OpenStack部署(四)
OpenStack部署
-
- 8. Dashboard
-
- 8.1 安装并配置
- 8.2 重启web服务器以及会话存储服务
- 8.3 浏览器访问配置
- 9. Designate
-
- 9.1 创建Designate数据库并授权
- 9.2 获得admin凭证
- 9.3 创建designate用户并设置密码
- 9.4 添加admin角色到designate用户
- 9.5 创建designate服务实体
- 9.6 创建designate服务的API端点
- 9.7 安装组件
- 9.8 创建RNDC密钥
- 9.9 配置named.conf文件
- 9.10 启动DNS服务并添加自启动
- 9.11 配置designate.conf文件
- 9.12 同步数据库
- 9.13 启动指定的中心和API服务并添加自启动
- 9.14 创建pools.yaml文件
- 9.15 更新池
- 9.16 启动指定和 mDNS 服务
- 9.17 配置neutron使用designate服务
- 9.18 配置neutron使用ml2模块
- 9.19 重启neutron服务
- 9.20 验证操作
- 9.21 创建一个zone
- 10. Heat
-
- 10.1 创建Heat数据库并授权
- 10.2 获得admin凭证
- 10.3 创建heat用户并设置密码
- 10.4 添加admin角色到heat用户
- 10.5 创建heat服务实体
- 10.6 创建Orchestration服务的API端点
- 10.7 为栈创建heat包含项目和用户的域
- 10.8 在heat域中创建管理项目和用户的heat_domain_admin用户并设置密码
- 10.9 添加admin角色到heat域 中的heat_domain_admin用户,启用heat_domain_admin用户管理栈的管理权限
- 10.10 创建 heat_stack_owner 角色
- 10.11 添加heat_stack_owner角色到demo项目和用户,启用demo用户管理栈
- 10.12 创建 heat_stack_user 角色
- 10.13 安装并配置组件
- 10.14 同步数据库
- 10.15 启动Orchestration服务并将其设置为随系统启动
- 10.16 重启Http web服务使其horizon上显示并管理Heat
- 10.17 验证操作
8. Dashboard
Horizon 为 Openstack 提供一个 WEB 前端的管理界面 (UI 服务 )通过 Horizon 所提供的 DashBoard 服务 , 管理员可以使用通过 WEB UI 对 Openstack 整体云环境进行管理 , 并可直观看到各种操作结果与运行状态。
8.1 安装并配置
安装
yum install -y openstack-dashboard
修改配置文件/etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "node-251"
ALLOWED_HOSTS = ['*', ]
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_': False,
'enable_fip_topology_check': False,
}
TIME_ZONE = "Asia/Shanghai"
8.2 重启web服务器以及会话存储服务
[root@openstack ~]# systemctl restart httpd.service memcached.service
8.3 浏览器访问配置
浏览器访问url:http://192.168.31.4/dashboard/
默认管理账号密码: admin/123456(keystone上注册创建的admin用户名密码)
web界面
由于是在虚拟机部署的环境,前面几次都刷不出页面,后来笔者又加内存了。
9. Designate
Designate 是一个开源 DNS 即服务实施,是用于运行云的 OpenStack 服务生态系统的一部分。
Designate 是 OpenStack 的多租户 DNSaaS 服务。它提供了一个带有集成 Keystone 身份验证的 REST API。它可以配置为根据 Nova 和 Neutron 操作自动生成记录。Designate 支持多种 DNS 服务器,包括 Bind9 和 PowerDNS 4。
详细参考 【openstack】Designate组件,入门级安装(快速)
9.1 创建Designate数据库并授权
[root@openstack ~]# mysql -u root -p
CREATE DATABASE designate CHARACTER SET utf8 COLLATE utf8_general_ci;
CREATE USER designate@'%' IDENTIFIED BY 'Admin@123';
Grant all privileges on designate.* to 'designate'@'%';
flush privileges;
9.2 获得admin凭证
[root@openstack ~]# source admin-openrc
9.3 创建designate用户并设置密码
[root@node-251 openstack]# openstack user create --domain default --password-prompt designate
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | f4e5187c3aef4288b6b2d97c292a69a2 |
| enabled | True |
| id | d70e149dc03648dc9d3fcfc58f772190 |
| name | designate |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
密码:123456
9.4 添加admin角色到designate用户
[root@node-251 openstack]# openstack role add --project service --user designate admin
9.5 创建designate服务实体
[root@node-251 openstack]# openstack service create --name designate --description "DNS" dns
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | DNS |
| enabled | True |
| id | 0b2fc994b62949cbb53bb198c604efbe |
| name | designate |
| type | dns |
+-------------+----------------------------------+
9.6 创建designate服务的API端点
[root@node-251 openstack]# openstack endpoint create --region RegionOne dns public http://openstack.if010.com:9001/
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 5d67ea77b3f1422bb5a050e42d030267 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0b2fc994b62949cbb53bb198c604efbe |
| service_name | designate |
| service_type | dns |
| url | http://openstack.if010.com:9001/ |
+--------------+----------------------------------+
9.7 安装组件
yum install -y openstack-designate\* bind bind-utils
9.8 创建RNDC密钥
RNDC是BIND安装包提供的一种控制域名服务运行的工具,它可以运行在其他计算机上,通过网络与DNS服务器进行连接,然后根据管理员的指令对named进程(配置文件为/etc/named.conf)进行远程控制,此时,管理员不需要DNS服务器的根用户权限。使用rndc可以在不停止DNS服务器工作的情况进行数据的更新,使修改后的配置文件生效。
rndc-confgen -a -k designate -c /etc/designate/rndc.key -r /dev/urandom
9.9 配置named.conf文件
[root@openstack ~]# cat /etc/named.conf
include "/etc/designate/rndc.key";
options {
listen-on port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-new-zones yes;
request-ixfr no;
recursion no;
allow-query { 127.0.0.1; 192.168.71.251; localhost; };
dnssec-enable yes;
dnssec-validation yes;
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "designate"; };
};
修改/etc/designate/rndc.key权限
[root@node-251 openstack]# chmod 755 /etc/designate/rndc.key
9.10 启动DNS服务并添加自启动
[root@openstack ~]# systemctl enable named
[root@openstack ~]# systemctl start named
9.11 配置designate.conf文件
[root@node-251 openstack]# cat /etc/designate/designate.conf
[DEFAULT]
transport_url = rabbit://openstack:[email protected]
[keystone_authtoken]
auth_type = password
username = designate
password = 123456
project_name = service
project_domain_name = default
user_domain_name = default
www_authenticate_uri = http://openstack.if010.com:5000/
auth_url = http://openstack.if010.com:5000/
memcached_servers = 127.0.0.1:11211
[service:api]
enable_host_header = true
listen = 0.0.0.0:9001
auth_strategy = keystone
enable_api_v2 = true
enable_api_admin = true
enabled_extensions_admin = quotas,reports
[service:worker]
enabled = true
notify = true
[storage:sqlalchemy]
connection = mysql+pymysql://designate:Admin@[email protected]/designate
9.12 同步数据库
su -s /bin/sh -c "designate-manage database sync" designate
9.13 启动指定的中心和API服务并添加自启动
[root@openstack ~]# systemctl enable designate-central designate-api
[root@openstack ~]# systemctl start designate-central designate-api
9.14 创建pools.yaml文件
[root@openstack ~]# vim /etc/designate/pools.yaml
- name: default
# The name is immutable. There will be no option to change the name after
# creation and the only way will to change it will be to delete it
# (and all zones associated with it) and recreate it.
description: Default Pool
attributes: {}
# List out the NS records for zones hosted within this pool
# This should be a record that is created outside of designate, that
# points to the public IP of the controller node.
ns_records:
- hostname: ns1-1.example.org.
priority: 1
# List out the nameservers for this pool. These are the actual BIND servers.
# We use these to verify changes have propagated to all nameservers.
nameservers:
- host: 127.0.0.1
port: 53
# List out the targets for this pool. For BIND there will be one
# entry for each BIND server, as we have to run rndc command on each server
targets:
- type: bind9
description: BIND9 Server 1
# List out the designate-mdns servers from which BIND servers should
# request zone transfers (AXFRs) from.
# This should be the IP of the controller node.
# If you have multiple controllers you can add multiple masters
# by running designate-mdns on them, and adding them here.
masters:
- host: 127.0.0.1
port: 5354
# BIND Configuration options
options:
host: 127.0.0.1
port: 53
rndc_host: 127.0.0.1
rndc_port: 953
rndc_key_file: /etc/designate/rndc.key
文件内容如果是从windows复制过来的,记得转成unix格式:set ff=unix
9.15 更新池
[root@node-251 openstack]# su -s /bin/sh -c "designate-manage pool update" designate
Updating Pools Configuration
****************************
2023-06-08 13:19:32.581 86875 INFO designate.manage.pool [designate-manage - - - - -] Updating existing pool: <Pool id:'794ccc2c-d751-44fe-b57f-8894c9f5c842' name:'default'>
报错:
2023-06-08 13:17:20.084 85458 ERROR oslo.messaging._drivers.impl_rabbit [designate-manage - - - - -] Unable to connect to AMQP server on 127.0.0.1:5672 after None tries: (0, 0): (403) ACCESS_REFUSED - Login was refused using authentication mechanism AMQPLAIN. For details see the broker logfile.: AccessRefused: (0, 0): (403) ACCESS_REFUSED - Login was refused using authentication mechanism AMQPLAIN. For details see the broker logfile.
因为笔者前面配置文件多加了个空格导致,删了空格就好了
[root@node-251 openstack]# cat /etc/designate/designate.conf
[DEFAULT]
transport_url = rabbit://openstack: [email protected] #此处多了空格
...
9.16 启动指定和 mDNS 服务
[root@openstack ~]# systemctl start designate-worker designate-producer designate-mdns
[root@openstack ~]# systemctl enable designate-worker designate-producer designate-mdns
9.17 配置neutron使用designate服务
[root@openstack ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
external_dns_driver = designate
dns_domain = if010.com.
[designate]
url = http://openstack.if010.com:9001/v2
auth_type = password
auth_url = http://openstack.if010.com:5000
username = designate
password = 123456
project_name = service
project_domain_name = default
user_domain_name = default
allow_reverse_dns_lookup = True
ipv4_ptr_zone_prefix_size = 24
ipv6_ptr_zone_prefix_size = 116
9.18 配置neutron使用ml2模块
[root@openstack ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
extension_drivers = port_security,qos,dns
这里要通过
neutron ext-list命令dns-integration看是否支持扩展,而且他这个需要私有网络的换件
笔者这里不支持,所以不能修改参数extension_drivers,否则neutron-server无法启动
[root@node-251 openstack]# neutron ext-list
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+---------------------------+----------------------------------------------------------------------------------------------+
| alias | name |
+---------------------------+----------------------------------------------------------------------------------------------+
| default-subnetpools | Default Subnetpools |
| network-ip-availability | Network IP Availability |
| network_availability_zone | Network Availability Zone |
| net-mtu-writable | Network MTU (writable) |
| binding | Port Binding |
| agent | agent |
| subnet_allocation | Subnet Allocation |
| dhcp_agent_scheduler | DHCP Agent Scheduler |
| tag | Tag support |
| external-net | Neutron external network |
| flavors | Neutron Service Flavors |
| net-mtu | Network MTU |
| availability_zone | Availability Zone |
| quotas | Quota management support |
| standard-attr-tag | Tag support for resources with standard attribute: trunk, policy, security_group, floatingip |
| revision-if-match | If-Match constraints based on revision_number |
| provider | Provider Network |
| multi-provider | Multi Provider Network |
| quota_details | Quota details management support |
| address-scope | Address scope |
| subnet-service-types | Subnet service types |
| standard-attr-timestamp | Resource timestamps |
| service-type | Neutron Service Type Management |
| tag-ext | Tag support for resources: subnet, subnetpool, port, router |
| extra_dhcp_opt | Neutron Extra DHCP options |
| standard-attr-revisions | Resource revision numbers |
| pagination | Pagination support |
| sorting | Sorting support |
| security-group | security-group |
| rbac-policies | RBAC Policies |
| standard-attr-description | standard-attr-description |
| ip-substring-filtering | IP address substring filtering |
| port-security | Port Security |
| allowed-address-pairs | Allowed Address Pairs |
| project-id | project_id field enabled |
+---------------------------+----------------------------------------------------------------------------------------------+
9.19 重启neutron服务
[root@openstack ~]# systemctl restart neutron-*
9.20 验证操作
[root@node-251 openstack]# ps -aux | grep designate
designa+ 86712 2.1 1.3 350988 76328 ? Ss 13:19 0:16 /usr/bin/python2 /usr/bin/designate-central --config-file /etc/designate/designate.conf --log-file /var/log/designate/central.log
designa+ 86736 0.4 1.4 380692 80448 ? Ss 13:19 0:03 /usr/bin/python2 /usr/bin/designate-api --config-file /etc/designate/designate.conf --log-file /var/log/designate/api.log
designa+ 88321 0.7 1.3 348752 74128 ? Ss 13:21 0:04 /usr/bin/python2 /usr/bin/designate-worker --config-file /etc/designate/designate.conf --log-file /var/log/designate/worker.log
designa+ 88322 0.9 1.3 347516 72820 ? Ss 13:21 0:06 /usr/bin/python2 /usr/bin/designate-producer --config-file /etc/designate/designate.conf --log-file /var/log/designate/producer.log
designa+ 88323 0.7 1.2 345544 71064 ? Ss 13:21 0:05 /usr/bin/python2 /usr/bin/designate-mdns --config-file /etc/designate/designate.conf --log-file /var/log/designate/mdns.log
root 95540 0.0 0.0 112816 980 pts/0 R+ 13:32 0:00 grep --color=auto designate
[root@node-251 openstack]# openstack dns service list
+--------------------------------------+----------+--------------+--------+-------+--------------+
| id | hostname | service_name | status | stats | capabilities |
+--------------------------------------+----------+--------------+--------+-------+--------------+
| cce4d924-0b54-4528-a8ac-ab495f68c9b5 | node-251 | central | UP | - | - |
| ad2ec80d-3c8e-4dd6-a2f5-9c3cde9bfc42 | node-251 | api | UP | - | - |
| ae04b0b7-d12d-45a8-b9d6-c1b76859a93c | node-251 | worker | UP | - | - |
| 44695437-1ba5-4bf5-8d1d-af7e7e28e985 | node-251 | mdns | UP | - | - |
| 63856a50-7533-4af2-bf00-e14110f324d0 | node-251 | producer | UP | - | - |
+--------------------------------------+----------+--------------+--------+-------+--------------+
9.21 创建一个zone
[root@node-251 openstack]# openstack zone create [email protected] if010.com.
+----------------+--------------------------------------+
| Field | Value |
+----------------+--------------------------------------+
| action | CREATE |
| attributes | |
| created_at | 2023-06-08T05:38:33.000000 |
| description | None |
| email | [email protected] |
| id | 05f3f035-621e-42eb-a800-eed644350755 |
| masters | |
| name | if010.com. |
| pool_id | 794ccc2c-d751-44fe-b57f-8894c9f5c842 |
| project_id | 2aaf4155b00749b0a333a039c17c131c |
| serial | 1686202713 |
| status | PENDING |
| transferred_at | None |
| ttl | 3600 |
| type | PRIMARY |
| updated_at | None |
| version | 1 |
+----------------+--------------------------------------+
关联网络,不然的话创建了虚拟机也是不会有记录的
neutron net-update ************************************* --dns_domain if010.com.
笔者这里没有虚拟网络,可能是因为不支持参数extension_drivers的原因吧,此处略过了
[root@node-251 openstack]# neutron net-list
查看
[root@node-251 openstack]# openstack zone list
+--------------------------------------+------------+---------+------------+--------+--------+
| id | name | type | serial | status | action |
+--------------------------------------+------------+---------+------------+--------+--------+
| 05f3f035-621e-42eb-a800-eed644350755 | if010.com. | PRIMARY | 1686202713 | ACTIVE | NONE |
+--------------------------------------+------------+---------+------------+--------+--------+
10. Heat
Heat 是一套业务流程平台,旨在帮助用户更轻松地配置以 OpenStack 为基础的云体系。利用Heat应用程序,开发人员能够在程序中使用模板以实现资源的自动化部署。Heat能够启动应用、创建虚拟机并自动处理整个流程。它还拥有出色的跨平台兼容性,能够与 Amazon Web Services 业务流程平台 CloudFormation 相对接——这意味着用户完全可以将 AWS 模板引入 OpenStack 环境当中。
详细参考:云计算技术学习–OpenStack之Heat
10.1 创建Heat数据库并授权
[root@openstack ~]# mysql -u root -p
CREATE DATABASE heat;
CREATE USER heat@'%' IDENTIFIED BY 'Admin@123';
Grant all privileges on heat.* to 'heat'@'%';
flush privileges;
10.2 获得admin凭证
source admin-openrc
10.3 创建heat用户并设置密码
[root@node-251 openstack]# openstack user create --domain default --password-prompt heat
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | f4e5187c3aef4288b6b2d97c292a69a2 |
| enabled | True |
| id | 2ff76d54b6324f58aa0eada27fd2d6ac |
| name | heat |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
密码:123456
10.4 添加admin角色到heat用户
openstack role add --project service --user heat admin
10.5 创建heat服务实体
[root@node-251 openstack]# openstack service create --name heat --description "Orchestration" orchestration
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Orchestration |
| enabled | True |
| id | b49ad0b8f24649469baba5a62fece3b2 |
| name | heat |
| type | orchestration |
+-------------+----------------------------------+
[root@node-251 openstack]# openstack service create --name heat-cfn --description "Orchestration" cloudformation
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Orchestration |
| enabled | True |
| id | a566f24ecba74d08b675f7757b67e5f2 |
| name | heat-cfn |
| type | cloudformation |
+-------------+----------------------------------+
10.6 创建Orchestration服务的API端点
[root@node-251 openstack]# openstack endpoint create --region RegionOne orchestration public http://openstack.if010.com:8004/v1/%\(tenant_id\)s
+--------------+--------------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------------+
| enabled | True |
| id | dbbe3f6044994c20af77e4ccabeabd7e |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b49ad0b8f24649469baba5a62fece3b2 |
| service_name | heat |
| service_type | orchestration |
| url | http://openstack.if010.com:8004/v1/%(tenant_id)s |
+--------------+--------------------------------------------------+
[root@node-251 openstack]# openstack endpoint create --region RegionOne orchestration internal http://openstack.if010.com:8004/v1/%\(tenant_id\)s
+--------------+--------------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------------+
| enabled | True |
| id | 0df518b728754468a0b01b5f10a6ed8c |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b49ad0b8f24649469baba5a62fece3b2 |
| service_name | heat |
| service_type | orchestration |
| url | http://openstack.if010.com:8004/v1/%(tenant_id)s |
+--------------+--------------------------------------------------+
[root@node-251 openstack]# openstack endpoint create --region RegionOne orchestration admin http://openstack.if010.com:8004/v1/%\(tenant_id\)s
+--------------+--------------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------------+
| enabled | True |
| id | 6988272e22514edf8a30d69f0a088fa2 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b49ad0b8f24649469baba5a62fece3b2 |
| service_name | heat |
| service_type | orchestration |
| url | http://openstack.if010.com:8004/v1/%(tenant_id)s |
+--------------+--------------------------------------------------+
[root@node-251 openstack]# openstack endpoint create --region RegionOne cloudformation public http://openstack.if010.com:8000/v1
+--------------+------------------------------------+
| Field | Value |
+--------------+------------------------------------+
| enabled | True |
| id | 8476d6c18b7e4e5e95bf90773c9ae1e6 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | a566f24ecba74d08b675f7757b67e5f2 |
| service_name | heat-cfn |
| service_type | cloudformation |
| url | http://openstack.if010.com:8000/v1 |
+--------------+------------------------------------+
[root@node-251 openstack]# openstack endpoint create --region RegionOne cloudformation internal http://openstack.if010.com:8000/v1
+--------------+------------------------------------+
| Field | Value |
+--------------+------------------------------------+
| enabled | True |
| id | 4a32ff42bd9b4eb0aae6d1f5bfe170de |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | a566f24ecba74d08b675f7757b67e5f2 |
| service_name | heat-cfn |
| service_type | cloudformation |
| url | http://openstack.if010.com:8000/v1 |
+--------------+------------------------------------+
[root@node-251 openstack]# openstack endpoint create --region RegionOne cloudformation admin http://openstack.if010.com:8000/v1
+--------------+------------------------------------+
| Field | Value |
+--------------+------------------------------------+
| enabled | True |
| id | ddc85511645c464d8494b678f23eadff |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | a566f24ecba74d08b675f7757b67e5f2 |
| service_name | heat-cfn |
| service_type | cloudformation |
| url | http://openstack.if010.com:8000/v1 |
+--------------+------------------------------------+
10.7 为栈创建heat包含项目和用户的域
[root@node-251 openstack]# openstack domain create --description "Stack projects and users" heat
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Stack projects and users |
| enabled | True |
| id | 2998398ef9604199a0173621b1cee8ba |
| name | heat |
| tags | [] |
+-------------+----------------------------------+
10.8 在heat域中创建管理项目和用户的heat_domain_admin用户并设置密码
[root@node-251 openstack]# openstack user create --domain heat --password-prompt heat_domain_admin
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | 2998398ef9604199a0173621b1cee8ba |
| enabled | True |
| id | 0ec339a48c464a5da8ef78783b77c95e |
| name | heat_domain_admin |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
密码:123456
10.9 添加admin角色到heat域 中的heat_domain_admin用户,启用heat_domain_admin用户管理栈的管理权限
[root@node-251 openstack]# openstack role add --domain heat --user-domain heat --user heat_domain_admin admin
10.10 创建 heat_stack_owner 角色
[root@node-251 openstack]# openstack role create heat_stack_owner
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | c3e1a93192564120bc756aae5aed8dcd |
| name | heat_stack_owner |
+-----------+----------------------------------+
10.11 添加heat_stack_owner角色到demo项目和用户,启用demo用户管理栈
openstack role add --project demo --user demo heat_stack_owner
10.12 创建 heat_stack_user 角色
[root@node-251 openstack]# openstack role create heat_stack_user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 55050f0c429b4e1bbda6b7bd83f763d1 |
| name | heat_stack_user |
+-----------+----------------------------------+
10.13 安装并配置组件
安装
yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine openstack-heat-ui
配置 /etc/heat/heat.conf 文件
[DEFAULT]
heat_metadata_server_url = http://openstack.if010.com:8000 #配置元数据Url
heat_waitcondition_server_url = http://openstack.if010.com:8000/v1/waitcondition #配置等待条件Url
stack_user_domain_name = heat #配置栈域
stack_domain_admin = heat_domain_admin #配置栈域与管理凭据用户
stack_domain_admin_password = stack_domain_admin@If010 #配置栈域与管理凭据密码
transport_url = rabbit://openstack:[email protected] #配置RabbitMQ消息队列访问
rpc_backend = rabbit #配置RabbitMQ消息队列访问
[clients_keystone] #认证服务访问
auth_uri = http://openstack.if010.com:35357
[database] #配置数据库的连接
connection = mysql+pymysql://heat:[email protected]/heat
[ec2authtoken] #认证服务访问
auth_uri = http://openstack.if010.com:5000/v2.0
[oslo_messaging_rabbit] #配置RabbitMQ消息队列访问
rabbit_host = 127.0.0.1
rabbit_port = 5672
rabbit_userid = openstack
rabbit_password = 1735e32955b2ef18362e
[trustee] #认证服务访问
auth_plugin = password
auth_url = http://openstack.if010.com:35357
username = heat
password = heat@If010 #heat用户的密码
user_domain_name = default
[keystone_authtoken] #配置认证服务访问
auth_uri = http://openstack.if010.com:5000
auth_url = http://openstack.if010.com:35357
memcached_servers = openstack.if010.com:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = heat
password = heat@If010 #heat用户的密码
10.14 同步数据库
su -s /bin/sh -c "heat-manage db_sync" heat
10.15 启动Orchestration服务并将其设置为随系统启动
[root@openstack ~]# systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service
[root@openstack ~]# systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service
10.16 重启Http web服务使其horizon上显示并管理Heat
[root@openstack ~]# systemctl restart openstack-heat*
[root@openstack ~]# systemctl restart httpd
10.17 验证操作
[root@node-251 openstack]# openstack orchestration service list
+----------+-------------+--------------------------------------+----------+--------+----------------------------+--------+
| Hostname | Binary | Engine ID | Host | Topic | Updated At | Status |
+----------+-------------+--------------------------------------+----------+--------+----------------------------+--------+
| node-251 | heat-engine | fb27abe5-20cf-4743-b74c-790802e9fa74 | node-251 | engine | 2023-06-08T07:29:11.000000 | up |
| node-251 | heat-engine | cd489594-7aa3-4660-80e9-ef01bb1a3d99 | node-251 | engine | 2023-06-08T07:29:11.000000 | up |
| node-251 | heat-engine | 2d820847-b6f5-425b-aef2-c7341bf1e9ab | node-251 | engine | 2023-06-08T07:29:11.000000 | up |
| node-251 | heat-engine | 10ca4f4f-b34d-447d-9574-656daf91b266 | node-251 | engine | 2023-06-08T07:29:11.000000 | up |
+----------+-------------+--------------------------------------+----------+--------+----------------------------+--------+