openstack组件手动部署整合
preface:当你完全且正确的配置好整个OpenStack ENV
你将能看到的和体验到的!!!
我们先来看看简单效果吧,祝君能在这条路上走的更远,更好;
1,wget openstack icehouse Version yum repo;
https://repos.fedorapeople.org/repos/openstack/openstack-icehouse/rdo-release-icehouse-3.noarch.rpm
2,在系统上部署好上rpm后,在你的系统/etc/yum.repo/下多了3个repo
foreman你应该懂的!很牛!
ntp(network time protocol)
随机密码openssl / certutil
3,mysql数据库配置
yum -y install mysql mysql-server MySQL-python (frontend)
yum -y install MySQL-python (backend Node)
数据库配置
4,安装yum priorities插件
yum install yum-plugin-priorities
5,epel
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
6,yum -y install openstack-utils
7,yum install openstack-selinux
8,yum -y upgrade & reboot
9,openStack messaging service configure;
[Notes byRuiy:Openstack uses a message broker(消息代理,经纪人..) to coordinate operations(协调操作) and status information among services
]
yum -y install qpid-cpp-server
{Ruiy Notes:simplify installtion test environment,disable authencation}
edit the /etc/qpidd.conf file and change the following key:
auth = no
[乐一把,云中插曲!!]
hypervisors (KVM,XEN,VMWARE,POWER)and OS(90% linux or derivative)
cloud sepqrate roles:Frontend (execute the OpenNebula services GUI界面,云系统 or 虚拟化管理) and Nodes (一台搞性能物理机,跑某一种Hypervisors(KVM较主流 and 配置维护简单));
跑Hypervisor 物理机,虚拟化扩展支持?supports
virtualization extensions, please run?
grep -E "svm|vmx" /proc/cpuinfo;
网桥Bridge配置
Congratulations, now you are ready to install OpenStack services!
咱,言归正传!,接着搞!!
<1,安装认证服务 Identity Service -->keystone>
主要需要细心操作的有define users,tenants,and roles
define services and API endpoints <众所周知,OpenStack 设计之初面向的就是公有云,租户,用户的安全性重中之重啊!>
identityService功能:
user management,tracks users and their permissions
service catalog,provides a catalog of available services with their API endpoints;
Endpoint(a network-accessible address,usually described by a URL)
yum install openstack-keystone python-keystoneclient
配置keystone使用mysql存储配置信息
这个是错误的,请注意--;
openstack-config --set /etc/keystone/keystone.conf database connection mysql://keystone:321@ruiy.openstack.cc/keystone
mysql://keystone:321@ruiy.openstack.cc/keystone
connection = MysqlUserName:MysqlUserNamePasswd@Mysql主机系统名即FQDN/keystone服务存储信息所有的数据库的库名称;
同步keystone 数据到mysql数据库的命令是下面截图语句,经过一番折腾啊!
http://wiki.incloudus.com/display/OP/Nova
一直以来,openstack-keystone服务器起不来,原来是/var/log/keystone 日志文件的权限不对,卧槽,折腾啊,这是唱的 那一出,难道keystone bug!,我去!
上面一大楼都是扯淡的话!,我都没放心上,咱接着搞,继续;
3,define an authorization token to use as a shared secret between the identity service and other Openstack service,use openssl to generate a random token and store it in the configuration file;
echo $ADMIN_TOKEN = a40b81a0c7373a4422eb
4,配置keystone uses PKI tokens,create the signing keys and certificates and restrict access to the generated data;
5,性能优化,清除过期的 expire token
6,define users,tenants and roles
设置OS_SERVICE_TOKEN,OS_SERVICE_ENDPOINT系统变量;
创建管理员用户;
创建角色及租户;
keystone数据库中存储的信息;
集成user,role tenant;
创建普通用户
集成demo user demo tenant到_member_ role;
创建服务租户
7,定义服务和API endpoint;
keystone service-create,describes the service
keystone endpoint-create associates API endpoints with the service;
临时设置的环境变量,我这里是之前环境没配置好,机器重启了,一会这些环境变量我们会放到/etc/profile or 放到一个shell脚本中维护;
没插入API endpoint前
插入API endpoint后
specify an API endpoint for the identity service by using the returned service IS,when you specify an endpoint,you provide URLs for the public API,internal API,and admin API,In this guide,the * hostName is used,Note that the identity service uses a different port for the admin API
8,verify the identity service installation
to verify that the identity service is installed and configured correctly,clear the values in the OS_SERVICE_TOKEN and OS_SERVICE_ENDPOINT environment variables
these variables,which ware used to bootstrap the administrative user and register the identity service,are no longer needed;
you can now use regular user name-based authentication
request a authentication token by using the admin user and the password you chose for that user
tanant token-get
设置 --os-* variables in your environment to simplify command-line usage setup a admin-openrc.sh file with the admin credentials and admin endpoint
keystone token-get
<二,openStack client install and configure>
use the openstack command-line clients to run simple commands that make API calls;
OpenStack 客户端组件(components)一览,请注意此处非指OStack服务组件哦,亲!
install the openstack command-line clients;
prerequisite software and python package for each openstack client;
KeyboardInterrupt
prerequisite software;
python2.6 or later>
setuptools
pip
综上我们可以使用pip安装所有的openStack组件
PIP(Python Index Package);
pip enables you to update or remove a package
pip install python-PROJECTclient
Python Index Package
pip upgrade or remove OpenStack commonpoents;
1,upgrade
pip install --upgrade python-PROJECTclient
2,remove
pip uninstall python-PROJECTclient
set environment variables using the openstack RC file;
Override environment variable values
keystone --os-password PASSWORD service-list;
在执行过程中--os--参数 先以命令行提供的优先级最高,没提供的而且又必须提供的则到rc文件中找,找到,呵呵,找不到,则哇哇流泪!
admin-openrc.sh for the administrative user
demo-openrc.sh for the normal user;
<三,Ostack image service ->> glance ins>
OpenStack image service enables users to discover,register,and retrieve virtual machine images.image service offer a REST API that enables you to query virtual machine image metadata and retrieve an actual image;
在这里我们的demo Environment
image service to use the file backend,this means that images uploaded to the image service are stored in a directory on the same system that hosts the service,by default,that directory is : /var/lib/glance/images/;
此处到我们来玩转Openstack (image service)的时候了
glance-api: accepts image API calls for image discover,retrieval,and storage;
glance-registry: stores,processes,and retrieves metadata about images,Metadata includes items such as size and type;
我们大家应该已经发现OpenStack 包组件的一些规律了(服务核心组件和客户端组件命名)
openStack核心组件命名 openstack-keystone(认证服务器) or openstack-glance(镜像服务器)
客户端组件包命名 python-glanceclient or python-keystoneclient....;
database,stores image metadata.you can chose your database depending on your preference,most deployments Mysql or SQLite;
storage repository for image files.image service supports a variety of repositories including normal file systems,object storage,RADOS block devices,http and amazon s3 some types of repositories support only read-only usage;
Use
snapshots for back up and as templates to launch new servers
配置镜像服务器使用message broker,还记得前面我们用的是哪个message了吧?
create a glance user that the image service can use to authenticate with the identity service;
register the image service with identity service,create endpoint;
验证镜像服务(verify image service)
1,下载测试镜像
wget http://cdn.download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img
2,上传image 到 image service语法;
glance image-create --name=imagelabel --disk-format=fileformat --container-format=containerformat --is-public=accessvalue < imagefile;
语法参数说明:
有效磁盘格式: qcow2,raw,vhd,vmdk,vdi,iso,aki,ari,ami;
验证disk-format 格式命令[root@ruiy ~]#file
containerformat:有效的容器格式有:bare,ovf,aki,ari,ami;
Specify bare to indicate that the image file is not in a file
format that contains metadata about the virtual machine.
Although this field is currently required, it is not actually used
by any of the OpenStack services and has no effect on system
behavior. Because the value is not used anywhere, it is safe to
always specify bare as the container format;
呵呵,看完上面的这段,你就应该懂得的为什么当前的Docker技术是如此的火,火,火!!!
accessvalue:
true --All users can view and use the image
false - Only administrators can view and use the image;
imagefile;
实战:
备注;另外我们可以直接指定公网的镜像 使用--copy-from;
glance image-create --name="ruiy-cirros-0.3.2-x86_64" --disk-format=qcow2 --container-format=bare --is-public=true --copy-from http://cdn.download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img
<三,configure computer service-->controlNode>
the computer service is a cloud computing fabric controller,which is the main part of an iaas system;
computer service is made up of the following functional areas and their underlying components:
001, API
nova-api service.accepts and respnds to end user compute API calls.supports the openstack computer API,the amazon EC2 API
and a special admin API for privileged users to perform administrative actives,also,initiates most orchestration activities,such as running an instance,and enforces some policies;
nova-api-metadata service. accepts metadata requests from instances.the nova-api-metadata service is generally only used when you run in multi-host mode with nova-network installations;
....等一大堆,在此就不枚举了;
配置mysql存储 nova配置信息
create nova user that computer users to authenticate with the identity service,use service tenant and give the user the admin role;
configure compute to use these credentials with the identity service running on the ruiy.openstack;
register computer with the identity service so that other openstack services can locate it,register the service and specify the endpoint;
完成keystone,image,compute services后init.d下的服务及相关可执行程序列表
<configure computer service-->compute Nodes>
The compute node receives requests from thecontroller node and hosts virtual machine instances;
Compute service relies on a hypervisor to run virtual machine instances. OpenStack can
use various hypervisors, but this guide uses KVM.
其实我没什么截图类似于上面这样的呢!肯定是事出有因的,我们到时候会基于设计基于离线的方式部署整个openStack ENV,我把每个组件所依赖的包找到了,到时候我们在到repo上去下载,当然你也可以把当前或是你所喜欢青睐的repo下的所有rpm都个下载下来,在本机执行yum -y --localinstall *.rpm;
determine whether your system's processor and/or hypervisor support handware acceleration for virtual machines,
run command:
egrep -c '(vmc|svm)' /proc/cpuinfo
run command:
<四,Add a networking service>
1,OpenStack Networking(neutron)
2,legacy networking(noca-network)
OpenStack Networking (neutron) manages all of the networking facets for the Virtual
Networking Infrastructure (VNI) and the access layer aspects of the Physical Networking
Infrastructure (PNI) in your OpenStack environment. OpenStack Networking allows tenants
to create advanced virtual network topologies including services such as firewalls, load
balancers, and virtual private networks (VPNs)
modular layer 2(ML2) plug-in
configure controller node
prerequisites
Before you configure OpenStack Networking (neutron), you must create a database and
Identity service credentials including a user and service
create identity service credentials for Networking
create the neutron user:
link the neutron user to the service tenant and admin role
create neutron service
yum install openstack-neutron openstack-neutron-ml2 python-neutronclient -y
to configure networking server component;
the networking server component configuration includes the database,authentication mechanism,message broker,topology changer notifier,and plug-in
configure networking to use the identity service for authentication
configure networking to use the message broker:
configure networking to notify compute about network topology changer:
configure Networking to use the Modular Layer2(ML2) plug-in and associated services
Note,we recommend adding verbose = True to the [DEFFAULT] section in /etc/neutron/neutron.conf
to assist with troubleshooting
to configure the modular layer2 (ML2) plug-in
tehe ML2 plug-in uses the open vSitch(OVS) mechanism(agent) to build the virtual networking framwork for instances,however,the controller node does not need OVS agent or servic because is does not handle instance network traffic;
to configure compute to use Netorking
by default,most distributions configure Compute to use legacy Networking,You must reconfigure compute to manage networks through Networking
Note,by default compute uses internal firewall service,since Networking includes a firewall service,you must disable the compute firewall service by using
the nova.virt.firewall.NoopFirewallDriver firewall driver
to finalize installtion
the Networking service initialization scripts expect a symbolic link /etc/neutron/plugin.ini pointing to the
configuration file associated with your chosen plug-in,Using ML2,for example ,the symbolic link must point to /etc/neutron/plugins/m12/m12_conf.ini
if this symbolic link does not exist,create it using the following commands;
<五,configure network node>
prerequisites
before you configure openStack Networking,you must enable certain kernel networking functions
配置前
配置后
to configure the Networking common components
the Networking common compoent configuration includes the authentication mechanism,message broker,and plug-in;
1,configure Networking to use the identity service for authentication
2,configure Network to use the message broker
3,configure Networking to use the Modular Layer 2(ML2) plug-in and associated services;
Note,We recommend adding verbose = True to the [DEFAULT] section in /etc/neutron/neutron.conf to assist with troubleshooting;
to configure the Layer-3(ML3)agent
Note
we recommand adding verbose = True to the [DEFAULT] section in /etc/neutron/l3_agent.ini to assist with troubleshooting;
To configure the DHCP agent
To configure the metadata agent
The metadata agent provider configure information such as credentails for remote access to instances;
Note,we recommand adding verbose = True to the [DEFAULT] section in /etc/neutron/metadata_agent.ini to assist with troubleshooting;
Note perform the next two steps on the controller node;
on the controller node,configure compute to use the metadata service;
to configure the Modular Layer 2(ML2) plug-in
The ML2 plug-in uses the Open vSwitch(OVS) mechanism(agent) to build virtual networking framework for instances;
To configure the Open vSwitch(OVS) service
The OVS service provides the underlying virtual networking framework for instances,the integration bridge br-int handles external instance network traffic within OVS,The external bridge br-ex handles external instance network traffic within OVS,the external bridge requires a port on the physcial external network interface to provide instances with external network access,in essence,this port bridges the virtual and physcial external network in your environment;
start the OVS(open vswitch) and configure it to start when the system boots;
add a interface to the external bridge that connects to the physcial external network interface:
Note,depending on your network interface driver,you may need to disable Generic Receive Offload(GRO) to achieve suitable throughput between your instances and the external network;
to temporarily disable GRO on the external network interface while testing your environment;
to finalize the installation
在配置Openstack Networking (neutron)时,3个节点都需要配置,我的controller和compute和neutron都是在一台server上的!!
To install the Networking components
To configure the Networking common components
Networking common component configuration includes the authentication mechanism,message broker, and plug-in;
instance_tunnels_interface_ip_address;
gre(generical receive ether)
gro(generical receive offload)
Create initial Networks;
before launching your first instance,you must create the necessary virtual network infrastructure
External network;
the external network typically provides internet access for your instances,by default ,this network only allows internet access from
instances using Network Address Translation(NAT),you can enable internet access to individual instances using a floating IP address and suitable security group rules,
the admin tenant owns this network because it provides external netork access for multiple tenants,you must also enable sharing to allow acces by those tenants;
Note,perform these commands on the controller node
To create the external network
首先你必须有admin tenant credentials;
5672,qpid<--messagebroker;
To create subnet on the external network;
具体语法格式:
neutron subnet-create ext-net --name ext-subnet --allocation-pool start=floating_ip_start,end=floating_ip_end --disable-dhcp --gateway external_network_gateway external_network_cdir
Tenant network
The tenant network provides internal network access for instance,The architecture isolates this type of network from other tenants,The demo tenant owns this network because it only provides network access for instances within it;
tenant network provides internal network access for instance,the architecture isolates this type of network from other;
1,source the demo tenant credentials;
Like the external network,your tenant network also requires a subnet attached to it.You can specify any valid subnet because the architecture isolates tenant netorks
To create a subnet on the tenant network;
创建tenant subnet 语法
neutron subnet-create demo-net-ruiy --name demo-subnet-ruiy --gateway TENANT_NETWORK_GATEWAY TENANT_NETWORK_CIDR
Legacy networking(nova-network)
configure controller mode
openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.api.API
openstack-config --set /etc/nova/nova.conf DEFAULT security_group_api nova
Restart the Compute service
service openstack-nova-api restart
openstack-nova-scheduler
openstack-nova-conductor
[Note,我们当前的环境使用的是neutron,在此只是对legacy network作下使用配置简单了解]
Configure compute node;
This section covers deployment of a simple flat network that provides IP address to your instances via DHCP,if your environment includes multiple compute nodes;
the multi-host feature provides redundancy by spreading network functions access compute nodes;
To install legacy networking components
yum -y install openstack-nova-network openstack-nova-api;
openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.api.API
openstack-config --set /etc/nova/nova.conf DEFAULT security_group_api nova
network_manager nova.network.manager.FlatDHCPManager
firewall_driver nova.virt.libvirt.firewall.IptablesFirewallDriver
network_size 254
allow_same_net_traffic False
multi_host True
send_arp_for_ha True
share_dhcp_address True
force_dhcp_release Trueflat_network_bridge br100
flat_interface INTERFACE_NAME
public_interface INTERFACE_NAME;
Create initial network
before launching your first instance,you must create the necessary virtual network infratructure to which the instance will connect,This network typically provides interface access from instances,You can enable internet access to individual instances using a floating IP address and suitable security group rules,The admin tenant owns this network beause it providers external network access for multiple tenants;
nova network-vreate demo-net --bridge br100 --multi-host T --fixed-range-v4 NETWORK_CIDR
openstack组件手动部署整合的更多相关文章
- openstack组件之keystone
一 什么是keystone keystone是 OpenStack Identity Service 的项目名称.它在整个体系中充当一个授权者的角色. Keystone项目的主要目的是给整个opens ...
- 手动部署 OpenStack Rocky 双节点
目录 文章目录 目录 前言 OpenStack 架构 Conceptual architecture Logical architecture 网络选型 Networking Option 1: Pr ...
- Openstack组件部署 — Keystone Install & Create service entity and API endpoints
目录 目录 前文列表 Install and configure Prerequisites 先决条件 Create the database for identity service 生成一个随机数 ...
- Openstack组件部署 — Keystone功能介绍与认证实现流程
目录 目录 前文列表 Keystone认证服务 Keystone认证服务中的概念 Keystone的验证过程 简单来说 前文列表 Openstack组件部署 - Overview和前期环境准备 Ope ...
- Openstack组件部署 — keystone(domain, projects, users, and roles)
目录 目录 前文列表 Create a domain projects users and roles domain projects users and roles的意义和作用 Create the ...
- Openstack组件部署 — Overview和前期环境准备
目录 目录 前言 软件环境 Openstack 简介 Openstack 架构 Openstack Install Overview 创建Node虚拟机 环境准备 基础设置 Install OpenS ...
- Openstack组件部署 — Networking service_Compute Node
目录 目录 前文列表 安装组件 配置通用组件 配置自服务网络选项 配置Linux 桥接代理 配置Nova使用网络 完成安装 验证操作Execute following commands on Cont ...
- Openstack组件部署 — Networking service_安装并配置Controller Node
目录 目录 前文列表 前提条件 网络环境 完成下面的步骤以创建数据库 创建service credentials服务凭证 创建Neutron的API Endpoints 配置自服务网络 安装网络组件 ...
- Openstack组件部署 — Netwotking service组件介绍与网络基本概念
目录 目录 前文列表 Openstack Networking serivce 基本的Neutron概念 Neutron的抽象对象 网络networks 子网subnets 路由器routers 端口 ...
随机推荐
- 使用powershell监控命令行console程序并在停止时启动
有一种C#命令行console程序,为了能看到console台的输出所以不能做成服务.为了防止这些程序自己死掉,使用powershell监控程序并重启 #利用程序名来进行重启if (!(get-pro ...
- 接上一篇博客(解决-Dmaven.multiModuleProjectDirectory system property is not set. Check $M2_HOME environment variable and mvn script match. )
解决-Dmaven.multiModuleProjectDirectory system property is not set. Check $M2_HOME environment variabl ...
- iOS--九宫格布局
[self rankWithTotalColumns: andWithAppW: andWithAppH:]; //九宫格布局 - (void)rankWithTotalColumns:(int)to ...
- (转)iOS消息推送机制中pem文件的生成
转自:http://2015.iteye.com/blog/1567777 以前写了一篇文章:iOS消息推送机制的实现,这篇文章中生成的是p12文件,但是php是用的pem文件,生成的方法和p12文件 ...
- ajax返回json数组遍历添加到html
大致需求为类型限制根据类型获取不同结果列表,再根据模糊查询搜索出结果,效果如下:
- VS2008编程软件过期的问题,过期弹出须要升级窗体的解决的方法
找到安装文件,再点autorun.exe安装文件,然后反复安装过程就会弹出须要填写系列号的地方,天上以下第一个系列号就可以. Visual Studio 2008 Professional Editi ...
- Java基础知识强化60:经典查找之二分查找
1. 二分查找 二分查找又称折半查找,优点是比较次数少,查找速度快,平均性能好:其缺点是要求待查表为有序表,且插入删除困难.因此,折半查找方法适用于不经常变动而查找频繁的有序列表. 比较 ...
- 网页HTML
<head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8&quo ...
- 初学Java ssh之Spring 第一篇
之前虽然毕业前实习的工作是使用的C# .NET语言,但是,毕业后还是果断应聘Java.虽然自己对Java的理解不如C#深入,只是对基础知识比较熟悉,但还是义无返顾了··· 虽然应聘经历比较坎坷,但最终 ...
- C# 导出word文档及批量导出word文档(4)
接下来是批量导出word文档和批量打印word文件,批量导出word文档和批量打印word文件的思路差不多,只是批量打印不用打包压缩文件,而是把所有文件合成一个word,然后通过js来调用 ...