centos7.1 x86_64系统安装openstack(Mitaka)一
一、Openstack各组件简单介绍
keystone:身份认证服务
glance:镜像服务
nova:计算服务
neutron:网络服务
Cinder:块存储服务
Swift:对象存储服务
heat:编排服务
HoRizon:web控制面板
Ceilometer:资源监控、计量服务
二、环境准备:
VMvare虚拟机,详情如下:
|
主机名 |
操作系统 |
IP |
备注 |
|
controller |
CentOS 7.1 x86_64 |
eth0:192.168.200.201/24 |
控制节点 |
|
compute1 |
CentOS 7.1 x86_64 |
eth0:192.168.200.202/24 |
计算节点 |
注意:每个节点上面两个网卡(一个网卡用户为用户提供服务,一个网卡用于管理网络 。可以使用两个vmnet网络来模拟,一个VMNET8_NAT(这里为200网段),一个vmnet1)
控制节点:
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:5f:6a:23 brd ff:ff:ff:ff:ff:ff
inet 192.168.200.201/24 brd 192.168.25.255 scope global eno16777736
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe5f:6a23/64 scope link
valid_lft forever preferred_lft forever (提供者网络)
3: eno33554984: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:5f:6a:2d brd ff:ff:ff:ff:ff:ff
inet 192.168.110.38/24 brd 192.168.110.255 scope global eno33554984
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe5f:6a2d/64 scope link
valid_lft forever preferred_lft forever (管理网络)
计算节点:
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:df:21:b8 brd ff:ff:ff:ff:ff:ff
inet 192.168.200.202/24 brd 192.168.25.255 scope global eno16777736
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fedf:21b8/64 scope link
valid_lft forever preferred_lft forever (提供者网络)
4: eno33554984: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master brq89fb29a3-d6 state UP qlen 1000
inet 192.168.110.39/24 brd 192.168.110.255 scope global eno33554984
link/ether 00:0c:29:df:21:c2 brd ff:ff:ff:ff:ff:ff
inet6 fe80::20c:29ff:fedf:21c2/64 scope link
valid_lft forever preferred_lft forever (管理网络)
关闭防火墙及selinux,修改hosts文件及主机名:
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# systemctl disable firewalld.service
[root@localhost ~]# setenforce 0
[root@openstack01 ~]# sed -i '7 s/enforcing/disabled/' /etc/selinux/config
[root@localhost ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.200.201 controller
192.168.200.202 compute1
[root@localhost ~]# hostnamectl set-hostname controller #computer节点也要做此步
[root@localhost ~]# bash
2.2 OpenStack版本介绍
略。本文使用的是M(Mitaka)版。
2.3 安装组件服务
yum -y install centos-release-openstack-mitaka #centos7 直接安装软件,extra仓库里面包含(需要连网)
2.3.1 控制节点安装
yum -y install python-openstackclient mariadb mariadb-server MySQL-python rabbitmq-server openstack-keystone httpd mod_wsgi memcached python-memcached openstack-glance python-glance python-glanceclient openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset openstack-dashboard #这其中包括MySQL、Keystone、Rabbitmq、Glance、Nova、Neutron、Dashboard服务。
2.3.2 计算节点安装
yum -y install centos-release-openstack-mitaka python-openstackclient device-mapper lvm2 openstack-nova-compute sysfsutils openstack-neutron openstack-neutron-linuxbridge ebtables ipset
三、OpenStack之控制节点
3.1 首先保证控制节点与计算节点时间同步,可配置一台NTP服务器,然后另一台机器使用ntpdate命令同步时间(非常重要)。
3.2 控制节点的mysql
Openstack的所有组件除了Horizon,都要用到数据库,本文使用的是mysql,在CentOS7中,默认叫做MariaDB。
修改mysql配置,创建并编辑/etc/my.cnf.d/openstack.cnf
[root@controller ~]# vim /etc/my.cnf.d/openstack.cnf(在mysqld模块下添加如下内容)
[mysqld]
bind-address = 192.168.200.201
max_connections = 4096
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
开机自启和启动mysql
[root@controller ~]# systemctl enable mariadb.service
[root@controller ~]# systemctl start mariadb.service
[root@controller ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): //直接回车
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password: //输入新密码:123123
Re-enter new password: //重填密码:123123
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
创建所有组件的数据库并授权:
【root@controller~】#mysql -uroot -p123123
执行sql语句:
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';
flush privileges;
3.3 Rabbit消息队列
SOA架构,面向服务的体系结构是一个组件模型,它将应用程序的不同功能单元(称为服务)通过这些服务之间定义好的借口和契约联系起来。接口是采用中立的方式进行定义的,它应该独立于实现服务的硬件平台、操作系统和编程语言。这使得构建在各种各样的系统中的服务可以使用一种统一和通用的方式进行交互。
在这里OpenStack采用了SOA架构方案,结合了SOA架构的松耦合特点,单独组件单独部署,每个组件之间可能互为消费者和提供者,通过消息队列(OpenStack支持Rabbitmq、Zeromq、Qpid)进行通信,保证了某个服务当掉的情况,不至于其他都当掉。
启动Rabbitmq
[root@controller ~]# systemctl enable rabbitmq-server.service
[root@controller ~]# systemctl start rabbitmq-server.service
新家Rabbitmq用户并授权,密码为123123
[root@controller ~]# rabbitmqctl add_user openstack 123123
授权给OpenStack用户以访问、写、读的权限
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
安装Memcached服务
[root@controller ~]# yum -y install memcached python-memcached
[root@controller ~]# systemctl enable memcached.service
[root@controller ~]# systemctl start memcached.service
3.4Keystone组件
修改keystone的配置文件
为初始化时的管理员生成一个token令牌
[root@controller ~]# openssl rand -hex 10
17cd889044c22ee274f9 //复制下来
[root@controller ~]# cp /etc/keystone/keystone.conf{,.org}
[root@controller ~]# vim /etc/keystone/keystone.conf
13 admin_token = 17cd889044c22ee274f9 #用作无用户时,创建用户来链接,此内容使用openssl随机产生
549 connection = mysql://keystone:keystone@localhost/keystone #用作链接数据库,三个keysthone分别为keystone组件,keystone用户名,mysql中的keysthone库名
2005 provider = fernet
1463 rabbit_host = controller
1469 rabbit_port = 5672
1481 rabbit_userid = openstack
1485 rabbit_password = 123123
[root@controller opt]# su -s /bin/sh -c "keystone-manage db_sync" keystone
构建数据库
[root@controller keystone]# ll /var/log/keystone/
total 8
-rw-r--r-- 1 keystone keystone 7064 Dec 15 14:43 keystone.log
更改后的结果
[root@controller ~]# grep -n '^[a-z]' /etc/keystone/keystone.conf
13:admin_token = 17cd889044c22ee274f9
549:connection = mysql://keystone:keystone@localhost/keystone
1463:rabbit_host = controller
1469:rabbit_port = 5672
1481:rabbit_userid = openstack
1485:rabbit_password = 123123
2005:provider = fernet
[root@controller keystone]# mysql -u root -p123123 -e 'use keystone;show tables;'
+------------------------+
| Tables_in_keystone |
+------------------------+
| access_token |
| assignment |
| config_register |
| consumer |
| credential |
| domain |
| endpoint |
| endpoint_group |
| federated_user |
| federation_protocol |
| group |
| id_mapping |
| identity_provider |
| idp_remote_ids |
| implied_role |
| local_user |
| mapping |
| migrate_version |
| password |
| policy |
| policy_association |
| project |
| project_endpoint |
| project_endpoint_group |
| region |
| request_token |
| revocation_event |
| role |
| sensitive_config |
| service |
| service_provider |
| token |
| trust |
| trust_role |
| user |
| user_group_membership |
| whitelisted_config |
初始化fernet keys
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
添加一个apache的wsgi-keystone配置文件,其中5000端口是提供该服务的,35357是为admin提供管理用的
[root@controller ~]# httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built: Jul 18 2016 15:30:14
创建/etc/httpd/conf.d/wsgi-keystone.conf配置文件
[root@controller keystone]# vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
配置apache的servername,如果不配置servername,会影响keystone服务
[root@controller httpd]# vim /etc/httpd/conf/httpd.conf
95 ServerName controller
启动memcached,httpd,keystone
[root@controller ~]# httpd -t
Syntax OK
[root@controller ~]# systemctl enable httpd.service
[root@controller ~]# systemctl start httpd.service
查看httpd端口占用情况
[root@controller httpd]# netstat -lntup|grep httpd
tcp6 0 0 :::5000 :::* LISTEN 70482/httpd
tcp6 0 0 :::80 :::* LISTEN 70482/httpd
tcp6 0 0 :::35357 :::* LISTEN 70482/httpd
创建用户并连接keystone,在这里可以使用两种方式,通过keystone –help后加参数的方式,或者使用环境变量env的方式,下面就将使用环境变量的方式,分别设置了token,API及控制版本(SOA种很适用)
[root@controller ~]# export OS_TOKEN=17cd889044c22ee274f9
[root@controller ~]# export OS_URL=http://192.168.200.201:35357/v3
[root@controller ~]# export OS_IDENTITY_API_VERSION=3
注册keystone服务,虽然keystone本身是搞注册的,但是自己也需要注册服务。
创建keystone认证
【root@controller ~】#openstack service create --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | d241e6f094764717bd33615ff843c420 |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
创建一个API端点
分别创建三种类型的endpoint,分别为public:对外可见,internal内部使用,admin管理使用
[root@controller ~]# openstack endpoint create --region RegionOne identity public http://192.168.200.201:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | ae271b2ca66548de85df93d577cbd1a4 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d241e6f094764717bd33615ff843c420 |
| service_name | keystone |
| service_type | identity |
| url | http://192.168.200.201:5000/v3 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne identity internal http://192.168.200.201:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 46ef634562df474dac0175fd8750d10f |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d241e6f094764717bd33615ff843c420 |
| service_name | keystone |
| service_type | identity |
| url | http://192.168.200.201:5000/v3 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne identity admin http://192.168.200.201:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | de6819281cdf4007af362c1fc8453443 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d241e6f094764717bd33615ff843c420 |
| service_name | keystone |
| service_type | identity |
| url | http://192.168.200.201:5000/v3 |
+--------------+----------------------------------+
查看创建的endpoint
[root@controller ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
| 46ef634562df474dac0175fd8750d10f | RegionOne | keystone | identity | True | internal | http://192.168.200.201:5000/v3 |
| ae271b2ca66548de85df93d577cbd1a4 | RegionOne | keystone | identity | True | public | http://192.168.200.201:5000/v3 |
| de6819281cdf4007af362c1fc8453443 | RegionOne | keystone | identity | True | admin | http://192.168.200.201:5000/v3 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
6、创建一个域、项目、用户和角色:身份认证服务为每个OpenStack服务提供认证服务。认证服务使用 T domains, projects (tenants), :term:`users<user>`和 :term:`roles<role>`的组合
创建一个域default
[root@controller ~]# openstack domain create --description "Default Domain" default
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Default Domain |
| enabled | True |
| id | aafb36608df346569c49bc9b7f2d7d70 |
| name | default |
+-------------+----------------------------------+
在你的环境中,为进行管理操作,创建管理的项目、用户和角色。
创建admin项目(project)
[root@controller ~]# openstack project create --domain default --description "Admin Project" admin
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Admin Project |
| domain_id | aafb36608df346569c49bc9b7f2d7d70 |
| enabled | True |
| id | 468cb1fa46f14484b9b4aeef8eef9c12 |
| is_domain | False |
| name | admin |
| parent_id | aafb36608df346569c49bc9b7f2d7d70 |
+-------------+----------------------------------+
创建admin用户(user)并设置密码(生产环境一定设置一个复杂的)
[root@controller ~]# openstack user create --domain default --password-prompt admin #--password-prompt:密码提示
User Password:123123
Repeat User Password:123123
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | aafb36608df346569c49bc9b7f2d7d70 |
| enabled | True |
| id | dc1844e36323461f8c63c0a0269c7c7e |
| name | admin |
+-----------+----------------------------------+
创建admin的角色(role)
[root@controller ~]# openstack role create admin
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | d87e6fda598247e7a4b02e885587c42b |
| name | admin |
+-----------+----------------------------------+
把admin用户加到admin项目,赋予admin角色,把角色,项目,用户关联起来
[root@controller ~]# openstack role add --project admin --user admin admin
创建一个service的项目,此服务用来管理nova,neuturn,glance等组件的服务
[root@controller ~]# openstack project create --domain default --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | aafb36608df346569c49bc9b7f2d7d70 |
| enabled | True |
| id | 3fad6d3845a04e638987f36f197e92e3 |
| is_domain | False |
| name | demo |
| parent_id | aafb36608df346569c49bc9b7f2d7d70 |
+-------------+----------------------------------+
[root@controller ~]# openstack user create --domain default --password-prompt demo
User Password:123123
Repeat User Password:123123
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | aafb36608df346569c49bc9b7f2d7d70 |
| enabled | True |
| id | 79cc3725e0bb453eaed17c6b5a715c18 |
| name | demo |
+-----------+----------------------------------+
[root@controller ~]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | a415b67d79d44509823a6e59565b01ac |
| name | user |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project demo --user demo user
查看创建的用户,角色,项目
[root@controller ~]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 79cc3725e0bb453eaed17c6b5a715c18 | demo |
| dc1844e36323461f8c63c0a0269c7c7e | admin |
+----------------------------------+-------+
[root@controller ~]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 3fad6d3845a04e638987f36f197e92e3 | demo |
| 468cb1fa46f14484b9b4aeef8eef9c12 | admin |
| 64c8bab970af4576aa97cf030fd6313f | service |
+----------------------------------+---------+
[root@controller ~]# openstack role list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| a415b67d79d44509823a6e59565b01ac | user |
| d87e6fda598247e7a4b02e885587c42b | admin |
+----------------------------------+-------+
出于安全原因,禁用临时身份验证令牌机制
[root@controller ~]# cp /etc/keystone/keystone-paste.ini{,.org}
[root@controller ~]# vim /etc/keystone/keystone-paste.ini
将高亮字段删除,结果如下:
链接到keystone,请求token,在这里由于已经添加了用户名和密码,就不再使用token,所以就一定要取消环境变量
删除临时环境变量
[root@controller httpd]# unset OS_TOKEN OS_URL
作为管理用户,请求一个身份验证令牌(token)
[root@controller ~]# openstack --os-auth-url http://192.168.200.201:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue
Password:123123
作为演示用户(demo),请求一个身份验证令牌
[root@controller ~]# openstack --os-auth-url http://192.168.200.201:5000/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name demo --os-username demo token issue
Password:123123
配置admin和demo用户的环境变量,并添加执行权限,以后执行命令,直接source一下就行了
[root@controller ~]# vim admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123123
export OS_AUTH_URL=http://192.168.200.201:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@controller ~]# vim demo-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=123123
export OS_AUTH_URL=http://192.168.200.201:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@controller ~]# source admin-openrc
请求一个身份验证令牌
[root@controller ~]# openstack token issue
3.5 Glance部署(控制节点部署)glance为虚拟机提供镜像服务
修改glance-api和glance-registry的配置文件,同步数据库
配置glance连接keystone,对于keystone,每个服务都要有一个用户连接keystone
[root@controller ~]# . admin-openrc
[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:glance
Repeat User Password:glance
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 9b99e025ebce48f49cbff37e1ca1fa90 |
| enabled | True |
| id | fff9521db78d4dceb217e8841d8667c4 |
| name | glance |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project service --user glance admin
创建glance服务
使glangce服务在keystone上注册,才可以允许其他服务调用glance
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 0eec337e1a1842a2a66aa54f0d9cef88 |
| name | glance |
| type | image |
+-------------+----------------------------------+
创建API端点
[root@controller ~]# openstack endpoint create --region RegionOne image public http://192.168.200.201:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3558615924df428bbb68fee05831ad32 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0eec337e1a1842a2a66aa54f0d9cef88 |
| service_name | glance |
| service_type | image |
| url | http://192.168.200.201:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image internal http://192.168.200.201:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f7763299fbb1478a81333cc1332a993f |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0eec337e1a1842a2a66aa54f0d9cef88 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image admin http://192.168.200.201:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f2f3cce6383b44fea78fb4270ed31fb4 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0eec337e1a1842a2a66aa54f0d9cef88 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# cp /etc/glance/glance-api.conf{,.org}
[root@controller ~]# grep -n "^[a-z]" /etc/glance/glance-api.conf
641:connection = mysql+pymysql://glance:glance@192.168.200.201/glance
741:stores = file,http
746:default_store = file
1025:filesystem_store_datadir = /var/lib/glance/images/
1118:auth_uri = http://192.168.200.201:5000
1119:auth_url = http://192.168.200.201:35357
1120:memcached_servers = 192.168.200.201:11211
1121:auth_type = password
1122:project_domain_name = default
1123:user_domain_name = default
1124:project_name = service
1125:username = glance
1126:password = glance
1694:flavor = keystone
[root@controller ~]# cp /etc/glance/glance-registry.conf{,.org}
[root@controller ~]# grep -n "^[a-z]" /etc/glance/glance-registry.conf
382:connection = mysql+pymysql://glance:glance@192.168.200.201/glance
843:auth_uri = http://192.168.200.201:5000
844:auth_url = http://192.168.200.201:35357
845:memcached_servers = 192.168.200.201:11211
846:auth_type = password
847:project_domain_name = default
848:user_domain_name = default
849:project_name = service
850:username = glance
851:password = glance
1401:flavor = keystone
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
(有可能出现以下信息)
Option "verbose" from group "DEFAULT" is deprecated for removal. Its value may be silently ignored in the future.
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1056: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade
expire_on_commit=expire_on_commit, _conf=conf)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u"Duplicate index 'ix_image_properties_image_id_name' defined on the table 'glance.image_properties'. This is deprecated and will be disallowed in a future release.")
result = self._query(query)
检查导入glance库的表情况
[root@controller ~]# mysql -uroot -p123123
MariaDB [(none)]> use glance;
MariaDB [glance]> show tables;
+----------------------------------+
| Tables_in_glance |
+----------------------------------+
| artifact_blob_locations |
| artifact_blobs |
| artifact_dependencies |
| artifact_properties |
| artifact_tags |
| artifacts |
| image_locations |
| image_members |
| image_properties |
| image_tags |
| images |
| metadef_namespace_resource_types |
| metadef_namespaces |
| metadef_objects |
| metadef_properties |
| metadef_resource_types |
| metadef_tags |
| migrate_version |
| task_info |
| tasks |
+----------------------------------+
20 rows in set (0.00 sec)
对glance设置开机启动并启动glance服务
[root@controller ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api
.service.Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-registry.service to /usr/lib/systemd/system/openstack-glanc
e-registry.service.
[root@controller ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service
查看galnce占用端口情况,其中9191是registry占用端口,9292是api占用端口
[root@controller ~]# netstat -lntup|egrep 9191
tcp 0 0 0.0.0.0:9191 0.0.0.0:* LISTEN 25180/python2
[root@controller ~]# netstat -lntup|egrep 9292
tcp 0 0 0.0.0.0:9292 0.0.0.0:* LISTEN 25174/python2
下载一个镜像
[root@controller ~]# source admin-openrc
[root@controller ~]# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
--2016-09-25 17:45:49-- http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
正在解析主机 download.cirros-cloud.net (download.cirros-cloud.net)... 64.90.42.85
正在连接 download.cirros-cloud.net (download.cirros-cloud.net)|64.90.42.85|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:13287936 (13M) [text/plain]
正在保存至: “cirros-0.3.4-x86_64-disk.img”
100%[==========================>] 13,287,936 11.9KB/s 用时 16m 46s ] 7,966,528 12.6KB/s 剩余 6m 28s
上传镜像到glance,要在上一步所下载的镜像当前目录执行
[root@controller ~]# openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2016-09-25T12:02:05Z |
| disk_format | qcow2 |
| file | /v2/images/eacd3625-b661-47df-8bf2-28fce8db25d2/file |
| id | eacd3625-b661-47df-8bf2-28fce8db25d2 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | d9b72df5058b421186369874190fb228 |
| protected | False |
| schema | /v2/schemas/image |
| size | 13287936 |
| status | active |
| tags | |
| updated_at | 2016-09-25T12:02:09Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
查看上传镜像
[root@controller ~]# glance image-list
+--------------------------------------+--------+
| ID | Name |
+--------------------------------------+--------+
| eacd3625-b661-47df-8bf2-28fce8db25d2 | cirros |
+--------------------------------------+--------+
[root@controller ~]# cd /var/lib/glance/images/
[root@controller images]# ls
eacd3625-b661-47df-8bf2-28fce8db25d2 (和上述ID一致)
centos7.1 x86_64系统安装openstack(Mitaka)一的更多相关文章
- openstack项目【day24】:OpenStack mitaka部署
前言: openstack的部署非常简单,简单的前提建立在扎实的理论功底,本人一直觉得,玩技术一定是理论指导实践,网上遍布个种搭建方法都可以实现一个基本的私有云环境,但是诸位可曾发现,很多配置都是重复 ...
- CentOS7.4安装部署openstack [Liberty版] (一)
一.OpenStack简介 OpenStack是一个由NASA(美国国家航空航天局)和Rackspace合作研发并发起的,以Apache许可证授权的自由软件和开放源代码项目. OpenStack是一个 ...
- OpenStack Mitaka安装
http://egon09.blog.51cto.com/9161406/1839667 前言: openstack的部署非常简单,简单的前提建立在扎实的理论功底,本人一直觉得,玩技术一定是理论指导实 ...
- OpenStack Mitaka HA部署方案(随笔)
[Toc] https://github.com/wanstack/AutoMitaka # 亲情奉献安装openstack HA脚本 使用python + shell,完成了基本的核心功能(纯二层的 ...
- Win10+VirtualBox+Openstack Mitaka
首先VirtualBox安装的话,没有什么可演示的,去官网(https://www.virtualbox.org/wiki/Downloads)下载,或者可以去(https://www.virtual ...
- OpenStack Mitaka/Newton/Ocata/Pike 各版本功能贴整理
逝者如斯,刚接触OpenStack的时候还只是第9版本IceHouse.前几天也看到了刘大咖更新了博客,翻译了Mirantis博客文章<OpenStack Pike 版本中的 53 个新功能盘点 ...
- CentOS7.4安装部署openstack [Liberty版] (二)
继上一篇博客CentOS7.4安装部署openstack [Liberty版] (一),本篇继续讲述后续部分的内容 一.添加块设备存储服务 1.服务简述: OpenStack块存储服务为实例提供块存储 ...
- Centos7上部署openstack mitaka配置详解(将疑难点都进行划分)
在配置openstack项目时很多人认为到处是坑,特别是新手,一旦进坑没有人指导,身体将会感觉一次次被掏空,作为菜鸟的我也感同身受,因为已经被掏空n次了. 以下也是我将整个openstack配置过程进 ...
- OpenStack Mitaka 版本中的 domain 和 admin
OpenStack 的 Keystone V3 中引入了 Domain 的概念.引入这个概念后,关于 admin 这个role 的定义就变得复杂了起来. 本文测试环境是社区 Mitaka 版本. 1. ...
随机推荐
- psql-10权限和事务
用户和角色 用户和角色在整个数据库实例中都是全局的;
- Noip2016
<这篇是以前的,不开新的了,借版面来换了个标题> 高二了 开学一周,每天被文化课作业碾压... 但是仍然阻挡不了想刷题的心情... 对付noip2016的几块:(有点少,以后补) 高精度( ...
- 水一道NOIP2002提高组的题【A003】
[A003]均分纸牌[难度A]———————————————————————————————————————————————————— [题目要求] 有 N 堆纸牌,编号分别为 1,2,…, N.每堆 ...
- tableview 位置发生偏移
状况描述:1.首次进入该界面时正常 2.push了新的界面后,再返回该界面 tableview和导航栏直接出现了间隔区域 tableview为代码创建 _tableView = [[UITableV ...
- webform 复合控件
RadioButtonList 单选按钮列表 属性:RepeatColumns 用于布局项的列数(每一行的个数) RepeatDirection 选择Vertical,纵向排列:选择Horizont ...
- Java 事件机制
java事件机制包括三个部分:事件.事件监听器.事件源. 1.事件.一般继承自java.util.EventObject类,封装了事件源对象及跟事件相关的信息,用于listener的相应的方法之中,作 ...
- 20145205 《Java程序设计》第6周学习总结
教材学习内容总结 -若要将数据从来源中取出,可以使用输入串流:若要将数据写入目的地,可以使用输出串流.在java中,输入串流代表对象为java.in.InputStream的实例:输出串流代表对象为j ...
- Struts2_ValueStack,OGNL详解(转)
原文地址:http://blog.csdn.net/wyply115/article/details/8257140 一.OGNL表达式 1.ognl是struts2中使用的一种表达式语言,可用于js ...
- 学习笔记_springmvc返回值、数据写到页面、表单提交、ajax、重定向
数据写到页面 后台往前台传数据 TestController添加 /** * 方法的返回值采用ModelAndView, new ModelAndView("index", map ...
- python爬虫beta版之抓取知乎单页面回答(low 逼版)
闲着无聊,逛知乎.发现想找点有意思的回答也不容易,就想说要不写个爬虫帮我把点赞数最多的给我搞下来方便阅读,也许还能做做数据分析(意淫中--) 鉴于之前用python写爬虫,帮运营人员抓取过京东的商品品 ...