Centos7.1+Openstack-L版本安装笔记
Centos7.1+Openstack-L版本安装笔记
公司想上open stack ,所以花费来一周时间去学习。整理了份安装文档,也算自我的一个总结吧。这个文档我已亲测,能顺利安装。
1. 准备工作
2. 硬件设备准备
2.1笔记本电脑一台,CPU支持VT,内存>=4G,可用磁盘空间大于50G。
2.2安装VirtualBox 或VMWARE workstation虚拟机软件。
2.3安装好两台CentOS-7-x86_64的虚拟机。
2.4节点1主机名:openstack-node1节点2主机名:openstack-node2
3. 下载CentOS-7-x86_64镜像地址: http://mirrors.aliyun.com/
4. 安装CentOS-7-x86_64选择最小化安装就可以了。
5. 进入页面是终端模式,使用ifconfig检查是否有分配ip。
6. 如果没有分配ip,
使用vim /etc/sysconfig/network-scripts/ifcfg-eno16777736(自动产生的)
修改NOBOOT=no 为NOBOOT=yes
7. 使用systemctl restart network重启网卡
8. 使用ifconfig查看生成的网卡
9. 使用route-n查看GATEWAY
10. 配置静态IP
使用vim /etc/sysconfig/network-scripts/ifcfg-eno16777736
BOOTPROTO=dhcp修改为BOOTPROTO=static
添加:
IPADDR=172.16.157.32(自己定义的IP)
NETMASK=255.255.255.0(route –n 查看)
GATEWAY=172.16.157.2(route –n 查看)
重启网卡:systemctl restart network
查看是否生效:ifconfig
配置nameserver解析主机名:vi /etc/resolv.conf
nameserver 172.16.157.2(GATEWAY)
检查能否上网:ping www.baidu.com
11. 关闭防火墙:systemctl stop firewalld.service
12. 开机关闭防火墙:systemctl disable firewalld.service
13. 设置主机名:hostnamectl set-hostname openstack-node1
14. 查看是否设置成功:hostnamectl status
15. 关闭selinux: vi /etc/sysconfig/selinux
修改: SELINUX=disabled
16. 配置ip与主机的关联:vi /etc/hosts
172.16.157.32 openstack-node1 openstack-node1.openstack.com(长域名)
测试是否设置成功:ping openstack-node1
17. 配置时间同步,先下载:yum install chrony
18. 修改配置文件:vi /etc/chrony.conf
19. 打开allow 192.168/16—2r--注释
20. 设置开机启动:systemctl enable chronyd.service
21. 启动:systemctl start chronyd.service
22. 设置时区:timedatectl set-timezone Asia/Shanghai
23. 测试时间是否正常:date
准备工作到此结束,下面开始软件的安装
24. 安装mysql:yum install mariadb mariadb-server MySQL-python
25. 将yum下载的配置文件覆盖etc下面的:
cp /usr/share/mysql/my-medium.cnf /etc/my.cnf
26.修改/etc/my.cnf文件:vi /etc/my.cnf
在[mysqld]下添加几个mysql参数
[mysqld]
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
26. 设置mysql开机启动:systemctl enable mariadb.service
27. 启动mysql:systemctl start mariadb.service
28. 设置mysql的root密码:mysql_secure_installation
29. 第一个回车,第二设置密码,后面的全部选择Y
30. 登录mysql:mysql -u root –p
31. 在mysql里创建openstack里相关服务的数据库,并授权
32. 创建5个服务的数据库
CREATE DATABASE keystone;
CREATE DATABASE glance;
CREATE DATABASE neutron;
CREATE DATABASE nova;
CREATE DATABASE cinder;
为数据库授权:
keystone
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
cinder
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';
glance
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
neutron
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
nova
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
32-1: .启用epel存储库
yum install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
33.安装rabbitmq-server: yum install rabbitmq-server
33.将rabbitmq-server加入开机启动:
systemctl enable rabbitmq-server.service
34.启动rabbitmq-server:
35.systemctl start rabbitmq-server.service
36.创建一个rabbitmq用户:用户名openstack密码openstack
rabbitmqctl add_user openstack openstack
37.查看rabbitmq启动端口(5672):netstat –netlp
38.为用户设置权限:
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
39.添加rabbitmq的web插件:
rabbitmq-plugins enable rabbitmq_management
40.启动rabbitmq的web插件(监控5567端口)
systemctl restart rabbitmq-server.service
41.查看是否启动成功(15672):netstat –netlp
42.访问rabbitmqweb页面
http://172.16.157.32:15672
43.使创建的rabbitmq的openstack用户能登录rabbitmqweb
点击openstack用户在新的页面找到update this user
退出重新登录测试设置成功
43-1.用yum下载rpm openstack库(liberty是openstack一个新的版本)
yum install centos-release-openstack-liberty
44.下载keystone安装的rpm包和相关软件
yum install openstack-keystone httpd mod_wsgi \ memcached python-memcached
45.设置memcached开机启动:
systemctl enable memcached.service
46.启动memcached端口号(1121)
systemctl start memcached.service
49.升级yum包:yum upgrade
50.安装openstack客服端
yum install python-openstackclient
51.安装openstack-selinux自动管理安全openstack服务政策
yum install openstack-selinux
54.启动Memcached服务,并设置开机启动
systemctl enable memcached.service
systemctl start memcached.service
55.编辑keystone的配置文件vi /etc/keystone/keystone.conf文件
56.通过vi编辑器查找下面的变量值,进行修改。如果值不需要修改就将注释打开共8处—修改完后使用grep ‘^[a-z]’ /etc/keystone/keystone.conf查看修改是否正确
admin_token = 36efb5b1f50202a52c6f—12r—需要一个命令获取一个随值
命令为: openssl rand -hex 10
debug = true—101r
verbose = true—107r
connection=mysql://keystone:[email protected]/keystone —495r—配置mysql链接
servers = 172.16.157.32:11211 —1305r—配置memcache服务在[memcache]下面
driver = sql —1710r—配置
provider = uuid —1903r—配置uuid标记在[token]下面
driver = memcache—1908—配置提供者在[token]下面
57.同步keyston数据库—会后报错信息:
No handlers could be found for logger "oslo_config.cfg"可以忽略,以后的同步也如此
su -s /bin/sh -c "keystone-manage db_sync" keystone
58.由于使用apache http服务器启动keystone所以要配置ServerName
使用命令vi /etc/httpd/conf/httpd.conf打开文件
ServerName 172.16.157.32:80—95r—ip是自己的静态ip
59.创建apcache服务启动文件使用命令:
vi /etc/httpd/conf.d/wsgi-keystone.conf
输入的内容为:
Listen 5000 Listen 35357 WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public WSGIScriptAlias / /usr/bin/keystone-wsgi-public WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On = 2.4> ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined = 2.4> Require all granted Order allow,deny Allow from all WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-admin WSGIScriptAlias / /usr/bin/keystone-wsgi-admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On = 2.4> ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined = 2.4> Require all granted Order allow,deny Allow from all
60.配置apache http启动服务设置开机启动和启动
systemctl enable httpd.service
systemctl start httpd.service
61.配置身份验证令牌:
export OS_TOKEN=294a4c8a8a475f9b9836——对应56步的admin_token的值
62.配置端点url:
export OS_URL=http://172.16.157.32:35357/v3--ip都为自己设置的静态IP
63.配置身份api版本:
export OS_IDENTITY_API_VERSION=3
64.创建一个keystone的服务,服务类型为identity(身份验证)
$openstack service create \
--name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Identity | | enabled | True | | id | 4ddaae90388b4ebc9d252ec2252d8d10 | | name | keystone | | type | identity | +-------------+----------------------------------+
65.创建一个公共访问endpoint
openstack endpoint create --region RegionOne \
identity public http://172.16.157.32:5000/v2.0
+--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 30fff543e7dc4b7d9a0fb13791b78bf4 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 8c8c0927262a45ad9066cfe70d46892c | | service_name | keystone | | service_type | identity | | url | http:// 172.16.157.32:5000/v2.0 |
66.创建一个内部访问endpoint
$openstack endpoint create --region RegionOne \
identity internal http://172.16.157.32:5000/v2.0
+--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 57cfa543e7dc4b712c0ab137911bc4fe | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 6f8de927262ac12f6066cfe70d99ac51 | | service_name | keystone | | service_type | identity | | url | http:// 172.16.157.32:5000/v2.0 | +--------------+----------------------------------+
67.创建一个admin访问的endpoint
$openstack endpoint create --region RegionOne \
identity admin http://172.16.157.32:35357/v2.0
+--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 78c3dfa3e7dc44c98ab1b1379122ecb1 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 34ab3d27262ac449cba6cfe704dbc11f | | service_name | keystone | | service_type | identity | | url | http:// 172.16.157.32:35357/v2.0 | +--------------+----------------------------------+
68.创建一个admin项目
$ openstack project create --domain default \
--description "Admin Project" admin
----------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Admin Project | | domain_id | default | | enabled | True | | id | 343d245e850143a096806dfaefa9afdc | | is_domain | False | | name | admin | | parent_id | None | +-------------+----------------------------------+
69.创建一个admin用户
$openstack user create --domain default \
--password-prompt admin
User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | default | | enabled | True | | id | ac3377633149401296f6c0d92d79dc16 | | name | admin | +-----------+----------------------------------+
70.创建一个admin角色
$ openstack role create admin
+-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | cd2cb9a39e874ea69e5d4b896eb16128 | | name | admin | +-------+----------------------------------+
71.将admin添加为admin角色并添加道admin项目中——该行没有输出
$ openstack role add --project admin --user admin admin
72.创建一个service服务为以后的glance,nova,neutron使用
$ openstack project create --domain default \
--description "Service Project" service
+-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | default | | enabled | True | | id | 894cdfa366d34e9d835d3de01e752262 | | is_domain | False | | name | service | | parent_id | None | +-------------+----------------------------------+
73.创建一个demo项目用于演示
$ openstack project create --domain default \
--description "Demo Project" demo
+-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Demo Project | | domain_id | default | | enabled | True | | id | ed0b60bf607743088218b0a533d5943f | | is_domain | False | | name | demo | | parent_id | None | +-------------+----------------------------------+
74.创建一个demo用户
$ openstack user create --domain default \
--password-prompt demo
User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | default | | enabled | True | | id | 58126687cbcc4888bfa9ab73a2256f27 | | name | demo | +-----------+----------------------------------+
75.创建用户角色
$ openstack role create user
+-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | 997ce8d05fc143ac97d83fdfb5998552 | | name | user | +-------+----------------------------------+
76.将demo用户添加user角色添加道demo项目里——没有输出
$ openstack role add --project demo --user demo user
77.取消之前用export设置的变量用unset 命令:
unset OS_TOKEN
unset OS_URL
unset OS_IDENTITY_API_VERSION
78.验证keystone是否安装成功。获取admin用户的令牌:需要属于设置的密码:admin
$openstack --os-auth-url http://172.16.157.32:35357/v3 \
--os-project-domain-id default --os-user-domain-id default \
--os-project-name admin --os-username admin --os-auth-type password \
token issue
Password: +------------+----------------------------------+ | Field | Value | +------------+----------------------------------+ | expires | 2015-03-24T18:55:01Z | | id | ff5ed908984c4a4190f584d826d75fed | | project_id | cf12a15c5ea84b019aec3dc45580896b | | user_id | 4d411f2291f34941b30eef9bd797505a | +------------+----------------------------------+
79.获取demo用户的令牌:需要属于设置的密码:demo
$ openstack --os-auth-url http://172.16.157.32:5000/v3 \ --os-project-domain-id default --os-user-domain-id default \ --os-project-name demo --os-username demo --os-auth-type password \ token issue Password: +------------+----------------------------------+ | Field | Value | +------------+----------------------------------+ | expires | 2014-10-10T12:51:33Z | | id | 1b87ceae9e08411ba4a16e4dada04802 | | project_id | 4aa51bb942be4dd0ac0555d7591f80a6 | | user_id | 7004dfa0dda84d63aef81cf7f100af01 | +------------+----------------------------------+
80.在root目录创建一个admin用户使用keystone的脚本环境文件
vi admin-openrc.sh
输入内容:
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://172.16.157.32:35357/v3
export OS_IDENTITY_API_VERSION=3
81.在root目录创建一个demo用户使用keystone的脚本环境文件
vi demo-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://172.16.157.32:35357/v3
export OS_IDENTITY_API_VERSION=3
82.加载admin-openrc.sh文件
$ source admin-openrc.sh
83.校验文件是否配置ok
$ openstack token issue +------------+----------------------------------+ | Field | Value | +------------+----------------------------------+ | expires | 2015-03-25T01:45:49.950092Z | | id | cd4110152ac24bdeaa82e1443c910c36 | | project_id | cf12a15c5ea84b019aec3dc45580896b | | user_id | 4d411f2291f34941b30eef9bd797505a | +------------+----------------------------------+
84.看到以上结果表明我们的keystone已安装成功,下面开始安装另外一个服务关于镜像的glance服务
85.使用keystone命令创建一个glance用户——如果命令不可以使用:
$ source admin-openrc.sh
86.创建一个glance用户
$openstack user create --domain default --password-prompt glance
User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | default | | enabled | True | | id | e38230eeff474607805b596c91fa15d9 | | name | glance | +-----------+----------------------------------+
87.将glance用户赋予admin角色添加道service项目里-改命令没有输出
$openstack role add --project service --user glance admin
88.创建一个镜像服务,服务类型:image
$openstack service create --name glance \
--description "OpenStack Image service" image
+-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Image service | | enabled | True | | id | 8c2c7f1b9b5049ea9e63757b5533e6d2 | | name | glance | | type | image | +-------------+----------------------------------+
89.创建一个公共的endpoint——注意修改ip
$openstack endpoint create --region RegionOne \
image public http://172.16.157.32:9292
+--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 340be3625e9b4239a6415d034e98aace | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 8c2c7f1b9b5049ea9e63757b5533e6d2 | | service_name | glance | | service_type | image | | url | http:// 172.16.157.32:9292 | +--------------+----------------------------------+
90.创建一个内部的endpoint
$openstack endpoint create --region RegionOne \
image internal http://172.16.157.32:9292
+--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | a6e4b153c2ae4c919eccfdbb7dceb5d2 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 8c2c7f1b9b5049ea9e63757b5533e6d2 | | service_name | glance | | service_type | image | | url | http:// 172.16.157.32:9292 | +--------------+----------------------------------+
91.创建一个admin的endpoint
$openstack endpoint create --region RegionOne \
image admin http://172.16.157.32:9292
+--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 0c37ed58103f4300a84ff125a539032d | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 8c2c7f1b9b5049ea9e63757b5533e6d2 | | service_name | glance | | service_type | image | | url | http:// 172.16.157.32:9292 | +--------------+----------------------------------+
92.使用yum安装glance需要的组件——如果某个rpm包安装失败,请多尝试几次。后期考虑做一个openstack的私有yum源
#yum -y install openstack-glance python-glance python-glanceclient
93.glance服务需要修改两个配置文件一个是glance-api.conf,文件一个是glance-registry.conf文件。首先修改glance-api.conf,文件
94.修改glance-api.conf还是和之前修改keystone的配置文件一样,下面列出里需要修改的变量与在文件的行数,便于查找:
verbose=True -363r--协助排除故障,打印详细纪录
notification_driver=noop -491r--
connection=mysql://glance:[email protected]/glance -538r--
default_store=file -642r--
filesystem_store_datadir=/var/lib/glance/images/ -701r—
关于keystone的配置,注意ip修改
auth_uri = http://172.16.157.32:5000-974r--
auth_url = http://172.16.157.32:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = glance -981--
flavor=keystone-1485—启用keystone
94-1: 修改glance-register.conf还是和之前修改keystone的配置文件一样,下面列出里需要修改的变量与在文件的行数,便于查找:
verbose=True -363r--协助排除故障,打印详细纪录
notification_driver=noop -491r--
connection=mysql://glance:[email protected]/glance -538r--
default_store=file -642r--
filesystem_store_datadir=/var/lib/glance/images/ -701r—
关于keystone的配置,注意ip修改
auth_uri = http://172.16.157.32:5000-974r--
auth_url = http://172.16.157.32:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = glance -981--
flavor=keystone-1485—启用keystone
95.同步glance数据库,记得去mysql里去查看glance数据库里是否生成表
# su -s /bin/sh -c "glance-manage db_sync" glance
96.设置glance服务开机启动与现在启动
#systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
#systemctl start openstack-glance-api.service \
openstack-glance-registry.service
97.在/root目录,将glance的一个环境变量添加道之前设置的admin-openr.sh和demo-openrc.是里
$echo "export OS_IMAGE_API_VERSION=2" \
| tee -a admin-openrc.sh demo-openrc.sh
98.使用环境脚本
$source admin-openrc.sh
99.下载测试的镜像。可选择一个制定目录如/home
$wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
100.上传镜像,在镜像存放的目录执行下面的命令
$glance image-create --name "cirros" \
--file cirros-0.3.4-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--visibility public
–progress[=============================>] 100% +------------------+--------------------------------------+ | Property | Value | +------------------+--------------------------------------+ | checksum | 133eae9fb1c98f45894a4e60d8736619 | | container_format | bare | | created_at | 2015-03-26T16:52:10Z | | disk_format | qcow2 | | id | 38047887-61a7-41ea-9b49-27987d5e8bb9 | | min_disk | 0 | | min_ram | 0 | | name | cirros | | owner | ae7a98326b9c455588edd2656d723b9d | | protected | False | | size | 13200896 | | status | active | | tags | [] | | updated_at | 2015-03-26T16:52:10Z | | virtual_size | None | | visibility | public | +------------------+--------------------------------------+
101.确认镜像是否上传成功:
$ glance image-list +--------------------------------------+--------+ | ID | Name | +--------------------------------------+--------+ | 38047887-61a7-41ea-9b49-27987d5e8bb9 | cirros | +--------------------------------------+--------+
102.如果看到上面的图,恭喜glance安装成功,下面开始安装openstack一个重要的服务nova,包括一个控制节点和一个计算节点。我们先安装控制节点
102.使用keystone命令创建nova用户,如果提示命令不能用,尝试使用环境脚步:
$ source admin-openrc.sh
103.创建一个nova用户
$openstack user create --domain default --password-prompt nova
User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | default | | enabled | True | | id | 8c46e4760902464b889293a74a0c90a8 | | name | nova | +-----------+----------------------------------+
104.将nova用户赋予admin角色并添加到service项目—该命令没有输出
$ openstack role add --project service --user nova admin
105.创建一个nova的服务,服务类型compute(计算)
$ openstack service create --name nova \
--description "OpenStack Compute" compute
+-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Compute | | enabled | True | | id | 060d59eac51b4594815603d75a00aba2 | | name | nova | | type | compute | +-------------+----------------------------------+
106.创建一个公共的endpoint——注意修改IP
$ openstack endpoint create --region RegionOne \
compute public http://172.16.157.32:8774/v2/%\(tenant_id\)s
+--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 3c1caa473bfe4390a11e7177894bcc7b | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | e702f6f497ed42e6a8ae3ba2e5871c78 | | service_name | nova | | service_type | compute | | url | http:// 172.16.157.32:8774/v2/%(tenant_id)s | +--------------+-----------------------------------------+
107.创建一个内部的endpoint
$ openstack endpoint create --region RegionOne \
compute internal http://172.16.157.32:8774/v2/%\(tenant_id\)s
+--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | e3c918de680746a586eac1f2d9bc10ab | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | e702f6f497ed42e6a8ae3ba2e5871c78 | | service_name | nova | | service_type | compute | | url | http:// 172.16.157.32:8774/v2/%(tenant_id)s | +--------------+-----------------------------------------+
108.创建一个admin的endpoint
$ openstack endpoint create --region RegionOne \
compute admin http://172.16.157.32:8774/v2/%\(tenant_id\)s
+--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 38f7af91666a47cfb97b4dc790b94424 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | e702f6f497ed42e6a8ae3ba2e5871c78 | | service_name | nova | | service_type | compute | | url | http://172.16.157.32:8774/v2/%(tenant_id)s | +--------------+-----------------------------------------+
109.yum安装nova服务的组建
# yum -y install openstack-nova-api openstack-nova-cert \
openstack-nova-conductor openstack-nova-console \
openstack-nova-novncproxy openstack-nova-scheduler \
python-novaclient
110.nova服务需要编辑nove.conf配置文件
vi /etc/nova/nova.conf
111.和之前一样下面的也是该文件里面需要修改的变量,或需要打开注释的地方已经变量在文件中的行数.
112.配置的变量和行数已经变量值
rpc_backend=rabbit -61r--
my_ip=172.16.157.32—124r-
enabled_apis=osapi_compute,metadata --268r-
auth_strategy=keystone -425--
network_api_class=nova.network.neutronv2.api.API --1053r-
linuxnet_interface_driver=nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver --1171r-
security_group_api=neutron --1331r-
firewall_driver=nova.virt.firewall.NoopFirewallDriver --1760r-新增的
vncserver_listen=$my_ip -1828r-
vncserver_proxyclient_address=$my_ip --1832r-
connection=mysql://nova:[email protected]/nova -2213r--
host=$my_ip --2334r—
[关于keystone的配置,记得改ip]
auth_uri = http://172.16.157.32:5000 --2542r-
auth_url = http://172.16.157.32:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = nova ---2549r-
lock_path=/var/lib/nova/tmp---3802r--
rabbit_host=172.16.157.32-3965r--
rabbit_port=5672 -3969r--
rabbit_userid=openstack-3981r--
rabbit_password=openstack—3985r—
113.以上的配置含义可以查看官网
http://docs.openstack.org/liberty/install-guide-rdo/nova-controller-install.html
114.同步nova数据库,记得去mysql的nova数据库查看表是否生成
# su -s /bin/sh -c "nova-manage db sync" nova
115.将nova服务添加到开机启动,并当前启动
# systemctl enable openstack-nova-api.service \ openstack-nova-cert.service openstack-nova-consoleauth.service \ openstack-nova-scheduler.service openstack-nova-conductor.service \ openstack-nova-novncproxy.service
# systemctl start openstack-nova-api.service \ openstack-nova-cert.service openstack-nova-consoleauth.service \ openstack-nova-scheduler.service openstack-nova-conductor.service \ openstack-nova-novncproxy.service
116.校验nova是否安装成功,输入openstack host list。查看
是否有四个服务启动
117.在另一台节点openstack-node2.配置到23步。
118.用yum下载rpm openstack库(liberty是openstack一个新的版本)
yum install centos-release-openstack-liberty
119.启用epel存储库
yum install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
120.升级yum包:yum upgrade
121.安装openstack客服端
yum install python-openstackclient
122.安装openstack-selinux自动管理安全openstack服务政策
yum install openstack-selinux
123.安装nova计算节点
# yum install openstack-nova-compute sysfsutils
124.将openstack-node1的nova.conf配置文件拷贝到 openstack-node2里的/etc/nova/目录下覆盖计算节点的nova.conf。并进行修改
125在openstack-node1的/etc/nova目录执行命令
scp nova.conf 172.16.157.33:/etc/nova
126.对openstack-node2/etc/nova目录下的nova.conf文件进行修改
127.下面的文件变量有的和nova控制节点的配置相同。有的是单独配置的
,为了清晰全部展示出来了--
rpc_backend=rabbit --61r--
my_ip=172.16.157.167 --124r-注意这里的ip是计算节点的ip也就是openstack-node2机器的静态ip
enabled_apis=osapi_compute,metadata ---268r--
auth_strategy=keystone --425r---
network_api_class=nova.network.neutronv2.api.API ---1053r--
linuxnet_interface_driver=nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver ---1171r----
security_group_api=neutron ---1331r----
firewall_driver=nova.virt.firewall.NoopFirewallDriver ----1760r—新增的
novncproxy_base_url=http://172.16.157.32:6080/vnc_auto.html --1820r--openstack-node1的ip
vncserver_listen=0.0.0.0 ---1828r---
vncserver_proxyclient_address=$my_ip ---1832r--
vnc_enabled=true --1835r--
vnc_keymap=en-us --1838r--
connection=mysql://nova:[email protected]/nova --2213r--
host=172.16.157.32 ---2334r---openstack-node1的ip
[关于keystone的配置,记得改ip—还是openstack-node1的ip]
uth_uri = http://172.16.157.32:5000 --2542r--
auth_url = http://172.16.157.32:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = nova ---2549r---
virt_type=vmx --2726r—根据grep –c ‘(vmx|svm)’ /proc/cpuinfo查看是否支持vmx如果返回不支持(可能吗没有返回结果)使用virt_type=qemu
lock_path=/var/lib/nova/tmp ---3965r---
rabbit_host=172.16.157.32 ---3965r--
rabbit_port=5672 ---5672r--
rabbit_userid=openstack --3981r---
rabbit_password=openstack---3985r--
128:启动nove计算服务,并添加到开机启动,如启动失败对照参数是否都修改正确
# systemctl enable libvirtd.service openstack-nova-compute.service
# systemctl start libvirtd.service openstack-nova-compute.service
129.验证nova计算服务是否安装成功,在控制节点即openstck-node1上执行一下命令
130.验证成功链接和服务组件的信息(四个控制节点服务一个计算节点服务)
[root@openstack-node1 ~]# nova service-list +----+------------------+-----------------+----------+---------+-------+----------------------------+-----------------+ | Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | +----+------------------+-----------------+----------+---------+-------+----------------------------+-----------------+ | 1 | nova-consoleauth | openstack-node1 | internal | enabled | up | 2015-12-29T05:50:41.000000 | - | | 2 | nova-conductor | openstack-node1 | internal | enabled | up | 2015-12-29T05:50:39.000000 | - | | 4 | nova-scheduler | openstack-node1 | internal | enabled | up | 2015-12-29T05:50:41.000000 | - | | 5 | nova-cert | openstack-node1 | internal | enabled | up | 2015-12-29T05:50:37.000000 | - | |2015-12-28T09:49:59.000000 | - | | 6 | nova-compute | openstack-node2 | nova | enabled | up | 2015-12-29T05:50:41.000000 | - | +----+------------------+-----------------+----------+---------+-------+-----------------------131.验证与keystone是否链接成功
$ nova endpoints
+-----------+------------------------------------------------------------+ | nova | Value | +-----------+------------------------------------------------------------+ | id | 1fb997666b79463fb68db4ccfe4e6a71 | | interface | public | | region | RegionOne | | region_id | RegionOne | | url | http://controller:8774/v2/ae7a98326b9c455588edd2656d723b9d | +-----------+------------------------------------------------------------+ +-----------+------------------------------------------------------------+ | nova | Value | +-----------+------------------------------------------------------------+ | id | bac365db1ff34f08a31d4ae98b056924 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | url | http://controller:8774/v2/ae7a98326b9c455588edd2656d723b9d | +-----------+------------------------------------------------------------+ +-----------+------------------------------------------------------------+ | nova | Value | +-----------+------------------------------------------------------------+ | id | e37186d38b8e4b81a54de34e73b43f34 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | url | http://controller:8774/v2/ae7a98326b9c455588edd2656d723b9d | +-----------+------------------------------------------------------------+ +-----------+----------------------------------+ | glance | Value | +-----------+----------------------------------+ | id | 41ad39f6c6444b7d8fd8318c18ae0043 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | url | http://controller:9292 | +-----------+----------------------------------+ +-----------+----------------------------------+ | glance | Value | +-----------+----------------------------------+ | id | 50ecc4ce62724e319f4fae3861e50f7d | | interface | internal | | region | RegionOne | | region_id | RegionOne | | url | http://controller:9292 | +-----------+----------------------------------+ +-----------+----------------------------------+ | glance | Value | +-----------+----------------------------------+ | id | 7d3df077a20b4461a372269f603b7516 | | interface | public | | region | RegionOne | | region_id | RegionOne | | url | http://controller:9292 | +-----------+----------------------------------+ +-----------+----------------------------------+ | keystone | Value | +-----------+----------------------------------+ | id | 88150c2fdc9d406c9b25113701248192 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | url | http://controller:5000/v2.0 | +-----------+----------------------------------+ +-----------+----------------------------------+ | keystone | Value | +-----------+----------------------------------+ | id | cecab58c0f024d95b36a4ffa3e8d81e1 | | interface | public | | region | RegionOne | | region_id | RegionOne | | url | http://controller:5000/v2.0 | +-----------+----------------------------------+ +-----------+----------------------------------+ | keystone | Value | +-----------+----------------------------------+ | id | fc90391ae7cd4216aca070042654e424 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | url | http://controller:35357/v2.0 | +-----------+----------------------------------+
132.验证与glance是否链接成功
$ nova image-list
+--------------------------------------+--------+--------+--------+ | ID | Name | Status | Server | +--------------------------------------+--------+--------+--------+ | 38047887-61a7-41ea-9b49-27987d5e8bb9 | cirros | ACTIVE | | +--------------------------------------+--------+--------+-------
133.如果以上验证操作没有报错提示,恭喜你nova计算服务安装成功了,下面我们需要安装与网络相关的neutron服务,它和nova一样包括控制节点(openstack-noed1)和计算节点(openstack-node2)并且在他们直接也有关联。先安装控制节点(openstack-noed1)
134.用keyston命令创建neutron用户,密码也是neutron
$ openstack user create --domain default --password-prompt neutron User Password: Repeat User Password:
+-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | default | | enabled | True | | id | b20a6692f77b4258926881bf831eb683 | | name | neutron | +-----------+----------------------------------+
135.给neutron用户赋予admin角色并添加到service服务里
$ openstack role add --project service --user neutron admin
136.创建neutron服务类型为network
$ openstack service create --name neutron \
--description "OpenStack Networking" network
+-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Networking | | enabled | True | | id | f71529314dab4a4d8eca427e701d209e | | name | neutron | | type | network | +-------------+----------------------------------+
137.创建一个公共的endpoint——注意修改ip
$ openstack endpoint create --region RegionOne \
network public http://172.16.157.32:9696
+--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 85d80a6d02fc4b7683f611d7fc1493a3 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | f71529314dab4a4d8eca427e701d209e | | service_name | neutron | | service_type | network | | url | http://172.16.157.32:9696 | +--------------+----------------------------------+
138.创建一个内部的endpoint
$ openstack endpoint create --region RegionOne \
network internal http://172.16.157.32:9696
+--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 09753b537ac74422a68d2d791cf3714f | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | f71529314dab4a4d8eca427e701d209e | | service_name | neutron | | service_type | network | | url | http://172.16.157.32:9696 | +--------------+----------------------------------+
139.创建一个admin的endpoint
$ openstack endpoint create --region RegionOne \
network admin http://172.16.157.32:9696
+--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 1ee14289c9374dffb5db92a5c112fc4e | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | f71529314dab4a4d8eca427e701d209e | | service_name | neutron | | service_type | network | | url | http://172.16.157.32:9696 | +--------------+----------------------------------+
140.使用yum下载安装neutron服务
# yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge python-neutronclient ebtables ipset
140-0.修改neutron配置文件,vi /etc/neutron/neutron.conf同样根据下面的变量来进行修改,和之前的一样
140-1. neutron的neutron.conf文件需要修改的变量如下:
core_plugin =ml2 --60r--
service_plugins = router--77r--
auth_strategy = keystone --92r--
notify_nova_on_port_status_changes=True --360r--
notify_nova_on_port_data_changes = True --364r--
nova_url = http://172.16.157.32:8774/v2 --357r—
[keyston配置]
auth_uri = http://172.16.157.32:5000 --717r--
auth_url = http://172.16.157.32:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron --724r—
注意如果下面的变量没有注释,需要注释掉,在725r到729r左右
#auth_uri = http://127.0.0.1:35357/v2.0/
#identity_uri = http://127.0.0.1:5000
#admin_tenant_name = %SERVICE_TENANT_NAME%
#admin_user = %SERVICE_USER%
#admin_password = %SERVICE_PASSWORD%
connection = mysql://neutron:[email protected]/neutron --737r--
auth_url = http://172.16.157.32:35357 --780r—新增
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = nova --786r—新增
lock_path = $state_path/lock --817r
rabbit_host = 172.16.157.32 --997r--
rabbit_port = 5672 --1001r--
rabbit_userid = openstack --1013r--
rabbit_password = openstack--1017r---
141-0.修改neutron的linuxbridge_agent.ini配置文件
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
141-1.配置参数如下:
physical_interface_mappings = physnet1:eno16777736 ---9r—
注意eno16777736为自己机器网卡的名字,可以通过
ifconfig查看到 :
enable_vxlan = false --16r--
prevent_arp_spoofing = True--51r--
firewall_driver=neutron.agent.linux.iptables_firewall.IptablesFirewallDriver --56r--
enable_security_group = True—60r—
141-1. 修改neutron的dhcp_agent.ini配置文件,vi /etc/neutron/ dhcp_agent.ini同样根据下面的变量来进行修改,和之前的一样
interface_driver=neutron.agent.linux.interface.BridgeInterfaceDriver --27r--
dhcp_driver =neutron.agent.linux.dhcp.Dnsmasq --31r--
enable_isolated_metadata = true—52r---
141.修改neutron配置文件,vi /etc/neutron/metadata_agent.ini同样根据下面的变量来进行修改,和之前的一样
142.neutron的metadata_agent.ini文件需要修改的变量如下:
debug = True --3r—
[keyston配置]
auth_uri = http://172.16.157.32:5000 --4r--
auth_url = http://172.16.157.32:35357
auth_plugin = password
auth_region = RegionOne
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron---12r—
注意:需要注释以下变量如果没有注释,在15r到23r的位置
#auth_url = http://localhost:5000/v2.0
#auth_region = RegionOne
#admin_tenant_name = %SERVICE_TENANT_NAME%
#admin_user = %SERVICE_USER%
#admin_password = %SERVICE_PASSWORD%
nova_metadata_ip = 172.16.157.32 ---29r--
metadata_proxy_shared_secret = neutron---52r---
142.由于neutron和nova和紧密的关联所以需要在nova的nova.cof文件里添加一些neutron的信息,如keystone,添加的变量如下3032
url = http://172.16.157.32:9696 --3032r—新增
auth_url = http://172.16.157.32:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = neutron
password=neutron --3040r—新增
service_metadata_proxy=true --3047r--
metadata_proxy_shared_secret=neutron—3051r—
143.修改neutron的ml2_conf.ini配置文件,
vi /etc/neutron/plugins/ml2/ml2_conf.ini
144.具体需要修改的参数如下
type_drivers = local,flat,vlan,gre,vxlan,geneve --5r--
tenant_network_types = vlan,gre,vxlan,geneve --12r--
mechanism_drivers = openvswitch,linuxbridge---18r---
extension_drivers = port_security—27r-
flat_networks = physnet1 ---69r---
enable_ipset = True---120r----
145.在/etc/neutron/目录下创建一个ml2_conf.ini配置文件软链接
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
146.同步neutron数据库
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
146.重启nova服务
# systemctl restart openstack-nova-api.service
147.启动neutron服务并添加到开机自动启动
# systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
# systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
148.校验neutron服务是否安装成功输入
neutron agent-list 返回三个服务
149.neutron控制服务已成功安装,下面进行neutron计算节点安装
150.通过yum下载安装neutron计算节点服务——注意在openstack-node2上面下载安装
yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset
151.同样需要修改/etc/neutron/neutron.conf, linuxbridge_agent.ini, ml2_conf.ini配置文件,才用和nova一样的方法,将openstack-node1里的文件copy过去覆盖掉,注意文件目录是否正确
scp neutron.conf 172.16.157.33:/etc/neutron/
scp plugins/ml2/linuxbridge_agent.ini 172.16.157.33:/etc/neutron/plugins/ml2/
scp plugins/ml2/ml2_conf.ini 172.16.157.33:/etc/neutron/plugins/ml2/
152.在openstack-node2上修改/etc/nova/nova.conf文件,添加neutron的keysteon的配置文件.配置变量如下:
url = http://172.16.157.32:9696--3032r--新增
auth_url = http://172.16.157.32:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron--3040r--新增
153.为ml2_conf.ini文件创建一个软链接
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
154.将neutron桥接代理启动并加入开机启动
# systemctl enable neutron-linuxbridge-agent.service
# systemctl start neutron-linuxbridge-agent.service
155.校验neutron计算服务是否安装成功。注意是至少个四个服务显示才算启动安装成功
$ neutron agent-list +--------------------------------------+--------------------+------------+-------+----------------+---------------------------+ | id | agent_type | host | alive | admin_state_up | binary | +--------------------------------------+--------------------+------------+-------+----------------+---------------------------+ | 08905043-5010-4b87-bba5-aedb1956e27a | Linux bridge agent | compute1 | :-) | True | neutron-linuxbridge-agent | | 27eee952-a748-467b-bf71-941e89846a92 | Linux bridge agent | controller | :-) | True | neutron-linuxbridge-agent | | 830344ff-dc36-4956-84f4-067af667a0dc | L3 agent | controller | :-) | True | neutron-l3-agent | | dd3644c9-1a3a-435a-9282-eb306b4b0391 | DHCP agent | controller | :-) | True | neutron-dhcp-agent | | f49a4b81-afd6-4b3d-b923-66c8f0517099 | Metadata agent | controller | :-) | True | neutron-metadata-agent | +--------------------------------------+--------------------+------------+-------+----------------+---------------------------+
156.如果列表显示里四个服务,恭喜neutron安装已成功,下面我们就可以开始创建我们的第一个虚拟机了
157.首先我们需要创建一个网络。注意是控制节点opensack-node1上操作
$neutron net-create flat --shared --provider:physical_network physnet1 \
--provider:network_type flat
Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 0e62efcd-8cee-46c7-b163-d8df05c3c5ad | | mtu | 0 | | name | public | | port_security_enabled | True | | provider:network_type | flat | | provider:physical_network | public | | provider:segmentation_id | | | router:external | False | | shared | True | | status | ACTIVE | | subnets | | | tenant_id | d84313397390425c8ed50b2f6e18d092 | +---------------------------+--------------------------------------+
158.创建一个子网络,
$ neutron subnet-create flat 172.16.157.0/24 --name public \
--allocation-pool start=172.16.157.101,end=172.16.157.200 \
--dns-nameserver 172.16.157.2 --gateway 172.16.157.2
Created a new subnet: +-------------------+----------------------------------------------------+ | Field | Value | +-------------------+----------------------------------------------------+ | allocation_pools | {"start": "203.0.113.101", "end": "203.0.113.200"} | | cidr | 203.0.113.0/24 | | dns_nameservers | 8.8.4.4 | | enable_dhcp | True | | gateway_ip | 203.0.113.1 | | host_routes | | | id | 5cc70da8-4ee7-4565-be53-b9c011fca011 | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | public | | network_id | 0e62efcd-8cee-46c7-b163-d8df05c3c5ad || subnetpool_id | | | tenant_id | d84313397390425c8ed50b2f6e18d092 | +-------------------+--------------------------------------------
159.使用命令neutron subnet-list查看是否创建成功
+--------------------------------------+-------------+-----------------+------------------------------------------------------+ | id | name | cidr | allocation_pools | +--------------------------------------+-------------+-----------------+------------------------------------------------------+ | 336fc40d-5aa9-42ea-9f03-694729c8fef7 | flat-subnet | 172.16.157.0/24 | {"start": "172.16.157.100", "end": "172.16.157.200"} | +--------------------------------------+-------------+-----------------+----------------------------
160.使用命令neutron net-list查看可用网络列表
$ neutron net-list +--------------------------------------+---------+-----------------------------------------------------+ | id | name | subnets | +--------------------------------------+---------+-----------------------------------------------------+ | 7e25a106-e978-4adb-a4ef-d46c6170254a | public | 0e62efcd-8cee-46c7-b163-d8df05c3c5ad 203.0.113.0/24 | +--------------------------------------+---------+-----------------------------------------------------+
161.生成并添加一个秘钥对。在openstack-node1roo目录
$ ssh-keygen -q -N ""
$ nova keypair-add --pub-key .ssh/id_rsa.pub mykey
162.验证密钥对
$ nova keypair-list +-------+-------------------------------------------------+ | Name | Fingerprint | +-------+-------------------------------------------------+ | mykey | 6c:74:ec:3a:08:05:4e:9e:21:22:a6:dd:b2:62:b8:28 | +-------+-------------------------------------------------+
163.添加安全组规则
$ nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+ | IP Protocol | From Port | To Port | IP Range | Source Group | +-------------+-----------+---------+-----------+--------------+ | icmp | -1 | -1 | 0.0.0.0/0 | | +-------------+-----------+---------+-----------+-----------
163.允许ssh访问
$ nova secgroup-add-rule default tcp 22 22 0.0.0.0/0 +-------------+-----------+---------+-----------+--------------+ | IP Protocol | From Port | To Port | IP Range | Source Group | +-------------+-----------+---------+-----------+--------------+| tcp | 22 | 22 | 0.0.0.0/0 | | +-------------+-----------+---------+-----------+-----------
164.列出可用的资源:
$ nova flavor-list
+-----+-----------+-----------+------+-----------+------+-------+-------------+-----------+ | ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public | +-----+-----------+-----------+------+-----------+------+-------+-------------+-----------+ | 1 | m1.tiny | 512 | 1 | 0 | | 1 | 1.0 | True | | 2 | m1.small | 2048 | 20 | 0 | | 1 | 1.0 | True | | 3 | m1.medium | 4096 | 40 | 0 | | 2 | 1.0 | True | | 4 | m1.large | 8192 | 80 | 0 | | 4 | 1.0 | True | | 5 | m1.xlarge | 16384 | 160 | 0 | | 8 | 1.0 | True | +-----+-----------+-----------+------+-----------+------+-------+
165.列出可用镜像
$ nova image-list +--------------------------------------+--------+--------+--------+ | ID | Name | Status | Server | +--------------------------------------+--------+--------+--------+ | 38047887-61a7-41ea-9b49-27987d5e8bb9 | cirros | ACTIVE | | +--------------------------------------+--------+--------+-------
166.列出可用网络
$ neutron net-list +--------------------------------------+---------+-----------------------------------------------------+ | id | name | subnets | +--------------------------------------+---------+-----------------------------------------------------+ | 7e25a106-e978-4adb-a4ef-d46c6170254a | public | 0e62efcd-8cee-46c7-b163-d8df05c3c5ad 203.0.113.0/24 | +--------------------------------------+---------+---------------
167.列出可用安全组
$ nova secgroup-list +--------------------------------------+---------+-------------+ | Id | Name | Description | +--------------------------------------+---------+-------------+ | ad8d4ea5-3cad-4f7d-b164-ada67ec59473 | default | default | +--------------------------------------+---------+-------------+
168.启动一个虚拟机注意填写net-id
$ nova boot --flavor m1.tiny --image cirros --nic net-id=c97642e4-cfd3-43b6-ae8c-0c377e00a501 \ --security-group default --key-name mykey chao-instance
+--------------------------------------+-----------------------------------------------+ | Property | Value | +--------------------------------------+-----------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | nova | | OS-EXT-STS:power_state | 0 | | OS-EXT-STS:task_state | scheduling | | OS-EXT-STS:vm_state | building | | OS-SRV-USG:launched_at | - | | OS-SRV-USG:terminated_at | - | | accessIPv4 | | | accessIPv6 | | | adminPass | hdF4LMQqC5PB | | config_drive | | | created | 2015-09-17T21:58:18Z || flavor | m1.tiny (1) | | hostId | | | id | 181c52ba-aebc-4c32-a97d-2e8e82e4eaaf | | image | cirros (38047887-61a7-41ea-9b49-27987d5e8bb9) | | key_name | key | | metadata | {} | | name | public-instance | | os-extended-volumes:volumes_attached | [] | | progress | 0 | | security_groups | default | | status | BUILD | | tenant_id | f5b2ccaa75ac413591f12fcaa096aa5c | | updated | 2015-09-17T21:58:18Z | | user_id | 684286a9079845359882afc3aa5011fb | +--------------------------------------+-----------------------------------------------+
169.检查虚拟机状态
$ nova list +--------------------------------------+-----------------+--------+------------+-------------+----------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+-----------------+--------+------------+-------------+----------------------+ | 181c52ba-aebc-4c32-a97d-2e8e82e4eaaf | public-instance | ACTIVE | - | Running | flat=172.16.157.101 | +--------------------------------------+-----------------+--------+------------+-------------+----------------------+
170.测试创建的虚拟机是否能ping通
ping 172.16.157.101
171.使用ssh登录172.16.157.101虚拟机
用户名:cirros
密码:cubswin:)
172.获取一个web访问路径
$ nova get-vnc-console public-instance novnc +-------+------------------------------------------------------------------------------------+ | Type | Url | +-------+------------------------------------------------------------------------------------+ | novnc | http://controller:6080/vnc_auto.html?token=2f6dd985-f906-4bfc-b566-e87ce656375b | +-------+--------------------------------------------------------
173.如果一切都成功了,恭喜openstak搭建成功!!!!!!!!!
174.高大上web页面dashboard安装
175.下载dashboard服务
# yum install openstack-dashboard
176.修改配置文件 : vi /etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "172.16.157.32"—138r--
ALLOWED_HOSTS = ['*', ] –29R---
CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': '127.0.0.1:11211', } }—108R—注意注释掉后面的caches
#CACHES = { 116 # 'default': {
# 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
# }
#}
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"—140R--
TIME_ZONE = " Asia/Shanghai "—32OR—
登陆URL:172.16.157.21:/ dashboard
congratulation!!!!!!!!!
如果有不明白的可以参考官网,官网文档挺好的。