搭建简单的openstack服务之一

一、openstack环境准备

image.png
  1. 5台主机都是最小化安装系统
  • 最小化安装重命名网卡
    传递内核参数 net.ifnames=0 biosdevname=0,以更改网卡名称为eth0,ethX:
    出现安装界面时使用键盘上下键移动到第一行即Install Centos Linux 7,然后按tab键,即可出现传递参数界面


    image.png
  • 最小化安装系统初始化

yum install  vim iotop bc gcc gcc-c++ glibc glibc-devel pcre \
pcre-devel openssl  openssl-devel zip unzip zlib-devel  net-tools \
lrzsz tree ntpdate telnet lsof tcpdump wget libevent libevent-devel \
bc  systemd-devel bash-completion traceroute net-tools -y
  • NetworkManager关闭,设置开机不启动
  • 关闭防火墙firewalld,并且设置开机不启动
  • selinux关闭,修改配置文件
  • 内核替换文件:优化
    a. sysctl.conf内核参数 /etc/sysctl.conf
    b. limit.conf限制参 /etc/security/limits.conf
    如果要做网卡绑定的话,需要安装bridge-utils包,这个包给物理机使用的
  1. 在5台主机配置文件/etc/hostname定义主机名:


    image.png
  2. 搭建负载均衡haproxy和keepalived

root@lb1:~# vim /etc/keepalived/keepalived.conf 

! Configuration File for keepalived
  
global_defs {
   notification_email {
     acassen
   }
   notification_email_from [email protected]
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
}

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 50
    #nopreempt
    priority 100
    advert_int 1
    virtual_ipaddress {
        172.20.6.248 dev eth0 label eth0:0
    }
}

root@lb1:~# cat /etc/haproxy/haproxy.cfg 

global
maxconn 100000
#chroot /usr/local/haproxy
#stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
uid 99
gid 99
daemon
nbproc 4
cpu-map 1 0
cpu-map 2 1
cpu-map 3 2
cpu-map 4 3
#pidfile /usr/local/haproxy/run/haproxy.pid
log 127.0.0.1 local3 info

defaults
option http-keep-alive
option  forwardfor
maxconn 100000
mode http
timeout connect 300000ms
timeout client  300000ms
timeout server  300000ms

listen stats
 mode http
 bind 0.0.0.0:9999
 stats enable
 log global
 stats uri     /haproxy-status
 stats auth    haadmin:q1w2e3r4ys

root@lb1:~# systemctl enable keepalived && systemctl start keepalived

 systemctl enable haproxy && systemctl start haproxy
  1. 所有服务时间同步
所有服务器执行下面的命令,或者直接写入crontab -e里面
echo "*/2 * * * * /usr/sbin/ntpdate 172.20.0.1 && /usr/sbin/hwclock -w" > /var/spool/mail/root
  1. 启用OpenStack库
    所有服务器上安装
yum install centos-release-openstack-ocata
  1. 控制端(管理端)和计算节点安装
yum install python-openstackclient -y
  1. 如果装有selinux,需要在所有节点上安装
8. 如果控制端和
RHEL和 CentOS 默认启用 [SELinux](https://docs.openstack.org/ocata/zh_CN/install-guide-rdo/common/glossary.html#term-selinux) 。安装 `openstack-selinux` 包实现对OpenStack服务的安全策略进行自动管理:
所有控制节点和计算节点安装
# yum install openstack-selinux
  1. 安全并配置组件
    控制端安装
如果控制端和mysql服务不是在同一台服务器,控制端就需要安装下面2个包
# yum install mariadb python2-PyMySQL
mysql服务器安装
注:本实验RabbitMQ、Memcache、mysql安装在同一台服务器
# yum install mariadb mariadb-server

创建并编辑 /etc/my.cnf.d/openstack.cnf

[root@mysql ~]# vim /etc/my.cnf.d/openstack.cnf

bind-address = 172.20.6.103  注:监听地址改为本机地址

default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

启动服务并设置开机启动
[root@mysql ~]# systemctl enable mariadb.service && systemctl start mariadb.service

安全初始化
[root@mysql ~]# mysql_secure_installation

测试本机是否能进入数据库
[root@mysql ~]# mysql -uroot -p123456

  1. 消息队列RabbitMQ
    安全并配置组件
  • 安装包
[root@mysql ~]# yum install rabbitmq-server
  • 启动消息队列服务并将其配置为随系统启动
[root@mysql ~]# systemctl start rabbitmq-server.service && systemctl enable rabbitmq-server.service

启动之后开启了2个端口
25672:集群通信使用的
5672:客户端使用的

  • 添加 openstack 用户:
[root@mysql ~]# rabbitmqctl add_user openstack 123456
  • openstack用户配置写和读权限
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
  • 打开rabbitMQ的web插件
[root@mysql ~]# rabbitmq-plugins  enable rabbitmq_management
此时多出了一个15672端口

此时可以web界面打开RabbitMQ的web界面
登录账户和密码默认都为guest



image.png
  1. 缓存服务Memcached
    安全并配置组件
  • 控制端安装包
[root@controller1 ~]# yum -y install python-memcached
如果控制端和Memcached在同一台服务器,无需安装 python-memcached此包
  • 安装包
 [root@mysql ~]# yum install memcached -y
修改配置文件
[root@mysql ~]# vim /etc/sysconfig/memcached

PORT="11211"
USER="memcached"
MAXCONN="4096"
CACHESIZE="128"  注:此处生产中可以设置大点1g或者更大,此处单位为M
OPTIONS="-l 0.0.0.0,::1"  监听地址可以是本机地址,也可以写成0.0.0.0本机所有地址

  • 启动Memcached服务,并且配置它随机启动。
root@mysql ~]# systemctl start memcached.service && systemctl enable memcached.service
  • 验证端口
# ss -tnl
  1. 将上面的几个服务端口添加到haproxy的配置文件中
root@lb1:~# vim /etc/haproxy/haproxy.cfg
...
listen  opnestack_mysql_port_3306
 bind 172.20.6.248:3306
 mode tcp
 log global
 server 172.20.6.103  172.20.6.103:3306  check inter 3000 fall 2 rise 5

listen  opnestack_mysql_port_5672
 bind 172.20.6.248:5672
 mode tcp
 log global
 server 172.20.6.103  172.20.6.103:5672  check inter 3000 fall 2 rise 5

listen  opnestack_mysql_port_11211
 bind 172.20.6.248:11211
 mode tcp
 log global
 server 172.20.6.103  172.20.6.103:11211  check inter 3000 fall 2 rise 5

root@lb1:~# ss -tnl
State     Recv-Q     Send-Q          Local Address:Port           Peer Address:Port     
LISTEN    0          128              172.20.6.248:5672                0.0.0.0:*        
LISTEN    0          128              172.20.6.248:3306                0.0.0.0:*        
LISTEN    0          128              172.20.6.248:11211               0.0.0.0:*  
LISTEN    0          128                   0.0.0.0:9999                0.0.0.0:*
  • 在控制节点测试测试
能否通过vip172.20.6.248转发到后端服务器
[root@controller1 ~]# telnet 172.20.6.248 3306
Trying 172.20.6.248...
Connected to 172.20.6.248.
Escape character is '^]'.

[root@controller1 ~]# telnet 172.20.6.248 5672
Trying 172.20.6.248...
Connected to 172.20.6.248.
Escape character is '^]'.
Connection closed by foreign host.

[root@controller1 ~]# telnet 172.20.6.248 11211
Trying 172.20.6.248...
Connected to 172.20.6.248.
Escape character is '^]'.

二、认证服务keystone

  1. 安装和配置
    1.1 先决条件
在数据库服务器操作
用数据库连接客户端以 root 用户连接到数据库服务器
[root@mysql ~]# mysql -uroot -p123456

创建 keystone 数据库:
MariaDB [(none)]> CREATE DATABASE keystone;

对``keystone``数据库授予恰当的权限:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone123';

1.2测试

root@controller1 ~]# mysql -ukeystone -pkeystone123 -h172.20.6.103   直连测试

[root@controller1 ~]# mysql -ukeystone -pkeystone123 -h172.20.6.248  通过vip转发连接


1.3 安全并配置组件

  • 在控制端运行以下命令来安装包。
[root@controller1 ~]# yum install openstack-keystone httpd mod_wsgi -y

[root@controller1 ~]# vim /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.20.6.248 openstack-linux36-vip.magedu.net  通过域名节点vip


  • 编辑文件 /etc/keystone/keystone.conf 并完成如下动作
[root@controller1 ~]# openssl  rand -hex 10   #生成临时token
b4187ef9694d7313e5a7
 按以下配置文件配置
cat /etc/keystone/keystone.conf
1:[DEFAULT]
17:17:admin_token = b4187ef9694d7313e5a7
686:[database]
714:connection = mysql+pymysql://keystone:[email protected]/keystone

1494:[memcache]
2791:[token]
2833:provider = fernet
  • 初始化并验证数据库
    注:会在数据库创建默认表等操作
[root@controller1 ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
[root@mysql ~]# mysql -uroot -p123456
Database changed
MariaDB [keystone]> show tables;
+------------------------+
| Tables_in_keystone     |
+------------------------+
| access_token           |
| assignment             |
| config_register        |
| consumer               |
| credential             
  • keystone日志文件:
[root@controller1 ~]#  ll /var/log/keystone/keystone.log
-rw-rw---- 1 root keystone 12884 Jun 24 18:31 /var/log/keystone/keystone.log
  • 初始化证书并验证
[root@controller1 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

[root@controller1 ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

[root@controller1 ~]# ll  /etc/keystone/fernet-keys/
total 8
-rw------- 1 keystone keystone 44 Jun 24 18:36 0
-rw------- 1 keystone keystone 44 Jun 24 18:36 1

1.4 配置 Apache HTTP 服务器
注:配置keystone,通过apache代理python

  • 编辑apache配置文件
[root@controller1 ~]# vim /etc/httpd/conf/httpd.conf
...
ServerName 172.20.6.101:80
  • 软连接配置文件
[root@controller1 ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
  • 启动apache:
[root@controller1 ~]# systemctl start httpd &&  systemctl enable  httpd
  • 验证端口


    image.png
  1. 创建域、项目、用户和角色
    2.1 通过admin的token设置环境变量进行操作:
[root@controller1 ~]# export OS_TOKEN=b4187ef9694d7313e5a7
[root@controller1 ~]# export OS_URL=http://172.20.6.101:35357/v3
[root@controller1 ~]# export OS_IDENTITY_API_VERSION=3

2.2 创建默认域

#一定要在上一步设置完成环境变量的前提下方可操作成功,否则会提示未认证。
#命令格式为:openstack domain create --description "描述信息" 域名
[root@controller1 ~]# openstack domain create --description "Default Domain" default

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Default Domain                   |
| enabled     | True                             |
| id          | cbdbfa70fb1c4b0d9b0d37650f848599 |
| name        | default                          |
+-------------+----------------------------------+
You have new mail in /var/spool/mail/root

2.3 创建一个admin的项目:

#命令格式为openstack project --domain 域 --description "描述" 项目名

[root@controller1 ~]# openstack project create --domain default --description "Admin Project" admin
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Admin Project                    |
| domain_id   | cbdbfa70fb1c4b0d9b0d37650f848599 |
| enabled     | True                             |
| id          | 2c101bf8498c42a484c9ff26b1a5d802 |
| is_domain   | False                            |
| name        | admin                            |
| parent_id   | cbdbfa70fb1c4b0d9b0d37650f848599 |
+-------------+----------------------------------+
You have new mail in /var/spool/mail/root

2.4 创建admin用户并设置密码为admin:

[root@controller1 ~]# openstack user create --domain default --password-prompt admin
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | cbdbfa70fb1c4b0d9b0d37650f848599 |
| enabled             | True                             |
| id                  | a165b86a52164af2bf6852d297e9e911 |
| name                | admin                            |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

2.5 创建admin角色:
一个项目里面可以有多个角色,目前角色只能创建在/etc/keystone/policy.json文件中定义好的角色

[root@controller1 ~]# openstack role create admin
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | a30e5cd6ab904309a0b09627a95aba11 |
| name      | admin                            |
+-----------+----------------------------------+

2.6 给admin用户授权
将admin用户授予admin项目的admin角色,即给admin项目添加一个用户叫admin,并将其添加至admin角色,角色是权限的一种集合

[root@controller1 ~]# openstack role add --project admin --user admin admin

2.7. 创建demo项目
该项目可用于演示和测试等

  • 创建demo项目
[root@controller1 ~]# openstack project create --domain default --description "Demo Project" demo
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Demo Project                     |
| domain_id   | cbdbfa70fb1c4b0d9b0d37650f848599 |
| enabled     | True                             |
| id          | a43d0e07295546f0a4c2c5987073863b |
| is_domain   | False                            |
| name        | demo                             |
| parent_id   | cbdbfa70fb1c4b0d9b0d37650f848599 |
+-------------+----------------------------------+

  • 创建demo用户并设置密码为demo
[root@controller1 ~]# openstack user create --domain default --password-prompt demo
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | cbdbfa70fb1c4b0d9b0d37650f848599 |
| enabled             | True                             |
| id                  | d7ef16d7501f4398810bdd4247bb191f |
| name                | demo                             |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

  • 创建一个user角色
    角色目前有user和admin
[root@controller1 ~]# openstack role create user
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | e58072c986194689b06dd3a82edc7cb3 |
| name      | user                             |
+-----------+----------------------------------+

  • 把demo用户添加到demo项目:
    然后赋予user权限
[root@controller1 ~]# openstack role add --project demo --user demo user

2.8 创建一个service项目
各服务之间与keystone进行访问和认证,service用于给服务创建用户

  • 创建service项目
[root@controller1 ~]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | cbdbfa70fb1c4b0d9b0d37650f848599 |
| enabled     | True                             |
| id          | 8c8d21a33b3e47f48ff4421ae713e8c1 |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | cbdbfa70fb1c4b0d9b0d37650f848599 |
+-------------+----------------------------------+
  1. 服务注册
    将keystone服务地址注册到openstack
    3.1 创建一个keystone认证服务
[root@controller1 ~]# openstack service list  #查看当前的服务

[root@controller1 ~]# openstack service create --name  keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Identity               |
| enabled     | True                             |
| id          | aa979de4d541421e8c9312270ca21515 |
| name        | keystone                         |
| type        | identity                         |
+-------------+----------------------------------+

[root@controller1 ~]# openstack service list  #验证服务创建成功
+----------------------------------+----------+----------+
| ID                               | Name     | Type     |
+----------------------------------+----------+----------+
| aa979de4d541421e8c9312270ca21515 | keystone | identity |
+----------------------------------+----------+----------+

3.2 创建endpoint
如果创建错误或多创建了,就要全部删除再重新注册,因为你不知道哪一个是对的哪一个是错的,所以只能全部删除然后重新注册,注册的IP地址写keepalived的VIP,稍后配置haproxy:

 #公共端点
[root@controller1 ~]# openstack endpoint create --region RegionOne identity public http://openstack-linux36-vip.magedu.net:5000/v3
+--------------+-------------------------------------------------+
| Field        | Value                                           |
+--------------+-------------------------------------------------+
| enabled      | True                                            |
| id           | 343a5a2993ba45fd8d09e53c0553c0d2                |
| interface    | public                                          |
| region       | RegionOne                                       |
| region_id    | RegionOne                                       |
| service_id   | aa979de4d541421e8c9312270ca21515                |
| service_name | keystone                                        |
| service_type | identity                                        |
| url          | http://openstack-linux36-vip.magedu.net:5000/v3 |
+--------------+-------------------------------------------------+
You have new mail in /var/spool/mail/root

#私有端点
[root@controller1 ~]# openstack endpoint create --region RegionOne identity internal http://openstack-linux36-vip.magedu.net:5000/v3
+--------------+-------------------------------------------------+
| Field        | Value                                           |
+--------------+-------------------------------------------------+
| enabled      | True                                            |
| id           | 986b99b5c1bf4654addb6d4063513629                |
| interface    | internal                                        |
| region       | RegionOne                                       |
| region_id    | RegionOne                                       |
| service_id   | aa979de4d541421e8c9312270ca21515                |
| service_name | keystone                                        |
| service_type | identity                                        |
| url          | http://openstack-linux36-vip.magedu.net:5000/v3 |
+--------------+-------------------------------------------------+

#管理端点
[root@controller1 ~]# openstack endpoint create --region RegionOne identity admin http://openstack-linux36-vip.magedu.net:35357/v3
+--------------+--------------------------------------------------+
| Field        | Value                                            |
+--------------+--------------------------------------------------+
| enabled      | True                                             |
| id           | edbd39d70a7c4656a7c63ca579f78e73                 |
| interface    | admin                                            |
| region       | RegionOne                                        |
| region_id    | RegionOne                                        |
| service_id   | aa979de4d541421e8c9312270ca21515                 |
| service_name | keystone                                         |
| service_type | identity                                         |
| url          | http://openstack-linux36-vip.magedu.net:35357/v3 |
+--------------+--------------------------------------------------+


[root@controller1 ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------------+
| ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                                              |
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------------+
| 343a5a2993ba45fd8d09e53c0553c0d2 | RegionOne | keystone     | identity     | True    | public    | http://openstack-linux36-vip.magedu.net:5000/v3  |
| 986b99b5c1bf4654addb6d4063513629 | RegionOne | keystone     | identity     | True    | internal  | http://openstack-linux36-vip.magedu.net:5000/v3  |
| edbd39d70a7c4656a7c63ca579f78e73 | RegionOne | keystone     | identity     | True    | admin     | http://openstack-linux36-vip.magedu.net:35357/v3 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------------+

3.3 配置haproxy

root@lb1:~# vim /etc/haproxy/haproxy.cfg
...
listen  opnestack_keystone_port_5000
 bind 172.20.6.248:5000
 mode tcp
 log global
 server 172.20.6.101  172.20.6.101:5000  check inter 3000 fall 2 rise 5

listen  opnestack_mysql_port_35357
 bind 172.20.6.248:35357
 mode tcp
 log global
 server 172.20.6.101  172.20.6.101:35357  check inter 3000 fall 2 rise 5

root@lb1:~# systemctl restart haproxy
image.png

3.4 测试重启并验证服务

[root@controller1 ~]# telnet 172.20.6.248 5000
Trying 172.20.6.248...
Connected to 172.20.6.248.
Escape character is '^]'.
^C
Connection closed by foreign host.
[root@controller1 ~]# telnet 172.20.6.248 35357
Trying 172.20.6.248...
Connected to 172.20.6.248.
Escape character is '^]'.
^C
Connection closed by foreign host.

3.5 测试keystone是否可以做用户验证
验证admin用户,密码admin,新打开一个窗口并进行以下操作

[root@controller1 ~]# export OS_IDENTITY_API_VERSION=3
[root@controller1 ~]# openstack --os-auth-url http://172.20.6.101:35357/v3 --os-project-domain-name default --os-user-domain-name default  --os-project-name admin --os-username admin token issue
Password: 
+------------+-----------------------------------------------------------------------------------------+
| Field      | Value                                                                                   |
+------------+-----------------------------------------------------------------------------------------+
| expires    | 2019-06-24T13:19:04+0000                                                                |
| id         | gAAAAABdEL-4RSHd89iS8b7VtR3YpRcQFSrZZyej9lEwjqyY38El2l0oIApBc4zqNHhkpwPjxklb7FTzBwXcTuQ |
|            | FvGwSizhOjVooZtpc9u3jvMaxgATVlj95LjxOxpkclLl3m9XYySKdcaE0oABxTBVbge8Y-                  |
|            | 2lnt4NVP8YQGG_HKohuVUKjV2w                                                              |
| project_id | 2c101bf8498c42a484c9ff26b1a5d802                                                        |
| user_id    | a165b86a52164af2bf6852d297e9e911                                                        |
+------------+-----------------------------------------------------------------------------------------+
You have new mail in /var/spool/mail/root

3.6 验证demo用户,密码为demo

[root@controller1 ~]# export OS_IDENTITY_API_VERSION=3
[root@controller1 ~]# openstack --os-auth-url http://172.20.6.101:35357/v3 --os-project-domain-name default --os-user-domain-name default  --os-project-name demo --os-username demo token issue
Password: 
+------------+-----------------------------------------------------------------------------------------+
| Field      | Value                                                                                   |
+------------+-----------------------------------------------------------------------------------------+
| expires    | 2019-06-24T13:20:51+0000                                                                |
| id         | gAAAAABdEMAjaXGvx2Yp-bbPKttqhquc5WcHeV4siK8mrZOorqqjWg2IdIV1hJnXHF0                     |
|            | -ufSDNRt8tnT66HClC0e2rsKnQO-Jy1gs68rhl7cQL0PpxexhcuY_4zJl1aMFetk9vPrUj1DxB0rjMZ_70Re9bc |
|            | BcJorEimWAhlvL3AkM7cdCScZNfN4                                                           |
| project_id | a43d0e07295546f0a4c2c5987073863b                                                        |
| user_id    | d7ef16d7501f4398810bdd4247bb191f                                                        |
+------------+-----------------------------------------------------------------------------------------+
  1. 创建 OpenStack 客户端环境脚本
    4.1 使用脚本设置环境变量:
    创建 admin 和 demo项目和用户创建客户端环境变量脚本。本指南的接下来的部分会引用这些脚本,为客户端操作加载合适的的凭证
[root@controller1 ~]# mkdir script
[root@controller1 ~]# cd script/
[root@controller1 script]# vim admin.sh


#!/bin/bash
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://172.20.6.101:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

Demo用户脚本内容

[root@controller1 script]# vim demo.sh


#!/bin/bash
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://172.20.6.101:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

4.2 测试脚本是否可以正常使用
Admin用户脚本测试

[root@controller1 script]# source admin.sh 

[root@controller1 script]# openstack --os-auth-url http://172.20.6.101:35357/v3 --os-project-domain-name default --os-user-domain-name default  --os-project-name admin --os-username admin token issue
+------------+-----------------------------------------------------------------------------------------+
| Field      | Value                                                                                   |
+------------+-----------------------------------------------------------------------------------------+
| expires    | 2019-06-24T13:27:22+0000                                                                |
| id         | gAAAAABdEMGqGNgr-jgeFAw4_9DekpzIlCM_23mSTpxC3OekQOmyTnx-fzlR5YWy2rqY6uLPZIl3e31dIuVaU41 |
|            | 3WyDoZwv_RGRqTQeZO1EHmfAcPxFQFjjGFvomDpD6WkaF1aDUwgUJ07RTc7JFiPmkMxeHi1NLCi9lcLDsOqBPhu |
|            | EF8d9a5eE                                                                               |
| project_id | 2c101bf8498c42a484c9ff26b1a5d802                                                        |
| user_id    | a165b86a52164af2bf6852d297e9e911                                                        |
+------------+-----------------------------------------------------------------------------------------+
You have new mail in /var/spool/mail/root

[root@controller1 script]# source demo.sh 
[root@controller1 script]# openstack --os-auth-url http://172.20.6.101:35357/v3 --os-project-domain-name default --os-user-domain-name default  --os-project-name demo --os-username demo token issue
+------------+-----------------------------------------------------------------------------------------+
| Field      | Value                                                                                   |
+------------+-----------------------------------------------------------------------------------------+
| expires    | 2019-06-24T13:36:20+0000                                                                |
| id         | gAAAAABdEMPEwprvGRmzZA9zHmmXUX-q6kfodnMDAS09yQ9Lka-EmfR6vvaN-YaHIKl6skJEU5lJK6sdhm3qaqt |
|            | R24HDDzoDxO3KYltekEYXtKjbuy2tghJvWglN2lc2YA6L8mjG8L6QgupN2veiyg2B-                      |
|            | jX7WNNWKFcAO6Urj0242zTx6OGCHpY                                                          |
| project_id | a43d0e07295546f0a4c2c5987073863b                                                        |
| user_id    | d7ef16d7501f4398810bdd4247bb191f                                                        |
+------------+-----------------------------------------------------------------------------------------+

注:表明无需密码就可以进行用户验证

4.3 将admin.sh和demo.sh的ip地址改为vip,解决控制端的单点问题

root@controller1 script]# vim demo.sh 
[root@controller1 script]# cat admin.sh demo.sh 
#!/bin/bash
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://172.20.6.248:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

#!/bin/bash
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://172.20.6.248:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2


root@lb1:~# tail -11 /etc/haproxy/haproxy.cfg 
listen  opnestack_keystone_port_5000
 bind 172.20.6.248:5000
 mode tcp
 log global
 server 172.20.6.101  172.20.6.101:5000  check inter 3000 fall 2 rise 5

listen  opnestack_mysql_port_35357
 bind 172.20.6.248:35357
 mode tcp
 log global
 server 172.20.6.101  172.20.6.101:35357  check inter 3000 fall 2 rise 5

测试

[root@controller1 script]# source admin.sh 
[root@controller1 script]# openstack service list
+----------------------------------+----------+----------+
| ID                               | Name     | Type     |
+----------------------------------+----------+----------+
| aa979de4d541421e8c9312270ca21515 | keystone | identity |
+----------------------------------+----------+----------+

三、镜像服务glance

  1. 控制端安装glance
[root@controller1 script]# yum install -y openstack-glance

  1. 创建并初始化数据库
    2.1 在mysql服务器创建glance数据库并授权
[root@mysql ~]# mysql -uroot -p123456

2.2 创建 glance 数据库

MariaDB [(none)]>  create database glance;

2.3 对glance数据库授予恰当的权限:

MariaDB [(none)]> grant all on glance.* to 'glance'@'%' identified by 'glance123';

2.4 在控制端验证glance用户远程连接VIP:

[root@controller1 script]# mysql -uglance -pglance123 -h172.20.6.248
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 38
Server version: 10.1.20-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> 
  1. 要创建服务证书,完成这些步骤:
    3.1 创建 glance 用户:
[root@controller1 script]# source admin.sh 
[root@controller1 script]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | cbdbfa70fb1c4b0d9b0d37650f848599 |
| enabled             | True                             |
| id                  | 327c52357a5243d0abf868fff4022220 |
| name                | glance                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
You have new mail in /var/spool/mail/root

3.2 添加 admin 角色到 glance 用户和 service 项目上

[root@controller1 script]# openstack role add --project service --user glance admin

3.3 创建glance服务实体:

[root@controller1 script]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Image                  |
| enabled     | True                             |
| id          | 0a76822b396b474c80afecc820c5b531 |
| name        | glance                           |
| type        | image                            |
+-------------+----------------------------------+

3.4 glance服务注册(创建镜像服务的 API 端点:)

#创建公有endpoint
[root@controller1 script]# openstack endpoint create --region RegionOne image public http://openstack-linux36-vip.magedu.net:9292   
+--------------+----------------------------------------------+
| Field        | Value                                        |
+--------------+----------------------------------------------+
| enabled      | True                                         |
| id           | b79b887989bd4aad9fc55279c54f894a             |
| interface    | public                                       |
| region       | RegionOne                                    |
| region_id    | RegionOne                                    |
| service_id   | 0a76822b396b474c80afecc820c5b531             |
| service_name | glance                                       |
| service_type | image                                        |
| url          | http://openstack-linux36-vip.magedu.net:9292 |
+--------------+----------------------------------------------+

#创建私有endpoint:
You have new mail in /var/spool/mail/root
[root@controller1 script]# openstack endpoint create --region RegionOne image internal http://openstack-linux36-vip.magedu.net:9292
+--------------+----------------------------------------------+
| Field        | Value                                        |
+--------------+----------------------------------------------+
| enabled      | True                                         |
| id           | 12935010e2c7496197f550b17fcc8677             |
| interface    | internal                                     |
| region       | RegionOne                                    |
| region_id    | RegionOne                                    |
| service_id   | 0a76822b396b474c80afecc820c5b531             |
| service_name | glance                                       |
| service_type | image                                        |
| url          | http://openstack-linux36-vip.magedu.net:9292 |
+--------------+----------------------------------------------+

#创建管理endpoint:
[root@controller1 script]# openstack endpoint create --region RegionOne image admin http://openstack-linux36-vip.magedu.net:9292
+--------------+----------------------------------------------+
| Field        | Value                                        |
+--------------+----------------------------------------------+
| enabled      | True                                         |
| id           | 2bd9252a93884989931096910cb7109d             |
| interface    | admin                                        |
| region       | RegionOne                                    |
| region_id    | RegionOne                                    |
| service_id   | 0a76822b396b474c80afecc820c5b531             |
| service_name | glance                                       |
| service_type | image                                        |
| url          | http://openstack-linux36-vip.magedu.net:9292 |
+--------------+----------------------------------------------+

[root@controller1 script]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------------+
| ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                                              |
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------------+
| 12935010e2c7496197f550b17fcc8677 | RegionOne | glance       | image        | True    | internal  | http://openstack-linux36-vip.magedu.net:9292     |
| 2bd9252a93884989931096910cb7109d | RegionOne | glance       | image        | True    | admin     | http://openstack-linux36-vip.magedu.net:9292     |
| 343a5a2993ba45fd8d09e53c0553c0d2 | RegionOne | keystone     | identity     | True    | public    | http://openstack-linux36-vip.magedu.net:5000/v3  |
| 986b99b5c1bf4654addb6d4063513629 | RegionOne | keystone     | identity     | True    | internal  | http://openstack-linux36-vip.magedu.net:5000/v3  |
| b79b887989bd4aad9fc55279c54f894a | RegionOne | glance       | image        | True    | public    | http://openstack-linux36-vip.magedu.net:9292     |
| edbd39d70a7c4656a7c63ca579f78e73 | RegionOne | keystone     | identity     | True    | admin     | http://openstack-linux36-vip.magedu.net:35357/v3 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------------+

MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| glance             |
| information_schema |
| keystone           |
| mysql              |
| performance_schema |
+--------------------+
5 rows in set (0.00 sec)

MariaDB [(none)]> use glance;
Database changed
MariaDB [glance]> show tables;
Empty set (0.00 sec)

  1. 安全并配置组件
    4.1 控制端安装软件包
[root@controller1 script]# yum install openstack-glance

4.2 编辑文件 /etc/glance/glance-api.conf 并完成如下动作

#在 [database] 部分,配置数据库访问:
[database]
connection = mysql+pymysql://glance:[email protected]/glance

#在 [keystone_authtoken] 和 [paste_deploy] 部分,配置认证服务访问:
[keystone_authtoken]
auth_uri = http://openstack-linux36-vip.magedu.net:5000
auth_url = http://openstack-linux36-vip.magedu.net:35357
memcached_servers = openstack-linux36-vip.magedu.net:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance

[paste_deploy]
flavor = keystone

#在 [glance_store] 部分,配置本地文件系统存储和镜像文件位置:
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/


4.3 编辑文件/etc/glance/glance-registry.conf并完成如下动作:

#在 [database] 部分,配置数据库访问
[database]

connection = mysql+pymysql://glance:[email protected]/glance

在 [keystone_authtoken] 和 [paste_deploy] 部分,配置认证服务访问
[keystone_authtoken]

auth_uri = http://openstack-linux36-vip.magedu.net:5000
auth_url = http://openstack-linux36-vip.magedu.net:35357
memcached_servers = openstack-linux36-vip.magedu.net:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance

[paste_deploy]
flavor = keystone

4.4 写入镜像服务数据库:

[root@controller1 script]# su -s /bin/sh -c "glance-manage db_sync" glance

Option "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1241: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade
  expire_on_commit=expire_on_commit, _conf=conf)
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
INFO  [alembic.runtime.migration] Running upgrade  -> liberty, liberty initial
INFO  [alembic.runtime.migration] Running upgrade liberty -> mitaka01, add index on created_at and updated_at columns of 'images' table
INFO  [alembic.runtime.migration] Running upgrade mitaka01 -> mitaka02, update metadef os_nova_server
INFO  [alembic.runtime.migration] Running upgrade mitaka02 -> ocata01, add visibility to and remove is_public from images
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: ocata01, current revision(s): ocata01
You have new mail in /var/spool/mail/root



MariaDB [glance]> show tables;
+----------------------------------+
| Tables_in_glance                 |
+----------------------------------+
| alembic_version                  |
| artifact_blob_locations          |
| artifact_blobs                   |
| artifact_dependencies            |
| artifact_properties              |
| artifact_tags                    |


4.5 启动镜像服务并将其配置为随机启动

[root@controller1 script]# systemctl enable openstack-glance-api.service openstack-glance-registry.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-registry.service to /usr/lib/systemd/system/openstack-glance-registry.service.
[root@controller1 script]# systemctl enable openstack-glance-api.service openstack-glance-registry.service

image.png

4.6 配置haproxy代理glance

root@lb1:~# vim /etc/haproxy/haproxy.cfg
...
listen  opnestack_glance_port_9191
 bind 172.20.6.248:9191
 mode tcp
 log global
 server 172.20.6.101  172.20.6.101:9191  check inter 3000 fall 2 rise 5

listen  opnestack_glance_port_9292
 bind 172.20.6.248:9292
 mode tcp
 log global
 server 172.20.6.101  172.20.6.101:9292  check inter 3000 fall 2 rise 5

root@lb1:~# systemctl restart haproxy
image.png

4.7 验证glance服务

[root@controller1 script]# glance image-list
+----+------+
| ID | Name |
+----+------+
+----+------+
You have new mail in /var/spool/mail/root
[root@controller1 script]# openstack image list

注:没有输出是因为glance目前木有镜像,是正常的

4.8 安装nfs服务器(本时候,nfs服务安装在mysql服务器上)
在后端安装一个nfs存储服务器(后期控制端有N个的时候,共用一个目录存放镜像文件)

[root@controller1 script]# ll /var/lib/glance/images/
total 0
  • 安装包
[root@mysql ~]# yum -y install nfs-utils
[root@mysql ~]# vim /etc/exports

/openstack/glance *(rw,no_root_squash)

[root@mysql ~]# mkdir /openstack/glance -p
[root@mysql ~]# vim /etc/exports

[root@mysql ~]# systemctl start nfs && systemctl enable nfs
  • 在控制端查看共享目录
[root@controller1 script]# showmount -e 172.20.6.103
Export list for 172.20.6.103:
/openstack/glance *

  • 挂载
[root@mysql ~]# systemctl stop nfs

[root@controller1 script]# vim /etc/fstab 


#
# /etc/fstab
# Created by anaconda on Wed Jun 19 22:48:58 2019
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=4f0e5814-d14a-4c60-acad-7551e0df4440 /                       xfs     defaults        0 0
UUID=f1c90e3e-4e7c-41e7-aaef-549fb1a7366c /boot                   xfs     defaults        0 0
UUID=9f9b9602-2e6c-4e78-b98c-ec3e54456681 swap                    swap    defaults        0 0
172.20.6.103:/openstack/glance /var/lib/glance/images/ nfs  defaults,_netdev 0 0

[root@mysql ~]# systemctl start nfs
[root@controller1 script]# mount -a
[root@controller1 script]# df 
Filesystem                     1K-blocks    Used Available Use% Mounted on
/dev/sda3                      104280324 1564544 102715780   2% /
devtmpfs                         1666220       0   1666220   0% /dev
tmpfs                            1675424       0   1675424   0% /dev/shm
tmpfs                            1675424    8860   1666564   1% /run
tmpfs                            1675424       0   1675424   0% /sys/fs/cgroup
/dev/sda1                         520876  119540    401336  23% /boot
tmpfs                             335088       0    335088   0% /run/user/0
172.20.6.103:/openstack/glance 104280448 1555968 102724480   2% /var/lib/glance/images

4.9 验证操作
CirrOS是一个小型的Linux镜像可以用来帮助你进行 OpenStack部署测试。

测试glance上传镜像

  • 在glance下载一个0.3.4版本的测试镜像,注意这个是3.4的

[root@controller1 ~]# wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img

#使用磁盘格式,bare容器格式上传镜像到镜像服务并设置公共可见,这样所有的项目都可以访问它:

[root@controller1 ~]# openstack image create "cirros-0.3.4" \
>   --file cirros-0.3.4-x86_64-disk.img \
>   --disk-format qcow2 --container-format bare \
>   --public
503 Service Unavailable
Insufficient permissions on image storage media: Permission to write image storage media denied.
    (HTTP 503)
注:表明对挂载目录没有写权限,修改目录属性

[root@controller1 ~]# id glance
uid=161(glance) gid=161(glance) groups=161(glance)

存储服务器

[root@mysql ~]# cd /openstack/
[root@mysql openstack]# ls
glance
[root@mysql openstack]# ll
total 0
drwxr-xr-x 2 root root 6 Jun 24 21:55 glance

[root@mysql openstack]# chown 161.161 glance
[root@mysql openstack]# ll
total 0
drwxr-xr-x 2 161 161 6 Jun 24 21:55 glance
You have new mail in /var/spool/mail/root

  • 再次上传镜像文件到镜像服务
[root@controller1 ~]# openstack image create "cirros-0.3.4"   --file cirros-0.3.4-x86_64-disk.img   --disk-format qcow2 --container-format bare   --public
+------------------+------------------------------------------------------+
| Field            | Value                                                |
+------------------+------------------------------------------------------+
| checksum         | ee1eca47dc88f4879d8a229cc70a07c6                     |
| container_format | bare                                                 |
| created_at       | 2019-06-24T14:15:09Z                                 |
| disk_format      | qcow2                                                |
| file             | /v2/images/de7350ff-5090-4cda-a950-2817cee72384/file |
| id               | de7350ff-5090-4cda-a950-2817cee72384                 |
| min_disk         | 0                                                    |
| min_ram          | 0                                                    |
| name             | cirros-0.3.4                                         |
| owner            | 2c101bf8498c42a484c9ff26b1a5d802                     |
| protected        | False                                                |
| schema           | /v2/schemas/image                                    |
| size             | 13287936                                             |
| status           | active                                               |
| tags             |                                                      |
| updated_at       | 2019-06-24T14:15:09Z                                 |
| virtual_size     | None                                                 |
| visibility       | public                                               |
+------------------+------------------------------------------------------+
You have new mail in /var/spool/mail/root
  • 确认镜像的上传并验证属性:
[root@controller1 ~]# glance image-list
+--------------------------------------+--------------+
| ID                                   | Name         |
+--------------------------------------+--------------+
| de7350ff-5090-4cda-a950-2817cee72384 | cirros-0.3.4 |
+--------------------------------------+--------------+
[root@controller1 ~]# openstack image list
+--------------------------------------+--------------+--------+
| ID                                   | Name         | Status |
+--------------------------------------+--------------+--------+
| de7350ff-5090-4cda-a950-2817cee72384 | cirros-0.3.4 | active |
+--------------------------------------+--------------+--------+

[root@controller1 ~]# ll /var/lib/glance/images/
total 12980
-rw-r----- 1 glance glance 13287936 Jun 24 22:15 de7350ff-5090-4cda-a950-2817cee72384
  • 查看指定镜像信息
[root@controller1 ~]# openstack image show cirros-0.3.4
+------------------+------------------------------------------------------+
| Field            | Value                                                |
+------------------+------------------------------------------------------+
| checksum         | ee1eca47dc88f4879d8a229cc70a07c6                     |
| container_format | bare                                                 |
| created_at       | 2019-06-24T14:15:09Z                                 |
| disk_format      | qcow2                                                |
| file             | /v2/images/de7350ff-5090-4cda-a950-2817cee72384/file |
| id               | de7350ff-5090-4cda-a950-2817cee72384                 |
| min_disk         | 0                                                    |
| min_ram          | 0                                                    |
| name             | cirros-0.3.4                                         |
| owner            | 2c101bf8498c42a484c9ff26b1a5d802                     |
| protected        | False                                                |
| schema           | /v2/schemas/image                                    |
| size             | 13287936                                             |
| status           | active                                               |
| tags             |                                                      |
| updated_at       | 2019-06-24T14:15:09Z                                 |
| virtual_size     | None                                                 |
| visibility       | public                                               |
+------------------+------------------------------------------------------+

四、计算服务nova(部署nova控制节点与计算节点)

在安装和配置 Compute 服务前,你必须创建数据库服务的凭据以及 API endpoints。

  1. 为了创建数据库,必须完成这些步骤:
# 用数据库连接客户端以 root 用户连接到数据库服务器
[root@mysql openstack]# mysql -uroot -p123456

#Create the nova_api, nova, and nova_cell0 databases:
MariaDB [(none)]> CREATE DATABASE nova_api;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> CREATE DATABASE nova;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> CREATE DATABASE nova_cell0;
Query OK, 1 row affected (0.00 sec)

#对数据库进行正确的授权:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova123';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%'  IDENTIFIED BY 'nova123';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova123';
Query OK, 0 rows affected (0.00 sec)

  • 验证用户能否通过vip远程登陆数据库
[root@controller1 ~]# mysql -unova -pnova123 -h172.20.6.103
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 68
Server version: 10.1.20-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| nova               |
| nova_api           |
| nova_cell0         |
+--------------------+
4 rows in set (0.01 sec)
  1. 创建nova服务并注册:
    2.1 创建nova用户并授权
#获得 admin 凭证来获取只有管理员能执行的命令的访问权限
[root@controller1 ~]# source script/admin.sh 

[root@controller1 ~]# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | cbdbfa70fb1c4b0d9b0d37650f848599 |
| enabled             | True                             |
| id                  | 3a492162680e40ea98e32949aeaf8ade |
| name                | nova                             |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

#给 nova 用户添加 admin 角色
[root@controller1 ~]# openstack role add --project service --user nova admin

2.2 创建nova服务并注册

#创建 nova 服务实体
[root@controller1 ~]# openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Compute                |
| enabled     | True                             |
| id          | cb6d1f71a8f24aa58b9012edba7b32c4 |
| name        | nova                             |
| type        | compute                          |
+-------------+----------------------------------+


#创建公共端点
[root@controller1 ~]# openstack endpoint create --region RegionOne  compute public http://openstack-linux36-vip.magedu.net:8774/v2.1
+--------------+---------------------------------------------------+
| Field        | Value                                             |
+--------------+---------------------------------------------------+
| enabled      | True                                              |
| id           | cabb52a4f8ce4555969aa245cb269390                  |
| interface    | public                                            |
| region       | RegionOne                                         |
| region_id    | RegionOne                                         |
| service_id   | cb6d1f71a8f24aa58b9012edba7b32c4                  |
| service_name | nova                                              |
| service_type | compute                                           |
| url          | http://openstack-linux36-vip.magedu.net:8774/v2.1 |
+--------------+---------------------------------------------------+


#创建私有端点
[root@controller1 ~]# openstack endpoint create --region RegionOne  compute internal http://openstack-linux36-vip.magedu.net:8774/v2.1
+--------------+---------------------------------------------------+
| Field        | Value                                             |
+--------------+---------------------------------------------------+
| enabled      | True                                              |
| id           | e1a234b7b1064a40aa7929b3d5a7e9b6                  |
| interface    | internal                                          |
| region       | RegionOne                                         |
| region_id    | RegionOne                                         |
| service_id   | cb6d1f71a8f24aa58b9012edba7b32c4                  |
| service_name | nova                                              |
| service_type | compute                                           |
| url          | http://openstack-linux36-vip.magedu.net:8774/v2.1 |
+--------------+---------------------------------------------------+


#创建管理端点
[root@controller1 ~]# openstack endpoint create --region RegionOne compute admin http://openstack-linux36-vip.magedu.net:8774/v2.1
+--------------+---------------------------------------------------+
| Field        | Value                                             |
+--------------+---------------------------------------------------+
| enabled      | True                                              |
| id           | 6a605f1595c54ce4bb3aaa7b55343940                  |
| interface    | admin                                             |
| region       | RegionOne                                         |
| region_id    | RegionOne                                         |
| service_id   | cb6d1f71a8f24aa58b9012edba7b32c4                  |
| service_name | nova                                              |
| service_type | compute                                           |
| url          | http://openstack-linux36-vip.magedu.net:8774/v2.1 |
+--------------+---------------------------------------------------+

2.3 创建placement用户并授权

# Placement用户密码设置为placement
[root@controller1 ~]# openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | cbdbfa70fb1c4b0d9b0d37650f848599 |
| enabled             | True                             |
| id                  | d20223e2d3fb40279d2e4f9622027226 |
| name                | placement                        |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+


[root@controller1 ~]# openstack role add --project service --user placement admin

2.4 创建placement API并注册

[root@controller1 ~]# openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Placement API                    |
| enabled     | True                             |
| id          | 3a9a076760c0404ea41bf7fb6163ea2f |
| name        | placement                        |
| type        | placement                        |
+-------------+----------------------------------+


[root@controller1 ~]# openstack endpoint create --region RegionOne placement public http://openstack-linux36-vip.magedu.net:8778
+--------------+----------------------------------------------+
| Field        | Value                                        |
+--------------+----------------------------------------------+
| enabled      | True                                         |
| id           | 27994f9a8bfa44f49cd7a19a8fe81ea2             |
| interface    | public                                       |
| region       | RegionOne                                    |
| region_id    | RegionOne                                    |
| service_id   | 3a9a076760c0404ea41bf7fb6163ea2f             |
| service_name | placement                                    |
| service_type | placement                                    |
| url          | http://openstack-linux36-vip.magedu.net:8778 |
+--------------+----------------------------------------------+


[root@controller1 ~]# openstack endpoint create --region RegionOne placement internal http://openstack-linux36-vip.magedu.net:8778
+--------------+----------------------------------------------+
| Field        | Value                                        |
+--------------+----------------------------------------------+
| enabled      | True                                         |
| id           | a63ff379f80243b8aa56b5699b2e24a8             |
| interface    | internal                                     |
| region       | RegionOne                                    |
| region_id    | RegionOne                                    |
| service_id   | 3a9a076760c0404ea41bf7fb6163ea2f             |
| service_name | placement                                    |
| service_type | placement                                    |
| url          | http://openstack-linux36-vip.magedu.net:8778 |



[root@controller1 ~]# openstack endpoint create --region RegionOne placement admin http://openstack-linux36-vip.magedu.net:8778
+--------------+----------------------------------------------+
| Field        | Value                                        |
+--------------+----------------------------------------------+
| enabled      | True                                         |
| id           | d8ddf8133fe3452db1b55ec25dd5f741             |
| interface    | admin                                        |
| region       | RegionOne                                    |
| region_id    | RegionOne                                    |
| service_id   | 3a9a076760c0404ea41bf7fb6163ea2f             |
| service_name | placement                                    |
| service_type | placement                                    |
| url          | http://openstack-linux36-vip.magedu.net:8778 |
+--------------+----------------------------------------------+


[root@controller1 ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------------+
| ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                                               |
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------------+
| 12935010e2c7496197f550b17fcc8677 | RegionOne | glance       | image        | True    | internal  | http://openstack-linux36-vip.magedu.net:9292      |
| 27994f9a8bfa44f49cd7a19a8fe81ea2 | RegionOne | placement    | placement    | True    | public    | http://openstack-linux36-vip.magedu.net:8778      |
| 2bd9252a93884989931096910cb7109d | RegionOne | glance       | image        | True    | admin     | http://openstack-linux36-vip.magedu.net:9292      |
| 343a5a2993ba45fd8d09e53c0553c0d2 | RegionOne | keystone     | identity     | True    | public    | http://openstack-linux36-vip.magedu.net:5000/v3   |
| 6a605f1595c54ce4bb3aaa7b55343940 | RegionOne | nova         | compute      | True    | admin     | http://openstack-linux36-vip.magedu.net:8774/v2.1 |
| 986b99b5c1bf4654addb6d4063513629 | RegionOne | keystone     | identity     | True    | internal  | http://openstack-linux36-vip.magedu.net:5000/v3   |
| a63ff379f80243b8aa56b5699b2e24a8 | RegionOne | placement    | placement    | True    | internal  | http://openstack-linux36-vip.magedu.net:8778      |
| b79b887989bd4aad9fc55279c54f894a | RegionOne | glance       | image        | True    | public    | http://openstack-linux36-vip.magedu.net:9292      |
| cabb52a4f8ce4555969aa245cb269390 | RegionOne | nova         | compute      | True    | public    | http://openstack-linux36-vip.magedu.net:8774/v2.1 |
| d8ddf8133fe3452db1b55ec25dd5f741 | RegionOne | placement    | placement    | True    | admin     | http://openstack-linux36-vip.magedu.net:8778      |
| e1a234b7b1064a40aa7929b3d5a7e9b6 | RegionOne | nova         | compute      | True    | internal  | http://openstack-linux36-vip.magedu.net:8774/v2.1 |
| edbd39d70a7c4656a7c63ca579f78e73 | RegionOne | keystone     | identity     | True    | admin     | http://openstack-linux36-vip.magedu.net:35357/v3  |
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------------+

  1. 配置haproxy
root@lb1:~# vim /etc/haproxy/haproxy.cfg

...
listen  opnestack_nova_port_8774
 bind 172.20.6.248:8774
 mode tcp
 log global
 server 172.20.6.101  172.20.6.101:8774  check inter 3000 fall 2 rise 5

listen  opnestack_nova_port_8778
 bind 172.20.6.248:8778
 mode tcp
 log global
 server 172.20.6.101  172.20.6.101:8778  check inter 3000 fall 2 rise 5

root@lb1:~# systemctl restart haproxy
image.png
  1. nova安全并配置组件
    4.1 安装软件包
[root@controller1 ~]# yum -y install openstack-nova-api openstack-nova-conductor \
>   openstack-nova-console openstack-nova-novncproxy \
>   openstack-nova-scheduler openstack-nova-placement-api

4.2 编辑/etc/nova/nova.conf文件并完成下面的操作

[root@controller1 ~]# vim /etc/nova/nova.conf
...
[DEFAULT]
enabled_apis = osapi_compute,metadata
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
transport_url = rabbit://openstack:[email protected]

[api]
auth_strategy = keystone

[api_database]
connection = mysql+pymysql://nova:[email protected]/nova_api

[database]
connection = mysql+pymysql://nova:[email protected]/nova

[glance]
api_servers = http://openstack-linux36-vip.magedu.net:9292

[keystone_authtoken]
auth_uri = http://openstack-linux36-vip.magedu.net:5000
auth_url = http://openstack-linux36-vip.magedu.net:35357
memcached_servers = openstack-linux36-vip.magedu.net:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://openstack-linux36-vip.magedu.net:35357/v3
username = placement
password = placement

[vnc]
enabled = True
vncserver_listen = 172.20.6.101
vncserver_proxyclient_address = 172.20.6.101

4.3 配置apache允许访问placement API,/etc/httpd/conf.d/00-nova-placement-api.conf

[root@controller1 ~]# vim /etc/httpd/conf.d/00-nova-placement-api.conf
...

   = 2.4>
      Require all granted
   
   
      Order allow,deny
      Allow from all
   

  • 重启http
[root@controller1 ~]# systemctl restart httpd

4.4 初始化数据库:

  • nova_api数据库
[root@controller1 ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
  • nova cell0数据库
[root@controller1 ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
  • nova cell1数据库
[root@controller1 ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
bbdadb52-b644-4946-88e4-532cd8b3e649
  • nova数据库
[root@controller1 ~]# su -s /bin/sh -c "nova-manage db sync" nova
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release.')
  result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release.')
  result = self._query(query)

  • 验证nova cell0和nova cell1是否正常注册
[root@controller1 ~]# nova-manage cell_v2 list_cells
+-------+--------------------------------------+
|  Name |                 UUID                 |
+-------+--------------------------------------+
| cell0 | 00000000-0000-0000-0000-000000000000 |
| cell1 | bbdadb52-b644-4946-88e4-532cd8b3e649 |
+-------+--------------------------------------+

4.5 启动并将nova服务设置为开机启动

root@controller1 ~]# systemctl start openstack-nova-api.service   openstack-nova-consoleauth.service openstack-nova-scheduler.service   openstack-nova-conductor.service openstack-nova-novncproxy.service


[root@controller1 ~]# systemctl enable openstack-nova-api.service   openstack-nova-consoleauth.service openstack-nova-scheduler.service   openstack-nova-conductor.service openstack-nova-novncproxy.service

image.png

4.6 配置haproxy配置文件

...
注前面已经配置了8774和8778,所以这里仅配置6080端口转发
listen  opnestack_nova_port_6080
 bind 172.20.6.248:6080
 mode tcp
 log global
 server 172.20.6.101  172.20.6.101:6080  check inter 3000 fall 2 rise 5

root@lb1:~# systemctl restart haproxy

image.png

4.7 重启nova控制端脚本
由于启动的服务较多,便于后期重启,将nova启动服务携程一个脚本

[root@controller1 ~]# vim script/nova-restart.sh

#!/bin/bash
systemctl restart openstack-nova-api.service   openstack-nova-consoleauth.service openstack-nova-scheduler.service   openstack-nova-conductor.service openstack-nova-novncproxy.service

[root@controller1 ~]# tail -f /var/log/nova/*.log

==> /var/log/nova/nova-novncproxy.log <==
2019-06-25 10:06:57.672 16846 WARNING oslo_reports.guru_meditation_report [-] Guru meditation now registers SIGUSR1 and SIGUSR2 by default for backward compatibility. SIGUSR1 will no longer be registered in a future release, so please use SIGUSR2 to generate reports.
2019-06-25 10:06:57.673 16846 INFO nova.console.websocketproxy [-] WebSocket server settings:
2019-06-25 10:06:57.673 16846 INFO nova.console.websocketproxy [-]   - Listen on 0.0.0.0:6080
2019-06-25 10:06:57.674 16846 INFO nova.console.websocketproxy [-]   - Flash security policy server
2019-06-25 10:06:57.674 16846 INFO nova.console.websocketproxy [-]   - Web server (no directory listings). Web root: /usr/share/novnc
2019-06-25 10:06:57.675 16846 INFO nova.console.websocketproxy [-]   - No SSL/TLS support (no cert file)
2019-06-25 10:06:57.675 16846 INFO nova.console.websocketproxy [-]   - proxying from 0.0.0.0:6080 to None:None

4.8 查看rabbitMQ连接


image.png

4.9 验证nova控制端

root@controller1 ~]# nova service-list
+----+------------------+------------------------+----------+---------+-------+----------------------------+-----------------+
| Id | Binary           | Host                   | Zone     | Status  | State | Updated_at                 | Disabled Reason |
+----+------------------+------------------------+----------+---------+-------+----------------------------+-----------------+
| 1  | nova-consoleauth | controller1.magedu.net | internal | enabled | up    | 2019-06-25T02:20:35.000000 | -               |
| 2  | nova-scheduler   | controller1.magedu.net | internal | enabled | up    | 2019-06-25T02:20:36.000000 | -               |
| 3  | nova-conductor   | controller1.magedu.net | internal | enabled | up    | 2019-06-25T02:20:37.000000 | -               |
+----+------------------+------------------------+----------+---------+-------+----------------------------+-----------------+

  1. 部署nova计算节点
    在计算节点服务器部署
    5.1 安装软件包
+ 所有计算节点都安装该软件包
[root@computer1 ~]# yum install openstack-nova-compute -y

[root@computer2 ~]# yum install openstack-nova-compute -y
  • 计算节点/etc/nova/nova.conf配置好的最终配置文件
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:[email protected]
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[api]
auth_strategy = keystone

[glance]
api_servers = http://openstack-linux36-vip.magedu.net:9292

[keystone_authtoken]
auth_uri = http://openstack-linux36-vip.magedu.net:5000
auth_url = http://openstack-linux36-vip.magedu.net:35357
memcached_servers = openstack-linux36-vip.magedu.net:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova

[libvirt]
virt_type = qemu

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://openstack-linux36-vip.magedu.net:35357/v3
username = placement
password = placement

[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = 192.168.6.104
novncproxy_base_url = http://openstack-linux36-vip.magedu.net:6080/vnc_auto.html

  • 确认计算节点是否支持硬件加速
[root@computer1 ~]# egrep -c '(vmx|svm)' /proc/cpuinfo
2
注:非0代表支持硬件加速
  • 将域名解析ip地址写入/etc/hosts文件
[root@computer1 ~]# vim /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.20.6.248 openstack-linux36-vip.magedu.net
  • 启动nova 计算服务并设置为开机启动
[root@computer1 ~]# systemctl start libvirtd.service openstack-nova-compute.service

root@computer1 ~]# systemctl enable libvirtd.service openstack-nova-compute.service

  • 在控制节点添加计算节点到cell 数据库
[root@controller1 ~]# source script/admin.sh

[root@controller1 ~]# openstack hypervisor list
+----+----------------------+-----------------+--------------+-------+
| ID | Hypervisor Hostname  | Hypervisor Type | Host IP      | State |
+----+----------------------+-----------------+--------------+-------+
|  1 | computer1.magedu.net | QEMU            | 172.20.6.104 | up    |
+----+----------------------+-----------------+--------------+-------+

  • 主动发现计算节点
#使用命令发现
[root@controller1 ~]#  su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
Found 2 cell mappings.
Skipping cell0 since it does not contain hosts.
Getting compute nodes from cell 'cell1': bbdadb52-b644-4946-88e4-532cd8b3e649
Found 1 computes in cell: bbdadb52-b644-4946-88e4-532cd8b3e649
Checking host mapping for compute host 'computer1.magedu.net': f228eb43-8f31-47e2-bf2b-561bc5c5e0c9
Creating host mapping for compute host 'computer1.magedu.net': f228eb43-8f31-47e2-bf2b-561bc5c5e0c9



#定期主动发现
[root@controller1 ~]# vim /etc/nova/nova.conf
discover_hosts_in_cells_interval=300

[root@controller1 ~]# bash script/admin.sh

5.2 第二个计算节点服务器部署

  • 第一个计算节点配置完成之后,后面的计算节点就方便了,直接将第一个计算节点的nova配置文件拷贝过来,稍作修改,就可以启动服务
[root@computer2 ~]# yum install openstack-nova-compute -y 
[root@computer1 ~]# cd /etc/nova/
[root@computer1 nova]# ls
api-paste.ini  nova.conf  policy.json  release  rootwrap.conf
[root@computer1 nova]# tar czvf nova-computer.tar.gz ./*
./api-paste.ini
./nova.conf
./policy.json
./release
./rootwrap.conf
[root@computer1 nova]# ls
api-paste.ini  nova-computer.tar.gz  nova.conf  policy.json  release  rootwrap.conf
[root@computer1 nova]# scp nova-computer.tar.gz 172.20.6.105:/etc/nova/

  • 配置文件稍作修改
[root@computer2 ~]# cd /etc/nova/
You have new mail in /var/spool/mail/root
[root@computer2 nova]# ls
api-paste.ini  nova-computer.tar.gz  nova.conf  policy.json  release  rootwrap.conf
[root@computer2 nova]# tar xf nova-computer.tar.gz 

[root@computer2 nova]# vim nova.conf
...
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = 192.168.6.105  注:仅该此处ip地址为本机ip地址
novncproxy_base_url = http://openstack-linux36-vip.magedu.net:6080/vnc_auto.html
[root@computer2 nova]# vim /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.20.6.248 openstack-linux36-vip.magedu.net

  • 启动nova 计算服务并设置为开机启动
[root@computer2 nova]# systemctl start libvirtd.service openstack-nova-compute.service
[root@computer2 nova]# systemctl enable libvirtd.service openstack-nova-compute.service
  • 添加计算节点到cell 数据库
[root@controller1 ~]# openstack hypervisor list
+----+----------------------+-----------------+--------------+-------+
| ID | Hypervisor Hostname  | Hypervisor Type | Host IP      | State |
+----+----------------------+-----------------+--------------+-------+
|  1 | computer1.magedu.net | QEMU            | 172.20.6.104 | up    |
|  2 | computer2.magedu.net | QEMU            | 172.20.6.105 | up    |
+----+----------------------+-----------------+--------------+-------+
  • 验证计算节点
[root@controller1 ~]# nova host-list
+------------------------+-------------+----------+
| host_name              | service     | zone     |
+------------------------+-------------+----------+
| controller1.magedu.net | consoleauth | internal |
| controller1.magedu.net | scheduler   | internal |
| controller1.magedu.net | conductor   | internal |
| computer1.magedu.net   | compute     | nova     |
| computer2.magedu.net   | compute     | nova     |
+------------------------+-------------+----------+

[root@controller1 ~]# nova service-list
+----+------------------+------------------------+----------+---------+-------+----------------------------+-----------------+
| Id | Binary           | Host                   | Zone     | Status  | State | Updated_at                 | Disabled Reason |
+----+------------------+------------------------+----------+---------+-------+----------------------------+-----------------+
| 1  | nova-consoleauth | controller1.magedu.net | internal | enabled | up    | 2019-06-25T03:27:57.000000 | -               |
| 2  | nova-scheduler   | controller1.magedu.net | internal | enabled | up    | 2019-06-25T03:27:58.000000 | -               |
| 3  | nova-conductor   | controller1.magedu.net | internal | enabled | up    | 2019-06-25T03:27:58.000000 | -               |
| 6  | nova-compute     | computer1.magedu.net   | nova     | enabled | up    | 2019-06-25T03:28:01.000000 | -               |
| 7  | nova-compute     | computer2.magedu.net   | nova     | enabled | up    | 2019-06-25T03:27:55.000000 | -               |
+----+------------------+------------------------+----------+---------+-------+----------------------------+-----------------+


[root@controller1 ~]# nova image-list
WARNING: Command image-list is deprecated and will be removed after Nova 15.0.0 is released. Use python-glanceclient or openstackclient instead
+--------------------------------------+--------------+--------+--------+
| ID                                   | Name         | Status | Server |
+--------------------------------------+--------------+--------+--------+
| de7350ff-5090-4cda-a950-2817cee72384 | cirros-0.3.4 | ACTIVE |        |
+--------------------------------------+--------------+--------+--------+

[root@controller1 ~]# openstack image list
+--------------------------------------+--------------+--------+
| ID                                   | Name         | Status |
+--------------------------------------+--------------+--------+
| de7350ff-5090-4cda-a950-2817cee72384 | cirros-0.3.4 | active |
+--------------------------------------+--------------+--------+

  • 列出服务组件是否成功注册
[root@controller1 ~]# openstack compute service list
+----+----------------+----------------+----------+---------+-------+----------------+
| ID | Binary         | Host           | Zone     | Status  | State | Updated At     |
+----+----------------+----------------+----------+---------+-------+----------------+
|  1 | nova-          | controller1.ma | internal | enabled | up    | 2019-06-25T03: |
|    | consoleauth    | gedu.net       |          |         |       | 31:07.000000   |
|  2 | nova-scheduler | controller1.ma | internal | enabled | up    | 2019-06-25T03: |
|    |                | gedu.net       |          |         |       | 30:58.000000   |
|  3 | nova-conductor | controller1.ma | internal | enabled | up    | 2019-06-25T03: |
|    |                | gedu.net       |          |         |       | 30:58.000000   |
|  6 | nova-compute   | computer1.mage | nova     | enabled | up    | 2019-06-25T03: |
|    |                | du.net         |          |         |       | 31:01.000000   |
|  7 | nova-compute   | computer2.mage | nova     | enabled | up    | 2019-06-25T03: |
|    |                | du.net         |          |         |       | 31:05.000000   |
+----+----------------+----------------+----------+---------+-------+----------------+
  • 检查cells 和placement API是否工作正常
[root@controller1 ~]#  nova-status upgrade check
+---------------------------+
| Upgrade Check Results     |
+---------------------------+
| Check: Cells v2           |
| Result: Success           |
| Details: None             |
+---------------------------+
| Check: Placement API      |
| Result: Success           |
| Details: None             |
+---------------------------+
| Check: Resource Providers |
| Result: Success           |
| Details: None             |

  • 列出keystone服务中的端点,以验证keystone的连通性
[root@controller1 ~]# openstack catalog list
+-----------+-----------+------------------------------------------------------------+
| Name      | Type      | Endpoints                                                  |
+-----------+-----------+------------------------------------------------------------+
| glance    | image     | RegionOne                                                  |
|           |           |   internal: http://openstack-linux36-vip.magedu.net:9292   |
|           |           | RegionOne                                                  |
|           |           |   admin: http://openstack-linux36-vip.magedu.net:9292      |
|           |           | RegionOne                                                  |
|           |           |   public: http://openstack-linux36-vip.magedu.net:9292     |
|           |           |                                                            |
| placement | placement | RegionOne                                                  |
|           |           |   public: http://openstack-linux36-vip.magedu.net:8778     |
|           |           | RegionOne                                                  |
|           |           |   internal: http://openstack-linux36-vip.magedu.net:8778   |
|           |           | RegionOne                                                  |
|           |           |   admin: http://openstack-linux36-vip.magedu.net:8778      |
|           |           |                                                            |
| keystone  | identity  | RegionOne                                                  |
|           |           |   public: http://openstack-linux36-vip.magedu.net:5000/v3  |
|           |           | RegionOne                                                  |
|           |           |   internal: http://openstack-                              |
|           |           | linux36-vip.magedu.net:5000/v3                             |
|           |           | RegionOne                                                  |
|           |           |   admin: http://openstack-linux36-vip.magedu.net:35357/v3  |
|           |           |                                                            |
| nova      | compute   | RegionOne                                                  |
|           |           |   admin: http://openstack-linux36-vip.magedu.net:8774/v2.1 |
|           |           | RegionOne                                                  |
|           |           |   public: http://openstack-                                |
|           |           | linux36-vip.magedu.net:8774/v2.1                           |
|           |           | RegionOne                                                  |
|           |           |   internal: http://openstack-                              |
|           |           | linux36-vip.magedu.net:8774/v2.1                           |
|           |           |                                                            |
+-----------+-----------+------------------------------------------------------------

五、部署网络服务neutron

搭建简单的openstack服务之二

你可能感兴趣的:(搭建简单的openstack服务之一)