efa 653177098fac40a28734093706299e66 29577090a0e8466ab49cc30a4305f5f8 - 1495769d2bbb44d192eee4c9b2f91ca3 1495769d2bbb44d192eee4c9b2f91ca3] GET http://controller:35357/v3/services?type=image
解決辦法
在glance-api.conf和glance-registry.conf文件中
[keystone_authtoken]
username = glance
password = 123456
這裡跟glance資料庫密碼搞混了,應該是glance
因為上面這條命令openstack user create --domain default --password glance glance
安裝nova
MariaDB [(none)]> create database nova_api;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> create database nova;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on nova_api.* to "nova"@"localhost" identified by "123456";
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on nova_api.* to "nova"@"%" identified by "123456";
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on nova.* to "nova"@"%" identified by "123456";
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on nova.* to "nova"@"localhost" identified by "123456";
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> q
Bye
創建nova用戶
adminrc@root@controller:~$openstack user create --domain default --password nova nova
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 1495769d2bbb44d192eee4c9b2f91ca3 |
| enabled | True |
| id | e4fc73ea1f6d47269ae4ab95ff999326 |
| name | nova |
+-----------+----------------------------------+
給nova用戶添加admin角色
adminrc@root@controller:~$openstack role add --project service --user nova admin
創建nova服務實體
adminrc@root@controller:~$openstack role add --project service --user nova admin
adminrc@root@controller:~$openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 872de5b67b1547adb4826ca1f7ef96b3 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
創建compute服務api端點
adminrc@root@controller:~$openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1/%(tenant_id)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 8e42256f67e446cc88568903286ed462 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 872de5b67b1547adb4826ca1f7ef96b3 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
adminrc@root@controller:~$openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1/%(tenant_id)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | b07f3be5fff4444db57323bb04376d33 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 872de5b67b1547adb4826ca1f7ef96b3 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
adminrc@root@controller:~$openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1/%(tenant_id)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 91dc56e437e640c397696318ee1dcc21 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 872de5b67b1547adb4826ca1f7ef96b3 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
安裝nova組件包
adminrc@root@controller:~$apt-get install -y nova-api nova-conductor nova-consoleauth nova-novncproxy nova-scheduler
配置
adminrc@root@controller:~$cp /etc/nova/nova.conf{,.bak}
adminrc@root@controller:~$vim /etc/nova/nova.conf
[DEFAULT]
........
rpc_backend=rabbit
auth_strategy=keystone
my_ip=10.0.3.10
use_neutron=True
firewall_driver=nova.virt.firewall.NoopFirewallDriver
[database]
connection=mysql+pymysql://nova:123456@controller/nova
[api_database]
connection=mysql+pymysql://nova:123456@controller/nova_api
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = 123456
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
[vnc]
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = 0.0.0.0
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
同步資料庫
adminrc@root@controller:~$su -s /bin/sh -c "nova-manage api_db sync" nova
Option "logdir" from group "DEFAULT" is deprecated. Use option "log-dir" from group "DEFAULT".
Option "verbose" from group "DEFAULT" is deprecated for removal. Its value may be silently ignored in the future.
...........
2019-01-15 07:38:43.731 21492 INFO migrate.versioning.api [-] done
adminrc@root@controller:~$echo $?
0
adminrc@root@controller:~$su -s /bin/sh -c "nova-manage db sync" nova
.......
2019-01-15 07:40:19.955 22811 INFO migrate.versioning.api [-] done
adminrc@root@controller:~$echo $?
0
重啟服務
adminrc@root@controller:~$service nova-api restart
nova-api stop/waiting
nova-api start/running, process 23944
adminrc@root@controller:~$service nova-consoleauth restart
nova-consoleauth stop/waiting
nova-consoleauth start/running, process 24431
adminrc@root@controller:~$service nova-scheduler restart
nova-scheduler stop/waiting
nova-scheduler start/running, process 24670
adminrc@root@controller:~$service nova-conductor restart
nova-conductor stop/waiting
nova-conductor start/running, process 24877
adminrc@root@controller:~$service nova-novncproxy restart
nova-novncproxy stop/waiting
nova-novncproxy start/running, process 25010
查看服務是否啟動起來
adminrc@root@controller:/var/log/nova$openstack compute service list
+----+------------------+------------+----------+---------+-------+----------------------------+
| Id | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+------------+----------+---------+-------+----------------------------+
| 3 | nova-consoleauth | controller | internal | enabled | up | 2019-01-14T23:44:50.000000 |
| 4 | nova-scheduler | controller | internal | enabled | up | 2019-01-14T23:44:46.000000 |
| 5 | nova-conductor | controller | internal | enabled | up | 2019-01-14T23:44:49.000000 |
+----+------------------+------------+----------+---------+-------+----------------------------+
安裝nova-compute節點,因為這裡是單節點安裝,所以nova-compute也是安裝在controller節點上
adminrc@root@controller:~$apt-get install nova-compute
重新配置nova.conf
adminrc@root@controller:~$cp /etc/nova/nova.conf{,.back}
adminrc@root@controller:~$vim /etc/nova/nova.conf #其他項保持不變
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://192.168.56.10:6080/vnc_auto.html
確定計算節點是否支持虛擬機硬體加速
adminrc@root@controller:~$egrep -c "(vmx|svm)" /proc/cpuinfo
0
# 不支持
需要更改nova-compute.conf文件
adminrc@root@controller:~$cp /etc/nova/nova-compute.conf{,.bak}
adminrc@root@controller:~$vim /etc/nova/nova-compute.conf
[libvirt]
virt_type=qemu #原值是kvm
重啟計算服務
adminrc@root@controller:~$service nova-compute restart
nova-compute stop/waiting
nova-compute start/running, process 16696
adminrc@root@controller:~$openstack compute service list
+----+------------------+------------+----------+---------+-------+----------------------------+
| Id | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+------------+----------+---------+-------+----------------------------+
| 3 | nova-consoleauth | controller | internal | enabled | up | 2019-01-15T00:11:51.000000 |
| 4 | nova-scheduler | controller | internal | enabled | up | 2019-01-15T00:11:57.000000 |
| 5 | nova-conductor | controller | internal | enabled | up | 2019-01-15T00:11:50.000000 |
| 6 | nova-compute | controller | nova | enabled | up | 2019-01-15T00:11:54.000000 |
+----+------------------+------------+----------+---------+-------+----------------------------+
如果查看nova-api服務的話,需要
adminrc@root@controller:~$service nova-api status
nova-api start/running, process 23944
安裝網路neutron服務
MariaDB [(none)]> create database neutron;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on neutron.* to "neutron"@"localhost" identified by "123456";
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on neutron.* to "neutron"@"%" identified by "123456";
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> q
創建neutron用戶
adminrc@root@controller:~$openstack user create --domain default --password neutron neutron
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 1495769d2bbb44d192eee4c9b2f91ca3 |
| enabled | True |
| id | 081dc309806c45198a3bd6c39bf9947f |
| name | neutron |
+-----------+----------------------------------+
adminrc@root@controller:~$openstack role add --project service --user neutron admin
adminrc@root@controller:~$
創建neutron服務實體
adminrc@root@controller:~$openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | c661b602f11d45cfb068027c77fd519e |
| name | neutron |
| type | network |
+-------------+----------------------------------+
創建neutron服務端點
adminrc@root@controller:~$openstack endpoint create --region RegionOne network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0192ba47a7b348ec88bb5f71c82f8f4c |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | c661b602f11d45cfb068027c77fd519e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
adminrc@root@controller:~$openstack endpoint create --region RegionOne network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | bdf4b9663ccb4ef695cde0638231943a |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | c661b602f11d45cfb068027c77fd519e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
adminrc@root@controller:~$openstack endpoint create --region RegionOne network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | ffc7a793985e494fa839fd76ea5bdcef |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | c661b602f11d45cfb068027c77fd519e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
配置網路選項,網路選項有兩種:
1.公共網路
2.私有網路
對於公共網路
首先安裝安全組件
adminrc@root@controller:~$apt-get install -y neutron-server neutron-plugin-ml2 neutron-linuxbridge-agent neutron-dhcp-agent neutron-metadata-agent
adminrc@root@controller:~$cp /etc/neutron/neutron.conf{,.bak}
adminrc@root@controller:~$vim /etc/neutron/neutron.conf
#需要更改的地方
[database]
connection = mysql+pymysql://neutron:123456@controller/neutron
[DEFAULT]
rpc_backend = rabbit
core_plugin = ml2
service_plugins =
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
配置ML2插件
adminrc@root@controller:~$cp /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}
adminrc@root@controller:~$vim /etc/neutron/plugins/ml2/ml2_conf.ini
# 需要更改的項
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[securitygroup]
enable_ipset = True
配置linuxbridge.ini
adminrc@root@controller:~$cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
adminrc@root@controller:~$vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
[vxlan]
enable_vxlan = False
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置dhcp_agent.ini
adminrc@root@controller:~$cp /etc/neutron/dhcp_agent.ini{,.bak}
adminrc@root@controller:~$vim /etc/neutron/dhcp_agent.ini
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
配置元數據代理
adminrc@root@controller:~$cp /etc/neutron/metadata_agent.ini{,.bak}
adminrc@root@controller:~$vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_ip = controller
metadata_proxy_shared_secret = METADATA_SECRET
配置計算節點網路服務
adminrc@root@controller:~$vim /etc/nova/nova.conf
[neutron] 末尾添加這些內容
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET
同步資料庫
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
重啟計算API服務、Networking服務
adminrc@root@controller:~$service nova-api restart
nova-api stop/waiting
nova-api start/running, process 554
adminrc@root@controller:~$service neutron-server restart
neutron-server stop/waiting
neutron-server start/running, process 837
adminrc@root@controller:~$service neutron-server restart
neutron-server stop/waiting
neutron-server start/running, process 997
adminrc@root@controller:~$service neutron-linuxbridge-agent restart
neutron-linuxbridge-agent stop/waiting
neutron-linuxbridge-agent start/running, process 1316
adminrc@root@controller:~$service neutron-dhcp-agent restart
neutron-dhcp-agent stop/waiting
neutron-dhcp-agent start/running, process 1599
adminrc@root@controller:~$service neutron-metadata-agent restart
neutron-metadata-agent stop/waiting
neutron-metadata-agent start/running, process 1825
重啟neutron-l3-agent
adminrc@root@controller:~$service neutron-l3-agent restart
neutron-l3-agent stop/waiting
neutron-l3-agent start/running, process 8271
重啟
adminrc@root@controller:~$service nova-compute restart
nova-compute stop/waiting
nova-compute start/running, process 13155
adminrc@root@controller:~$service neutron-linuxbridge-agent restart
neutron-linuxbridge-agent stop/waiting
neutron-linuxbridge-agent start/running, process 14295
查看是否有網路創建
adminrc@root@controller:~$openstack network list
輸出為空,因為還沒有創建任何網路
驗證neutron-server是否正常啟動
adminrc@root@controller:~$neutron ext-list
+---------------------------+-----------------------------------------------+
| alias | name |
+---------------------------+-----------------------------------------------+
| default-subnetpools | Default Subnetpools |
| availability_zone | Availability Zone |
| network_availability_zone | Network Availability Zone |
| auto-allocated-topology | Auto Allocated Topology Services |
| binding | Port Binding |
| agent | agent |
| subnet_allocation | Subnet Allocation |
| dhcp_agent_scheduler | DHCP Agent Scheduler |
| tag | Tag support |
| external-net | Neutron external network |
| net-mtu | Network MTU |
| network-ip-availability | Network IP Availability |
| quotas | Quota management support |
| provider | Provider Network |
| multi-provider | Multi Provider Network |
| address-scope | Address scope |
| timestamp_core | Time Stamp Fields addition for core resources |
| extra_dhcp_opt | Neutron Extra DHCP opts |
| security-group | security-group |
| rbac-policies | RBAC Policies |
| standard-attr-description | standard-attr-description |
| port-security | Port Security |
| allowed-address-pairs | Allowed Address Pairs |
+---------------------------+-----------------------------------------------+
驗證
adminrc@root@controller:~$neutron agent-list
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| id | agent_type | host | availability_zone | alive | admin_state_up | binary |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| 0cafd3ff-6da0-4194-a6dd-9a60136af93a | DHCP agent | controller | nova | 
| True | neutron-dhcp-agent |
| 53fce606-311d-4244-8af0-efd6f9087e34 | Open vSwitch agent | controller | | | True | neutron-openvswitch-agent |
| b5dffa68-a505-448f-8fa6-7d8bb16eb07a | Linux bridge agent | controller | | | True | neutron-linuxbridge-agent |
| dc161e12-8b23-4f49-8170-b7d68cfe2197 | Metadata agent | controller | | | True | neutron-metadata-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
創建一個實例
首先需要創建一個虛擬網路
創建一個提供者網路
adminrc@root@controller:~$neutron net-create --shared --provider:physical_network provider --provider:network_type flat provider
Invalid input for operation: network_type value "flat" not supported.
Neutron server returns request_ids: ["req-e9d3cb26-4156-4eb1-bc9e-9528dbbd1dc9"]
根據錯誤提示,需要檢查下ml2.conf.ini文件
[ml2]
type_drivers = flat,vlan #確認這行內容有flat
重啟服務再次運行創建網路
adminrc@root@controller:~$service neutron-server restart
neutron-server stop/waiting
neutron-server start/running, process 28671
adminrc@root@controller:~$neutron net-create --shared --provider:physical_network provider --provider:network_type flat provider
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2019-01-15T12:45:35 |
| description | |
| id | ab73ff8f-2d19-4479-811c-85c068290eeb |
| ipv4_address_scope | |
| ipv6_address_scope | |
| mtu | 1500 |
| name | provider |
| port_security_enabled | True |
| provider:network_type | flat |
| provider:physical_network | provider |
| provider:segmentation_id | |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | 29577090a0e8466ab49cc30a4305f5f8 |
| updated_at | 2019-01-15T12:45:35 |
+---------------------------+--------------------------------------+
接著創建一個子網
adminrc@root@controller:~$neutron subnet-create --name provider --allocation-pool start=10.0.3.50,end=10.0.3.253 --dns-nameserver 114.114.114.114 --gateway 10.0.3.1 provider 10.0.3.0/24
Created a new subnet:
+-------------------+---------------------------------------------+
| Field | Value |
+-------------------+---------------------------------------------+
| allocation_pools | {"start": "10.0.3.50", "end": "10.0.3.253"} |
| cidr | 10.0.3.0/24 |
| created_at | 2019-01-15T12:56:21 |
| description | |
| dns_nameservers | 114.114.114.114 |
| enable_dhcp | True |
| gateway_ip | 10.0.3.1 |
| host_routes | |
| id | 48faef6d-ee9d-4b46-a56d-3c196a766224 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | provider |
| network_id | ab73ff8f-2d19-4479-811c-85c068290eeb |
| subnetpool_id | |
| tenant_id | 29577090a0e8466ab49cc30a4305f5f8 |
| updated_at | 2019-01-15T12:56:21 |
+-------------------+---------------------------------------------+
接著創建一個虛擬主機
adminrc@root@controller:~$openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
+----------------------------+---------+
| Field | Value |
+----------------------------+---------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 1 |
| id | 0 |
| name | m1.nano |
| os-flavor-access:is_public | True |
| ram | 64 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+---------+
生成一個鍵值對
adminrc@root@controller:~$pwd
/home/openstack
adminrc@root@controller:~$ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory "/root/.ssh".
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
8a:e5:a2:f3:f4:1e:93:1a:c1:8d:67:d1:fd:fa:4b:75 root@controller
The key"s randomart image is:
+--[ RSA 2048]----+
| |
| . . |
| . . . |
| . o . . |
| + = S . . E|
| B o . . . |
| = * . . |
| .o = o o |
| .oo.o o. |
+-----------------+
adminrc@root@controller:~$ls -al /root/.ssh/id_rsa.pub
-rw-r--r-- 1 root root 397 Jan 15 21:13 /root/.ssh/id_rsa.pub
添加密鑰對
adminrc@root@controller:~$openstack keypair create --public-key /root/.ssh/id_rsa.pub rootkey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | 8a:e5:a2:f3:f4:1e:93:1a:c1:8d:67:d1:fd:fa:4b:75 |
| name | rootkey |
| user_id | 653177098fac40a28734093706299e66 |
+-------------+-------------------------------------------------+
驗證密鑰對
adminrc@root@controller:~$openstack keypair list
+---------+-------------------------------------------------+
| Name | Fingerprint |
+---------+-------------------------------------------------+
| rootkey | 8a:e5:a2:f3:f4:1e:93:1a:c1:8d:67:d1:fd:fa:4b:75 |
+---------+-------------------------------------------------+
增加安全組規則
adminrc@root@controller:~$openstack security group rule create --proto icmp default
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| id | a4c8ad46-42eb-4397-b09f-af5dcfef2ad1 |
| ip_protocol | icmp |
| ip_range | 0.0.0.0/0 |
| parent_group_id | 968f5f33-c569-46b4-9019-8a3f614ae670 |
| port_range | |
| remote_security_group | |
+-----------------------+--------------------------------------+
adminrc@root@controller:~$openstack security group rule create --proto tcp --dst-port 22 default
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| id | 8ed34a22-9479-4074-8177-94ec284e4764 |
| ip_protocol | tcp |
| ip_range | 0.0.0.0/0 |
| parent_group_id | 968f5f33-c569-46b4-9019-8a3f614ae670 |
| port_range | 22:22 |
| remote_security_group | |
+-----------------------+--------------------------------------+
開始創建實例
# 列出可用類型
adminrc@root@controller:~$openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
+----+-----------+-------+------+-----------+-------+-----------+
# 列出可用鏡像
adminrc@root@controller:~$openstack image list
+--------------------------------------+---------+--------+
| ID | Name | Status |
+--------------------------------------+---------+--------+
| 39d73bcf-e60b-4caf-8469-cca17de00d7e | cirrors | active |
+--------------------------------------+---------+--------+
# 列出可用網路
adminrc@root@controller:~$openstack network list
+--------------------------------------+----------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+----------+--------------------------------------+
| ab73ff8f-2d19-4479-811c-85c068290eeb | provider | 48faef6d-ee9d-4b46-a56d-3c196a766224 |
+--------------------------------------+----------+--------------------------------------+
# 列出可用安全組規則
adminrc@root@controller:~$openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+
| ID | Name | Description | Project |
+--------------------------------------+---------+------------------------+----------------------------------+
| 968f5f33-c569-46b4-9019-8a3f614ae670 | default | Default security group | 29577090a0e8466ab49cc30a4305f5f8 |
+--------------------------------------+---------+------------------------+----------------------------------+
# 創建實例
adminrc@root@controller:~$openstack server create --flavor m1.nano --image cirros --nic net-id=ab73ff8f-2d19-4479-811c-85c068290eeb --security-group default --key-name rootkey test-instance
No image with a name or ID of "cirros" exists.
# 好吧 又有事情了
# 再次查看可用鏡像,好像發現問題所在了,我輸入的是cirros,而可用鏡像的name的值cirrors。
adminrc@root@controller:~$openstack image list
+--------------------------------------+---------+--------+
| ID | Name | Status |
+--------------------------------------+---------+--------+
| 39d73bcf-e60b-4caf-8469-cca17de00d7e | cirrors | active |
+--------------------------------------+---------+--------+
adminrc@root@controller:~$openstack server create --flavor m1.nano --image cirrors --nic net-id=ab73ff8f-2d19-4479-811c-85c068290eeb --security-group default --key-name rootkey test-instance
+--------------------------------------+------------------------------------------------+
| Field | Value |
+--------------------------------------+------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-SRV-ATTR:host | None |
| OS-EXT-SRV-ATTR:hypervisor_hostname | None |
| OS-EXT-SRV-ATTR:instance_name | instance-00000001 |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | WeVy7yd6BXcc |
| config_drive | |
| created | 2019-01-15T13:35:19Z |
| flavor | m1.nano (0) |
| hostId | |
| id | 9eb49f96-7d68-4628-bb37-7583e457edc6 |
| image | cirrors (39d73bcf-e60b-4caf-8469-cca17de00d7e) |
| key_name | rootkey |
| name | test-instance |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | 29577090a0e8466ab49cc30a4305f5f8 |
| properties | |
| security_groups | [{u"name": u"default"}] |
| status | BUILD |
| updated | 2019-01-15T13:35:20Z |
| user_id | 653177098fac40a28734093706299e66 |
+--------------------------------------+------------------------------------------------+
創建成功
查看相關實例
adminrc@root@controller:~$openstack server list
+--------------------------------------+---------------+--------+--------------------+
| ID | Name | Status | Networks |
+--------------------------------------+---------------+--------+--------------------+
| 9eb49f96-7d68-4628-bb37-7583e457edc6 | test-instance | ACTIVE | provider=10.0.3.51 |
+--------------------------------------+---------------+--------+--------------------+
adminrc@root@controller:~$nova image-list
+--------------------------------------+---------+--------+--------+
| ID | Name | Status | Server |
+--------------------------------------+---------+--------+--------+
| 39d73bcf-e60b-4caf-8469-cca17de00d7e | cirrors | ACTIVE | |
+--------------------------------------+---------+--------+--------+
adminrc@root@controller:~$glance image-list
+--------------------------------------+---------+
| ID | Name |
+--------------------------------------+---------+
| 39d73bcf-e60b-4caf-8469-cca17de00d7e | cirrors |
+--------------------------------------+---------+
adminrc@root@controller:~$nova list
+--------------------------------------+---------------+--------+------------+-------------+--------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+---------------+--------+------------+-------------+--------------------+
| 9eb49f96-7d68-4628-bb37-7583e457edc6 | test-instance | ACTIVE | - | Running | provider=10.0.3.51 |
+--------------------------------------+---------------+--------+------------+-------------+--------------------+
啟動實例的命令
adminrc@root@controller:~$openstack boot --flavor m1.nano --image cirrors --nic net-id=ab73ff8f-2d19-4479-811c-85c068290eeb --security-group default --key-name rootkey test-instance
debug
adminrc@root@controller:~$openstack --debug server create --flavor m1.nano --image cirrors --nic net-id=ab73ff8f-2d19-4479-811c-85c068290eeb --security-group default --key-name rootkey test-instance
使用虛擬控制台訪問實例
adminrc@root@controller:~$openstack console url show test-instance
+-------+------------------------------------------------------------------------------------+
| Field | Value |
+-------+------------------------------------------------------------------------------------+
| type | novnc |
| url | http://192.168.56.10:6080/vnc_auto.html?token=ce586e5f-ceb1-4f7d-b039-0e44ae273686 |
+-------+------------------------------------------------------------------------------------+
提示很明顯
用戶名:cirros
密碼:cubswin:)
使用sudo切換至root用戶。
接下來查看
測試網路連通性
接著創建第二個
adminrc@root@controller:~$openstack server create --flavor m1.nano --image cirrors --nic net-id=ab73ff8f-2d19-4479-811c-85c068290eeb --security-group default --key-name rootkey test-instance
+--------------------------------------+------------------------------------------------+
| Field | Value |
+--------------------------------------+------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-SRV-ATTR:host | None |
| OS-EXT-SRV-ATTR:hypervisor_hostname | None |
| OS-EXT-SRV-ATTR:instance_name | instance-00000002 |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | QrFxY7UnvuJV |
| config_drive | |
| created | 2019-01-15T14:05:15Z |
| flavor | m1.nano (0) |
| hostId | |
| id | 203a1f48-1f98-44ca-a3fa-883a9cea514a |
| image | cirrors (39d73bcf-e60b-4caf-8469-cca17de00d7e) |
| key_name | rootkey |
| name | test-instance |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | 29577090a0e8466ab49cc30a4305f5f8 |
| properties | |
| security_groups | [{u"name": u"default"}] |
| status | BUILD |
| updated | 2019-01-15T14:05:15Z |
| user_id | 653177098fac40a28734093706299e66 |
+--------------------------------------+------------------------------------------------+
查看
adminrc@root@controller:~$nova list
+--------------------------------------+---------------+--------+------------+-------------+--------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+---------------+--------+------------+-------------+--------------------+
| 203a1f48-1f98-44ca-a3fa-883a9cea514a | test-instance | ACTIVE | - | Running | provider=10.0.3.52 |
| 9eb49f96-7d68-4628-bb37-7583e457edc6 | test-instance | ACTIVE | - | Running | provider=10.0.3.51 |
+--------------------------------------+---------------+--------+------------+-------------+--------------------+
此時已經創建好了兩台虛擬實例,並且已經處於running狀態。
實例2我們使用命令行演示下
adminrc@root@controller:~$ping -c 2 10.0.3.52
PING 10.0.3.52 (10.0.3.52) 56(84) bytes of data.
64 bytes from 10.0.3.52: icmp_seq=1 ttl=64 time=28.5 ms
64 bytes from 10.0.3.52: icmp_seq=2 ttl=64 time=0.477 ms
--- 10.0.3.52 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.477/14.505/28.534/14.029 ms
adminrc@root@controller:~$nova list
+--------------------------------------+---------------+--------+------------+-------------+--------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+---------------+--------+------------+-------------+--------------------+
| 203a1f48-1f98-44ca-a3fa-883a9cea514a | test-instance | ACTIVE | - | Running | provider=10.0.3.52 |
| 9eb49f96-7d68-4628-bb37-7583e457edc6 | test-instance | ACTIVE | - | Running | provider=10.0.3.51 |
+--------------------------------------+---------------+--------+------------+-------------+--------------------+
使用openstack console url show 查看
adminrc@root@controller:~$openstack console url show test-instance
More than one server exists with the name "test-instance".
# 因為此時有兩個server,所以使用id來展示即可
adminrc@root@controller:~$openstack console url show 203a1f48-1f98-44ca-a3fa-883a9cea514a
+-------+------------------------------------------------------------------------------------+
| Field | Value |
+-------+------------------------------------------------------------------------------------+
| type | novnc |
| url | http://192.168.56.10:6080/vnc_auto.html?token=42c43635-884c-482e-ac08-d1e6c6d2789b |
+-------+------------------------------------------------------------------------------------+
# 注意這裡不知道為什麼ssh不可以,按說配置了安全組規則後可以使用ssh cirros@10.0.3.52直接登上去,但是會提示輸入密碼,這一步暫時是個問題。。。。
哦...目前只知道使用這種方法獲取用戶名及密碼
使用命令行測試
adminrc@root@controller:~$ssh cirros@10.0.3.52
cirros@10.0.3.52"s password:# cubswin:)
$ ifconfig
eth0 Link encap:Ethernet HWaddr FA:16:3E:07:21:DE
inet addr:10.0.3.52 Bcast:10.0.3.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:fe07:21de/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:103 errors:0 dropped:0 overruns:0 frame:0
TX packets:176 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:17870 (17.4 KiB) TX bytes:17279 (16.8 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
$ ping -c 2 10.0.3.1
PING 10.0.3.1 (10.0.3.1): 56 data bytes
64 bytes from 10.0.3.1: seq=0 ttl=255 time=45.026 ms
64 bytes from 10.0.3.1: seq=1 ttl=255 time=1.050 ms
--- 10.0.3.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 1.050/23.038/45.026 ms
$ ping -c 2 www.qq.com
PING www.qq.com (61.129.7.47): 56 data bytes
64 bytes from 61.129.7.47: seq=0 ttl=53 time=5.527 ms
64 bytes from 61.129.7.47: seq=1 ttl=53 time=5.363 ms
--- www.qq.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 5.363/5.445/5.527 ms
測試兩個實例之間的連通性
$ sudo -s
$ hostname
cirros
$ ping -c 2 10.0.3.51
PING 10.0.3.51 (10.0.3.51): 56 data bytes
64 bytes from 10.0.3.51: seq=0 ttl=64 time=28.903 ms
64 bytes from 10.0.3.51: seq=1 ttl=64 time=1.205 ms
--- 10.0.3.51 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 1.205/15.054/28.903 m
對於私有網路服務
安裝組件
root@controller:~# apt-get install -y neutron-server neutron-plugin-ml2 neutron-linuxbridge-agent neutron-l3-agent neutron-dhcp-agent neutron-metadata-agent
由於這步是在原有的公共網路服務基礎上配置的,有些配置文件需要更改
確認配置neutron.conf文件信息
root@controller:~# ls /etc/neutron/neutron.*
neutron.conf neutron.conf.bak
root@controller:~# vim default
root@controller:~# cat default
core_plugin = ml2 #注意首行頂格寫沒有空行才行
service_plugins = router
allow_overlapping_ips = True
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
root@controller:~# grep "`cat default`" /etc/neutron/neutron.conf
auth_strategy = keystone
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
rpc_backend = rabbit
root@controller:~# grep "^connection" /etc/neutron/neutron.conf
connection = mysql+pymysql://neutron:123456@controller/neutron
root@controller:~# grep "core_plugin" /etc/neutron/neutron.conf
core_plugin = ml2
root@controller:~# grep "service_plugins" /etc/neutron/neutron.conf
service_plugins =
root@controller:~# sed -i "s/service_plugins=/service_plugins = router/g" /etc/neutron/neutron.conf
root@controller:~# grep "service_plugins" /etc/neutron/neutron.conf service_plugins = router
root@controller:~# grep "allow_overlapping_ips" /etc/neutron/neutron.conf #allow_overlapping_ips = false
root@controller:~# sed -i "s/#allow_overlapping_ips = false/allow_overlapping_ips = True/g" /etc/neutron/neutron.conf
root@controller:~# grep "allow_overlapping_ips" /etc/neutron/neutron.conf allow_overlapping_ips = True
root@controller:~# grep "rpc_backend = rabbit" /etc/neutron/neutron.conf
rpc_backend = rabbit
root@controller:~# grep "rabbit_host = controller" /etc/neutron/neutron.conf
rabbit_host = controller
root@controller:~# grep "rabbit_userid = openstack" /etc/neutron/neutron.conf
rabbit_userid = openstack
root@controller:~# grep "rabbit_password = 123456" /etc/neutron/neutron.conf rabbit_password = 123456
root@controller:~# cat keystone_authtoken
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
root@controller:~# grep "`cat keystone_authtoken`" /etc/neutron/neutron.conf
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
root@controller:~# grep "`cat oslo_messaging_rabbit`" /etc/neutron/neutron.conf
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = 123456
root@controller:~# vim nova
root@controller:~# cat nova
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
root@controller:~# grep "`cat nova`" /etc/neutron/neutron.conf
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
也可以這樣
root@controller:~# vim neutron
root@controller:~# cat neutron
^[database]
connection = mysql+pymysql://neutron:123456@controller/neutron
^[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
^[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = 123456
^[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
^[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
root@controller:~# grep "`cat neutron`" /etc/neutron/neutron.conf
[DEFAULT]
auth_strategy = keystone
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
rpc_backend = rabbit
[database]
connection = mysql+pymysql://neutron:123456@controller/neutron
[keystone_authtoken]
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
確認ml2_conf.ini
root@controller:~# cat ml2
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
flat_networks = provider
vni_ranges = 1:1000
enable_ipset = True
# 在/etc/neutron/plugins/ml2/ml2_conf.ini添加上述內容,也可以一項一項找,然後取消注釋更改為上述對應的值
完事之後配置linuxbridge_agent.ini
root@controller:~# cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.public_net}
root@controller:~# vim linuxbridge
root@controller:~# cat linuxbridge
# 將linuxbridge_agent.ini文件中的以下選項按以下配置,沒有的選項請添加
[linux_bridge]
physical_interface_mappings = provider:eth0
[vxlan]
enable_vxlan = True
local_ip = 10.0.3.10
l2_population = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置layer-3代理
root@controller:~# cat l3_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =
root@controller:~# vim /etc/neutron/l3_agent.ini
#將此文件中的與l3_agent.ini文件中的對應的選項按如上配置
配置DHCP代理
root@controller:~# cp /etc/neutron/dhcp_agent.ini{,.back}
root@controller:~# vim /etc/neutron/dhcp_agent.ini
root@controller:~# cat dhcp_agent
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
# 將dhcp_agent.ini文件中的選項內容按dehcp_agent中的內容填寫
配置元數據代理
root@controller:~# cat metadata_agent
nova_metadata_ip = controller
metadata_proxy_shared_secret = METADATA_SECRET
root@controller:~# grep "`cat metadata_agent`" /etc/neutron/metadata_agent.ini
nova_metadata_ip = controller
metadata_proxy_shared_secret = METADATA_SECRET
為計算節點配置網路服務
root@controller:~# cp /etc/nova/nova.conf{,.public_net}
root@controller:~# vim nova
root@controller:~# cat nova
^[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET
root@controller:~# grep "`cat nova`" /etc/nova/nova.conf
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET
完成安裝,同步資料庫
root@controller:~# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
No handlers could be found for logger "oslo_config.cfg"
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Running upgrade for neutron ...
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
OK
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Running upgrade for neutron-fwaas ...
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
OK
root@controller:~# echo $?
0
重啟服務
root@controller:~# ls /etc/init.d/ | grep nova
nova-api
nova-compute
nova-conductor
nova-consoleauth
nova-novncproxy
nova-scheduler
root@controller:~# ls /etc/init.d/ | grep nova | xargs -i service {} restart
nova-api stop/waiting
nova-api start/running, process 29688
nova-compute stop/waiting
nova-compute start/running, process 29741
nova-conductor stop/waiting
nova-conductor start/running, process 29797
nova-consoleauth stop/waiting
nova-consoleauth start/running, process 29841
nova-novncproxy stop/waiting
nova-novncproxy start/running, process 29865
nova-scheduler stop/waiting
nova-scheduler start/running, process 29922
重啟網路服務
root@controller:~# ls /etc/init.d/ | grep neutron
neutron-dhcp-agent
neutron-l3-agent
neutron-linuxbridge-agent
neutron-linuxbridge-cleanup
neutron-metadata-agent
neutron-openvswitch-agent
neutron-ovs-cleanup
neutron-server
root@controller:~# ls /etc/init.d/ | grep neutron | xargs -i service {} restart
neutron-dhcp-agent stop/waiting
neutron-dhcp-agent start/running, process 31792
neutron-l3-agent stop/waiting
neutron-l3-agent start/running, process 31813
neutron-linuxbridge-agent stop/waiting
neutron-linuxbridge-agent start/running, process 31832
stop: Unknown instance:
start: Job failed to start
neutron-metadata-agent stop/waiting
neutron-metadata-agent start/running, process 31904
neutron-openvswitch-agent stop/waiting
neutron-openvswitch-agent start/running, process 31927
neutron-ovs-cleanup stop/waiting
neutron-ovs-cleanup start/running
neutron-server stop/waiting
neutron-server start/running, process 32097
驗證
root@controller:~# source adminrc
adminrc@root@controller:~$neutron ext-list
+---------------------------+-----------------------------------------------+
| alias | name |
+---------------------------+-----------------------------------------------+
| default-subnetpools | Default Subnetpools |
| network-ip-availability | Network IP Availability |
| network_availability_zone | Network Availability Zone |
| auto-allocated-topology | Auto Allocated Topology Services |
| ext-gw-mode | Neutron L3 Configurable external gateway mode |
| binding | Port Binding |
| agent | agent |
| subnet_allocation | Subnet Allocation |
| l3_agent_scheduler | L3 Agent Scheduler |
| tag | Tag support |
| external-net | Neutron external network |
| net-mtu | Network MTU |
| availability_zone | Availability Zone |
| quotas | Quota management support |
| l3-ha | HA Router extension |
| provider | Provider Network |
| multi-provider | Multi Provider Network |
| address-scope | Address scope |
| extraroute | Neutron Extra Route |
| timestamp_core | Time Stamp Fields addition for core resources |
| router | Neutron L3 Router |
| extra_dhcp_opt | Neutron Extra DHCP opts |
| security-group | security-group |
| dhcp_agent_scheduler | DHCP Agent Scheduler |
| router_availability_zone | Router Availability Zone |
| rbac-policies | RBAC Policies |
| standard-attr-description | standard-attr-description |
| port-security | Port Security |
| allowed-address-pairs | Allowed Address Pairs |
| dvr | Distributed Virtual Router |
+---------------------------+-----------------------------------------------+
adminrc@root@controller:~$neutron agent-list
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| id | agent_type | host | availability_zone | alive | admin_state_up | binary |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| 0cafd3ff-6da0-4194-a6dd-9a60136af93a | DHCP agent | controller | nova | | True | neutron-dhcp-agent |
| 53fce606-311d-4244-8af0-efd6f9087e34 | Open vSwitch agent | controller | | | True | neutron-openvswitch-agent |
| 7afb1ed4-9542-4521-b1f8-4e0c6f06fe71 | L3 agent | controller | nova | | True | neutron-l3-agent |
| b5dffa68-a505-448f-8fa6-7d8bb16eb07a | Linux bridge agent | controller | | | True | neutron-linuxbridge-agent |
| dc161e12-8b23-4f49-8170-b7d68cfe2197 | Metadata agent | controller | | | True | neutron-metadata-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
adminrc@root@controller:~$
創建虛擬網路,這裡首先需要創建提供者網路,創建提供者網路的步驟與公有網路創建提供者網路的步驟一樣,這裡由於沒有進行虛擬機快照還原操作,所以之前在公有網路配置的時候provider已經存在了,這裡為了方便,首先刪除掉公有網路創建的虛擬網路和兩個實例
# 刪除實例
adminrc@root@controller:~$openstack server list
+--------------------------------------+---------------+--------+--------------------+
| ID | Name | Status | Networks |
+--------------------------------------+---------------+--------+--------------------+
| 203a1f48-1f98-44ca-a3fa-883a9cea514a | test-instance | ACTIVE | provider=10.0.3.52 |
| 9eb49f96-7d68-4628-bb37-7583e457edc6 | test-instance | ACTIVE | provider=10.0.3.51 |
+--------------------------------------+---------------+--------+--------------------+
adminrc@root@controller:~$openstack server delete 203a1f48-1f98-44ca-a3fa-883a9cea514a
adminrc@root@controller:~$echo $?
0
adminrc@root@controller:~$openstack server delete 9eb49f96-7d68-4628-bb37-7583e457edc6
adminrc@root@controller:~$echo $?
0
# 刪除虛擬網路
adminrc@root@controller:~$neutron net-list
+--------------------------------------+----------+--------------------------------------------------+
| id | name | subnets |
+--------------------------------------+----------+--------------------------------------------------+
| ab73ff8f-2d19-4479-811c-85c068290eeb | provider | 48faef6d-ee9d-4b46-a56d-3c196a766224 10.0.3.0/24 |
+--------------------------------------+----------+--------------------------------------------------+
adminrc@root@controller:~$neutron net-delete ab73ff8f-2d19-4479-811c-85c068290eeb
Deleted network: ab73ff8f-2d19-4479-811c-85c068290eeb
adminrc@root@controller:~$neutron net-list
adminrc@root@controller:~$neutron subnet-list
創建網路提供者
adminrc@root@controller:~$neutron net-create --shared --provider:physical_network provider --provider:network_type flat provider
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2019-01-16T00:52:17 |
| description | |
| id | a600cdf0-352a-4c85-b90a-eba0ee4282fd |
| ipv4_address_scope | |
| ipv6_address_scope | |
| mtu | 1500 |
| name | provider |
| port_security_enabled | True |
| provider:network_type | flat |
| provider:physical_network | provider |
| provider:segmentation_id | |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | 29577090a0e8466ab49cc30a4305f5f8 |
| updated_at | 2019-01-16T00:52:17 |
+---------------------------+--------------------------------------+
創建子網
adminrc@root@controller:~$neutron subnet-create --name provider --allocation-pool start=10.0.3.50,end=10.0.3.254 --dns-nameserver 114.114.114.114 --gateway 10.0.3.1 provider 10.0.3.0/24
Created a new subnet:
+-------------------+---------------------------------------------+
| Field | Value |
+-------------------+---------------------------------------------+
| allocation_pools | {"start": "10.0.3.50", "end": "10.0.3.254"} |
| cidr | 10.0.3.0/24 |
| created_at | 2019-01-16T00:55:38 |
| description | |
| dns_nameservers | 114.114.114.114 |
| enable_dhcp | True |
| gateway_ip | 10.0.3.1 |
| host_routes | |
| id | b19d9f26-e32e-4bb8-a53e-55eb1154cefe |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | provider |
| network_id | a600cdf0-352a-4c85-b90a-eba0ee4282fd |
| subnetpool_id | |
| tenant_id | 29577090a0e8466ab49cc30a4305f5f8 |
| updated_at | 2019-01-16T00:55:38 |
+-------------------+---------------------------------------------+
接著創建私有網路,這裡遇到一個小錯誤
adminrc@root@controller:~$source demorc
demorc@root@controller:~$neutron net-create selfservice
Unable to create the network. No tenant network is available for allocation.
Neutron server returns request_ids: ["req-c2deaa15-c2eb-48b7-9510-644b3ae4f686"]
# 排錯
demorc@root@controller:~$ neutron net-list
+--------------------------------------+----------+--------------------------------------------------+
| id | name | subnets |
+--------------------------------------+----------+--------------------------------------------------+
| a600cdf0-352a-4c85-b90a-eba0ee4282fd | provider | b19d9f26-e32e-4bb8-a53e-55eb1154cefe 10.0.3.0/24 |
+--------------------------------------+----------+--------------------------------------------------+
demorc@root@controller:~$neutron subnet-list
+--------------------------------------+----------+-------------+---------------------------------------------+
| id | name | cidr | allocation_pools |
+--------------------------------------+----------+-------------+---------------------------------------------+
| b19d9f26-e32e-4bb8-a53e-55eb1154cefe | provider | 10.0.3.0/24 | {"start": "10.0.3.50", "end": "10.0.3.254"} |
+--------------------------------------+----------+-------------+---------------------------------------------+
demorc@root@controller:~$tail /var/log/neutron/neutron-server.log
2019-01-16 08:57:14.834 18459 ERROR neutron.api.v2.resource File "/usr/lib/python2.7/dist-packages/neutron/plugins/ml2/managers.py", line 209, in create_network_segments
2019-01-16 08:57:14.834 18459 ERROR neutron.api.v2.resource segment = self._allocate_tenant_net_segment(session)
2019-01-16 08:57:14.834 18459 ERROR neutron.api.v2.resource File "/usr/lib/python2.7/dist-packages/neutron/plugins/ml2/managers.py", line 245, in _allocate_tenant_net_segment
2019-01-16 08:57:14.834 18459 ERROR neutron.api.v2.resource raise exc.NoNetworkAvailable()
2019-01-16 08:57:14.834 18459 ERROR neutron.api.v2.resource NoNetworkAvailable: Unable to create the network. No tenant network is available for allocation.
2019-01-16 08:57:14.834 18459 ERROR neutron.api.v2.resource
2019-01-16 08:57:14.846 18459 INFO neutron.wsgi [req-c2deaa15-c2eb-48b7-9510-644b3ae4f686 c4de9fac882740838aa26e9119b30cb9 ffc560f6a2604c3896df922115c6fc2a - - -] 10.0.3.10 - - [16/Jan/2019 08:57:14] "POST /v2.0/networks.json HTTP/1.1" 503 384 0.565548
2019-01-16 09:00:32.517 18459 INFO neutron.wsgi [req-d15a0c85-1248-4744-9989-6580c476d12a c4de9fac882740838aa26e9119b30cb9 ffc560f6a2604c3896df922115c6fc2a - - -] 10.0.3.10 - - [16/Jan/2019 09:00:32] "GET /v2.0/networks.json HTTP/1.1" 200 752 0.559720
2019-01-16 09:00:32.636 18459 INFO neutron.wsgi [req-6d8fe235-340d-4fe5-897c-f8eee16e3b5e c4de9fac882740838aa26e9119b30cb9 ffc560f6a2604c3896df922115c6fc2a - - -] 10.0.3.10 - - [16/Jan/2019 09:00:32] "GET /v2.0/subnets.json?fields=id&fields=cidr&id=b19d9f26-e32e-4bb8-a53e-55eb1154cefe HTTP/1.1" 200 297 0.115075
2019-01-16 09:01:19.646 18459 INFO neutron.wsgi [req-891d5624-a86e-4374-a81d-641e5cfc0043 c4de9fac882740838aa26e9119b30cb9 ffc560f6a2604c3896df922115c6fc2a - - -] 10.0.3.10 - - [16/Jan/2019 09:01:19] "GET /v2.0/subnets.json HTTP/1.1" 200 776 0.436610
demorc@root@controller:~$
demorc@root@controller:~$vim /etc/neutron/plugins/ml2/ml2_conf.ini
# 確保vni_ranges = 1:1000在[ml2_type_vxlan]下,而不是在其他項目下
[ml2_type_vxlan]
vni_ranges = 1:1000
重啟nova和neutron服務後再次創建
demorc@root@controller:~$grep -rHn "vni_ranges" /etc/neutron/
/etc/neutron/plugins/ml2/ml2_conf.ini:186:vni_ranges = 1:1000
/etc/neutron/plugins/ml2/ml2_conf.ini:206:#vni_ranges =
/etc/neutron/plugins/ml2/ml2_conf.ini.bak:164:#vni_ranges =
/etc/neutron/plugins/ml2/ml2_conf.ini.bak:206:#vni_ranges =
demorc@root@controller:~$vim /etc/neutron/plugins/ml2/ml2_conf.ini
demorc@root@controller:~$vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
demorc@root@controller:~$vim /etc/neutron/plugins/ml2/ml2_conf.ini
demorc@root@controller:~$ls /etc/init.d/ | grep nova | xargs -i service {} restart
nova-api stop/waiting
nova-api start/running, process 5094
nova-compute stop/waiting
nova-compute start/running, process 5151
nova-conductor stop/waiting
nova-conductor start/running, process 5213
nova-consoleauth stop/waiting
nova-consoleauth start/running, process 5263
nova-novncproxy stop/waiting
nova-novncproxy start/running, process 5282
nova-scheduler stop/waiting
nova-scheduler start/running, process 5325
demorc@root@controller:~$ls /etc/init.d/ | grep neutron | xargs -i service {} restart
neutron-dhcp-agent stop/waiting
neutron-dhcp-agent start/running, process 5655
neutron-l3-agent stop/waiting
neutron-l3-agent start/running, process 5697
neutron-linuxbridge-agent stop/waiting
neutron-linuxbridge-agent start/running, process 5719
stop: Unknown instance:
start: Job failed to start
neutron-metadata-agent stop/waiting
neutron-metadata-agent start/running, process 5782
neutron-openvswitch-agent stop/waiting
neutron-openvswitch-agent start/running, process 5814
neutron-ovs-cleanup stop/waiting
neutron-ovs-cleanup start/running
neutron-server stop/waiting
neutron-server start/running, process 5994
demorc@root@controller:~$neutron net-list
+--------------------------------------+----------+--------------------------------------------------+
| id | name | subnets |
+--------------------------------------+----------+--------------------------------------------------+
| b7369bde-908a-4dc4-b4af-a4bc5e1a2b8e | provider | 68f14924-15c4-4b0d-bcfc-011fd5a6de12 10.0.3.0/24 |
+--------------------------------------+----------+--------------------------------------------------+
demorc@root@controller:~$neutron subnet-list
+--------------------------------------+----------+-------------+---------------------------------------------+
| id | name | cidr | allocation_pools |
+--------------------------------------+----------+-------------+---------------------------------------------+
| 68f14924-15c4-4b0d-bcfc-011fd5a6de12 | provider | 10.0.3.0/24 | {"start": "10.0.3.50", "end": "10.0.3.254"} |
+--------------------------------------+----------+-------------+---------------------------------------------+
demorc@root@controller:~$neutron net-create selfservice
Created a new network:
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2019-01-16T01:39:37 |
| description | |
| id | 66eb76af-e111-4cae-adc6-2df95ad29faf |
| ipv4_address_scope | |
| ipv6_address_scope | |
| mtu | 1450 |
| name | selfservice |
| port_security_enabled | True |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | ffc560f6a2604c3896df922115c6fc2a |
| updated_at | 2019-01-16T01:39:37 |
+-------------------------+--------------------------------------+
創建子網
demorc@root@controller:~$neutron subnet-create --name selfservice --dns-nameserver 114.114.114.114 --gateway 192.168.56.1 selfservice 192.168.56.0/24
Created a new subnet:
+-------------------+----------------------------------------------------+
| Field | Value |
+-------------------+----------------------------------------------------+
| allocation_pools | {"start": "192.168.56.2", "end": "192.168.56.254"} |
| cidr | 192.168.56.0/24 |
| created_at | 2019-01-16T01:45:08 |
| description | |
| dns_nameservers | 114.114.114.114 |
| enable_dhcp | True |
| gateway_ip | 192.168.56.1 |
| host_routes | |
| id | 9c8f506c-46bd-44d8-a8a5-e160bf2ddf93 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | selfservice |
| network_id | 66eb76af-e111-4cae-adc6-2df95ad29faf |
| subnetpool_id | |
| tenant_id | ffc560f6a2604c3896df922115c6fc2a |
| updated_at | 2019-01-16T01:45:08 |
+-------------------+----------------------------------------------------+
第二個子網
demorc@root@controller:~$neutron subnet-create --name selfservice --dns-nameserver 114.114.114.114 --gateway 172.16.1.1 selfservice 172.16.1.0/24
Created a new subnet:
+-------------------+------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------+
| allocation_pools | {"start": "172.16.1.2", "end": "172.16.1.254"} |
| cidr | 172.16.1.0/24 |
| created_at | 2019-01-16T01:48:32 |
| description | |
| dns_nameservers | 114.114.114.114 |
| enable_dhcp | True |
| gateway_ip | 172.16.1.1 |
| host_routes | |
| id | ec079b98-a585-40c0-9b4c-340c943642eb |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | selfservice |
| network_id | 66eb76af-e111-4cae-adc6-2df95ad29faf |
| subnetpool_id | |
| tenant_id | ffc560f6a2604c3896df922115c6fc2a |
| updated_at | 2019-01-16T01:48:32 |
+-------------------+------------------------------------------------+
創建路由
demorc@root@controller:~$source adminrc
adminrc@root@controller:~$neutron net-update provider --router:external
Updated network: provider
adminrc@root@controller:~$source demorc
demorc@root@controller:~$neutron router-create router
Created a new router:
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| description | |
| external_gateway_info | |
| id | 8770421b-2f3b-4d33-9acf-562b36b5b31b |
| name | router |
| routes | |
| status | ACTIVE |
| tenant_id | ffc560f6a2604c3896df922115c6fc2a |
+-------------------------+--------------------------------------+
demorc@root@controller:~$neutron router-list
+--------------------------------------+--------+-----------------------+
| id | name | external_gateway_info |
+--------------------------------------+--------+-----------------------+
| 8770421b-2f3b-4d33-9acf-562b36b5b31b | router | null |
+--------------------------------------+--------+-----------------------+
為路由器添加一個私網子網介面
demorc@root@controller:~$neutron router-interface-add router selfservice
Multiple subnet matches found for name "selfservice", use an ID to be more specific.
demorc@root@controller:~$neutron subnet-list
+--------------------------------------+-------------+-----------------+----------------------------------------------------+
| id | name | cidr | allocation_pools |
+--------------------------------------+-------------+-----------------+----------------------------------------------------+
| 68f14924-15c4-4b0d-bcfc-011fd5a6de12 | provider | 10.0.3.0/24 | {"start": "10.0.3.50", "end": "10.0.3.254"} |
| 9c8f506c-46bd-44d8-a8a5-e160bf2ddf93 | selfservice | 192.168.56.0/24 | {"start": "192.168.56.2", "end": "192.168.56.254"} |
| ec079b98-a585-40c0-9b4c-340c943642eb | selfservice | 172.16.1.0/24 | {"start": "172.16.1.2", "end": "172.16.1.254"} |
+--------------------------------------+-------------+-----------------+----------------------------------------------------+
demorc@root@controller:~$neutron router-interface-add router 9c8f506c-46bd-44d8-a8a5-e160bf2ddf93
Added interface 329ffea0-b8f2-4724-a6b7-19556a312b75 to router router.
為路由器添加一個公有網路的網關
demorc@root@controller:~$neutron router-gateway-set router provider
Set gateway for router router
驗證
列出網路命名空間
demorc@root@controller:~$source adminrc
adminrc@root@controller:~$ip netns
qrouter-8770421b-2f3b-4d33-9acf-562b36b5b31b
qdhcp-66eb76af-e111-4cae-adc6-2df95ad29faf
qdhcp-b7369bde-908a-4dc4-b4af-a4bc5e1a2b8e
adminrc@root@controller:~$neutron router-port-list router
列出路由器上的埠來確定公網網關的IP地址
adminrc@root@controller:~$neutron router-port-list router
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+
| 329ffea0-b8f2-4724-a6b7-19556a312b75 | | fa:16:3e:36:8e:3c | {"subnet_id": "9c8f506c-46bd-44d8-a8a5-e160bf2ddf93", "ip_address": "192.168.56.1"} |
| a0b37442-a41b-4526-b492-59f05637b371 | | fa:16:3e:02:33:fd | {"subnet_id": "68f14924-15c4-4b0d-bcfc-011fd5a6de12", "ip_address": "10.0.3.51"} |
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+
ping測試
adminrc@root@controller:~$ping -c 2 192.168.56.1
PING 192.168.56.1 (192.168.56.1) 56(84) bytes of data.
64 bytes from 192.168.56.1: icmp_seq=1 ttl=64 time=0.221 ms
64 bytes from 192.168.56.1: icmp_seq=2 ttl=64 time=0.237 ms
--- 192.168.56.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.221/0.229/0.237/0.008 ms
# 這裡說明以下,上面創建了兩個子網,一個192.168.56.0/24和172.16.1.0/24,為路由器添加私網子網介面的時候的步驟中,我使用的是192.168.56.0/24這個網段,所以這裡只能ping同192,不能ping同172
創建虛主機
# 由於環境還是公有網路的環境,所以這裡先刪除之前創建m1.nano(可能更改其他規格也可以,我沒嘗試)
adminrc@root@controller:~$openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
+----+-----------+-------+------+-----------+-------+-----------+
adminrc@root@controller:~$openstack flavor delete m1.nano
adminrc@root@controller:~$openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
+----+-----------+-------+------+-----------+-------+-----------+
adminrc@root@controller:~$openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
+----------------------------+---------+
| Field | Value |
+----------------------------+---------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 1 |
| id | 0 |
| name | m1.nano |
| os-flavor-access:is_public | True |
| ram | 64 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+---------+
生成一個鍵值對
adminrc@root@controller:~$ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
95:be:58:f6:be:9b:66:9b:db:54:e1:ee:1a:fb:26:b1 root@controller
The key"s randomart image is:
+--[ RSA 2048]----+
| |
| . |
| o . |
| o . .|
| S + ..|
| + o ... |
| . . ..+. |
| .oE+. |
| oOB*o |
+-----------------+
adminrc@root@controller:~$source demorc
demorc@root@controller:~$openstack keypair create --public-key /root/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | 95:be:58:f6:be:9b:66:9b:db:54:e1:ee:1a:fb:26:b1 |
| name | mykey |
| user_id | c4de9fac882740838aa26e9119b30cb9 |
+-------------+-------------------------------------------------+
demorc@root@controller:~$openstack keypair list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | 95:be:58:f6:be:9b:66:9b:db:54:e1:ee:1a:fb:26:b1 |
+-------+-------------------------------------------------+
增加安全組規則
# 允許ICMP(ping)
demorc@root@controller:~$openstack security group rule create --proto icmp default
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| id | b76e25be-c17e-48b3-8bbd-8505c3637900 |
| ip_protocol | icmp |
| ip_range | 0.0.0.0/0 |
| parent_group_id | 82cd1a2f-5eaa-4616-a6d4-480daf27cf3d |
| port_range | |
| remote_security_group | |
+-----------------------+--------------------------------------+
# 允許SSH訪問
demorc@root@controller:~$openstack security group rule create --proto tcp --dst-port 22 default
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| id | 32096d51-9e2a-45f2-a65a-27ef3c1bb2b5 |
| ip_protocol | tcp |
| ip_range | 0.0.0.0/0 |
| parent_group_id | 82cd1a2f-5eaa-4616-a6d4-480daf27cf3d |
| port_range | 22:22 |
| remote_security_group | |
+-----------------------+--------------------------------------+
開始創建實例
demorc@root@controller:~$openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
+----+-----------+-------+------+-----------+-------+-----------+
demorc@root@controller:~$openstack image list
+--------------------------------------+---------+--------+
| ID | Name | Status |
+--------------------------------------+---------+--------+
| 39d73bcf-e60b-4caf-8469-cca17de00d7e | cirrors | active |
+--------------------------------------+---------+--------+
demorc@root@controller:~$openstack network list
+--------------------------------------+-------------+----------------------------------------------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+-------------+----------------------------------------------------------------------------+
| 66eb76af-e111-4cae-adc6-2df95ad29faf | selfservice | 9c8f506c-46bd-44d8-a8a5-e160bf2ddf93, ec079b98-a585-40c0-9b4c-340c943642eb |
| b7369bde-908a-4dc4-b4af-a4bc5e1a2b8e | provider | 68f14924-15c4-4b0d-bcfc-011fd5a6de12 |
+--------------------------------------+-------------+----------------------------------------------------------------------------+
demorc@root@controller:~$openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+
| ID | Name | Description | Project |
+--------------------------------------+---------+------------------------+----------------------------------+
| 82cd1a2f-5eaa-4616-a6d4-480daf27cf3d | default | Default security group | ffc560f6a2604c3896df922115c6fc2a |
+--------------------------------------+---------+------------------------+----------------------------------+
#確保以上幾項都可用
# flavor的話用的是m1.nano
# net-id的話用的是selservice對應的ID
demorc@root@controller:~$openstack server create --flavor m1.nano --image cirrors --nic net-id=66eb76af-e111-4cae-adc6-2df95ad29faf --security-group default --key-name mykey selfservice-instance
+--------------------------------------+------------------------------------------------+
| Field | Value |
+--------------------------------------+------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | uFD7TkvHjsax |
| config_drive | |
| created | 2019-01-16T02:25:45Z |
| flavor | m1.nano (0) |
| hostId | |
| id | 4c954e71-8e73-49e1-a67f-20c007d582d3 |
| image | cirrors (39d73bcf-e60b-4caf-8469-cca17de00d7e) |
| key_name | mykey |
| name | selfservice-instance |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | ffc560f6a2604c3896df922115c6fc2a |
| properties | |
| security_groups | [{u"name": u"default"}] |
| status | BUILD |
| updated | 2019-01-16T02:25:46Z |
| user_id | c4de9fac882740838aa26e9119b30cb9 |
+--------------------------------------+------------------------------------------------+
查看實例狀態
demorc@root@controller:~$openstack server list
+--------------------------------------+----------------------+--------+--------------------------+
| ID | Name | Status | Networks |
+--------------------------------------+----------------------+--------+--------------------------+
| 4c954e71-8e73-49e1-a67f-20c007d582d3 | selfservice-instance | ACTIVE | selfservice=192.168.56.3 |
+--------------------------------------+----------------------+--------+--------------------------+
使用nova list查看
demorc@root@controller:~$nova list
+--------------------------------------+----------------------+--------+------------+-------------+--------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+----------------------+--------+------------+-------------+--------------------------+
| 4c954e71-8e73-49e1-a67f-20c007d582d3 | selfservice-instance | ACTIVE | - | Running | selfservice=192.168.56.3 |
+--------------------------------------+----------------------+--------+------------+-------------+--------------------------+
關閉、啟動、刪除實例
demorc@root@controller:~$openstack server list
+--------------------------------------+----------------------+---------+--------------------------+
| ID | Name | Status | Networks |
+--------------------------------------+----------------------+---------+--------------------------+
| 4c954e71-8e73-49e1-a67f-20c007d582d3 | selfservice-instance | SHUTOFF | selfservice=192.168.56.3 |
+--------------------------------------+----------------------+---------+--------------------------+
demorc@root@controller:~$openstack server list +--------------------------------------+----------------------+--------+--------------------------+
| ID | Name | Status | Networks |
+--------------------------------------+----------------------+--------+--------------------------+
| 4c954e71-8e73-49e1-a67f-20c007d582d3 | selfservice-instance | ACTIVE | selfservice=192.168.56.3 |
+--------------------------------------+----------------------+--------+--------------------------+
demorc@root@controller:~$openstack server stop 4c954e71-8e73-49e1-a67f-20c007d582d3
demorc@root@controller:~$openstack server delete 4c954e71-8e73-49e1-a67f-20c007d582d3
使用虛擬控制台訪問實例
demorc@root@controller:~$openstack console url show selfservice-instance
+-------+------------------------------------------------------------------------------------+
| Field | Value |
+-------+------------------------------------------------------------------------------------+
| type | novnc |
| url | http://192.168.56.10:6080/vnc_auto.html?token=82177d68-c9fb-4c3c-85d6-6d42db50c864 |
+-------+------------------------------------------------------------------------------------+
瀏覽器直接粘貼上面的url即可
由於是單節點安裝,所以這裡想要ping實例的話需要
demorc@root@controller:~$ip netns
qrouter-8770421b-2f3b-4d33-9acf-562b36b5b31b #複製此行
qdhcp-66eb76af-e111-4cae-adc6-2df95ad29faf
qdhcp-b7369bde-908a-4dc4-b4af-a4bc5e1a2b8e
demorc@root@controller:~$ip netns exec qrouter-8770421b-2f3b-4d33-9acf-562b36b5b31b ip a | grep "inet"
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
inet 192.168.56.1/24 brd 192.168.56.255 scope global qr-329ffea0-b8
inet6 fe80::f816:3eff:fe36:8e3c/64 scope link
inet 10.0.3.51/24 brd 10.0.3.255 scope global qg-a0b37442-a4
inet6 fe80::f816:3eff:fe02:33fd/64 scope link
demorc@root@controller:~$ip netns exec qrouter-8770421b-2f3b-4d33-9acf-562b36b5b31b ping 192.168.56.3
PING 192.168.56.3 (192.168.56.3) 56(84) bytes of data.
64 bytes from 192.168.56.3: icmp_seq=1 ttl=64 time=8.95 ms
64 bytes from 192.168.56.3: icmp_seq=2 ttl=64 time=0.610 ms
64 bytes from 192.168.56.3: icmp_seq=3 ttl=64 time=0.331 ms
64 bytes from 192.168.56.3: icmp_seq=4 ttl=64 time=0.344 ms
^C
--- 192.168.56.3 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.331/2.560/8.955/3.693 ms
創建浮動IP,用來遠程連接
demorc@root@controller:~$source adminrc
adminrc@root@controller:~$openstack ip floating create provider
+-------------+--------------------------------------+
| Field | Value |
+-------------+--------------------------------------+
| fixed_ip | None |
| id | 00315ef2-1684-42ae-825b-0f94ed098de8 |
| instance_id | None |
| ip | 10.0.3.52 |
| pool | provider |
+-------------+--------------------------------------+
為實例分配浮動IP
查看浮動IP
adminrc@root@controller:~$openstack ip floating list
+--------------------------------------+---------------------+------------------+------+
| ID | Floating IP Address | Fixed IP Address | Port |
+--------------------------------------+---------------------+------------------+------+
| 00315ef2-1684-42ae-825b-0f94ed098de8 | 10.0.3.52 | None | None |
+--------------------------------------+---------------------+------------------+------+
為實例添加浮動IP
adminrc@root@controller:~$openstack ip floating add 10.0.3.52 4c954e71-8e73-49e1-a67f-20c007d582d3
Unable to associate floating IP 10.0.3.52 to fixed IP 192.168.56.3 for instance 4c954e71-8e73-49e1-a67f-20c007d582d3. Error: Bad floatingip request: Port 454451d2-6c5d-411c-8ad0-d6f5908259a6 is associated with a different tenant than Floating IP 00315ef2-1684-42ae-825b-0f94ed098de8 and therefore cannot be bound..
Neutron server returns request_ids: ["req-58f751d8-ab56-41d3-bb99-de2307ed9c67"] (HTTP 400) (Request-ID: req-330493bd-f040-4b24-a08b-8384b162ea60)
# 報錯原因是admirc用戶創建的floating ip是不能綁定給demorc用戶實例
# 解決辦法,刪掉floating IP 使用demorc用戶重新創建floating IP
adminrc@root@controller:~$ openstack ip floating list
+--------------------------------------+---------------------+------------------+------+
| ID | Floating IP Address | Fixed IP Address | Port |
+--------------------------------------+---------------------+------------------+------+
| 00315ef2-1684-42ae-825b-0f94ed098de8 | 10.0.3.52 | None | None |
+--------------------------------------+---------------------+------------------+------+
adminrc@root@controller:~$openstack ip floating delete 00315ef2-1684-42ae-825b-0f94ed098de8
adminrc@root@controller:~$openstack ip floating list
adminrc@root@controller:~$source demorc
demorc@root@controller:~$openstack ip floating create provider
+-------------+--------------------------------------+
| Field | Value |
+-------------+--------------------------------------+
| fixed_ip | None |
| id | 72d37905-4e1d-45a4-a010-a041968a0220 |
| instance_id | None |
| ip | 10.0.3.53 |
| pool | provider |
+-------------+--------------------------------------+
demorc@root@controller:~$openstack ip floating add 10.0.3.53 selfservice-instance
demorc@root@controller:~$openstack server list
+--------------------------------------+----------------------+--------+-------------------------------------+
| ID | Name | Status | Networks |
+--------------------------------------+----------------------+--------+-------------------------------------+
| 4c954e71-8e73-49e1-a67f-20c007d582d3 | selfservice-instance | ACTIVE | selfservice=192.168.56.3, 10.0.3.53 |
+--------------------------------------+----------------------+--------+-------------------------------------+
測試浮動IP
demorc@root@controller:~$ping -c 2 10.0.3.53
PING 10.0.3.53 (10.0.3.53) 56(84) bytes of data.
64 bytes from 10.0.3.53: icmp_seq=1 ttl=63 time=3.40 ms
64 bytes from 10.0.3.53: icmp_seq=2 ttl=63 time=0.415 ms
--- 10.0.3.53 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.415/1.912/3.409/1.497 ms
demorc@root@controller:~$su -
root@controller:~# ssh cirros@10.0.3.53
The authenticity of host "10.0.3.53 (10.0.3.53)" can"t be established.
RSA key fingerprint is e2:77:a9:e6:90:87:a9:db:14:cb:95:5c:81:9a:4e:c7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added "10.0.3.53" (RSA) to the list of known hosts.
$ ifconfig
eth0 Link encap:Ethernet HWaddr FA:16:3E:30:6D:63
inet addr:192.168.56.3 Bcast:192.168.56.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:fe30:6d63/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1450 Metric:1
RX packets:114 errors:0 dropped:0 overruns:0 frame:0
TX packets:142 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:15412 (15.0 KiB) TX bytes:15024 (14.6 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
$ ping -c 2 www.qq.com
PING www.qq.com (61.129.7.47): 56 data bytes
64 bytes from 61.129.7.47: seq=0 ttl=52 time=7.461 ms
64 bytes from 61.129.7.47: seq=1 ttl=52 time=6.463 ms
--- www.qq.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 6.463/6.962/7.461 ms
$ exit
Connection to 10.0.3.53 closed.
浮動IP的意義:當用戶創建的實例處於私有網路的時候,此時又想讓實例訪問外網,這就需要通過綁定floating IP來實現私有網路中的實例訪問公網。
demorc@root@controller:~$nova list
+--------------------------------------+----------------------+--------+------------+-------------+-------------------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+----------------------+--------+------------+-------------+-------------------------------------+
| 4c954e71-8e73-49e1-a67f-20c007d582d3 | selfservice-instance | ACTIVE | - | Running | selfservice=192.168.56.3, 10.0.3.53 |
+--------------------------------------+----------------------+--------+------------+-------------+-------------------------------------+
demorc@root@controller:~$ping -c 2 10.0.3.53
PING 10.0.3.53 (10.0.3.53) 56(84) bytes of data.
64 bytes from 10.0.3.53: icmp_seq=1 ttl=63 time=3.31 ms
64 bytes from 10.0.3.53: icmp_seq=2 ttl=63 time=0.550 ms
--- 10.0.3.53 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.550/1.934/3.319/1.385 ms
demorc@root@controller:~$ssh -i /root/.ssh/id_rsa cirros@10.0.3.53
$ ifconfig
eth0 Link encap:Ethernet HWaddr FA:16:3E:30:6D:63
inet addr:192.168.56.3 Bcast:192.168.56.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:fe30:6d63/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1450 Metric:1
RX packets:249 errors:0 dropped:0 overruns:0 frame:0
TX packets:235 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:30532 (29.8 KiB) TX bytes:27110 (26.4 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
$ exit
Connection to 10.0.3.53 closed.
openstack安裝dashboard
root@controller:~# apt-get install -y openstack-dashboard
配置dashboard
root@controller:~# cp /etc/openstack-dashboard/local_settings.py{,.bak}
root@controller:~# vim /etc/openstack-dashboard/local_settings.py
OPENSTACK_HOST = "controller"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = "*"
SESSION_ENGINE = "django.contrib.sessions.backends.cache"
CACHES = {
"default": {
"BACKEND": "django.core.cache.backends.memcached.MemcachedCache",
"LOCATION": "10.0.3.10:11211",
}
}
OPENSTACK_API_VERSIONS = {
"data-processing": 1.1,
"identity": 3,
"volume": 2,
"compute": 2,
}
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
OPENSTACK_NEUTRON_NETWORK = {
"enable_router": True,
"enable_quotas": True,
"enable_ipv6": True,
"enable_distributed_router": False,
"enable_ha_router": False,
"enable_lb": True,
"enable_firewall": True,
"enable_vpn": True,
"enable_fip_topology_check": True,
"default_ipv4_subnet_pool_label": None,
"default_ipv6_subnet_pool_label": None,
"profile_support": None,
"supported_provider_types": ["*"],
"supported_vnic_types": ["*"],
}
TIME_ZONE = "Asia/Shanghai"
重啟apache2
root@controller:~# service apache2 reload
* Reloading web server apache2 *
root@controller:~# echo $?
0
瀏覽器測試
# 如果不記得admin密碼可以查看這個文件
openstack@controller:~$ cat adminrc
unset OS_TOKEN
unset OS_URL
unset OS_IDENTITY_API_VERSION
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export PS1="adminrc@u@h:w$"
驗證demo用戶
使用demo用戶查看網路拓撲
查看相關信息
查看routers的信息
使用admin查看相關信息
安裝cinder
首先需要給虛擬機添加一塊新硬碟,添加步驟不再演示,一路默認下一步即可。
開始準備Cinder安裝環境
root@controller:~# mysql -uroot -p123456
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 43
Server version: 5.5.61-MariaDB-1ubuntu0.14.04.1 (Ubuntu)
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type "help;" or "h" for help. Type "c" to clear the current input statement.
MariaDB [(none)]> create database cinder;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on cinder.* to "cinder"@"lcoalhost" identified by "123456";
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on cinder.* to "cinder"@"%" identified by "123456";
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> q
Bye
切換到adminrc環境
# 創建一個cinder用戶
root@controller:~# source adminrc
adminrc@root@controller:~$openstack user create --domain default --password cinder cinder
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 1495769d2bbb44d192eee4c9b2f91ca3 |
| enabled | True |
| id | 74153e9abf694f2f9ecd2203b71e2529 |
| name | cinder |
+-----------+----------------------------------+
添加admin角色到cinder用戶上
adminrc@root@controller:~$openstack role add --project service --user cinder admin
創建 cinder 和 cinderv2 服務實體
adminrc@root@controller:~$openstack service create --name cinder --description "OpenStack Block Storage" volume
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Block Storage |
| enabled | True |
| id | 3f13455162a145e28096ce110be1213e |
| name | cinder |
| type | volume |
+-------------+----------------------------------+
adminrc@root@controller:~$openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Block Storage |
| enabled | True |
| id | 9fefead9767048e1b632bb7026c55380 |
| name | cinderv2 |
| type | volumev2 |
+-------------+----------------------------------+
創建塊設備存儲服務API入口點
dminrc@root@controller:~$openstack endpoint create --region RegionOne volume public http://controller:8776/v1/%(tenant_id)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | d45e4cd8fb7945968d5e644a74dc62e3 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3f13455162a145e28096ce110be1213e |
| service_name | cinder |
| service_type | volume |
| url | http://controller:8776/v1/%(tenant_id)s |
+--------------+-----------------------------------------+
adminrc@root@controller:~$openstack endpoint create --region RegionOne volume internal http://controller:8776/v1/%(tenant_id)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | fcf99a2a72c94d81b472f4c75ea952c8 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3f13455162a145e28096ce110be1213e |
| service_name | cinder |
| service_type | volume |
| url | http://controller:8776/v1/%(tenant_id)s |
+--------------+-----------------------------------------+
adminrc@root@controller:~$openstack endpoint create --region RegionOne volume admin http://controller:8776/v1/%(tenant_id)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | e611a9caabf640dfbcd93b7b750180da |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3f13455162a145e28096ce110be1213e |
| service_name | cinder |
| service_type | volume |
| url | http://controller:8776/v1/%(tenant_id)s |
+--------------+-----------------------------------------+
adminrc@root@controller:~$openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%(tenant_id)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | ecd1248c63844473aba74c6af3554a00 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9fefead9767048e1b632bb7026c55380 |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://controller:8776/v2/%(tenant_id)s |
+--------------+-----------------------------------------+
adminrc@root@controller:~$openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%(tenant_id)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | 862a463ef202433e95e2e1c80030af59 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9fefead9767048e1b632bb7026c55380 |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://controller:8776/v2/%(tenant_id)s |
+--------------+-----------------------------------------+
adminrc@root@controller:~$openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%(tenant_id)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | 89fcc47679e94213a0ec2d8eabed95db |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9fefead9767048e1b632bb7026c55380 |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://controller:8776/v2/%(tenant_id)s |
+--------------+-----------------------------------------+
安裝安全配置組件
adminrc@root@controller:~$apt-get install -y cinder-api cinder-scheduler
開始配置cinder
adminrc@root@controller:~$cp /etc/cinder/cinder.conf{,.bak}
adminrc@root@controller:~$vim /etc/cinder/cinder.conf
[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
api_paste_confg = /etc/cinder/api-paste.ini
iscsi_helper = tgtadm
volume_name_template = volume-%s
volume_group = cinder-volumes
verbose = True
auth_strategy = keystone
state_path = /var/lib/cinder
lock_path = /var/lock/cinder
volumes_dir = /var/lib/cinder/volumes
auth_strategy = keystone
rpc_backend = rabbit
my_ip = 10.0.3.10
[database]
connection = mysql+pymysql://cinder:123456@controller/cinder
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = cinder
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = 123456
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
確認配置無誤後,同步資料庫
adminrc@root@controller:~$su -s /bin/bash -c "cinder-manage db sync" cinder
Option "verbose" from group "DEFAULT" is deprecated for removal. Its value may be silently ignored in the future.
2019-01-17 10:42:23.140 10824 WARNING py.warnings [-] /usr/lib/python2.7/dist-packages/oslo_db/sqlalchemy/enginefacade.py:241: NotSupportedWarning: Configuration option(s) ["use_tpool"] not supported
exception.NotSupportedWarning
2019-01-17 10:42:23.203 10824 INFO migrate.versioning.api [-] 0 -> 1...
.........
2019-01-17 10:42:25.097 10824 INFO migrate.versioning.api [-] done
配置計算節點使用塊設備存儲
adminrc@root@controller:~$cp /etc/nova/nova.conf{,.private}
adminrc@root@controller:~$vim /etc/nova/nova.conf
# 文件末尾添加
[cinder]
os_region_name = RegionOne
# 保存退出後,重啟nova-api和cinder服務
adminrc@root@controller:~$service nova-api restart
nova-api stop/waiting
nova-api start/running, process 11615
adminrc@root@controller:~$service cinder-
cinder-api cinder-scheduler
adminrc@root@controller:~$ls /etc/init.d/ | grep cinder
cinder-api
cinder-scheduler
adminrc@root@controller:~$ls /etc/init.d/ | grep cinder | xargs -i service {} restart
cinder-api stop/waiting
cinder-api start/running, process 11773
cinder-scheduler stop/waiting
cinder-scheduler start/running, process 11812
安裝lvm2
adminrc@root@controller:~$apt-get install -y lvm2
創建LVM物理卷、卷組
adminrc@root@controller:~$pvcreate /dev/sdb
Physical volume "/dev/sdb" successfully created
adminrc@root@controller:~$vgcreate cinder-volumes /dev/sdb
Volume group "cinder-volumes" successfully created
配置
adminrc@root@controller:~$cp /etc/lvm/lvm.conf{,.bak}
adminrc@root@controller:~$vim /etc/lvm/lvm.conf
filter = [ "a/sdb/", "r/.*/"] #將原值修改為這個值
安裝安全組件
adminrc@root@controller:~$apt-get install cinder-volume
配置cinder.conf
adminrc@root@controller:~$cat /etc/cinder/cinder.conf
[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
api_paste_confg = /etc/cinder/api-paste.ini
iscsi_helper = tgtadm
volume_name_template = volume-%s
volume_group = cinder-volumes
verbose = True
auth_strategy = keystone
state_path = /var/lib/cinder
lock_path = /var/lock/cinder
volumes_dir = /var/lib/cinder/volumes
auth_strategy = keystone
rpc_backend = rabbit
my_ip = 10.0.3.10
enabled_backends = lvm
glance_api_servers = http://controller:9292
[database]
connection = mysql+pymysql://cinder:123456@controller/cinder
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = cinder
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = 123456
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = tgtadm
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
重啟服務
adminrc@root@controller:~$service tgt restart
tgt stop/waiting
tgt start/running, process 24646
adminrc@root@controller:~$service cinder-volume restart
cinder-volume stop/waiting
cinder-volume start/running, process 24696
驗證
adminrc@root@controller:~$cinder service-list
+------------------+----------------+------+---------+-------+----------------------------+-----------------+
| Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |
+------------------+----------------+------+---------+-------+----------------------------+-----------------+
| cinder-scheduler | controller | nova | enabled | up | 2019-01-17T03:20:00.000000 | - |
| cinder-volume | controller | nova | enabled | down | 2019-01-17T03:18:52.000000 | - |
| cinder-volume | controller@lvm | nova | enabled | up | 2019-01-17T03:20:01.000000 | - |
+------------------+----------------+------+---------+-------+----------------------------+-----------------+
# 不知道為什麼一個狀態是down
切換到demo用戶
adminrc@root@controller:~$source demorc
demorc@root@controller:~$openstack volume create --size 1 volume1
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2019-01-17T04:07:56.366573 |
| description | None |
| encrypted | False |
| id | 240ee7be-49bb-48bc-8bb3-1c44196b5ad9 |
| multiattach | False |
| name | volume1 |
| properties | |
| replication_status | disabled |
| size | 1 |
| snapshot_id | None |
| source_volid | None |
| status | creating |
| type | None |
| updated_at | None |
| user_id | c4de9fac882740838aa26e9119b30cb9 |
+---------------------+--------------------------------------+
demorc@root@controller:~$openstack volume list
+--------------------------------------+--------------+-----------+------+-------------+
| ID | Display Name | Status | Size | Attached to |
+--------------------------------------+--------------+-----------+------+-------------+
| 240ee7be-49bb-48bc-8bb3-1c44196b5ad9 | volume1 | available | 1 | |
+--------------------------------------+--------------+-----------+------+-------------+
添加卷到一個實例上
demorc@root@controller:~$nova list
+--------------------------------------+----------------------+---------+------------+-------------+-------------------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+----------------------+---------+------------+-------------+-------------------------------------+
| 4c954e71-8e73-49e1-a67f-20c007d582d3 | selfservice-instance | SHUTOFF | - | Shutdown | selfservice=192.168.56.3, 10.0.3.53 |
+--------------------------------------+----------------------+---------+------------+-------------+-------------------------------------+
demorc@root@controller:~$nova start 4c954e71-8e73-49e1-a67f-20c007d582d3
Request to start server 4c954e71-8e73-49e1-a67f-20c007d582d3 has been accepted.
demorc@root@controller:~$nova list
+--------------------------------------+----------------------+--------+------------+-------------+-------------------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+----------------------+--------+------------+-------------+-------------------------------------+
| 4c954e71-8e73-49e1-a67f-20c007d582d3 | selfservice-instance | ACTIVE | - | Running | selfservice=192.168.56.3, 10.0.3.53 |
+--------------------------------------+----------------------+--------+------------+-------------+-------------------------------------+
demorc@root@controller:~$ping -c 2 10.0.3.53
PING 10.0.3.53 (10.0.3.53) 56(84) bytes of data.
64 bytes from 10.0.3.53: icmp_seq=1 ttl=63 time=9.45 ms
64 bytes from 10.0.3.53: icmp_seq=2 ttl=63 time=0.548 ms
demorc@openstack@controller:~$nova list
+--------------------------------------+----------------------+--------+------------+-------------+-------------------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+----------------------+--------+------------+-------------+-------------------------------------+
| 4c954e71-8e73-49e1-a67f-20c007d582d3 | selfservice-instance | ACTIVE | - | Running | selfservice=192.168.56.3, 10.0.3.53 |
+--------------------------------------+----------------------+--------+------------+-------------+-------------------------------------+
demorc@openstack@controller:~$openstack volume list
+--------------------------------------+--------------+-----------+------+-------------+
| ID | Display Name | Status | Size | Attached to |
+--------------------------------------+--------------+-----------+------+-------------+
| 240ee7be-49bb-48bc-8bb3-1c44196b5ad9 | volume1 | available | 1 | |
+--------------------------------------+--------------+-----------+------+-------------+
# 複製下來實例的ID和volume1的ID
demorc@root@controller:~$openstack server add volume 4c954e71-8e73-49e1-a67f-20c007d582d3 240ee7be-49bb-48bc-8bb3-1c44196b5ad9
再次查看volume1的狀態,可以看出正在使用
demorc@root@controller:~$openstack volume list
+--------------------------------------+--------------+--------+------+-----------------------------------------------+
| ID | Display Name | Status | Size | Attached to |
+--------------------------------------+--------------+--------+------+-----------------------------------------------+
| 240ee7be-49bb-48bc-8bb3-1c44196b5ad9 | volume1 | in-use | 1 | Attached to selfservice-instance on /dev/vdb |
+--------------------------------------+--------------+--------+------+-----------------------------------------------+
創建並格式化新創建的磁碟
demorc@root@controller:~$ssh cirros@10.0.3.53
$ sudo -s
$ fdisk -l
Disk /dev/vda: 1073 MB, 1073741824 bytes
255 heads, 63 sectors/track, 130 cylinders, total 2097152 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000
Device Boot Start End Blocks Id System
/dev/vda1 * 16065 2088449 1036192+ 83 Linux
Disk /dev/vdb: 1073 MB, 1073741824 bytes
16 heads, 63 sectors/track, 2080 cylinders, total 2097152 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000
Disk /dev/vdb doesn"t contain a valid partition table
$ mkfs.ext4 /dev/sdb
$ mkfs.ext4 /dev/vdb
mke2fs 1.42.2 (27-Mar-2012)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
65536 inodes, 262144 blocks
13107 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=268435456
8 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376
Allocating group tables: done
Writing inode tables: done
Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information:done
$ ls /mnt/
lost+found
$ touch /mnt/test
$ ls /mnt/
lost+found test
$ exit
$ exit
Connection to 10.0.3.53 closed.
demorc@root@controller:~$exit
exit
作者:Lucky_7
原文:https://www.cnblogs.com/zd520pyx1314/p/9643628.html
(僅供學習使用,如有侵權請留言,我會第一時間刪除相關內容)
※Python五種常見的演算法,你都了解么
※斷路器Netflix OSS Hystrix和Istio的Envoy比較
TAG:程序員小新人學習 |