openstack
主机:
[root@foundation20 mnt]# cd /var/www/html/
[root@foundation20 html]# ls
docker rhel6.5 rhel7.3
[root@foundation20 html]# lftp 172.25.254.250
lftp 172.25.254.250:~> cd pub/
lftp 172.25.254.250:/pub> mirror mitaka/
Total: 2 directories, 286 files, 0 symlinks
New: 286 files, 0 symlinks
144203995 bytes transferred in 3 seconds (49.70M/s)
lftp 172.25.254.250:/pub> exit
[root@foundation20 network-scripts]# vim /etc/hosts
172.25.20.14 controller[root@foundation20 network-scripts]# vim /etc/chrony.conf
server time1.aliyun.com iburst
allow 172.25/16
server14:
[root@server14 mnt]# cd /etc/sysconfig/network-scripts/
[root@server14 network-scripts]# systemctl stop NetworkManager
[root@server14 network-scripts]# systemctl disable NetworkManager
[root@server14 network-scripts]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@server14 network-scripts]# getenforce
Disabled
[root@server14 network-scripts]# cp ifcfg-eth0 ifcfg-eth1
[root@server14 network-scripts]# vim ifcfg-eth1
DEVICE=eth1
ONBOOT=yes
BOOTPROTO=none[root@server14 network-scripts]# vim ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=172.25.20.14
PREFIX=24
GATEWAY=172.25.20.250
DNS1=114.114.114.114[root@server14 network-scripts]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.25.20.250 0.0.0.0 UG 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1
172.25.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0[root@server14 network-scripts]# hostnamectl set-hostname controller
[root@server14 network-scripts]# hostname
controller[root@controller ~]# vim /etc/chrony.conf
server 172.25.254.20 iburst[root@controller ~]# systemctl restart chronyd
[root@controller ~]# systemctl enable chronyd
[root@controller ~]# chronyc sources -v
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 172.25.254.20 4 6 17 60 -3462ns[-8000ns] +/- 70ms[root@controller ~]# cd /etc/yum.repos.d/
[root@controller yum.repos.d]# vim openstack.repo
[openstack]
name=mitaka
baseurl=http://172.25.254.20/mitaka
gpgcheck=0[root@controller yum.repos.d]# yum repolist
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
openstack | 2.9 kB 00:00:00
openstack/primary_db | 141 kB 00:00:00
repo id repo name status
openstack mitaka 279
rhel-dvd "Remote classroom copy of dvd" 4,751
repolist: 5,030[root@controller yum.repos.d]# yum upgrade
[root@controller yum.repos.d]# yum install python-openstackclient
[root@controller yum.repos.d]# yum install mariadb mariadb-server python2-PyMySQL
[root@controller yum.repos.d]# vim /etc/my.cnf.d/openstack.cnf
[root@controller yum.repos.d]# systemctl enable mariadb
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@controller yum.repos.d]# systemctl start mariadb
[root@controller yum.repos.d]# mysql_secure_installation
[root@controller yum.repos.d]# yum install rabbitmq-server -y
[root@controller yum.repos.d]# systemctl enable rabbitmq-server.service
Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.
[root@controller yum.repos.d]# systemctl start rabbitmq-server.service
[root@controller yum.repos.d]# rabbitmqctl add_user openstack openstack
Creating user "openstack" ...
[root@controller yum.repos.d]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...
[root@controller yum.repos.d]# rabbitmq-plugins enable rabbitmq_management
The following plugins have been enabled:
mochiweb
webmachine
rabbitmq_web_dispatch
amqp_client
rabbitmq_management_agent
rabbitmq_management
Applying plugin configuration to rabbit@controller... started 6 plugins.
[root@controller yum.repos.d]# yum install memcached python-memcached
[root@controller yum.repos.d]# vim /etc/sysconfig/memcached
#OPTIONS="-l 127.0.0.1,::1"[root@controller yum.repos.d]# systemctl enable memcached.service
Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.
[root@controller yum.repos.d]# systemctl start memcached.service
[root@controller yum.repos.d]# mysql -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
-> IDENTIFIED BY 'keystone';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \ -> IDENTIFIED BY 'keystone';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)[root@controller yum.repos.d]# mysql -h 172.25.20.14 -u keystone -p keystone
[root@controller yum.repos.d]# mysql -u keystone -p keystone
[root@controller yum.repos.d]# yum install openstack-keystone httpd mod_wsgi
[root@controller yum.repos.d]# openssl rand -hex 10
7c8bc8550af0b817eac8
[root@controller yum.repos.d]# vim /etc/keystone/keystone.conf
[DEFAULT]
admin_token = 7c8bc8550af0b817eac8
[database]
connection = mysql+pymysql://keystone:keystone@controller/keystone
[token]
provider = fernet[root@controller yum.repos.d]# su -s /bin/sh -c "keystone-manage db_sync" keystone
[root@controller yum.repos.d]# cd /etc/keystone/
[root@controller keystone]# ll
total 100
-rw-r----- 1 root keystone 2303 Sep 22 2016 default_catalog.templates
-rw-r----- 1 root keystone 73219 Oct 30 11:53 keystone.conf
-rw-r----- 1 root keystone 2400 Sep 22 2016 keystone-paste.ini
-rw-r----- 1 root keystone 1046 Sep 22 2016 logging.conf
-rw-r----- 1 keystone keystone 9699 Sep 22 2016 policy.json
-rw-r----- 1 keystone keystone 665 Sep 22 2016 sso_callback_template.html
[root@controller keystone]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
total 100
-rw-r----- 1 root keystone 2303 Sep 22 2016 default_catalog.templates
drwx------ 2 keystone keystone 24 Oct 30 11:55 fernet-keys
-rw-r----- 1 root keystone 73219 Oct 30 11:53 keystone.conf
-rw-r----- 1 root keystone 2400 Sep 22 2016 keystone-paste.ini
-rw-r----- 1 root keystone 1046 Sep 22 2016 logging.conf
-rw-r----- 1 keystone keystone 9699 Sep 22 2016 policy.json
-rw-r----- 1 keystone keystone 665 Sep 22 2016 sso_callback_template.html
[root@controller keystone]# vim /etc/httpd/conf/httpd.conf
ServerName controller[root@controller keystone]# vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
Require all granted
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
Require all granted
[root@controller keystone]# systemctl start httpd
[root@controller keystone]# systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@controller keystone]# netstat -antlp
[root@controller keystone]# export OS_TOKEN=ADMIN_TOKEN
[root@controller keystone]# export OS_TOKEN=7c8bc8550af0b817eac8
[root@controller keystone]# export OS_URL=http://controller:35357/v3
[root@controller keystone]# export OS_IDENTITY_API_VERSION=3
[root@controller keystone]# openstack service create \
> --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | 717a046ac91c48c39336a6dc2074780a |
| name | keystone |
| type | identity |
+-------------+----------------------------------+[root@controller keystone]# openstack service list
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| 717a046ac91c48c39336a6dc2074780a | keystone | identity |
+----------------------------------+----------+----------+
[root@controller keystone]# openstack endpoint create --region RegionOne \
> identity public http://controller:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | bc74b7a21da14afcad2db7dda8c32b6b |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 717a046ac91c48c39336a6dc2074780a |
| service_name | keystone |
| service_type | identity |
| url | http://controller:5000/v3 |
+--------------+----------------------------------+
[root@controller keystone]# openstack endpoint create --region RegionOne \
> identity internal http://controller:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 20bdcdf3c2944749b773d7aa2661f3dd |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 717a046ac91c48c39336a6dc2074780a |
| service_name | keystone |
| service_type | identity |
| url | http://controller:5000/v3 |
+--------------+----------------------------------+
[root@controller keystone]# openstack endpoint list
+------------+-----------+--------------+--------------+---------+-----------+------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+------------+-----------+--------------+--------------+---------+-----------+------------+
| 20bdcdf3c2 | RegionOne | keystone | identity | True | internal | http://con |
| 944749b773 | | | | | | troller:50 |
| d7aa2661f3 | | | | | | 00/v3 |
| dd | | | | | | |
| bc74b7a21d | RegionOne | keystone | identity | True | public | http://con |
| a14afcad2d | | | | | | troller:50 |
| b7dda8c32b | | | | | | 00/v3 |
| 6b | | | | | | |
+------------+-----------+--------------+--------------+---------+-----------+------------+
[root@controller keystone]# openstack endpoint create --region RegionOne \
> identity admin http://controller:35357/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | e0dce1dbecbf477492a72e8bae849e8f |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 717a046ac91c48c39336a6dc2074780a |
| service_name | keystone |
| service_type | identity |
| url | http://controller:35357/v3 |
+--------------+----------------------------------+
[root@controller keystone]# openstack domain create --description "Default Domain" default
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Default Domain |
| enabled | True |
| id | 44aa3c74435f4199a31e4bc7e14f7bcc |
| name | default |
+-------------+----------------------------------+
[root@controller keystone]# openstack project create --domain default \
> --description "Admin Project" admin
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Admin Project |
| domain_id | 44aa3c74435f4199a31e4bc7e14f7bcc |
| enabled | True |
| id | cd88dc37ddd8496fa7ec984ac247d352 |
| is_domain | False |
| name | admin |
| parent_id | 44aa3c74435f4199a31e4bc7e14f7bcc |
+-------------+----------------------------------+
[root@controller keystone]# openstack user create --domain default --password admin admin
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 44aa3c74435f4199a31e4bc7e14f7bcc |
| enabled | True |
| id | e1a9cd740d31442393b26d010a3c695e |
| name | admin |
+-----------+----------------------------------+
[root@controller keystone]# openstack role create admin
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 143e21cb2b964e22bd5b1eca4d7db242 |
| name | admin |
+-----------+----------------------------------+
[root@controller keystone]# openstack role add --project admin --user admin admin
[root@controller keystone]# openstack project create --domain default \
> --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | 44aa3c74435f4199a31e4bc7e14f7bcc |
| enabled | True |
| id | b22288ed72d048b48baa8b8b63ae1fe3 |
| is_domain | False |
| name | service |
| parent_id | 44aa3c74435f4199a31e4bc7e14f7bcc |
+-------------+----------------------------------+
[root@controller keystone]# openstack project create --domain default \
> --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | 44aa3c74435f4199a31e4bc7e14f7bcc |
| enabled | True |
| id | aa9c83ff3417418fa4e921694db22ef5 |
| is_domain | False |
| name | demo |
| parent_id | 44aa3c74435f4199a31e4bc7e14f7bcc |
+-------------+----------------------------------+
[root@controller keystone]# openstack user create --domain default \
> --password demo demo
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 44aa3c74435f4199a31e4bc7e14f7bcc |
| enabled | True |
| id | fc364a2a902f45caa98f7ce9dfcc5a0a |
| name | demo |
+-----------+----------------------------------+
[root@controller keystone]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | b668eb09f6674644a0c7d1c63f7ca6d9 |
| name | user |
+-----------+----------------------------------+
[root@controller keystone]# openstack role add --project demo --user demo user
[root@controller keystone]# unset OS_TOKEN OS_URL
[root@controller keystone]# openstack --os-auth-url http://controller:35357/v3 \
> --os-project-domain-name default --os-user-domain-name default \
> --os-project-name admin --os-username admin token issue
Password:
+------------+------------------------------------------------------------------------+
| Field | Value |
+------------+------------------------------------------------------------------------+
| expires | 2018-10-30T05:07:38.385125Z |
| id | gAAAAABb19kKHJGmxvZvpi5IWifS0XmpgqTixiqxbgnnT-cFAg615Zrluftia8FltpHyV- |
| | ixeqQuMtHS516lzrLJNVaWJXYYsC5v5ZP9WfQB4YEy1XUDbrsmDNoWlD9OzQ4e9jK3EXym |
| | PQ6kEiTTXukna1bZsQAnCMwZz9hJ9wCQPv7i-_XSW5Y |
| project_id | cd88dc37ddd8496fa7ec984ac247d352 |
| user_id | e1a9cd740d31442393b26d010a3c695e |
+------------+------------------------------------------------------------------------+
[root@controller keystone]# openstack --os-auth-url http://controller:5000/v3 \
> --os-project-domain-name default --os-user-domain-name default \
> --os-project-name demo --os-username demo token issue
Password:
+------------+------------------------------------------------------------------------+
| Field | Value |
+------------+------------------------------------------------------------------------+
| expires | 2018-10-30T05:07:56.073739Z |
| id | gAAAAABb19kc6aOWVtZ669mKZAtqAkSKLhx11hsuzd6pMTdPnPkxcVL_Dx0OHTxmUbUGOW |
| | 2mgQ8VuxHhe231brWvJnG2sZdq8Cis9DySCPwfhIWUJOXbIsIEH6SONk3NTmVnanJrBxsP |
| | YJ7D_S_XV6iXKNDjdlQLkW5W11rXjpYrxwwmNOQXC0M |
| project_id | aa9c83ff3417418fa4e921694db22ef5 |
| user_id | fc364a2a902f45caa98f7ce9dfcc5a0a |
+------------+------------------------------------------------------------------------+
[root@controller keystone]# cd
[root@controller ~]# vim admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2[root@controller ~]# vim demo-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2[root@controller ~]# source demo-openrc
[root@controller ~]# openstack token issue
+------------+------------------------------------------------------------------------+
| Field | Value |
+------------+------------------------------------------------------------------------+
| expires | 2018-10-30T05:10:19.264073Z |
| id | gAAAAABb19mrDOQRdHFzfydZT883Zs8OnCJB2E8F32f4glcK5WIibZpqaK-aTdTvgc4c2k |
| | IS_nooGq0rr2OUCGslpzqS4sa86xdoo_oig1k_x1RDpJ1SJlLGAHTv9kEWs5wJ3VTUYmA0 |
| | ws3fG1gk_GswqgroeSV_qpwmBAUAXkFov9uuzdqNHvY |
| project_id | aa9c83ff3417418fa4e921694db22ef5 |
| user_id | fc364a2a902f45caa98f7ce9dfcc5a0a |
+------------+------------------------------------------------------------------------+
[root@controller ~]# mysql -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 24
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE glance;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
-> IDENTIFIED BY 'glance';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> ^DBye
[root@controller ~]# mysql -u glance -p glance
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 25
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [glance]> ^DBye
[root@controller ~]# . admin-openrc
[root@controller ~]# openstack user create --domain default --password glance glance
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 44aa3c74435f4199a31e4bc7e14f7bcc |
| enabled | True |
| id | a786d0ad640341e8b1d3654c4829cfa9 |
| name | glance |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project service --user glance admin
[root@controller ~]# openstack service create --name glance \
> --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 79aa6a3b70934b2c86e4e71e8f6528d7 |
| name | glance |
| type | image |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3a26c1ce298a4aacb8ac93597a1d4a6d |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 79aa6a3b70934b2c86e4e71e8f6528d7 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 9d23130476f04a628b2de31104ae39b8 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 79aa6a3b70934b2c86e4e71e8f6528d7 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 9dcdab85300b42cfb2cfacfb7db6808c |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 79aa6a3b70934b2c86e4e71e8f6528d7 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+[root@controller ~]# yum install openstack-glance
[root@controller ~]# vim /etc/glance/glance-api.conf
[database]
...
connection = mysql+pymysql://glance:glance@controller/glance
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
...
flavor = keystone
[glance_store]
...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[root@controller ~]# vim /etc/glance/glance-registry.conf
[database]
...
connection = mysql+pymysql://glance:glance@controller/glance
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
...
flavor = keystone
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
Option "verbose" from group "DEFAULT" is deprecated for removal. Its value may be silently ignored in the future.
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1056: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade
expire_on_commit=expire_on_commit, _conf=conf)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `ix_image_properties_image_id_name`. This is deprecated and will be disallowed in a future release.')
result = self._query(query)
[root@controller ~]# systemctl enable openstack-glance-api.service \
> openstack-glance-registry.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-registry.service to /usr/lib/systemd/system/openstack-glance-registry.service.
[root@controller ~]# systemctl start openstack-glance-api.service \
> openstack-glance-registry.service
[root@controller ~]# systemctl start openstack-glance-api.service \
> openstack-glance-registry.service
[root@controller ~]# . admin-openrc
[root@controller ~]# openstack image create "cirros" --file cirros-0.3.5-x86_64-disk.img --disk-format qcow2 --container-format bare --public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | f8ab98ff5e73ebab884d80c9dc9c7290 |
| container_format | bare |
| created_at | 2018-10-30T06:25:11Z |
| disk_format | qcow2 |
| file | /v2/images/9b3665bb-a4e3-448d-a6d5-d9382422d66a/file |
| id | 9b3665bb-a4e3-448d-a6d5-d9382422d66a |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | cd88dc37ddd8496fa7ec984ac247d352 |
| protected | False |
| schema | /v2/schemas/image |
| size | 13267968 |
| status | active |
| tags | |
| updated_at | 2018-10-30T06:25:11Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 9b3665bb-a4e3-448d-a6d5-d9382422d66a | cirros | active |
+--------------------------------------+--------+--------+[root@controller ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 33
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE nova_api;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE nova;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
-> IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> ^DBye
[root@controller ~]# . admin-openrc
[root@controller ~]# openstack user create --domain default \
> --password nova nova
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 44aa3c74435f4199a31e4bc7e14f7bcc |
| enabled | True |
| id | 60cceb86ecda483ab0cb2b5361947b1d |
| name | nova |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project service --user nova admin
[root@controller ~]# openstack service create --name nova \
> --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 7a70b9ce04ff4860862b1a82af8aa64a |
| name | nova |
| type | compute |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute public http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 7365e8a93b5940388bd1654ac6d5b4a7 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 7a70b9ce04ff4860862b1a82af8aa64a |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+[root@controller ~]# openstack endpoint create --region RegionOne \
> compute internal http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 4cc642873cbf46b6a5287d1b49220cff |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 7a70b9ce04ff4860862b1a82af8aa64a |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute admin http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 613ee0e9cfa54c49b216300ce9c6b61b |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 7a70b9ce04ff4860862b1a82af8aa64a |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor \
> openstack-nova-console openstack-nova-novncproxy \
> openstack-nova-scheduler
[root@controller ~]# vim /etc/nova/nova.conf
[DEFAULT]
...
enabled_apis = osapi_compute,metadata
[api_database]
...
connection = mysql+pymysql://nova:nova@controller/nova_api
[database]
...
connection = mysql+pymysql://nova:nova@controller/nova
[DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password =openstack
[DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
[DEFAULT]
...
my_ip = 172.25.20.14
[DEFAULT]
...
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
...
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
...
api_servers = http://controller:9292
[oslo_concurrency]
...
lock_path = /var/lib/nova/tmp[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
[root@controller ~]# systemctl enable openstack-nova-api.service \
> openstack-nova-consoleauth.service openstack-nova-scheduler.service \
> openstack-nova-conductor.service openstack-nova-novncproxy.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-api.service to /usr/lib/systemd/system/openstack-nova-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-consoleauth.service to /usr/lib/systemd/system/openstack-nova-consoleauth.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-scheduler.service to /usr/lib/systemd/system/openstack-nova-scheduler.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-conductor.service to /usr/lib/systemd/system/openstack-nova-conductor.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-novncproxy.service to /usr/lib/systemd/system/openstack-nova-novncproxy.service.
[root@controller ~]# systemctl start openstack-nova-api.service \
> openstack-nova-consoleauth.service openstack-nova-scheduler.service \
> openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller yum.repos.d]# openstack compute service list
[root@controller yum.repos.d]# scp openstack.repo compute1:/etc/yum.repos.d/
+----+----------------+------------+----------+---------+-------+-----------------+
| Id | Binary | Host | Zone | Status | State | Updated At |
+----+----------------+------------+----------+---------+-------+-----------------+
| 1 | nova-conductor | controller | internal | enabled | up | 2018-10-30T07:2 |
| | | | | | | 3:23.000000 |
| 2 | nova- | controller | internal | enabled | up | 2018-10-30T07:2 |
| | consoleauth | | | | | 3:23.000000 |
| 3 | nova-scheduler | controller | internal | enabled | up | 2018-10-30T07:2 |
| | | | | | | 3:24.000000 |
+----+----------------+------------+----------+---------+-------+-----------------+
Compute1:
[root@server15 ~]# hostnamectl set-hostname compute1
[root@server15 network-scripts]# vim ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=172.25.20.15
PREFIX=24
GATEWAY=172.25.20.250
DNS1=114.114.114.114
[root@server15 network-scripts]# cp ifcfg-eth0 ifcfg-eth1
[root@server15 network-scripts]# vim ifcfg-eth1
DEVICE=eth1
ONBOOT=yes
BOOTPROTO=none
[root@server15 network-scripts]# ifup eth1
[root@server15 network-scripts]# vim /etc/chrony.conf
server 172.25.20.250 iburst
[root@server15 network-scripts]# systemctl restart chronyd.service
[root@server15 network-scripts]# chronyc sources -v
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 172.25.20.250 4 6 17 26 -743ns[ -313us] +/- 45ms
[root@server15 network-scripts]# yum install openstack-nova-compute
[root@compute1 ~]# vim /etc/nova/nova.conf
[DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
[DEFAULT]
...
my_ip = 172.25.20.15
[DEFAULT]
...
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
...
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[glance]
...
api_servers = http://controller:9292
[oslo_concurrency]
...
lock_path = /var/lib/nova/tmp
[libvirt]
...
virt_type = qemu
[root@compute1 ~]# systemctl enable libvirtd.service openstack-nova-compute.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service to /usr/lib/systemd/system/openstack-nova-compute.service.
[root@compute1 ~]# systemctl start libvirtd.service openstack-nova-compute.service
Controller:
[root@controller yum.repos.d]# openstack compute service list
+----+----------------+------------+----------+---------+-------+-----------------+
| Id | Binary | Host | Zone | Status | State | Updated At |
+----+----------------+------------+----------+---------+-------+-----------------+
| 1 | nova-conductor | controller | internal | enabled | up | 2018-10-30T07:2 |
| | | | | | | 8:33.000000 |
| 2 | nova- | controller | internal | enabled | up | 2018-10-30T07:2 |
| | consoleauth | | | | | 8:34.000000 |
| 3 | nova-scheduler | controller | internal | enabled | up | 2018-10-30T07:2 |
| | | | | | | 8:34.000000 |
| 6 | nova-compute | compute1 | nova | enabled | up | 2018-10-30T07:2 |
| | | | | | | 8:40.000000 |
+----+----------------+------------+----------+---------+-------+-----------------+
[root@controller yum.repos.d]# mysql -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 53
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE neutron;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
-> IDENTIFIED BY 'neutron';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> Ctrl-C -- exit!
Aborted
[root@controller yum.repos.d]# openstack user create --domain default --password neutron neutron
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 44aa3c74435f4199a31e4bc7e14f7bcc |
| enabled | True |
| id | 8366815c874b4c46af38e4ce89182b7e |
| name | neutron |
+-----------+----------------------------------+
[root@controller yum.repos.d]# openstack role add --project service --user neutron admin
[root@controller yum.repos.d]# openstack service create --name neutron \
> --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 5dc83fd5799a4bfdbcef9a8f27344835 |
| name | neutron |
| type | network |
+-------------+----------------------------------+
[root@controller yum.repos.d]# openstack endpoint create --region RegionOne \
> network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | c3763200b1d743d8abe2d591b8a8735f |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 5dc83fd5799a4bfdbcef9a8f27344835 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller yum.repos.d]# openstack endpoint create --region RegionOne \
> network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b3cb8e0d893c4bc293361123585e6f5b |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 5dc83fd5799a4bfdbcef9a8f27344835 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller yum.repos.d]# openstack endpoint create --region RegionOne \
> network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 8a853675af9a41e4b68c12fda8b44b38 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 5dc83fd5799a4bfdbcef9a8f27344835 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller yum.repos.d]# yum install openstack-neutron openstack-neutron-ml2 \
> openstack-neutron-linuxbridge ebtables
[root@controller yum.repos.d]# vim /etc/neutron/neutron.conf
[database]
...
connection = mysql+pymysql://neutron:neutron@controller/neutron
[DEFAULT]
...
core_plugin = ml2
service_plugins =
[DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[DEFAULT]
...
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
[nova]
...
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_concurrency]
...
lock_path = /var/lib/neutron/tmp
[root@controller yum.repos.d]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
...
type_drivers = flat,vlan
[ml2]
...
tenant_network_types =
[ml2]
...
mechanism_drivers = linuxbridge
[ml2]
...
extension_drivers = port_security
[ml2_type_flat]
...
flat_networks = provider
[securitygroup]
...
enable_ipset = True
[root@controller yum.repos.d]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1
[vxlan]
enable_vxlan = False
[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[root@controller yum.repos.d]# vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
[root@controller yum.repos.d]# vim /etc/neutron/metadata_agent.ini
[DEFAULT]
...
nova_metadata_ip = controller
metadata_proxy_shared_secret =westos[root@controller yum.repos.d]# vim /etc/nova/nova.conf
[neutron]
...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = True
metadata_proxy_shared_secret = westos
[root@controller yum.repos.d]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@controller yum.repos.d]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
> --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
[root@controller ~]# systemctl restart openstack-nova-api.service
[root@controller yum.repos.d]# systemctl enable neutron-server.service \
> neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
> neutron-metadata-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-server.service to /usr/lib/systemd/system/neutron-server.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-dhcp-agent.service to /usr/lib/systemd/system/neutron-dhcp-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service to /usr/lib/systemd/system/neutron-metadata-agent.service.
[root@controller yum.repos.d]# systemctl start neutron-server.service \
> neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
> neutron-metadata-agent.service
Compute1:
[root@compute1 ~]# yum install openstack-neutron-linuxbridge ebtables ipset
[root@compute1 ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password =openstack
[DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[oslo_concurrency]
...
lock_path = /var/lib/neutron/tmp
[root@compute1 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1
[vxlan]
enable_vxlan = False
[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver[root@compute1 ~]# vim /etc/nova/nova.conf
[neutron]
...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
[root@compute1 ~]# systemctl restart openstack-nova-compute.service
[root@compute1 ~]# systemctl start neutron-linuxbridge-agent.service
[root@compute1 ~]# systemctl enable neutron-linuxbridge-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
Controller:
[root@controller yum.repos.d]# neutron ext-list
+---------------------------+-----------------------------------------------+
| alias | name |
+---------------------------+-----------------------------------------------+
| default-subnetpools | Default Subnetpools |
| availability_zone | Availability Zone |
| network_availability_zone | Network Availability Zone |
| auto-allocated-topology | Auto Allocated Topology Services |
| binding | Port Binding |
| agent | agent |
| subnet_allocation | Subnet Allocation |
| dhcp_agent_scheduler | DHCP Agent Scheduler |
| tag | Tag support |
| external-net | Neutron external network |
| net-mtu | Network MTU |
| network-ip-availability | Network IP Availability |
| quotas | Quota management support |
| provider | Provider Network |
| multi-provider | Multi Provider Network |
| address-scope | Address scope |
| timestamp_core | Time Stamp Fields addition for core resources |
| extra_dhcp_opt | Neutron Extra DHCP opts |
| security-group | security-group |
| rbac-policies | RBAC Policies |
| standard-attr-description | standard-attr-description |
| port-security | Port Security |
| allowed-address-pairs | Allowed Address Pairs |
+---------------------------+-----------------------------------------------+[root@controller yum.repos.d]# neutron agent-list
+------------+------------+------------+-------------------+-------+----------------+------------+
| id | agent_type | host | availability_zone | alive | admin_state_up | binary |
+------------+------------+------------+-------------------+-------+----------------+------------+
| 5db80b7d-6 | Linux | compute1 | | :-) | True | neutron-li |
| 334-4057-8 | bridge | | | | | nuxbridge- |
| 914-ad56c6 | agent | | | | | agent |
| 310e45 | | | | | | |
| 6ecbf569-f | Linux | controller | | :-) | True | neutron-li |
| 92d-4598 | bridge | | | | | nuxbridge- |
| -8d3b-2281 | agent | | | | | agent |
| 2c207492 | | | | | | |
| 776aa486-2 | DHCP agent | controller | nova | :-) | True | neutron- |
| c4f-4264 | | | | | | dhcp-agent |
| -94dc-9b6d | | | | | | |
| a21c7849 | | | | | | |
| 7f69641d-e | Metadata | controller | | :-) | True | neutron- |
| d53-46a4-8 | agent | | | | | metadata- |
| a52-3a25a5 | | | | | | agent |
| 1c931d | | | | | | |
+------------+------------+------------+-------------------+-------+----------------+------------+
[root@controller ~]# . admin-openrc
[root@controller ~]# neutron net-create --shared --provider:physical_network provider \
> --provider:network_type flat provider
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2018-10-30T08:49:51 |
| description | |
| id | 81dab882-0535-470f-9ee9-8f827084cbe4 |
| ipv4_address_scope | |
| ipv6_address_scope | |
| mtu | 1500 |
| name | provider |
| port_security_enabled | True |
| provider:network_type | flat |
| provider:physical_network | provider |
| provider:segmentation_id | |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| tenant_id | cd88dc37ddd8496fa7ec984ac247d352 |
| updated_at | 2018-10-30T08:49:51 |
+---------------------------+--------------------------------------+
[root@controller ~]# neutron subnet-create --name provider \
> --allocation-pool start=START_IP_ADDRESS,end=END_IP_ADDRESS \
> --dns-nameserver DNS_RESOLVER --gateway PROVIDER_NETWORK_GATEWAY \
> provider PROVIDER_NETWORK_CIDR^C
[root@controller ~]# neutron subnet-create --name provider --allocation-pool start=172.25.20.100,end=172.25.20.200 --dns-nameserver 114.114.114.114 --gateway 172.25.20.250 provider 172.25.20.0/24
Created a new subnet:
+-------------------+----------------------------------------------------+
| Field | Value |
+-------------------+----------------------------------------------------+
| allocation_pools | {"start": "172.25.20.100", "end": "172.25.20.200"} |
| cidr | 172.25.20.0/24 |
| created_at | 2018-10-30T08:52:01 |
| description | |
| dns_nameservers | 114.114.114.114 |
| enable_dhcp | True |
| gateway_ip | 172.25.20.250 |
| host_routes | |
| id | 7445ff9d-f85a-49bf-9988-a0c44458a9b7 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | provider |
| network_id | 81dab882-0535-470f-9ee9-8f827084cbe4 |
| subnetpool_id | |
| tenant_id | cd88dc37ddd8496fa7ec984ac247d352 |
| updated_at | 2018-10-30T08:52:01 |
+-------------------+----------------------------------------------------+
[root@controller ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
+----------------------------+---------+
| Field | Value |
+----------------------------+---------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 1 |
| id | 0 |
| name | m1.nano |
| os-flavor-access:is_public | True |
| ram | 64 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+---------+
[root@controller ~]# . demo-openrc
[root@controller ~]# ssh-keygen -q -N ""
Enter file in which to save the key (/root/.ssh/id_rsa):
[root@controller ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+-------------+-------------------------------------------------+
| Field | Value |
+-------------+-------------------------------------------------+
| fingerprint | a9:08:60:a5:76:a9:9b:7c:a3:8f:c5:4a:c2:cd:ee:c2 |
| name | mykey |
| user_id | fc364a2a902f45caa98f7ce9dfcc5a0a |
+-------------+-------------------------------------------------+
[root@controller ~]# openstack keypair list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | a9:08:60:a5:76:a9:9b:7c:a3:8f:c5:4a:c2:cd:ee:c2 |
+-------+-------------------------------------------------+
[root@controller ~]# openstack security group rule create --proto icmp default
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| id | 7618980f-8cbc-4691-b5b8-5f7823040c5e |
| ip_protocol | icmp |
| ip_range | 0.0.0.0/0 |
| parent_group_id | 325c4583-53c2-4a31-9d4c-322ba44b38bc |
| port_range | |
| remote_security_group | |
+-----------------------+--------------------------------------+
[root@controller ~]# openstack security group rule create --proto tcp --dst-port 22 default
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| id | 60736e4d-6669-4a79-992f-3f6d5d0a6659 |
| ip_protocol | tcp |
| ip_range | 0.0.0.0/0 |
| parent_group_id | 325c4583-53c2-4a31-9d4c-322ba44b38bc |
| port_range | 22:22 |
| remote_security_group | |
+-----------------------+--------------------------------------+
[root@controller ~]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
+----+-----------+-------+------+-----------+-------+-----------+
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 9b3665bb-a4e3-448d-a6d5-d9382422d66a | cirros | active |
+--------------------------------------+--------+--------+
[root@controller ~]# openstack network list
+------------------------------------+----------+-------------------------------------+
| ID | Name | Subnets |
+------------------------------------+----------+-------------------------------------+
| 81dab882-0535-470f- | provider | 7445ff9d-f85a- |
| 9ee9-8f827084cbe4 | | 49bf-9988-a0c44458a9b7 |
+------------------------------------+----------+-------------------------------------+
[root@controller ~]# openstack security group list
+------------------------+---------+------------------------+-------------------------+
| ID | Name | Description | Project |
+------------------------+---------+------------------------+-------------------------+
| 325c4583-53c2-4a31 | default | Default security group | aa9c83ff3417418fa4e9216 |
| -9d4c-322ba44b38bc | | | 94db22ef5 |
+------------------------+---------+------------------------+-------------------------+
[root@controller ~]# openstack server create --flavor m1.tiny --image cirros \
> --nic net-id=PROVIDER_NET_ID --security-group default \
> --key-name mykey provider-instance^C
[root@controller ~]# openstack server create --flavor m1.nano --image cirros --nic net-id=81dab882-0535-470f-9ee9-8f827084cbe4 --security-group default --key-name mykey provider-instance
+--------------------------------------+----------------------------------------------+
| Field | Value |
+--------------------------------------+----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | oZjVVjNEs8ZV |
| config_drive | |
| created | 2018-10-30T08:57:32Z |
| flavor | m1.nano (0) |
| hostId | |
| id | 0dbdd497-ae5a-4ef5-aac0-565ae7daf808 |
| image | cirros (9b3665bb-a4e3-448d- |
| | a6d5-d9382422d66a) |
| key_name | mykey |
| name | provider-instance |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| project_id | aa9c83ff3417418fa4e921694db22ef5 |
| properties | |
| security_groups | [{u'name': u'default'}] |
| status | BUILD |
| updated | 2018-10-30T08:57:33Z |
| user_id | fc364a2a902f45caa98f7ce9dfcc5a0a |
+--------------------------------------+----------------------------------------------+
[root@controller ~]# openstack server list
+---------------------------+-------------------+--------+------------------------+
| ID | Name | Status | Networks |
+---------------------------+-------------------+--------+------------------------+
| 0dbdd497-ae5a- | provider-instance | ACTIVE | provider=172.25.20.101 |
| 4ef5-aac0-565ae7daf808 | | | |
+---------------------------+-------------------+--------+------------------------+
[root@controller ~]# openstack console url show provider-instance
+-------+-----------------------------------------------------------------------------+
| Field | Value |
+-------+-----------------------------------------------------------------------------+
| type | novnc |
| url | http://controller:6080/vnc_auto.html?token=d0f26ca3-5771-417b- |
| | 88b7-f3019f288879 |
+-------+-----------------------------------------------------------------------------+
Compute1:
[root@compute1 ~]# cd qemu/
[root@compute1 qemu]# ls
libcacard-2.5.2-2.1.el7.x86_64.rpm
qemu-img-ev-2.6.0-28.el7.10.1.x86_64.rpm
qemu-kvm-common-ev-2.6.0-28.el7.10.1.x86_64.rpm
qemu-kvm-ev-2.6.0-28.el7.10.1.x86_64.rpm
[root@compute1 qemu]# yum install * -y
[root@compute1 qemu]# vim /etc/nova/nova.conf
[libvirt]
virt_type = qemu
cpu_mode = none[root@compute1 qemu]# systemctl restart openstack-nova-compute.service
[root@controller ~]# . admin-openrc
[root@controller ~]# openstack-status
[root@controller ~]# yum install openstack-dashboard
[root@controller ~]# vim /etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*', ]
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_': False,
'enable_fip_topology_check': False,
}
TIME_ZONE = "Asia/Shanghai"
[root@controller ~]# systemctl restart httpd.service memcached.service
[root@controller ~]# vim /etc/openstack-dashboard/local_settings
[root@controller ~]# cd /etc/httpd/conf.d/openstack-dashboard.conf
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*', ]
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_': False,
'enable_fip_topology_check': False,
}
TIME_ZONE = "TIME_ZONE"[root@controller ~]# systemctl restart httpd.service memcached.service
[root@controller conf.d]# vim /etc/neutron/neutron.conf
[DEFAULT]
...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
[root@controller conf.d]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
...
type_drivers = flat,vlan,vxlan
[ml2]
...
tenant_network_types = vxlan
[ml2]
...
mechanism_drivers = linuxbridge,l2population
[ml2]
...
extension_drivers = port_security
[ml2_type_flat]
...
flat_networks = provider
[ml2_type_vxlan]
...
vni_ranges = 1:1000
[securitygroup]
...
enable_ipset = True[root@controller conf.d]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[vxlan]
enable_vxlan = True
local_ip = 172.25.20.14
l2_population = True
[root@controller conf.d]# vim /etc/neutron/l3_agent.ini
[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =[root@controller conf.d]# systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service
[root@controller conf.d]# systemctl enable neutron-l3-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-l3-agent.service to /usr/lib/systemd/system/neutron-l3-agent.service.
[root@controller conf.d]# systemctl start neutron-l3-agent.service
[root@controller conf.d]# vim /etc/openstack-dashboard/local_settings
OPENSTACK_NEUTRON_NETWORK = {
'enable_router': True,
'enable_quotas': True,
'enable_ipv6': True,
'enable_distributed_router': True,
'enable_ha_router': True,
'enable_lb': True,
'enable_firewall': True,
'enable_': True,
'enable_fip_topology_check': True,
[root@controller conf.d]# systemctl restart httpd memcached
Compute1:
[root@compute1 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[vxlan]
enable_vxlan = True
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = True[root@compute1 ~]# systemctl restart neutron-linuxbridge-agent.service
[kiosk@foundation20 ~]$ ssh [email protected]
[email protected]'s password:
Last login: Wed Oct 31 15:25:13 2018
[root@localhost ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 5159552 806636 4090824 17% /
tmpfs 510188 0 510188 0% /dev/shm
[root@localhost ~]# chkconfig iptables off
[root@localhost ~]# vi /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted [root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
BOOTPROTO="dhcp"
ONBOOT="yes"
[root@localhost ~]# vi /etc/yum.repos.d/rhel-source.repo
[rhel-source]
name=Red Hat Enterprise Linux $releasever - $basearch - Source
baseurl=http://172.25.254.250/rhel6.5
enabled=1
gpgcheck=0
[cloud]
name=cloud-init
baseurl=http://172.25.254.250/pub/cloud-init/rhel6
gpgcheck=0
[root@localhost ~]# cd /boot/grub/
[root@localhost grub]# vi grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You do not have a /boot partition. This means that
# all kernel and initrd paths are relative to /, eg.
# root (hd0,0)
# kernel /boot/vmlinuz-version ro root=/dev/vda1
# initrd /boot/initrd-[generic-]version.img
#boot=/dev/vda
default=0
timeout=5
splashimage=(hd0,0)/boot/grub/splash.xpm.gz
hiddenmenu
title Red Hat Enterprise Linux (2.6.32-431.el6.x86_64)
root (hd0,0)
kernel /boot/vmlinuz-2.6.32-431.el6.x86_64 ro root=UUID=3ed9ad23-889c-401a-8c0d-a045d9720bfa rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM console=tty0 console=ttyS0,115200n8 nopcid
initrd /boot/initramfs-2.6.32-431.el6.x86_64.img
[root@localhost grub]# yum install -y acpid-*
[root@localhost boot]# yum install -y dracut-modules-*
[root@localhost boot]# dracut -f
[root@localhost boot]# poweroff
[root@foundation20 kiosk]# cd /var/lib/libvirt/images/
[root@foundation20 images]# virt-sysprep -d test
[root@foundation20 images]# virt-sparsify --compress test.qcow2 /var/www/html/test.qcow2
[root@controller ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 56
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE cinder;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \
-> IDENTIFIED BY 'cinder';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> Ctrl-C -- exit!
[root@controller ~]# . admin-openrc
[root@controller ~]# openstack user create --domain default --password-prompt cinder
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 44aa3c74435f4199a31e4bc7e14f7bcc |
| enabled | True |
| id | 7c514f4b8554444fb26c86bdc6adf607 |
| name | cinder |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project service --user cinder admin
[root@controller ~]# openstack service create --name cinder \
> --description "OpenStack Block Storage" volume
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Block Storage |
| enabled | True |
| id | ee7df30bcd8345ac8f4ef93398fe8627 |
| name | cinder |
| type | volume |
+-------------+----------------------------------+
[root@controller ~]# openstack service create --name cinderv2 \
> --description "OpenStack Block Storage" volumev2
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Block Storage |
| enabled | True |
| id | 9b96468c858f408bbe30920ba9e090ae |
| name | cinderv2 |
| type | volumev2 |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> volume public http://controller:8776/v1/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | de0cb91938f846dabbb187f59a369e0e |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ee7df30bcd8345ac8f4ef93398fe8627 |
| service_name | cinder |
| service_type | volume |
| url | http://controller:8776/v1/%(tenant_id)s |
+--------------+-----------------------------------------+[root@controller ~]# openstack endpoint create --region RegionOne \
> volume internal http://controller:8776/v1/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | f3ced139205b4738ae7bd6df651f007f |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ee7df30bcd8345ac8f4ef93398fe8627 |
| service_name | cinder |
| service_type | volume |
| url | http://controller:8776/v1/%(tenant_id)s |
+--------------+-----------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> volume admin http://controller:8776/v1/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | b09c3f30d0614e10ad3b0ad04a40e8f7 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ee7df30bcd8345ac8f4ef93398fe8627 |
| service_name | cinder |
| service_type | volume |
| url | http://controller:8776/v1/%(tenant_id)s |
+--------------+-----------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> volumev2 public http://controller:8776/v2/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | 6ed1c2fc82cd4662be29a8b02913b00f |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9b96468c858f408bbe30920ba9e090ae |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://controller:8776/v2/%(tenant_id)s |
+--------------+-----------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> volumev2 internal http://controller:8776/v2/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | 9b76a47e616d440eb85e4ffcb40c2a32 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9b96468c858f408bbe30920ba9e090ae |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://controller:8776/v2/%(tenant_id)s |
+--------------+-----------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> volumev2 admin http://controller:8776/v2/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | a6d31064a0a948f7b9e2c17a85630d5f |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9b96468c858f408bbe30920ba9e090ae |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://controller:8776/v2/%(tenant_id)s |
+--------------+-----------------------------------------+
[root@controller ~]# yum install openstack-cinder
[root@controller ~]# vim /etc/cinder/cinder.conf
[database]
...
connection = mysql+pymysql://cinder:cinder@controller/cinder
[DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = cinder
[DEFAULT]
...
my_ip = 172.25.20.14
[oslo_concurrency]
...
lock_path = /var/lib/cinder/tmp
[root@controller ~]# su -s /bin/sh -c "cinder-manage db sync" cinder
[root@controller ~]# vim /etc/nova/nova.conf
[cinder]
os_region_name = RegionOne[root@controller ~]# systemctl restart openstack-nova-api.service
[root@controller ~]# systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-cinder-api.service to /usr/lib/systemd/system/openstack-cinder-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-cinder-scheduler.service to /usr/lib/systemd/system/openstack-cinder-scheduler.service.
[root@controller ~]# systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
[root@controller ~]# yum install lvm2
[root@controller ~]# systemctl enable lvm2-lvmetad.service
Created symlink from /etc/systemd/system/sysinit.target.wants/lvm2-lvmetad.service to /usr/lib/systemd/system/lvm2-lvmetad.service.
[root@controller ~]# systemctl start lvm2-lvmetad.service
[root@controller ~]# fdisk -l
Disk /dev/vdb: 21.5 GB, 21474836480 bytes, 41943040 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
[root@controller ~]# pvcreate /dev/vdb
Physical volume "/dev/vdb" successfully created.
[root@controller ~]# vgcreate cinder-volumes /dev/vdb
Volume group "cinder-volumes" successfully created
[root@controller ~]# vim /etc/lvm/lvm.conf
devices {
filter = [ "a/vda/", "a/vdb/", "r/.*/"][root@controller ~]# systemctl restart lvm2-lvmetad.service
[root@controller ~]# yum install openstack-cinder targetcli python-keystone
[root@controller ~]# vim /etc/cinder/cinder.conf
[database]
...
connection = mysql+pymysql://cinder:cinder@controller/cinder
[DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = cinder
[DEFAULT]
...
my_ip = 172.25.20.14
[lvm]
...
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm
[DEFAULT]
...
enabled_backends = lvm[root@controller ~]# systemctl enable openstack-cinder-volume.service target.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-cinder-volume.service to /usr/lib/systemd/system/openstack-cinder-volume.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/target.service to /usr/lib/systemd/system/target.service.
[root@controller ~]# systemctl start openstack-cinder-volume.service target.service
[root@controller ~]# . admin-openrc
[root@controller ~]# cinder service-list
+------------------+----------------+------+---------+-------+----------------------------+-----------------+
| Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |
+------------------+----------------+------+---------+-------+----------------------------+-----------------+
| cinder-scheduler | controller | nova | enabled | up | 2018-11-01T02:31:58.000000 | - |
| cinder-volume | controller@lvm | nova | enabled | up | 2018-11-01T02:31:58.000000 | - |
+------------------+----------------+------+---------+-------+----------------------------+-----------------+
[root@controller ~]# ssh [email protected]
[cloud-user@vm3 ~]$ su - root
Password:
[root@vm3 ~]# fdisk -l
Disk /dev/vda: 10.7 GB, 10737418240 bytes
181 heads, 40 sectors/track, 2896 cylinders
Units = cylinders of 7240 * 512 = 3706880 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000a4558
Device Boot Start End Blocks Id System
/dev/vda1 * 1 2896 10482496 83 Linux
Disk /dev/vdb: 5368 MB, 5368709120 bytes
16 heads, 63 sectors/track, 10402 cylinders
Units = cylinders of 1008 * 512 = 516096 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000[root@vm3 ~]# mkdir /mydisk
[root@vm3 ~]# mount /dev/vdb /mydisk/
[root@vm3 ~]# cd /mydisk/
[root@vm3 mydisk]# ls
lost+found
[root@vm3 mydisk]# cp /etc/* .
[root@vm3 ~]# umount /mydisk/
[root@vm3 ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10317944 866752 8927184 9% /
tmpfs 251068 0 251068 0% /dev/shm
/dev/vdb 5160576 142276 4756156 3% /mydisk
[root@vm3 ~]# fdisk -l
Disk /dev/vda: 10.7 GB, 10737418240 bytes
181 heads, 40 sectors/track, 2896 cylinders
Units = cylinders of 7240 * 512 = 3706880 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000a4558
Device Boot Start End Blocks Id System
/dev/vda1 * 1 2896 10482496 83 Linux
Disk /dev/vdb: 10.7 GB, 10737418240 bytes
16 heads, 63 sectors/track, 20805 cylinders
Units = cylinders of 1008 * 512 = 516096 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000
[root@vm3 ~]# resize2fs /dev/vdb
resize2fs 1.41.12 (17-May-2010)
Filesystem at /dev/vdb is mounted on /mydisk; on-line resizing required
old desc_blocks = 1, new_desc_blocks = 1
Performing an on-line resize of /dev/vdb to 2621440 (4k) blocks.
The filesystem on /dev/vdb is now 2621440 blocks long.
[root@vm3 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/vda1 9.9G 847M 8.6G 9% /
tmpfs 246M 0 246M 0% /dev/shm
/dev/vdb 9.9G 141M 9.3G 2% /mydisk