环境准备


1、首先规划网络

外部网络 

公共网络,外部或Internet可以访问的网络

内部网络 

私有网络,仅内部访问的网络

管理网络,用于OpenStack组件以及MySQL DB Server, RabbitMQ messaging server之间的通信


2、openstack部署 - 硬件要求

实验环境:至少两台机器。

控制节点:

Controller Node: 1 processor, 2 GB memory, and 5 GB storage

计算节点:

Compute Node: 1 processor, 2 GB memory, and 10 GB storage

有条件的可以单独一台

网络节点:Network Node: 1 processor, 512MB memory, and 5 GB storage

我这里把网络配置在控制节点

注:安装虚拟机要记得开启cpu虚拟化,系统Centos 7,2块网卡(NAT和仅主机)

NAT提供网络;仅主机用于远程管理


3、openstack部署 - 前期准备

  • 临时关闭selinux

     setenforce 0

  • 关闭iptables

     systemctl stop firewalld    #停止服务

     systemctl disable firewalld  #取消开机启动

  • 关闭NetworkManager 

     systemctl stop NetworkManager 

     systemctl disable NetworkManager

4、网卡配置

控制节点

NAT网卡

TYPE=Ethernet
BOOTPROTO=static   #改为static静态获取ip
DEFROUTE=yes
PEERDNS=yes      #yes会修改/etc/resolv.conf配置的DNS,no不会
PEERROUTES=yes
NAME=eno16777736
UUID=634a4cf5-5b85-422d-88b7-cb7df0d35841
DEVICE=eno16777736
ONBOOT=yes      #改为yes
IPADDR0=192.168.100.20
PREFIXP0=24
GATEWAY0=192.168.100.1
DNS1=8.8.8.8
DNS2=8.8.4.4

仅主机网卡

TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
NAME=eno33554984
DEVICE=eno33554984
ONBOOT=yes
IPADDR0=192.168.10.20
PREFIXP0=24
GATEWAY0=192.168.10.1


计算节点

NAT网卡

TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
NAME=eno16777736
UUID=634a4cf5-5b85-422d-88b7-cb7df0d35841
DEVICE=eno16777736
ONBOOT=yes
IPADDR0=192.168.100.21
PREFIXP0=24
GATEWAY0=192.168.100.1
DNS1=8.8.8.8
DNS2=8.8.4.4

仅主机网卡

TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
NAME=eno33554984
DEVICE=eno33554984
ONBOOT=yes
IPADDR0=192.168.10.21
PREFIXP0=24
GATEWAY0=192.168.10.1

配置完后重启网络
systemctl restart network


5、两台机器,设置hostname

hostnamectl set-hostname controller

hostnamectl set-hostname compute

vim /etc/hostname

编辑/etc/hosts: 

192.168.10.20  controller  #控制节点

192.168.10.21  compute    #计算节点


6、同步时间:

controller上:

yum install -y chrony 

vim /etc/chrony.conf

增加或更改:allow 192.168.100.0/24

systemctl enable chronyd.service  #设置开机启动

systemctl start chronyd.service  #启动服务,也支持stop ,restart

compute上:

yum install -y chrony

vim /etc/chrony.conf

增加或更改: server controller iburst

systemctl enable chronyd.service

systemctl start chronyd.service

查看时间同步源:# chronyc sources -v

[root@compute ~]# chronyc sources -v
210 Number of sources = 5
  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| /   '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^x 202.118.1.130                 2  10   377   959  +54386s[ +443us] +/-   28ms
^- news.neu.edu.cn               2   6   377    13  +6006us[-54386s] +/-   28ms
^- controller                    3   6   375    16  +6111us[+6111us] +/-   30ms
^+ time6.aliyun.com              2   6   377    19    +62ms[  +62ms] +/-   87ms
^* ntp3.aliyun.com               2   6
  377    17  +1295us[+1146us] +/-   37ms
  
  此处显示为5个源,如果开启外网的话可能时间不同步,我们可以只配置本地时间源controller其他注释掉




部署阶段

配置yum源和更新

1、安装openstack的yum源

两个机器上都操作

yum install -y centos-release-openstack-liberty

2.升级所有的包(两个机器上都操作)

yum upgrade   ####结束后重启系统reboot

3、安装openstack 客户端和openstack-selinux

yum install -y python-openstackclient   openstack-selinux


controller应用部署

1、sql服务安装(MariaDB)【控制节点】

MariaDB数据库管理系统是MySQL的一个分支,主要由开源社区在维护,采用GPL授权许可。开发这个分支的原因之一是:甲骨文公司收购了MySQL后,有将MySQL闭源的潜在风险,因此社区采用分支的方式来避开这个风险。


yum install  -y mariadb mariadb-server MySQL-python

  • 编辑配置文件

 vi /etc/my.cnf.d/mariadb_openstack.cnf  //加入下面内容

 [mysqld]
 bind-address = 192.168.100.20  #设置 bind-address 为控制节点管理网络ip地址,使能通过管理网络访问其它节点
 default-storage-engine = innodb
 innodb_file_per_table
 collation-server = utf8_general_ci
 init-connect = 'SET NAMES utf8'
 character-set-server = utf8
 启动mariadb:systemctl enable mariadb.service  #加入开机启动
 systemctl start mariadb.service           #启动服务


  • 安全配置,设置root密码

 命令行执行:mysql_secure_installation

 设置root密码为:root


2、安装nosql(mongodb服务)

nosql数据库被Telemetry service用到,(Telemetry 是redhat公司主导开发的一个openstack组件,用来做监控的)

在这里我们安装的是mongodb,不是必须的。

yum install -y  mongodb-server mongodb

编辑配置文件  vi  /etc/mongod.conf  //更改如下配置

bind_ip = 192.168.100.20
smallfiles = true


启动服务

systemctl enable mongod.service

systemctl start mongod.service


3、安装消息队列服务【控制节点】

rabbitmq消息队列服务在openstack中起到非常关键的作用,它好比是一个交通枢纽,各个组件之间的通信由它来完成。

yum install -y  rabbitmq-server

  • 启动rabbitmq-server服务

systemctl enable rabbitmq-server

systemctl start rabbitmq-server

  • 添加openstack用户

rabbitmqctl add_user openstack   openstackpasswd

// 密码 openstackpasswd用户名为openstack

  • 为openstack用户授权

rabbitmqctl set_permissions openstack ".*" ".*" ".*"

[root@controller ~]# rabbitmqctl add_user openstack   openstackpasswd
Creating user "openstack" ...
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...
[root@controller ~]# 
###允许openstack用户可以配置,可以写,可以读


rabbitmqctl命令使用:

rabbitmqctl --help  #查看命令帮助
     add_user  
    delete_user 
    change_password  
    clear_password       
    list_users


4、增加identity - keystone【控制节点】

Keystone V3 简介

Keystone 中主要涉及到如下几个概念:User、Tenant、Role、Token。下面对这几个概念进行简要说明。

  • User:顾名思义就是使用服务的用户,可以是人、服务或者是系统,只要是使用了 Openstack 服务的对象都可以称为用户。

  • Tenant:租户,可以理解为一个人、项目或者组织拥有的资源的合集。在一个租户中可以拥有很多个用户,这些用户可以根据权限的划分使用租户中的资源。

  • Role:角色,用于分配操作的权限。角色可以被指定给用户,使得该用户获得角色对应的操作权限。

  • Token:指的是一串比特值或者字符串,用来作为访问资源的记号。Token 中含有可访问资源的范围和有效时间。

 Keystone 和其它 OpenStack 服务之间是如何交互和协同工作的?首先用户向 Keystone 提供自己的身份验证信息,如用户名和密码。Keystone 会从数据库中读取数据对其验证,如验证通过,会向用户返回一个 token,此后用户所有的请求都会使用该 token 进行身份验证。如用户向 Nova 申请虚拟机服务,nova 会将用户提供的 token 发给 Keystone 进行验证,Keystone 会根据 token 判断用户是否拥有进行此项操作的权限,若验证通过那么 nova 会向其提供相对应的服务。其它组件和 Keystone 的交互也是如此

具体介绍:http://www.ibm.com/developerworks/cn/cloud/library/1506_yuwz_keystonev3/index.html

登陆mysql,创建数据库

mysql -uroot -proot
>create database keystone;
>GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost'    IDENTIFIED BY ‘keystone';
>GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'    IDENTIFIED BY 'keystone';

说明,创建一个keystone库,并且授权给keystone用户所有权限,密码为keystone

安装相关的包

yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached

启动memcached服务

systemctl enable memcached.service

systemctl start memcached.service



编辑keystone配置文件

      //修改或增加配置如下

admin_token密码为123456

[DEFAULT]
admin_token = 123456
verbose = true
[database]
connection = mysql://keystone:keystone@controller/keystone
[memcache]
servers = localhost:11211
[token]
provider = uuid
driver = memcache
[revoke]
driver = sql



导入keystone相关的数据

su -s /bin/sh -c "keystone-managedb_sync" keystone

这里会有个提示  No handlers could be found for logger"oslo_config.cfg"  忽略它,不影响。

注意:这个报错后面导入数据会出现多次

检查有没有正常导入数据:

 [root@controller ~]# mysql -ukeystone -pkeystone -hcontroller -t keystone  -e  "show tables"

  

看是否有列出表来,如果是空,说明没有成功导入数据

 

配置apache

先编辑配置文件/etc/httpd/conf/httpd.conf

增加或更改

ServerName controller


配置apache

先编辑配置文件 /etc/httpd/conf/httpd.conf

增加或更改 

ServerName controller


编辑配置文件  vi /etc/httpd/conf.d/wsgi-keystone.conf  内容如下

Listen 5000
Listen 35357

WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
= 2.4>
ErrorLogFormat "%{cu}t %M"

ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined

= 2.4>
Require all granted


Order allow,deny
Allow from all




WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
= 2.4>
ErrorLogFormat "%{cu}t %M"

ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined

= 2.4>
Require all granted


Order allow,deny
Allow from all



启动apache

systemctl enable httpd.service

systemctl start httpd.service



设置环境变量:

vim /etc/profile

export OS_TOKEN=123456   #配置token
export OS_URL=http://controller:35357/v2 #配置 endpoint URL:
export OS_IDENTITY_API_VERSION=3
source  /etc/profile


然后创建服务实例

openstack service create   --name keystone --description "OpenStack Identity" identity

[root@controller ~]# openstack service create   --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Identity               |
| enabled     | True                             |
| id          | c43988e2db85465ab49c065dac5ee3c8 |
| name        | keystone                         |
| type        | identity                         |
+-------------+----------------------------------+
[root@controller ~]#

创建端点

openstack endpoint create --region RegionOne   identity public http://controller:5000/v2.0

openstack endpoint create --region RegionOne   identity internal http://controller:5000/v2.0

openstack endpoint create --region RegionOne   identity admin http://controller:35357/v2.0

[root@controller ~]# openstack endpoint create --region RegionOne   identity public http://controller:5000/v2.0
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 2347aed007ca49fe845e4ee7940689b4 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | fc4f17f8b9604286903bd324b40b8016 |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://controller:5000/v2.0      |
+--------------+----------------------------------+
[root@controller ~]#
[root@controller ~]# openstack endpoint create --region RegionOne   identity internal http://controller:5000/v2.0
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | e049b49ff24646ee95bfcbe8addcfbff |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | fc4f17f8b9604286903bd324b40b8016 |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://controller:5000/v2.0      |
+--------------+----------------------------------+
[root@controller ~]#
[root@controller ~]# openstack endpoint create --region RegionOne   identity admin http://controller:35357/v2.0
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | ef867ab9497d4aeab1c0c0b088fbf901 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | fc4f17f8b9604286903bd324b40b8016 |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://controller:35357/v2.0     |
+--------------+----------------------------------+
[root@controller ~]#


创建租户(tenants)、用户以及角色

创建admin 租户

openstack project create --domain default   --description "Admin Project" admin

[root@controller ~]# openstack project create --domain default   --description "Admin Project" admin
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Admin Project                    |
| domain_id   | default                          |
| enabled     | True                             |
| id          | ed1396bac8b14d969693e7f019dd5230 |
| is_domain   | False                            |
| name        | admin                            |
| parent_id   | None                             |
+-------------+----------------------------------+
[root@controller ~]#

创建admin用户 (密码为adminpasswd)

openstack user create --domain default   --password-prompt admin

[root@controller ~]# openstack user create --domain default   --password-prompt admin
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | default                          |
| enabled   | True                             |
| id        | 28d7c214bffb4e37ad10d734d156d067 |
| name      | admin                            |
+-----------+----------------------------------+
[root@controller ~]#

创建admin角色

openstack role create admin

[root@controller ~]# openstack role create admin
+-------+----------------------------------+
| Field | Value                            |
+-------+----------------------------------+
| id    | d1297a61aba6462e9a6feea1542fcef3 |
| name  | admin                            |
+-------+----------------------------------+
[root@controller ~]#

添加admin角色到admin租户和用户

openstack role add --project admin --user admin admin


下面我们再来创建一个service 租户

openstack project create --domain default   --description "Service Project" service

[root@controller ~]# openstack project create --domain default   --description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | e01123d140d248bfbbc21aa844453079 |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | None                             |
+-------------+----------------------------------+
[root@controller ~]#

创建demo租户

openstackproject create --domain default  --description "Demo Project" demo

[root@controller~]# openstack project create --domain default  --description "Demo Project" demo
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description |Demo Project                     |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 178c99209e43429b90fb4b638e29450d |
| is_domain   | False                            |
| name        | demo                             |
| parent_id   | None                             |
+-------------+----------------------------------+
[root@controller ~]#

创建demo用户 (密码demopasswd)

openstack user create --domain default   --password-prompt demo

[root@controller ~]# openstack user create --domain default   --password-prompt demo
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | default                          |
| enabled   | True                             |
| id        | c29d410611ba4e918d71a4edb64688b6 |
| name      | demo                             |
+-----------+----------------------------------+
[root@controller ~]#

创建角色user

openstack role create user

[root@controller~]# openstack role create user
+-------+----------------------------------+
| Field |Value                            |
+-------+----------------------------------+
| id    | 2f304e27f0fb401a9425cf4644179fb5 |
| name  | user                             |
+-------+----------------------------------+
[root@controller~]#

添加user角色到demo租户和demo用户

openstack role add --project demo --user demo user

[root@controller~]# openstack role add --project demo --user demo user


验证admin用户和demo用户是否能正常登陆

首先做一个安全设置:

vim /usr/share/keystone/keystone-dist-paste.ini

搜索admin_token_auth, 从[pipeline:public_api], [pipeline:admin_api]和[pipeline:api_v3]中,把admin_token_auth去掉,例如把

pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension user_crud_extension public_service

改为

pipeline = sizelimit url_normalize request_id build_auth_context token_auth json_body ec2_extension user_crud_extension public_service


取消环境变量OS_TOKEN和OS_URL

unset  OS_TOKEN OS_URL

然后再登陆admin和demo用户

openstack --os-auth-url http://controller:35357/v3   --os-project-domain-id default --os-user-domain-id default   --os-project-name admin --os-username admin --os-auth-type password   token issue

密码:adminpasswd

#作为管理员,请求身份验证令牌
[root@controller ~]# openstack --os-auth-url http://controller:35357/v3   --os-project-domain-id default --os-user-domain-id default   --os-project-name admin --os-username admin --os-auth-type password   token issue
Password: 
+------------+----------------------------------+
| Field      | Value                            |
+------------+----------------------------------+
| expires    | 2016-09-20T20:04:51.066434Z      |
| id         | d433ed7af41c45ba96ab29daa28eb773 |
| project_id | ed1396bac8b14d969693e7f019dd5230 |
| user_id    | 28d7c214bffb4e37ad10d734d156d067 |
+------------+----------------------------------+
[root@controller ~]#
#作为admin用户,列出用户作为admin核实admin可以执行 admin-only CLI 命令
[root@controller ~]# openstack --os-auth-url http://controller:35357/v3   --os-project-domain-id default --os-user-domain-id default   --os-project-name admin --os-username admin --os-auth-type password  project list
Password: 
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 578b3676606a4d818a917bf8cfe46d4c | service |
| 5c007739446b44eebab043e2573021b1 | admin   |
| ab6fd0b354444bf58db83cb998fd96dd | demo    |
+----------------------------------+---------+
#作为admin用户,列出用户核实认证服务
[root@controller ~]# openstack --os-auth-url http://controller:35357/v3   --os-project-domain-id default --os-user-domain-id default   --os-project-name admin --os-username admin --os-auth-type password  user list
Password: 
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 142eddcf802943259efe69a4dbc0160d | admin |
| 7b33d224785141a3a0539f0c89e02be9 | demo  |
+----------------------------------+-------+
#作为 admin 用户, 列出角色验证keystone服务
[root@controller ~]# openstack --os-auth-url http://controller:35357/v3   --os-project-domain-id default --os-user-domain-id default   --os-project-name admin --os-username admin --os-auth-type password  role list
Password: 
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 442849323ab940eab00b498e12d12faf | admin |
| 93bee9c6e43b49b7861bd1d46b1b496b | user  |
+----------------------------------+-------+
[root@controller ~]#


openstack --os-auth-urlhttp://controller:5000/v3  --os-project-domain-id default --os-user-domain-id default   --os-project-name demo --os-username demo--os-auth-type password   token issue

密码:demopasswd

[root@controller ~]# openstack --os-auth-url http://controller:5000/v3   --os-project-domain-id default --os-user-domain-id default   --os-project-name demo --os-username demo --os-auth-type password   token issue
Password: 
+------------+----------------------------------+
| Field      | Value                            |
+------------+----------------------------------+
| expires    | 2016-09-20T20:06:35.853825Z      |
| id         | 6ce859278e6f4a86a4b4e45043d7d323 |
| project_id | 178c99209e43429b90fb4b638e29450d |
| user_id    | c29d410611ba4e918d71a4edb64688b6 |
+------------+----------------------------------+
[root@controller ~]#


验证操作

创建openstack客户端脚本1

vim admin-openrc.sh   //内容

export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=adminpasswd
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3


 

执行脚本

source admin-openrc.sh

申请认证令牌

openstack token issue

[root@controller ~]# source admin-openrc.sh 
[root@controller ~]# openstack token issue
+------------+----------------------------------+
| Field      | Value                            |
+------------+----------------------------------+
| expires    | 2016-09-24T13:26:54.555394Z      |
| id         | 982acc74994e46af8f9cc07520467145 |
| project_id | 5c007739446b44eebab043e2573021b1 |
| user_id    | 142eddcf802943259efe69a4dbc0160d |
+------------+----------------------------------+
[root@controller ~]#

创建openstack客户端脚本2

vim demo-openrc.sh  //内容

export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demopasswd
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3


执行脚本

source demo-openrc.sh

申请认证令牌

openstack token issue

[root@controller ~]# source demo-openrc.sh 
[root@controller ~]# openstack token issue
+------------+----------------------------------+
| Field      | Value                            |
+------------+----------------------------------+
| expires    | 2016-09-24T13:29:47.081067Z      |
| id         | 1ed0c7b57e4c4f18aa1a3603d27b9067 |
| project_id | ab6fd0b354444bf58db83cb998fd96dd |
| user_id    | 7b33d224785141a3a0539f0c89e02be9 |
+------------+----------------------------------+
[root@controller ~]#


增加p_w_picpath - 前期准备

p_w_picpath又叫做glance,是用来管理镜像的一个组件,我们用镜像来安装操作系统。glance支持让用户自己管理自定义镜像。

创建glance库和用户

MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost'    IDENTIFIED BY 'glance';
Query OK, 0 rows affected (0.04 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%'    IDENTIFIED BY 'glance';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]>

执行 admin-openrc.sh 脚本   source admin-openrc.sh

创建glance用户(密码为glancepasswd)


[root@controller ~]# source admin-openrc.sh 
[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | default                          |
| enabled   | True                             |
| id        | 56a44e9333a34d3e8a7479bfa29955d4 |
| name      | glance                           |
+-----------+----------------------------------+
[root@controller ~]#



把admin角色添加到glance用户和service租户

openstack role add --project service --user glance admin

创建glance服务实体

openstack service create --name glance   --description "OpenStack Image service" p_w_picpath


[root@controller ~]# openstack role add --project service --user glance admin
[root@controller ~]# openstack service create --name glance   --description "OpenStack Image service" p_w_picpath
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Image service          |
| enabled     | True                             |
| id          | b78d1bdf00924090be3b995e8e1b37e7 |
| name        | glance                           |
| type        | p_w_picpath                            |
+-------------+----------------------------------+
[root@controller ~]#

创建p_w_picpath服务api 端点

openstack endpoint create --region RegionOne   p_w_picpath public http://controller:9292

[root@controller profile.d]# openstack endpoint create --region RegionOne   p_w_picpath public http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | d12aa53e769442bcb4bfd75ca75bbad0 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | efaa9c047adf4eb58ef2f1576e432a12 |
| service_name | glance                           |
| service_type | p_w_picpath                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+
[root@controller profile.d]#


openstack endpoint create --region RegionOne   p_w_picpath internal http://controller:9292

[root@controller profile.d]# openstack endpoint create --region RegionOne   p_w_picpath internal http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | d3add6d0b0614e88a4adde93653b8b29 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | efaa9c047adf4eb58ef2f1576e432a12 |
| service_name | glance                           |
| service_type | p_w_picpath                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+
[root@controller profile.d]#


openstack endpoint create --region RegionOne   p_w_picpath admin http://controller:9292

[root@controller profile.d]# openstack endpoint create --region RegionOne   p_w_picpath admin http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 95a77b2444c74cc0bb135fde881ac453 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | efaa9c047adf4eb58ef2f1576e432a12 |
| service_name | glance                           |
| service_type | p_w_picpath                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+
[root@controller profile.d]#


接openstack部署(二)http://xulianglinux.blog.51cto.com/8001428/1855385 点击链接跳转