openstack

  • 1.openstack简介
  • 2. 环境
  • 2.1 安全
  • 2.2 主机网络
  • 2.2.1 配置网络接口
  • 2.2.2 配置域名解析
  • 2.3 网络时间协议(NTP)
  • 2.4 OpenStack包
  • 2.5 SQL数据库
  • 2.6 消息队列
  • 2.7 Memcached
  • 3. 认证服务
  • 3.1 先决条件
  • 3.2 安全并配置组件
  • 3.3 配置 Apache HTTP 服务器
  • 3.4 创建服务实体和API端点
  • 3.5 创建域、项目、用户和角色
  • 3.6 验证操作
  • 4. 创建 OpenStack 客户端环境脚本
  • 4.1 创建脚本
  • 4.2 使用脚本
  • 5. 镜像服务
  • 5.1 先决条件
  • 5.2 安全并配置组件
  • 5.3 验证操作
  • 6. 计算服务
  • 6.1 安装并配置控制节点
  • 6.2 创建服务证书
  • 6.3 创建 Compute 服务 API 端点
  • 6.4 安全并配置组件
  • 6.5 在启动一台作为计算节点
  • 6.6 host-passthrough的问题(嵌套)
  • 7. 网络服务
  • 8. 配置一个实例,拉起来云主机
  • 9. dashboard
  • 10. 配置私有网络
  • 11. 自己创建镜像+云主机
  • 11.1 封装主机
  • 11.2 配置grub文件
  • 11.3 配置网卡信息
  • 11.4 关机进行封装
  • 11.5 创建镜像
  • 11.6 创建云主机
  • 11.7 添加浮动ip
  • 12. 快设备


1.openstack简介

  • OpenStack是一个云操作系统,它控制整个数据中心的计算、存储和网络资源的大型池,所有这些都通过具有通用身份验证机制的api进行管理和配置。还提供了一个仪表板,允许管理员控制,同时允许用户通过web界面提供资源。
  • 除了标准的基础设施即服务功能外,其他组件还提供编排、故障管理和服务管理等服务,以确保用户应用程序的高可用性。
  • 整个OpenStack是由控制节点,计算节点,网络节点,存储节点四大部分组成。
    openstack重要集成组件:
    Nova - 计算服务
    Neutron-网络服务
    Swift - 对象存储服务
    Cinder-块存储服务
    Glance - 镜像服务
    Keystone - 认证服务
    Horizon - UI服务
    Ceilometer-监控服务
    Heat-集群服务

官网

2. 环境

2.1 安全

2.2 主机网络

2.2.1 配置网络接口

[root@westos Desktop]# cd /boot/
[root@westos boot]# ls
config-4.18.0-193.el8.x86_64
efi
extlinux
grub2
initramfs-0-rescue-fdab85af04c04962873b8d34852a2152.img
initramfs-4.18.0-193.el8.x86_64.img
initramfs-4.18.0-193.el8.x86_64kdump.img
loader
System.map-4.18.0-193.el8.x86_64
vmlinuz-0-rescue-fdab85af04c04962873b8d34852a2152
vmlinuz-4.18.0-193.el8.x86_64
[root@westos boot]# cd grub2/
[root@westos grub2]# vim grubenv 
#nouveau.modeset=0  net.ifnames=0   ##如果主机名不一致可以修改一下。比如网卡是eth0,另一个是eth1就是正确的,是ens这种别的就需要添加下面的参数。
[root@westos grub2]# cat grubenv 
# GRUB Environment Block
saved_entry=fdab85af04c04962873b8d34852a2152-4.18.0-193.el8.x86_64
kernelopts=root=/dev/mapper/rhel-root ro crashkernel=auto resume=/dev/mapper/rhel-swap rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet 
boot_success=0
boot_indeterminate=0
#nouveau.modeset=0  net.ifnames=0   ##需要加到kernelopts这一行
[root@server1 ~]# cd /etc/sysconfig/network-scripts/
[root@server1 network-scripts]# cp ifcfg-eth0 ifcfg-eth1
[root@server1 network-scripts]# vim ifcfg-eth1 
[root@server1 network-scripts]# cat ifcfg-eth1
BOOTPROTO=none
DEVICE=eth1
ONBOOT=yes
[root@server1 network-scripts]# ifup eth1
[root@server1 network-scripts]# ip addr 
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:a3:b3:d3 brd ff:ff:ff:ff:ff:ff
    inet 172.25.13.1/24 brd 172.25.13.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fea3:b3d3/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:43:33:f3 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::5054:ff:fe43:33f3/64 scope link 
       valid_lft forever preferred_lft forever

云计算openstack商业价值 openstack云计算基础架构平台_memcached

云计算openstack商业价值 openstack云计算基础架构平台_memcached_02

2.2.2 配置域名解析

[root@server1 network-scripts]# hostnamectl set-hostname controller
[root@server1 network-scripts]# vim /etc/hosts
[root@server1 network-scripts]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.13.1 controller
172.25.13.2 compute1
172.25.13.3 block1
172.25.13.4 server4
172.25.13.5 server5
172.25.13.6 server6
172.25.13.7 server7
172.25.13.250 westos.westos.org

云计算openstack商业价值 openstack云计算基础架构平台_云计算openstack商业价值_03

2.3 网络时间协议(NTP)

##真机配置chronyd(真机开了防火墙一定要添加ntp服务)
[root@westos ~]# vim /etc/chrony.conf  ##真机
pool ntp1.aliyun.com iburst
# Allow NTP client access from local network.
allow 172.25/24
[root@westos ~]# systemctl restart chronyd.service 

##虚拟机必须同步时间,不然会出错
[root@controller ~]# yum install chrony   
[root@controller ~]# vim /etc/chrony.conf 
server 172.25.13.250 iburst
[root@controller ~]# timedatectl set-timezone Asia/Shanghai
[root@controller ~]# systemctl restart chronyd.service   ##重启服务
[root@controller ~]# chronyc  sources -v   ##查看是否连接成功

云计算openstack商业价值 openstack云计算基础架构平台_openstack_04


云计算openstack商业价值 openstack云计算基础架构平台_memcached_05

云计算openstack商业价值 openstack云计算基础架构平台_vim_06


云计算openstack商业价值 openstack云计算基础架构平台_memcached_07

云计算openstack商业价值 openstack云计算基础架构平台_vim_08

2.4 OpenStack包

##1. 配置真机文件
[root@westos ~]# cd /var/www/html/
[root@westos html]# lftp 172.25.254.250
lftp 172.25.254.250:~> cd pub/openstack/
lftp 172.25.254.250:/pub/openstack> mirror mitaka/
Total: 1 directory, 286 files, 0 symlinks                            
New: 286 files, 0 symlinks
144203995 bytes transferred in 2 seconds (55.85 MiB/s)
lftp 172.25.254.250:/pub/openstack> 
lftp 172.25.254.250:/pub/openstack> exit
[root@westos html]# ls
ansible  docker-ce  index.html  mitaka  rhel7.6  rhel8.2  software

##2. controller主机仓库
[root@controller ~]# cd /etc/yum.repos.d/
[root@controller yum.repos.d]# vim openstack.repo
[root@controller yum.repos.d]# cat openstack.repo 
[openstack]
name=openstack
baseurl=http://172.25.13.250/mitaka
gpgcheck=0
[root@controller yum.repos.d]# yum repolist list 
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
openstack                                                | 2.9 kB     00:00     
openstack/primary_db                                       | 141 kB   00:00     
repolist: 0
[root@controller yum.repos.d]# yum repolist 
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
repo id                              repo name                            status
openstack                            openstack                              279
rhel7.6                              rhel7.6                              5,152
repolist: 5,431
[root@controller ~]# yum upgrade  ##在主机上升级包
[root@controller ~]# yum install python-openstackclient -y  ##安装 OpenStack 客户端

云计算openstack商业价值 openstack云计算基础架构平台_云计算openstack商业价值_09

云计算openstack商业价值 openstack云计算基础架构平台_openstack_10

2.5 SQL数据库

[root@controller ~]# yum install mariadb mariadb-server python2-PyMySQL ##安装软件包
[root@controller ~]# vim  /etc/my.cnf.d/openstack.cnf
[root@controller ~]# cat /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 172.25.13.1
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
[root@controller ~]# systemctl enable --now mariadb.service
[root@controller ~]# mysql_secure_installation    ##安全初始化,设个root密码,其他全是Y

2.6 消息队列

[root@controller ~]# yum install rabbitmq-server -y    ##
[root@controller ~]# systemctl enable --now rabbitmq-server.service
[root@controller ~]# rabbitmqctl add_user openstack openstack   ##添加 openstack 用户
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"  ##给``openstack``用户配置写和读权限
[root@controller ~]# rabbitmq-plugins list 
[root@controller ~]# rabbitmq-plugins enable rabbitmq_management  ##启动

云计算openstack商业价值 openstack云计算基础架构平台_vim_11

云计算openstack商业价值 openstack云计算基础架构平台_mysql_12

2.7 Memcached

[root@controller ~]# yum install memcached python-memcached -y  #安装软件包
[root@controller ~]# systemctl enable --now memcached.service   ##启动
[root@controller ~]# netstat -antlp | grep :11211
tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      16081/memcached     
tcp6       0      0 ::1:11211               :::*                    LISTEN      16081/memcached  
[root@controller ~]# vim /etc/sysconfig/memcached 
[root@controller ~]# cat /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
#OPTIONS="-l 127.0.0.1,::1"   ##注释之后默认访问所有网段
[root@controller ~]# systemctl restart memcached.service

云计算openstack商业价值 openstack云计算基础架构平台_vim_13

3. 认证服务

3.1 先决条件

#完成下面的步骤以创建数据库
[root@controller ~]# mysql -p   #用数据库连接客户端以 root 用户连接到数据库服务器
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 12
Server version: 10.1.20-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE keystone;   #创建 keystone 数据库
Query OK, 1 row affected (0.00 sec)
##对``keystone``数据库授予恰当的权限
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \ 
    ->   IDENTIFIED BY 'keystone';   
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \            ->   IDENTIFIED BY 'keystone';

[root@controller ~]# mysql -u keystone -p  ##登陆测试
MariaDB [(none)]>

3.2 安全并配置组件

[root@controller ~]# openssl rand -hex 10  #生成一个随机值在初始的配置中作为管理员的令牌。
2c824d60aa530b959bdc
[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y 
[root@controller ~]# vim  /etc/keystone/keystone.conf  ##
[DEFAULT]    ##在``[DEFAULT]``部分,定义初始管理令牌的值
admin_token =2c824d60aa530b959bdc
[database]  ##在 [database] 部分,配置数据库访问
connection = mysql+pymysql://keystone:keystone@controller/keystone
[token]    ###在``[token]``部分,配置Fernet UUID令牌的提供者。
provider = fernet
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone ##初始化身份认证服务的数据库
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone ##初始化Fernet keys
[root@controller ~]# cd /etc/keystone/
[root@controller keystone]# ls
default_catalog.templates  keystone-paste.ini  sso_callback_template.html
fernet-keys                logging.conf
keystone.conf              policy.json

云计算openstack商业价值 openstack云计算基础架构平台_云计算openstack商业价值_14

3.3 配置 Apache HTTP 服务器

[root@controller ~]# vim /etc/httpd/conf/httpd.conf    ##编辑``/etc/httpd/conf/httpd.conf`` 文件,配置``ServerName`` 选项为控制节点
ServerName controller

[root@controller conf.d]# vim /etc/httpd/conf.d/wsgi-keystone.conf
[root@controller conf.d]# cat /etc/httpd/conf.d/wsgi-keystone.conf   ##用下面的内容创建文件 /etc/httpd/conf.d/wsgi-keystone.conf。
Listen 5000
Listen 35357
<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>
[root@controller conf.d]# systemctl enable --now httpd.service   ##一定要自启动,不然整个服务是起不来的

3.4 创建服务实体和API端点

[root@controller ~]# export OS_TOKEN=2c824d60aa530b959bdc   ##配置认证令牌
[root@controller ~]# export OS_URL=http://controller:35357/v3 ##配置端点URL
[root@controller ~]# export OS_IDENTITY_API_VERSION=3   ##配置认证 API 版本
##1. 在你的Openstack环境中,认证服务管理服务目录。服务使用这个目录来决定您的环境中可用的服务。
[root@controller ~]# openstack service create --name keystone --description "OpenStack Identity" identity   ##创建服务实体和身份认证服务
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Identity               |
| enabled     | True                             |
| id          | 8fca5715645f43b5bd5d84d1a1eb4ec5 |
| name        | keystone                         |
| type        | identity                         |
+-------------+----------------------------------+
##2.身份认证服务管理了一个与您环境相关的 API 端点的目录。服务使用这个目录来决定如何与您环境中的其他服务进行通信
##创建认证服务的 API 端点
[root@controller ~]# openstack endpoint create --region RegionOne \
>   identity public http://controller:5000/v3   
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 1f6d00909eef4078a8fa5691c185a896 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 8fca5715645f43b5bd5d84d1a1eb4ec5 |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://controller:5000/v3        |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   identity internal http://controller:5000/v3
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | d5702854772b4774a37c0bf839187eb0 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 8fca5715645f43b5bd5d84d1a1eb4ec5 |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://controller:5000/v3        |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   identity admin http://controller:35357/v3
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | b960b6acb0f34a55a85fcd251b5201c7 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 8fca5715645f43b5bd5d84d1a1eb4ec5 |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://controller:35357/v3       |
+--------------+----------------------------------+

3.5 创建域、项目、用户和角色

##1.身份认证服务为每个OpenStack服务提供认证服务。认证服务使用 T domains, projects (tenants), :term:`users<user>`和 :term:`roles<role>`的组合。

##1.创建域``default``:
[root@controller ~]# openstack domain create --description "Default Domain" default
##2.在你的环境中,为进行管理操作,创建管理的项目、用户和角色:
##2.1创建 admin 项目:
[root@controller ~]# openstack project create --domain default \
>   --description "Admin Project" admin
##2.2 创建 admin 用户
[root@controller ~]# openstack user create --domain default --password admin admin
##2.2创建 admin 角色
[root@controller ~]# openstack role create admin
##2.3 添加``admin`` 角色到 admin 项目和用户上
[root@controller ~]# openstack role add --project admin --user admin admin

##3. 本指南使用一个你添加到你的环境中每个服务包含独有用户的service 项目。创建``service``项目
[root@controller ~]# openstack project create --domain default --description "Service Project" service

##4.常规(非管理)任务应该使用无特权的项目和用户。作为例子,本指南创建 demo 项目和用户
##4.1创建``demo`` 项目
[root@controller ~]# openstack project create --domain default --description "Demo Project" demo
##4.2 创建demo用户
[root@controller ~]# openstack user create --domain default --password demo demo 
##4.3 创建 user 角色
[root@controller ~]# openstack role create user
## 4.4 添加 user``角色到 ``demo 项目和用户
[root@controller ~]# openstack role add --project demo --user demo user

3.6 验证操作

##1。重置``OS_TOKEN``和``OS_URL`` 环境变量
[root@controller ~]# unset OS_TOKEN OS_URL
##2。作为 admin 用户,请求认证令牌
[root@controller ~]# openstack --os-auth-url http://controller:35357/v3 \
>   --os-project-domain-name default --os-user-domain-name default \
>   --os-project-name admin --os-username admin token issue    ##密码是admin
##3. 作为``demo`` 用户,请求认证令牌
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \
>   --os-project-domain-name default --os-user-domain-name default \
>   --os-project-name demo --os-username demo token issue
Password:

4. 创建 OpenStack 客户端环境脚本

4.1 创建脚本

#1.创建脚本,创建 admin 和 ``demo``项目和用户创建客户端环境变量脚本。本指南的接下来的部分会引用这些脚本,为客户端操作加载合适的的凭证。
##1.1 编辑文件 admin-openrc 并添加如下内容:
[root@controller ~]# vim  admin-openrc
[root@controller ~]# cat admin-openrc 
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

##1.2 编辑文件 demo	-openrc 并添加如下内容:
[root@controller ~]# vim demo-openrc 
[root@controller ~]# cat demo-openrc 
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

4.2 使用脚本

[root@controller ~]# source admin-openrc    ##每次使用都需要source,后面的文件会指定用户。admin是系统用户,其他用户权限不够
[root@controller ~]# openstack token issue   ##请求认证令牌
[root@controller ~]# openstack user list   ##查看用户信息
[root@controller ~]# openstack project list   ##查看项目信息
[root@controller ~]# openstack endpoint list   ##查看api接口

云计算openstack商业价值 openstack云计算基础架构平台_openstack_15


云计算openstack商业价值 openstack云计算基础架构平台_memcached_16


云计算openstack商业价值 openstack云计算基础架构平台_memcached_17

5. 镜像服务

5.1 先决条件

#1. 
##1.1用数据库连接客户端以 root 用户连接到数据库服务器:
[root@controller ~]# mysql -p 
Enter password:    ##westos密码

Query OK, 0 rows affected (0.00 sec)
##1.2.创建 glance 数据库:
MariaDB [(none)]> CREATE DATABASE glance;
##1.3.对``glance``数据库授予恰当的权限:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost'    IDENTIFIED BY 'glance';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%'    IDENTIFIED BY 'glance';
##1.4.退出数据库客户端。

#2.获得 admin 凭证来获取只有管理员能执行的命令的访问权限:
[root@controller ~]# source admin-openrc 

#3. 创建服务证书
##3.1 创建 glance 用户:
[root@controller ~]# openstack user create --domain default --password glance glance
## 3.2 添加 admin 角色到 glance 用户和 service 项目上。
[root@controller ~]# openstack role add --project service --user glance admin
## 3.3 创建``glance``服务实体:
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image

#4. 创建镜像服务的 API 端点
[root@controller ~]# openstack endpoint create --region RegionOne \
>   image public http://controller:9292
[root@controller ~]# openstack endpoint create --region RegionOne \
>   image internal http://controller:9292
[root@controller ~]# openstack endpoint create --region RegionOne \
>   image admin http://controller:9292

云计算openstack商业价值 openstack云计算基础架构平台_memcached_18

5.2 安全并配置组件

##1. 安装软件包
[root@controller ~]# yum install openstack-glance
##2. 编辑文件 /etc/glance/glance-api.conf 并完成如下动作
[database]
connection = mysql+pymysql://glance:glance@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[root@controller ~]# vim /etc/glance/glance-api.conf
##3.编辑文件 ``/etc/glance/glance-registry.conf``并完成如下动作
[root@controller ~]# vim /etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:glance@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone

## 4.写入镜像服务数据库
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
##忽略输出中任何不推荐使用的信息。

## 5. 完成并启动
[root@controller ~]# systemctl enable --now openstack-glance-api.service openstack-glance-registry.service

[root@controller ~]# netstat -antlp | grep :9292
tcp        0      0 0.0.0.0:9292            0.0.0.0:*               LISTEN      18223/python2       

## 6。查看日志部分
[root@controller ~]# cd /var/log/
[root@controller log]# ls
anaconda           btmp    dmesg.old  lastlog   qemu-ga   tuned
audit              chrony  glance     maillog   rabbitmq  wtmp
boot.log           cron    httpd      mariadb   rhsm      yum.log
boot.log-20210324  dmesg   keystone   messages  secure
[root@controller log]# cd glance/
[root@controller glance]# ls
api.log  registry.log

5.3 验证操作

#2. 下载镜像源
#wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img  测试镜像
[root@controller ~]# ls
admin-openrc  cirros-0.4.0-x86_64-disk.img  demo-openrc
#3。使用 QCOW2 磁盘格式, bare 容器格式上传镜像到镜像服务并设置公共可见,这样所有的项目都可以访问它
[root@controller ~]# openstack image create "cirros" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --public

#4。确认镜像的上传并验证属性
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| 2785a258-64e0-442a-b691-e7a54823d9d8 | cirros | active |
+--------------------------------------+--------+--------+

[root@controller ~]# ll /var/lib/glance/images/
total 12420
-rw-r----- 1 glance glance 12716032 Mar 24 14:40 2785a258-64e0-442a-b691-e7a54823d9d8
[root@controller images]# du -h 2785a258-64e0-442a-b691-e7a54823d9d8
13M	2785a258-64e0-442a-b691-e7a54823d9d8

6. 计算服务

6.1 安装并配置控制节点

#创建数据库
[root@controller ~]# mysql -p 
MariaDB [(none)]> CREATE DATABASE nova_api;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE nova;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)

6.2 创建服务证书

##1.创建 nova 用户
[root@controller ~]# openstack user create --domain default \
>   --password nova nova 

#2.给 nova 用户添加 admin 角色:
[root@controller ~]# openstack role add --project service --user nova admin
## 3. 创建 nova 服务实体
[root@controller ~]# openstack service create --name nova \
>   --description "OpenStack Compute" compute

6.3 创建 Compute 服务 API 端点

[root@controller ~]# openstack endpoint create --region RegionOne \
>   compute public http://controller:8774/v2.1/%\(tenant_id\)s
[root@controller ~]# openstack endpoint create --region RegionOne \
>   compute internal http://controller:8774/v2.1/%\(tenant_id\)s
[root@controller ~]# openstack endpoint create --region RegionOne \
>   compute admin http://controller:8774/v2.1/%\(tenant_id\)s

6.4 安全并配置组件

[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor \
>   openstack-nova-console openstack-nova-novncproxy \
>   openstack-nova-scheduler
##2.配置

参考https://docs.openstack.org/mitaka/zh_CN/install-guide-rdo/nova-controller-install.html
##3.同步Compute 数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release.')
  result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release.')
  result = self._query(query)

##启动compute
[root@controller ~]# systemctl enable --now  openstack-nova-api.service  openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller ~]# netstat -antlp | grep :8774
tcp        0      0 0.0.0.0:8774            0.0.0.0:*               LISTEN      19227/python2 
[root@controller ~]# openstack compute service list 
+----+-------------+------------+----------+---------+-------+--------------+
| Id | Binary      | Host       | Zone     | Status  | State | Updated At   |
+----+-------------+------------+----------+---------+-------+--------------+
|  1 | nova-       | controller | internal | enabled | up    | 2021-03-24T0 |
|    | scheduler   |            |          |         |       | 7:30:38.0000 |
|    |             |            |          |         |       | 00           |
|  2 | nova-       | controller | internal | enabled | up    | 2021-03-24T0 |
|    | conductor   |            |          |         |       | 7:30:38.0000 |
|    |             |            |          |         |       | 00           |
|  3 | nova-       | controller | internal | enabled | up    | 2021-03-24T0 |
|    | consoleauth |            |          |         |       | 7:30:38.0000 |
|    |             |            |          |         |       | 00           |
+----+-------------+------------+----------+---------+-------+--------------+

6.5 在启动一台作为计算节点

[root@compute1 ~]# hostname
compute1
[root@compute1 network-scripts]# cat ifcfg-eth1
BOOTPROTO=none
DEVICE=eth1
ONBOOT=yes
[root@compute1 ~]# vim /etc/hosts  ##解析
[root@compute1 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.13.1 controller
172.25.13.2 compute1
172.25.13.3 block1
[root@compute1 ~]# yum install chrony -y 
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Package chrony-3.2-2.el7.x86_64 already installed and latest version
Nothing to do
[root@compute1 ~]# vim /etc/chrony.conf 
[root@compute1 ~]# systemctl start chronyd 
[root@compute1 ~]# systemctl enable --now chronyd
[root@compute1 ~]# 



##1。安装软件
[root@compute1 ~]# ll /etc/yum.repos.d/openstack.repo 
-rw-r--r-- 1 root root 74 Mar 24 03:42 /etc/yum.repos.d/openstack.repo
[root@compute1 ~]# yum install openstack-nova-compute
##2。 配置文件/etc/nova/nova.conf。参考https://docs.openstack.org/mitaka/zh_CN/install-guide-rdo/nova-compute-install.html

##3。完成安装
[root@compute1 ~]# egrep -c '(vmx|svm)' /proc/cpuinfo
2
[root@compute1 ~]# systemctl enable --now libvirtd.service openstack-nova-compute.service

云计算openstack商业价值 openstack云计算基础架构平台_mysql_19

6.6 host-passthrough的问题(嵌套)

[root@westos Desktop]# cd /sys/module/
[root@westos module]# cd kvm_amd/
[root@westos kvm_amd]# ls
coresize  initsize   notes       refcnt       sections    taint
holders   initstate  parameters  rhelversion  srcversion  uevent
[root@westos kvm_amd]# cd parameters/
[root@westos parameters]# cat nested 
0
[root@westos parameters]# cd /etc/modprobe.d/
[root@westos modprobe.d]# vim kvm.conf 

[root@westos modprobe.d]# pwd
/etc/modprobe.d

7. 网络服务

参考

  • 配置先决条件,在配置公有网络,在配置之后的

8. 配置一个实例,拉起来云主机

9. dashboard

10. 配置私有网络

官网

配置完成主机后,需要给一个浮动ip,使得可以访问内网的192.168网段主机。

云计算openstack商业价值 openstack云计算基础架构平台_memcached_20


云计算openstack商业价值 openstack云计算基础架构平台_云计算openstack商业价值_21


云计算openstack商业价值 openstack云计算基础架构平台_openstack_22


云计算openstack商业价值 openstack云计算基础架构平台_openstack_23

11. 自己创建镜像+云主机

11.1 封装主机

参考官网

云计算openstack商业价值 openstack云计算基础架构平台_openstack_24

云计算openstack商业价值 openstack云计算基础架构平台_云计算openstack商业价值_25


云计算openstack商业价值 openstack云计算基础架构平台_云计算openstack商业价值_26


云计算openstack商业价值 openstack云计算基础架构平台_云计算openstack商业价值_27

云计算openstack商业价值 openstack云计算基础架构平台_vim_28

云计算openstack商业价值 openstack云计算基础架构平台_云计算openstack商业价值_29

云计算openstack商业价值 openstack云计算基础架构平台_mysql_30

云计算openstack商业价值 openstack云计算基础架构平台_云计算openstack商业价值_31


云计算openstack商业价值 openstack云计算基础架构平台_memcached_32


云计算openstack商业价值 openstack云计算基础架构平台_openstack_33

[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# ls
rhel7.6.repo
[root@localhost yum.repos.d]# cat rhel7.6.repo 
[rhel7.6]
name=rhel7.6
baseurl=http://172.25.13.250/rhel7.6
gpgcheck=0
[root@localhost yum.repos.d]# yum install acpid
[root@localhost yum.repos.d]# systemctl enable acpid
[root@westos ~]# cd /var/www/html/
[root@westos html]# lftp 172.25.254.250
lftp 172.25.254.250:~> cd pub/cloud-init/
lftp 172.25.254.250:/pub/cloud-init> ls
drwxr-xr-x    3 0        0            4096 Mar 16  2018 rhel6
drwxr-xr-x    3 0        0            4096 Mar 16  2018 rhel7
lftp 172.25.254.250:/pub/cloud-init> mirror rhel7/
Total: 1 directory, 34 files, 0 symlinks                   
New: 34 files, 0 symlinks
7975152 bytes transferred
lftp 172.25.254.250:/pub/cloud-init> exit
[root@westos html]# ll rhel7
total 7732
-rw-r--r--. 1 root root  247892 Mar 17  2018 audit-2.7.6-3.el7.x86_64.rpm
-rw-r--r--. 1 root root   97960 Mar 17  2018 audit-libs-2.7.6-3.el7.x86_64.rpm
-rw-r--r--. 1 root root   75032 Mar 17  2018 audit-libs-python-2.7.6-3.el7.x86_64.rpm
-rw-r--r--. 1 root root  296980 Mar 17  2018 checkpolicy-2.5-4.el7.x86_64.rpm
-rw-r--r--. 1 root root  636684 Mar 17  2018 cloud-init-0.7.9-9.el7.centos.2.x86_64.rpm
-rw-r--r--. 1 root root   43960 Mar 17  2018 cloud-utils-0.27-10.el7.x86_64.rpm
-rw-r--r--. 1 root root   25280 Mar 17  2018 cloud-utils-growpart-0.27-10.el7.x86_64.rpm
-rw-r--r--. 1 root root  842584 Mar 17  2018 euca2ools-3.4.1-1.el7.noarch.rpm
-rw-r--r--. 1 root root   66536 Mar 17  2018 libcgroup-0.41-13.el7.x86_64.rpm
-rw-r--r--. 1 root root  148492 Mar 17  2018 libsemanage-2.5-8.el7.x86_64.rpm
-rw-r--r--. 1 root root  106604 Mar 17  2018 libsemanage-python-2.5-8.el7.x86_64.rpm
-rw-r--r--. 1 root root  312764 Mar 17  2018 net-tools-2.0-0.22.20131004git.el7.x86_64.rpm
-rw-r--r--. 1 root root  878956 Mar 17  2018 policycoreutils-2.5-17.1.el7.x86_64.rpm
-rw-r--r--. 1 root root  456316 Mar 17  2018 policycoreutils-python-2.5-17.1.el7.x86_64.rpm
-rw-r--r--. 1 root root  127092 Mar 17  2018 pyserial-2.6-6.el7.noarch.rpm
-rw-r--r--. 1 root root 1426348 Mar 17  2018 python-babel-0.9.6-8.el7.noarch.rpm
-rw-r--r--. 1 root root   32880 Mar 17  2018 python-IPy-0.75-6.el7.noarch.rpm
-rw-r--r--. 1 root root  527832 Mar 17  2018 python-jinja2-2.7.2-2.el7.noarch.rpm
-rw-r--r--. 1 root root   14968 Mar 17  2018 python-jsonpatch-1.2-4.el7.noarch.rpm
-rw-r--r--. 1 root root   13164 Mar 17  2018 python-jsonpointer-1.9-2.el7.noarch.rpm
-rw-r--r--. 1 root root   25792 Mar 17  2018 python-markupsafe-0.11-10.el7.x86_64.rpm
-rw-r--r--. 1 root root  273488 Mar 17  2018 python-paramiko-2.1.1-0.2.el7.noarch.rpm
-rw-r--r--. 1 root root   38000 Mar 17  2018 python-prettytable-0.7.2-3.el7.noarch.rpm
-rw-r--r--. 1 root root   20868 Mar 17  2018 python-progressbar-2.3-4.el7.noarch.rpm
-rw-r--r--. 1 root root   81016 Mar 17  2018 python-requestbuilder-0.7.1-1.el7.noarch.rpm
-rw-r--r--. 1 root root  406404 Mar 17  2018 python-setuptools-0.9.8-7.el7.noarch.rpm
drwxr-xr-x. 2 root root    4096 Mar 16  2018 repodata
-rw-r--r--. 1 root root  626528 Mar 17  2018 setools-libs-3.3.8-1.1.el7.x86_64.rpm
[root@localhost yum.repos.d]# vi rhel7.6.repo 
[root@localhost yum.repos.d]# cat rhel7.6.repo 
[rhel7.6]
name=rhel7.6
baseurl=http://172.25.13.250/rhel7.6
gpgcheck=0
[cloud]
name=cloud
baseurl=http://172.25.13.250/rhel7
gpgcheck=0
[root@localhost yum.repos.d]# yum repolist 
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
cloud                                                    | 2.9 kB     00:00     
rhel7.6                                                  | 4.3 kB     00:00     
cloud/primary_db                                           |  27 kB   00:00     
repo id                              repo name                            status
cloud                                cloud                                   27
rhel7.6                              rhel7.6                              5,152
repolist: 5,179

[root@localhost yum.repos.d]# yum install cloud-init -y cloud-utils-growpart  ##安装云相关的软件
[root@localhost ~]# echo "NOZEROCONF=yes" >> /etc/sysconfig/network   ##设置路由

云计算openstack商业价值 openstack云计算基础架构平台_memcached_34


云计算openstack商业价值 openstack云计算基础架构平台_openstack_35

11.2 配置grub文件

[root@localhost ~]# cd /boot/
[root@localhost boot]# cd grub2/
[root@localhost grub2]# ls
device.map  fonts  grub.cfg  grubenv  i386-pc  locale
[root@localhost grub2]# vi grub.cfg

云计算openstack商业价值 openstack云计算基础架构平台_memcached_36

云计算openstack商业价值 openstack云计算基础架构平台_memcached_37

11.3 配置网卡信息

[root@localhost ~]# cd /etc/sysconfig/net
netconsole       network          network-scripts/ 
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# vim ifcfg-eth0 
-bash: vim: command not found
[root@localhost network-scripts]# vi ifcfg-eth0 
[root@localhost network-scripts]# cat ifcfg-eth0 
BOOTPROTO=dhcp
DEVICE=eth0
ONBOOT=yes

云计算openstack商业价值 openstack云计算基础架构平台_vim_38

11.4 关机进行封装

[root@localhost network-scripts]# poweroff   ##关机
[root@westos ~]# cd /var/lib/libvirt/images/  ##真机
[root@westos images]# ll base.qcow2 
-rw-------. 1 root root 10739318784 Mar 26 13:17 base.qcow2
[root@westos images]# du -h base.qcow2 
11G	base.qcow2
[root@westos images]# virt-sysprep -d base   ##清理
[root@westos images]# virt-sparsify --compress base.qcow2 small.qcow2   #压缩
[root@westos images]# du -h small.qcow2 
513M	small.qcow2
[root@westos images]# mv small.qcow2 /var/www/html/   ##移动到apache默认发布目录

云计算openstack商业价值 openstack云计算基础架构平台_vim_39


云计算openstack商业价值 openstack云计算基础架构平台_云计算openstack商业价值_40


云计算openstack商业价值 openstack云计算基础架构平台_memcached_41


云计算openstack商业价值 openstack云计算基础架构平台_vim_42

11.5 创建镜像

[root@westos html]# setenforce  0  ##真机一定要关掉selinux

云计算openstack商业价值 openstack云计算基础架构平台_vim_43


云计算openstack商业价值 openstack云计算基础架构平台_云计算openstack商业价值_44


云计算openstack商业价值 openstack云计算基础架构平台_openstack_45


云计算openstack商业价值 openstack云计算基础架构平台_vim_46

11.6 创建云主机

云计算openstack商业价值 openstack云计算基础架构平台_memcached_47


云计算openstack商业价值 openstack云计算基础架构平台_mysql_48

云计算openstack商业价值 openstack云计算基础架构平台_mysql_49


云计算openstack商业价值 openstack云计算基础架构平台_mysql_50


云计算openstack商业价值 openstack云计算基础架构平台_云计算openstack商业价值_51


云计算openstack商业价值 openstack云计算基础架构平台_云计算openstack商业价值_52

11.7 添加浮动ip

云计算openstack商业价值 openstack云计算基础架构平台_云计算openstack商业价值_53

12. 快设备

##必须有解析
##存储节点新加一个磁盘
## [root@block1 ~]# vim /etc/lvm/lvm.conf  ##添加内容如下
filter = [ "a/vda/", "a/vdb/", "r/.*/"]

## yum install openstack-cinder targetcli python-keystone ##需要openstack的yum源
##结果如下

云计算openstack商业价值 openstack云计算基础架构平台_openstack_54


云计算openstack商业价值 openstack云计算基础架构平台_memcached_55


云计算openstack商业价值 openstack云计算基础架构平台_vim_56


云计算openstack商业价值 openstack云计算基础架构平台_云计算openstack商业价值_57


云计算openstack商业价值 openstack云计算基础架构平台_云计算openstack商业价值_58