UbuntuOpenStack core componennts

<1,keystone安装配置>

1,yum -y install openstack-keystone python-keystoneclient;

2,配置实用mysql存储keytone componts 配置信息

/etc/keystone/keystone.conf

connection = mysql://ruiy:321@byruiy.cc/keystone

创建数据库用户赋予合适权限;

3,Define an authorization token to use as a shared secret between the identity service and other OpenStack service
ADMIN_TOKEN=$(openssl rand -hex 10)
admin_token = $ADMIN_TOKEN

export OS_SERVICE_TOKEN=14034bb8102de15503dc
export OS_SERVICE_ENDPOINT=http://byruiy.cc:35357/v2.0

4,Keystone usees PKI tokens,Create the signing keys and certificates and restrict access to the generated data:

keystone-manage pki_setup --keystone-user keystone --keystone-group keystone

chown -R keystone:keystone /etc/keystone/ssl
chmod -R o-rwx /etc/keystone/ssl

5,OpenStack清理expired tokens

6,Define users,tenants,roles

创建administrative用户

创建用户,角色,租户

keystone user-create --name=admin --pass=admin --email=rui.qin@egrandis.com
keystone role-create --name=admin
keystone tenant-create --name=admin --description="Admin Tenant"

链接用户角色租户

创建normal普通用户

daily non-administrative interaction with the OpenStack cloud,skip the tenant role creation step when creating there users;

当前角色有admin(super-user)和_member_(normal-user)

7,Create a service tenant:
OpenStack service also require a username,tenant,and role to access other OpenStack services.

Ruiy tips

基于2中环境变量交互访问OpenStack services components

(1,用户,租户,Auth-URL,无此API called)

export OS_USERNAME=admin
export OS_PASSWORD=321
export OS_TENANT_NAME=admin_project
export OS_AUTH_URL=http://5.10.124.181:5000/v2.0

(2,admin_token,OS_SERVICE_ENDPOINT)

export OS_SERVICE_TOKEN=14034bb8102de15503dc
export OS_SERVICE_ENDPOINT=http://byruiy.cc:35357/v2.0

或是指定OpenStack components --options

8,Define services and API endpoints

keystone service-create     Describes the service;
keystone endpoint-create  Associates API endpoints with the service;

register the identity service itself:

8.1,service-create

8.2,endpoint-create

Specify an OpenStack core components service API endpoint for identity service by using every keystone service-create returned service_ID

8.2.1,截取keystone service-id字段

8.2.2,基于OpenStack service components keystone service-id创建keystone的API endpoint

8.2.3,verify identityService installed and configured correctly

clear unset OS_SERVICE_TOKEN and OS_SERVICE_ENDPOINT environment variables

8.2.4,use regular user name-based authentication(基于此时还没使用tenant)
request a authentication token by using the admin user and the password

in response,you receive a token paired with your user ID

verifyes identity service kis running on the expected endpoint and that your user account is established with the expected credenitals

当你看到上面的截图时,你一定惊呆了!要是惊呆了,那你就傻了,上面仅仅是使用上面创建的用户基于密码,而没使用tenant,看到没

分别总结基于环境变量访问以定义的API endpoint

基于OpenStack core components python-OpenStackcorecomponentsClients --options访问API endpoint

keystone --os-username= --os-password= --os-auth-url= token-get

8.2.5,基于tenant 获取token-get for specify tenant

request authorization on tenant

In response,you receive a token that includes the ID of the tenant that you specified.Verifies that your user account has an explicitly defined role on the specified tenant and the tenant exists expected;

测试不使用--os-username= --os-password= --os-tenant-name= --os-auth-url= 而是使用此命令选项的环境变量

或是--os-service-token= --os-service-endpoint=

<二,安装配置OpenStackClient客户端>

OpenStack Client客户端是干啥的?是用来执行CLI called OpenStack core components Services API;

Ruiy Tips:Internally,each OpenStack core components Service client CLI runs cURL commands that embed API requests;

OpenStack APIs are RESTful APIs that use the HTTP protocol,including methods,URIs,media types,and response codes;
URI,URL区别见
http://baike.baidu.com/view/160675.htm?fr=aladdin
Each Openstack service has its own command-line client;

Openstack services   and    clients:

Block Storage　　  cinder     python-cinderclient   create and manage volumes
Compute  　　       nova      python-novaclient     create and manage images,instances,and flavors

Database service   trove      python-troveclient     create and manage databases

image service        glance     python-glanceclient   create and manage images

identity   　　　　  keystone python-keystoneclient create and manage users,tenants,roles,endpoints,and credentials

Networking   　　  neutron   python-neutronclient   configure network for guest servers

Object Storage     swift        python-swiftclient       gather statistics,list items,update metadata,and upload,download,and delete files stored by the object storage service,gain access to an object storage installation for ad hoc processing

orchestration       heat        python-heatclient       launch stacks from templates,view details of running stacks including events and resources,and update and delete stacks

telemetry            ceilometer  python-ceilometerclient    create and collect measurements across openstack

prerequisite softwares for openstack core components services clients

setuptools是 Python Enterprise Application Kit（PEAK）的一个副项目，它 是一组Python的 distutilsde工具的增强工具

pip(python package index) CLC

easy_install pip
    from setuptools package

pip install python-PROJECTclient (latest version)

pip enables you to update or remove a packages

upgrade or remove clients
pip install --upgrade python-PROJECTclient
pip uninstall python-PROJECTclient

<三,安装配置image 镜像服务>

OpenStack VMIs image service overview

snapshots for back up and as templates to launch new servers

can store registered
images in Object Storage or in other locations or simple fileSystem

verify image service Succ installed

下载测试镜像

http://cdn.download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img

upload registry img to image service;

online regtry img resources

Ruiy Tips,OpenStack Services Core components image Service(glance)项目下的组件

glance-api
glance-registry

<四,安装配置compute service Inc Compute control service and compute Nodes>

1,compute control service

Ruiy Rips:

every OpenStack core Componets Service 都需要创建一个keystone user,为其指定service tenant,admin role

注册此组件服务,并关联足迹API endpoints

Ubuntu OpenStack compute control service 服务控制

测试compute controll service -->nova 配置Ok!

基于CLIlaunch virtual machine 前提是获取相关image-id,flavor-id

2,compute Nodes

无网络实例化VMI,always spawning

<五,add a Network services (Nrutron,legacy networking)>

关于云计算安全组(security group)概念:
安全组概念属于云网络范畴,Security groups enable adminstrators to defined firewall rules in groups,a VM can blong to one or more security group,and Networking applies the rules in those security groups to block or unblock,port ranges,or traffic types for that VM

Ruiy Tips:一般命令行的参数Arguments及options选项区别

Arguments(通常no --)

Options(通常加--)

调节内核参数,启用内核网络(kernel networking)功能

dmks(动态内核模块支持(Dynamic Kernel Module Support))

generic routing encapsulation(通用路由封装)

Generic Receive Offload (GRO)

Tunneling protocols such as generic routing encapsulation (GRE) include additional
packet headers that increase overhead and decrease space available for the payload or
user data

many network devices lack support for jumbo frames (Mellanox)

基于单网卡(eg,eth0)配置多ip

ifconfig eth0:1 192.168.1.159 netmask 255.255.255.0;

create a router and attach your tenant and external networks to it;

在配置OpenStack网络后启动虚机必须指定网络

基于nova boot --image --flavor --nic net-id= --security-group --key-name New-Instance-You-want-like-to-name初始化创建OpenStack虚机实例VMI VMs;

获取与本机ESTABLISH的外网ip

OpenStack基于CLI删除VMI,VMs;