一、Openstack各组件简单介绍

keystone:身份认证服务

glance:镜像服务

nova:计算服务

neutron:网络服务

Cinder:块存储服务

Swift:对象存储服务

heat:编排服务

HoRizon:web控制面板

Ceilometer:资源监控、计量服务

二、环境准备:

VMvare虚拟机,详情如下:

主机名

操作系统

IP

备注

controller

CentOS 7.1 x86_64

eth0:192.168.200.201/24

控制节点

compute1

CentOS 7.1 x86_64

eth0:192.168.200.202/24

计算节点

注意:每个节点上面两个网卡(一个网卡用户为用户提供服务,一个网卡用于管理网络可以使用两个vmnet网络来模拟,一个VMNET8_NAT(这里为200网段),一个vmnet1

控制节点:

2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

link/ether 00:0c:29:5f:6a:23 brd ff:ff:ff:ff:ff:ff

inet 192.168.200.201/24 brd 192.168.25.255 scope global eno16777736

valid_lft forever preferred_lft forever

inet6 fe80::20c:29ff:fe5f:6a23/64 scope link

valid_lft forever preferred_lft forever (提供者网络)

3: eno33554984: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

link/ether 00:0c:29:5f:6a:2d brd ff:ff:ff:ff:ff:ff

inet 192.168.110.38/24 brd 192.168.110.255 scope global eno33554984

valid_lft forever preferred_lft forever

inet6 fe80::20c:29ff:fe5f:6a2d/64 scope link

valid_lft forever preferred_lft forever (管理网络)

计算节点:

2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

link/ether 00:0c:29:df:21:b8 brd ff:ff:ff:ff:ff:ff

inet 192.168.200.202/24 brd 192.168.25.255 scope global eno16777736

valid_lft forever preferred_lft forever

inet6 fe80::20c:29ff:fedf:21b8/64 scope link

valid_lft forever preferred_lft forever  (提供者网络)

4: eno33554984: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master brq89fb29a3-d6 state UP qlen 1000

inet 192.168.110.39/24 brd 192.168.110.255 scope global eno33554984

link/ether 00:0c:29:df:21:c2 brd ff:ff:ff:ff:ff:ff

inet6 fe80::20c:29ff:fedf:21c2/64 scope link

valid_lft forever preferred_lft forever   (管理网络)

关闭防火墙及selinux,修改hosts文件及主机名:

[root@localhost ~]# systemctl stop firewalld.service

[root@localhost ~]# systemctl disable firewalld.service

[root@localhost ~]# setenforce 0

[root@openstack01 ~]# sed -i '7 s/enforcing/disabled/' /etc/selinux/config

[root@localhost ~]# vim /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.200.201 controller

192.168.200.202 compute1

[root@localhost ~]# hostnamectl  set-hostname  controller #computer节点也要做此步

[root@localhost ~]# bash

2.2 OpenStack版本介绍

略。本文使用的是M(Mitaka)版。

2.3 安装组件服务

yum -y install centos-release-openstack-mitaka #centos7 直接安装软件,extra仓库里面包含(需要连网)

2.3.1 控制节点安装

yum -y install python-openstackclient mariadb mariadb-server MySQL-python rabbitmq-server openstack-keystone httpd mod_wsgi memcached python-memcached openstack-glance python-glance python-glanceclient openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset openstack-dashboard  #这其中包括MySQL、Keystone、Rabbitmq、Glance、Nova、Neutron、Dashboard服务。

2.3.2 计算节点安装

yum -y install centos-release-openstack-mitaka python-openstackclient device-mapper lvm2 openstack-nova-compute sysfsutils  openstack-neutron openstack-neutron-linuxbridge ebtables ipset

三、OpenStack之控制节点

3.1 首先保证控制节点与计算节点时间同步,可配置一台NTP服务器,然后另一台机器使用ntpdate命令同步时间(非常重要)。

3.2 控制节点的mysql

Openstack的所有组件除了Horizon,都要用到数据库,本文使用的是mysql,在CentOS7中,默认叫做MariaDB。

修改mysql配置,创建并编辑/etc/my.cnf.d/openstack.cnf

[root@controller ~]# vim /etc/my.cnf.d/openstack.cnf(在mysqld模块下添加如下内容)

[mysqld]

bind-address = 192.168.200.201

max_connections = 4096

default-storage-engine = innodb

innodb_file_per_table

collation-server = utf8_general_ci

init-connect = 'SET NAMES utf8'

character-set-server = utf8

开机自启和启动mysql

[root@controller ~]# systemctl enable mariadb.service

[root@controller ~]# systemctl start mariadb.service

[root@controller ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB

      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current

password for the root user.  If you've just installed MariaDB, and

you haven't set the root password yet, the password will be blank,

so you should just press enter here.

 

Enter current password for root (enter for none): //直接回车

OK, successfully used password, moving on...

 

Setting the root password ensures that nobody can log into the MariaDB

root user without the proper authorisation.

 

Set root password? [Y/n] y

New password:                 //输入新密码:123123

Re-enter new password:        //重填密码:123123

Password updated successfully!

Reloading privilege tables..

 ... Success!

 

 

By default, a MariaDB installation has an anonymous user, allowing anyone

to log into MariaDB without having to have a user account created for

them.  This is intended only for testing, and to make the installation

go a bit smoother.  You should remove them before moving into a

production environment.

 

Remove anonymous users? [Y/n] y

 ... Success!

 

Normally, root should only be allowed to connect from 'localhost'.  This

ensures that someone cannot guess at the root password from the network.

 

Disallow root login remotely? [Y/n] y

 ... Success!

 

By default, MariaDB comes with a database named 'test' that anyone can

access.  This is also intended only for testing, and should be removed

before moving into a production environment.

 

Remove test database and access to it? [Y/n] y

 - Dropping test database...

 ... Success!

 - Removing privileges on test database...

 ... Success!

 

Reloading the privilege tables will ensure that all changes made so far

will take effect immediately.

 

Reload privilege tables now? [Y/n] y

 ... Success!

 

Cleaning up...

 

All done!  If you've completed all of the above steps, your MariaDB

installation should now be secure.

 

Thanks for using MariaDB!

创建所有组件的数据库并授权:

【root@controller~】#mysql -uroot -p123123

执行sql语句:

CREATE DATABASE keystone;

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';

CREATE DATABASE glance;

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';

CREATE DATABASE nova;

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';

CREATE DATABASE neutron;

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';

CREATE DATABASE cinder;

GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';

GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';

flush privileges;

3.3 Rabbit消息队列

SOA架构,面向服务的体系结构是一个组件模型,它将应用程序的不同功能单元(称为服务)通过这些服务之间定义好的借口和契约联系起来。接口是采用中立的方式进行定义的,它应该独立于实现服务的硬件平台、操作系统和编程语言。这使得构建在各种各样的系统中的服务可以使用一种统一和通用的方式进行交互。

在这里OpenStack采用了SOA架构方案,结合了SOA架构的松耦合特点,单独组件单独部署,每个组件之间可能互为消费者和提供者,通过消息队列(OpenStack支持Rabbitmq、Zeromq、Qpid)进行通信,保证了某个服务当掉的情况,不至于其他都当掉。

启动Rabbitmq

[root@controller ~]# systemctl enable rabbitmq-server.service

[root@controller ~]# systemctl start rabbitmq-server.service

新家Rabbitmq用户并授权,密码为123123

[root@controller ~]# rabbitmqctl add_user openstack 123123

授权给OpenStack用户以访问、写、读的权限

[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"

安装Memcached服务

[root@controller ~]# yum -y install memcached python-memcached

[root@controller ~]# systemctl enable memcached.service

[root@controller ~]# systemctl start memcached.service

3.4Keystone组件

修改keystone的配置文件

为初始化时的管理员生成一个token令牌

[root@controller ~]# openssl rand -hex 10

17cd889044c22ee274f9 //复制下来

[root@controller ~]# cp /etc/keystone/keystone.conf{,.org}

[root@controller ~]# vim /etc/keystone/keystone.conf

 13 admin_token = 17cd889044c22ee274f9   #用作无用户时,创建用户来链接,此内容使用openssl随机产生

549 connection = mysql://keystone:keystone@localhost/keystone    #用作链接数据库,三个keysthone分别为keystone组件,keystone用户名,mysql中的keysthone库名

2005 provider = fernet

1463 rabbit_host = controller

1469 rabbit_port = 5672

1481 rabbit_userid = openstack

1485 rabbit_password = 123123

[root@controller opt]# su -s /bin/sh -c "keystone-manage db_sync" keystone

构建数据库

[root@controller keystone]# ll /var/log/keystone/

total 8

-rw-r--r-- 1 keystone keystone 7064 Dec 15 14:43 keystone.log

更改后的结果

[root@controller ~]# grep -n '^[a-z]' /etc/keystone/keystone.conf

13:admin_token = 17cd889044c22ee274f9

549:connection = mysql://keystone:keystone@localhost/keystone

1463:rabbit_host = controller

1469:rabbit_port = 5672

1481:rabbit_userid = openstack

1485:rabbit_password = 123123

2005:provider = fernet

[root@controller keystone]# mysql -u root -p123123 -e 'use keystone;show tables;'

+------------------------+

| Tables_in_keystone     |

+------------------------+

| access_token           |

| assignment             |

| config_register        |

| consumer               |

| credential             |

| domain                 |

| endpoint               |

| endpoint_group         |

| federated_user         |

| federation_protocol    |

| group                  |

| id_mapping             |

| identity_provider      |

| idp_remote_ids         |

| implied_role           |

| local_user             |

| mapping                |

| migrate_version        |

| password               |

| policy                 |

| policy_association     |

| project                |

| project_endpoint       |

| project_endpoint_group |

| region                 |

| request_token          |

| revocation_event       |

| role                   |

| sensitive_config       |

| service                |

| service_provider       |

| token                  |

| trust                  |

| trust_role             |

| user                   |

| user_group_membership  |

| whitelisted_config     |

初始化fernet keys

[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

添加一个apache的wsgi-keystone配置文件,其中5000端口是提供该服务的,35357是为admin提供管理用的

[root@controller ~]# httpd -v

Server version: Apache/2.4.6 (CentOS)

Server built:   Jul 18 2016 15:30:14

创建/etc/httpd/conf.d/wsgi-keystone.conf配置文件

[root@controller keystone]# vim /etc/httpd/conf.d/wsgi-keystone.conf  

Listen 5000

Listen 35357

<VirtualHost *:5000>

    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}

    WSGIProcessGroup keystone-public

    WSGIScriptAlias / /usr/bin/keystone-wsgi-public

    WSGIApplicationGroup %{GLOBAL}

    WSGIPassAuthorization On

    ErrorLogFormat "%{cu}t %M"

    ErrorLog /var/log/httpd/keystone-error.log

    CustomLog /var/log/httpd/keystone-access.log combined

<Directory /usr/bin>

        Require all granted

</Directory>

</VirtualHost>

<VirtualHost *:35357>

WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}

    WSGIProcessGroup keystone-admin

    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin

    WSGIApplicationGroup %{GLOBAL}

    WSGIPassAuthorization On

    ErrorLogFormat "%{cu}t %M"

    ErrorLog /var/log/httpd/keystone-error.log

    CustomLog /var/log/httpd/keystone-access.log combined

 <Directory /usr/bin>

        Require all granted

</Directory>

</VirtualHost>

配置apache的servername,如果不配置servername,会影响keystone服务

[root@controller httpd]# vim /etc/httpd/conf/httpd.conf

95 ServerName controller

启动memcached,httpd,keystone

[root@controller ~]# httpd -t

Syntax OK

[root@controller ~]# systemctl enable httpd.service

[root@controller ~]# systemctl start httpd.service

查看httpd端口占用情况

[root@controller httpd]# netstat -lntup|grep httpd

tcp6       0      0 :::5000                 :::*                    LISTEN      70482/httpd        

tcp6       0      0 :::80                   :::*                    LISTEN      70482/httpd        

tcp6       0      0 :::35357                :::*                    LISTEN      70482/httpd

创建用户并连接keystone,在这里可以使用两种方式,通过keystone –help后加参数的方式,或者使用环境变量env的方式,下面就将使用环境变量的方式,分别设置了token,API及控制版本(SOA种很适用)

[root@controller ~]# export OS_TOKEN=17cd889044c22ee274f9

[root@controller ~]# export OS_URL=http://192.168.200.201:35357/v3

[root@controller ~]# export OS_IDENTITY_API_VERSION=3

注册keystone服务,虽然keystone本身是搞注册的,但是自己也需要注册服务。

创建keystone认证

【root@controller ~】#openstack service create --name keystone --description "OpenStack Identity" identity

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | OpenStack Identity               |

| enabled     | True                             |

| id          | d241e6f094764717bd33615ff843c420 |

| name        | keystone                         |

| type        | identity                         |

+-------------+----------------------------------+

创建一个API端点

分别创建三种类型的endpoint,分别为public:对外可见,internal内部使用,admin管理使用

[root@controller ~]# openstack endpoint create --region RegionOne identity public http://192.168.200.201:5000/v3

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | ae271b2ca66548de85df93d577cbd1a4 |

| interface    | public                           |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | d241e6f094764717bd33615ff843c420 |

| service_name | keystone                         |

| service_type | identity                         |

| url          | http://192.168.200.201:5000/v3   |

+--------------+----------------------------------+

 

[root@controller ~]# openstack endpoint create --region RegionOne identity internal http://192.168.200.201:5000/v3

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | 46ef634562df474dac0175fd8750d10f |

| interface    | internal                         |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | d241e6f094764717bd33615ff843c420 |

| service_name | keystone                         |

| service_type | identity                         |

| url          | http://192.168.200.201:5000/v3   |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne identity admin http://192.168.200.201:5000/v3

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | de6819281cdf4007af362c1fc8453443 |

| interface    | admin                            |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | d241e6f094764717bd33615ff843c420 |

| service_name | keystone                         |

| service_type | identity                         |

| url          | http://192.168.200.201:5000/v3   |

+--------------+----------------------------------+

查看创建的endpoint

[root@controller ~]# openstack endpoint list

+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+

|     ID                              | Region    | Service Name | Service Type | Enabled | Interface | URL                               |

+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+

| 46ef634562df474dac0175fd8750d10f | RegionOne | keystone     | identity     | True    | internal  | http://192.168.200.201:5000/v3 |

| ae271b2ca66548de85df93d577cbd1a4 | RegionOne | keystone     | identity     | True    | public    | http://192.168.200.201:5000/v3 |

| de6819281cdf4007af362c1fc8453443 | RegionOne | keystone     | identity     | True    | admin     | http://192.168.200.201:5000/v3 |

+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+

6、创建一个域、项目、用户和角色:身份认证服务为每个OpenStack服务提供认证服务。认证服务使用 T domainsprojects (tenants), :term:`users<user>`和 :term:`roles<role>`的组合

创建一个域default

[root@controller ~]# openstack domain create --description "Default Domain" default

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | Default Domain                   |

| enabled     | True                             |

| id          | aafb36608df346569c49bc9b7f2d7d70 |

| name        | default                          |

+-------------+----------------------------------+

在你的环境中,为进行管理操作,创建管理的项目、用户和角色。

创建admin项目(project)

[root@controller ~]# openstack project create --domain default --description "Admin Project" admin

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | Admin Project                    |

| domain_id   | aafb36608df346569c49bc9b7f2d7d70 |

| enabled     | True                             |

| id          | 468cb1fa46f14484b9b4aeef8eef9c12 |

| is_domain   | False                            |

| name        | admin                            |

| parent_id   | aafb36608df346569c49bc9b7f2d7d70 |

+-------------+----------------------------------+

创建admin用户(user)并设置密码(生产环境一定设置一个复杂的)

[root@controller ~]# openstack user create --domain default --password-prompt admin #--password-prompt:密码提示

User Password:123123

Repeat User Password:123123

+-----------+----------------------------------+

| Field        | Value                                       |

+-----------+----------------------------------+

| domain_id | aafb36608df346569c49bc9b7f2d7d70 |

| enabled   | True                             |

| id        | dc1844e36323461f8c63c0a0269c7c7e |

| name      | admin                            |

+-----------+----------------------------------+

创建admin的角色(role)

[root@controller ~]# openstack role create admin

+-----------+----------------------------------+

| Field     | Value                            |

+-----------+----------------------------------+

| domain_id | None                             |

| id        | d87e6fda598247e7a4b02e885587c42b |

| name      | admin                            |

+-----------+----------------------------------+

把admin用户加到admin项目,赋予admin角色,把角色,项目,用户关联起来

[root@controller ~]# openstack role add --project admin --user admin admin

创建一个service的项目,此服务用来管理nova,neuturn,glance等组件的服务

[root@controller ~]# openstack project create --domain default --description "Demo Project" demo

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | Demo Project                     |

| domain_id   | aafb36608df346569c49bc9b7f2d7d70 |

| enabled     | True                             |

| id          | 3fad6d3845a04e638987f36f197e92e3 |

| is_domain   | False                            |

| name        | demo                             |

| parent_id   | aafb36608df346569c49bc9b7f2d7d70 |

+-------------+----------------------------------+

[root@controller ~]# openstack user create --domain default --password-prompt demo

User Password:123123

Repeat User Password:123123

+-----------+----------------------------------+

| Field     | Value                            |

+-----------+----------------------------------+

| domain_id | aafb36608df346569c49bc9b7f2d7d70 |

| enabled   | True                             |

| id        | 79cc3725e0bb453eaed17c6b5a715c18 |

| name      | demo                             |

+-----------+----------------------------------+

[root@controller ~]# openstack role create user

+-----------+----------------------------------+

| Field     | Value                            |

+-----------+----------------------------------+

| domain_id | None                             |

| id        | a415b67d79d44509823a6e59565b01ac |

| name      | user                             |

+-----------+----------------------------------+

[root@controller ~]# openstack role add --project demo --user demo user

查看创建的用户,角色,项目

[root@controller ~]# openstack user list

+----------------------------------+-------+

| ID                               | Name  |

+----------------------------------+-------+

| 79cc3725e0bb453eaed17c6b5a715c18 | demo  |

| dc1844e36323461f8c63c0a0269c7c7e | admin |

+----------------------------------+-------+

[root@controller ~]# openstack project list

+----------------------------------+---------+

| ID                               | Name    |

+----------------------------------+---------+

| 3fad6d3845a04e638987f36f197e92e3 | demo    |

| 468cb1fa46f14484b9b4aeef8eef9c12 | admin   |

| 64c8bab970af4576aa97cf030fd6313f | service |

+----------------------------------+---------+

[root@controller ~]# openstack role list

+----------------------------------+-------+

| ID                               | Name  |

+----------------------------------+-------+

| a415b67d79d44509823a6e59565b01ac | user  |

| d87e6fda598247e7a4b02e885587c42b | admin |

+----------------------------------+-------+

出于安全原因,禁用临时身份验证令牌机制

[root@controller ~]# cp /etc/keystone/keystone-paste.ini{,.org}

[root@controller ~]# vim /etc/keystone/keystone-paste.ini

将高亮字段删除,结果如下:

链接到keystone,请求token,在这里由于已经添加了用户名和密码,就不再使用token,所以就一定要取消环境变量

删除临时环境变量

[root@controller httpd]# unset OS_TOKEN OS_URL

作为管理用户,请求一个身份验证令牌(token)

[root@controller ~]# openstack --os-auth-url http://192.168.200.201:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue

Password:123123

作为演示用户(demo),请求一个身份验证令牌

[root@controller ~]# openstack --os-auth-url http://192.168.200.201:5000/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name demo --os-username demo token issue

Password:123123

配置admin和demo用户的环境变量,并添加执行权限,以后执行命令,直接source一下就行了

[root@controller ~]# vim admin-openrc

export OS_PROJECT_DOMAIN_NAME=default

export OS_USER_DOMAIN_NAME=default

export OS_PROJECT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=123123

export OS_AUTH_URL=http://192.168.200.201:35357/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

[root@controller ~]# vim demo-openrc

export OS_PROJECT_DOMAIN_NAME=default

export OS_USER_DOMAIN_NAME=default

export OS_PROJECT_NAME=demo

export OS_USERNAME=demo

export OS_PASSWORD=123123

export OS_AUTH_URL=http://192.168.200.201:5000/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

[root@controller ~]# source admin-openrc

 请求一个身份验证令牌

[root@controller ~]# openstack token issue

3.5 Glance部署(控制节点部署)glance为虚拟机提供镜像服务

修改glance-api和glance-registry的配置文件,同步数据库

配置glance连接keystone,对于keystone,每个服务都要有一个用户连接keystone

[root@controller ~]# . admin-openrc

[root@controller ~]# openstack user create --domain default --password-prompt glance

User Password:glance

Repeat User Password:glance

+-----------+----------------------------------+

| Field     | Value             |

+-----------+----------------------------------+

| domain_id | 9b99e025ebce48f49cbff37e1ca1fa90 |

| enabled   | True                             |

| id        | fff9521db78d4dceb217e8841d8667c4 |

| name     | glance                           |

+-----------+----------------------------------+

[root@controller ~]# openstack role add --project service --user glance admin

创建glance服务

使glangce服务在keystone上注册,才可以允许其他服务调用glance

[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | OpenStack Image                  |

| enabled     | True                             |

| id          | 0eec337e1a1842a2a66aa54f0d9cef88 |

| name        | glance                           |

| type        | image                            |

+-------------+----------------------------------+

创建API端点

[root@controller ~]# openstack endpoint create --region RegionOne image public http://192.168.200.201:9292

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | 3558615924df428bbb68fee05831ad32 |

| interface    | public                           |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | 0eec337e1a1842a2a66aa54f0d9cef88 |

| service_name | glance                           |

| service_type | image                            |

| url          | http://192.168.200.201:9292      |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne image internal http://192.168.200.201:9292

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | f7763299fbb1478a81333cc1332a993f |

| interface    | internal                         |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | 0eec337e1a1842a2a66aa54f0d9cef88 |

| service_name | glance                           |

| service_type | image                            |

| url          | http://controller:9292           |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne image admin http://192.168.200.201:9292

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | f2f3cce6383b44fea78fb4270ed31fb4 |

| interface    | admin                            |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | 0eec337e1a1842a2a66aa54f0d9cef88 |

| service_name | glance                           |

| service_type | image                            |

| url          | http://controller:9292           |

+--------------+----------------------------------+

[root@controller ~]# cp /etc/glance/glance-api.conf{,.org}

[root@controller ~]# grep -n "^[a-z]" /etc/glance/glance-api.conf

641:connection = mysql+pymysql://glance:glance@192.168.200.201/glance

741:stores = file,http

746:default_store = file

1025:filesystem_store_datadir = /var/lib/glance/images/

1118:auth_uri = http://192.168.200.201:5000

1119:auth_url = http://192.168.200.201:35357

1120:memcached_servers = 192.168.200.201:11211

1121:auth_type = password

1122:project_domain_name = default

1123:user_domain_name = default

1124:project_name = service

1125:username = glance

1126:password = glance

1694:flavor = keystone

[root@controller ~]# cp /etc/glance/glance-registry.conf{,.org}

[root@controller ~]# grep -n "^[a-z]" /etc/glance/glance-registry.conf

382:connection = mysql+pymysql://glance:glance@192.168.200.201/glance

843:auth_uri = http://192.168.200.201:5000

844:auth_url = http://192.168.200.201:35357

845:memcached_servers = 192.168.200.201:11211

846:auth_type = password

847:project_domain_name = default

848:user_domain_name = default

849:project_name = service

850:username = glance

851:password = glance

1401:flavor = keystone

[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance

(有可能出现以下信息)

Option "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.

/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1056: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade

  expire_on_commit=expire_on_commit, _conf=conf)

/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u"Duplicate index 'ix_image_properties_image_id_name' defined on the table 'glance.image_properties'. This is deprecated and will be disallowed in a future release.")

  result = self._query(query)

检查导入glance库的表情况

[root@controller ~]# mysql -uroot -p123123

MariaDB [(none)]> use glance;

MariaDB [glance]> show tables;

+----------------------------------+

| Tables_in_glance                 |

+----------------------------------+

| artifact_blob_locations          |

| artifact_blobs                   |

| artifact_dependencies            |

| artifact_properties              |

| artifact_tags                    |

| artifacts                        |

| image_locations                  |

| image_members                    |

| image_properties                 |

| image_tags                       |

| images                           |

| metadef_namespace_resource_types |

| metadef_namespaces               |

| metadef_objects                  |

| metadef_properties               |

| metadef_resource_types           |

| metadef_tags                     |

| migrate_version                  |

| task_info                        |

| tasks                            |

+----------------------------------+

20 rows in set (0.00 sec)

对glance设置开机启动并启动glance服务

[root@controller ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service

Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api

.service.Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-registry.service to /usr/lib/systemd/system/openstack-glanc

e-registry.service.

[root@controller ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service

查看galnce占用端口情况,其中9191是registry占用端口,9292是api占用端口

[root@controller ~]# netstat -lntup|egrep 9191

tcp        0      0 0.0.0.0:9191            0.0.0.0:*               LISTEN      25180/python2

[root@controller ~]# netstat -lntup|egrep 9292      

tcp        0      0 0.0.0.0:9292            0.0.0.0:*               LISTEN      25174/python2

下载一个镜像

[root@controller ~]# source admin-openrc

[root@controller ~]# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img

--2016-09-25 17:45:49--  http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img

正在解析主机 download.cirros-cloud.net (download.cirros-cloud.net)... 64.90.42.85

正在连接 download.cirros-cloud.net (download.cirros-cloud.net)|64.90.42.85|:80... 已连接。

已发出 HTTP 请求,正在等待回应... 200 OK

长度:13287936 (13M) [text/plain]

正在保存至: “cirros-0.3.4-x86_64-disk.img

100%[==========================>] 13,287,936  11.9KB/s 用时 16m 46s                                      ] 7,966,528   12.6KB/s 剩余 6m 28s

上传镜像到glance,要在上一步所下载的镜像当前目录执行

[root@controller ~]# openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public

+------------------+------------------------------------------------------+

| Field            | Value                                                |

+------------------+------------------------------------------------------+

| checksum         | ee1eca47dc88f4879d8a229cc70a07c6                     |

| container_format | bare                                                 |

| created_at       | 2016-09-25T12:02:05Z                                 |

| disk_format      | qcow2                                                |

| file             | /v2/images/eacd3625-b661-47df-8bf2-28fce8db25d2/file |

| id               | eacd3625-b661-47df-8bf2-28fce8db25d2                 |

| min_disk         | 0                                                    |

| min_ram          | 0                                                    |

| name             | cirros                                               |

| owner            | d9b72df5058b421186369874190fb228                     |

| protected        | False                                                |

| schema           | /v2/schemas/image                                    |

| size             | 13287936                                             |

| status           | active                                               |

| tags             |                                                      |

| updated_at       | 2016-09-25T12:02:09Z                                 |

| virtual_size     | None                                                 |

| visibility       | public                                               |

+------------------+------------------------------------------------------+

查看上传镜像

[root@controller ~]# glance image-list

+--------------------------------------+--------+

| ID                                   | Name   |

+--------------------------------------+--------+

| eacd3625-b661-47df-8bf2-28fce8db25d2 | cirros |

+--------------------------------------+--------+

[root@controller ~]# cd /var/lib/glance/images/

[root@controller images]# ls

eacd3625-b661-47df-8bf2-28fce8db25d2 (和上述ID一致)

centos7.1 x86_64系统安装openstack(Mitaka)一的更多相关文章

  1. openstack项目【day24】:OpenStack mitaka部署

    前言: openstack的部署非常简单,简单的前提建立在扎实的理论功底,本人一直觉得,玩技术一定是理论指导实践,网上遍布个种搭建方法都可以实现一个基本的私有云环境,但是诸位可曾发现,很多配置都是重复 ...

  2. CentOS7.4安装部署openstack [Liberty版] (一)

    一.OpenStack简介 OpenStack是一个由NASA(美国国家航空航天局)和Rackspace合作研发并发起的,以Apache许可证授权的自由软件和开放源代码项目. OpenStack是一个 ...

  3. OpenStack Mitaka安装

    http://egon09.blog.51cto.com/9161406/1839667 前言: openstack的部署非常简单,简单的前提建立在扎实的理论功底,本人一直觉得,玩技术一定是理论指导实 ...

  4. OpenStack Mitaka HA部署方案(随笔)

    [Toc] https://github.com/wanstack/AutoMitaka # 亲情奉献安装openstack HA脚本 使用python + shell,完成了基本的核心功能(纯二层的 ...

  5. Win10+VirtualBox+Openstack Mitaka

    首先VirtualBox安装的话,没有什么可演示的,去官网(https://www.virtualbox.org/wiki/Downloads)下载,或者可以去(https://www.virtual ...

  6. OpenStack Mitaka/Newton/Ocata/Pike 各版本功能贴整理

    逝者如斯,刚接触OpenStack的时候还只是第9版本IceHouse.前几天也看到了刘大咖更新了博客,翻译了Mirantis博客文章<OpenStack Pike 版本中的 53 个新功能盘点 ...

  7. CentOS7.4安装部署openstack [Liberty版] (二)

    继上一篇博客CentOS7.4安装部署openstack [Liberty版] (一),本篇继续讲述后续部分的内容 一.添加块设备存储服务 1.服务简述: OpenStack块存储服务为实例提供块存储 ...

  8. Centos7上部署openstack mitaka配置详解(将疑难点都进行划分)

    在配置openstack项目时很多人认为到处是坑,特别是新手,一旦进坑没有人指导,身体将会感觉一次次被掏空,作为菜鸟的我也感同身受,因为已经被掏空n次了. 以下也是我将整个openstack配置过程进 ...

  9. OpenStack Mitaka 版本中的 domain 和 admin

    OpenStack 的 Keystone V3 中引入了 Domain 的概念.引入这个概念后,关于 admin 这个role 的定义就变得复杂了起来. 本文测试环境是社区 Mitaka 版本. 1. ...

随机推荐

  1. Mac下环境变量配置

    Mac下的常用环境变量配置文件 1./etc/profile   (建议不修改这个文件 ) 全局(公有)配置,不管是哪个用户,登录时都会读取该文件. 2./etc/bashrc    (一般在这个文件 ...

  2. 图文:通过sql server 连接mysql

    1.在SQL SERVER服务器上安装MYSQL ODBC驱动; 驱动下载地址:http://dev.mysql.com/downloads/connector/odbc/ 2.安装好后,在管理工具- ...

  3. Xamarin设备相关图片尺寸要求

    Xamarin设备相关图片尺寸要求   Xamarin跨平台开发,要兼顾iOS.Android.尤其是图片方面,各个平台有对应的不同要求.在iOS中,需要提供没有后缀(设备无关单位尺寸).@2x(双倍 ...

  4. 算术表达式解析(第二版) C++11版

    //一个简单的计算器代码,主要用来练习C++11新标准的编程技术和stl应用 1 #include<iostream> #include<stack> #include< ...

  5. iOS 多快好省的宏定义

    http://my.oschina.net/yongbin45/blog/150149 // 字符串:#ifndef nilToEmpty#define nilToEmpty(object) (obj ...

  6. Linux下定时任务配置-crontab

    实际中经常有一些任务需要定期执行,人工操作比较麻烦,如果定时执行将会省去很多人力,还可以在一些资源占用不多的时间段执行,linux下crontab命令就实现了这一便捷的功能,实现脚本的自动化运行. 常 ...

  7. 1.2 Quartz 2D 内存管理

    本文并非最终版本,如有更新或更正会第一时间置顶,联系方式详见文末 如果觉得本文内容过长,请前往本人 “简书”   通过 Product -> Analyze 来进行静态分析   可以使用Quar ...

  8. Updating My Notepad_1.1

    The old version Notepad 1.0 you can get it from below link : My Notepad I am very happy to announce ...

  9. java并发编程(十)使用wait/notify/notifyAll实现线程间通信

    转载请注明出处:http://blog.csdn.net/ns_code/article/details/17225469 wait()方法:public final void wait()  thr ...

  10. Intellij如何设置编译后自动重新加载class文件?

    前段时间突然发现Intellij不能自动重新加载类了,每次编译后都要重新启动项目,才能显示更新效果,后来网上查询Intellij下如何配置热部署,都说是要配置构件,然后在web容器的编辑页面选择upd ...