注: 所有命令都要切换到
root用户下执行,通过sudo su命令可切换到root用户 ,这样就不需要在每条命令中输入sudo。
在命令行中 通过ctrl+shift+c复制,通过ctrl+shift+v粘贴
1. 配置vnc(所有节点)
- 设置共享桌面
- ubuntu 桌面左上角
Search your computer=>Desktop Sharing
image.png- 勾选
Sharing->Allow other users to view your desktop和Sharing->Allow other users to control your desktop取消勾选Security->You must confirm each access to this machine
image.png
- 设置免登录 (因为 ubuntu 在登录的时候没有打开vnc,因而连不上远程桌面,所以使用免登录)
1.ubuntu 桌面左上角
Search your computer=>System Settings
image.png
2.点击User Accounts
image.png
3. 点击Unlock解锁, 设置Automatic Login为ON
image.png
- 下载
vnc4server
- apt-get install xrdp vnc4server xbase-clients
apt-get install dconf-editor- ubuntu 桌面左上角
Search your computer=>dconf Editor
image.pngorg=>gnome=>desktop=>remote-access=>取消勾选require-encryption
image.png
2. 配置网卡(所有节点)
- 把默认的
ens改成eth(通过ifconfig命令可以查看到默认网卡是ens格式 ,现在要改成eth)
- gedit /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"image.png
- 重新生成
grub文件
update-grub
grub-mkconfig -o /boot/grub/grub.cfg
- 添加
eth0网卡
/etc/network/interfaces
auto eth0
iface eth0 inet static
address 192.168.0.200
netmask 255.255.255.0
gateway 192.168.0.1
dns-nameserver 192.168.0.1注:
controller节点用192.168.0.200,compute1节点用192.168.0.203
- 重启
reboot
3. 设置 hosts 和 hostname (所有节点)
- 设置
hosts
- gedit /etc/hosts
注掉
127.0.1.1
192.168.0.200 controller
192.168.0.203 compute1image.png
- 设置
hostname
- gedit /etc/hostname
controller节点上是controller,compute1节点上 是conpute1
image.png- 重启
reboot
4. 换源
- 换阿里源
- gedit /etc/apt/sources.list
注:文件中的其他内容全部删除
deb-src http://archive.ubuntu.com/ubuntu xenial main restricted
deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted
deb-src http://mirrors.aliyun.com/ubuntu/ xenial main restricted multiverse universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted multiverse universe
deb http://mirrors.aliyun.com/ubuntu/ xenial universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe
deb http://mirrors.aliyun.com/ubuntu/ xenial multiverse
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates multiverse
deb http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse
deb http://archive.canonical.com/ubuntu xenial partner
deb-src http://archive.canonical.com/ubuntu xenial partner
deb http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted multiverse universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-security universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-security multiverse
- 更新
apt update
apt upgrade
apt dist-upgrade
apt autoremove- 重启
reboot(现在就可以通过vnc viewer连接这些节点了)
5. 时间服务器 ntp
-
controller节点
- 下载并配置
apt install chrony
gedit /etc/chrony/chrony.conf
allow 192.168.0.0/24
server ntp1.aliyun.com iburstimage.png
- 重启 ntp
service chrony restart- 验证
chronyc sources
image.png
- 其他节点
- 下载并配置
apt install chrony
gedit /etc/chrony/chrony.conf注释掉
pool 2.debian.pool.ntp.org offline iburst
server controller iburstimage.png
- 重启 ntp
service chrony restart- 验证
chronyc sources
image.png
5. OpenStack 所需要的包(所有节点)
- 所有节点
apt install software-properties-common
add-apt-repository cloud-archive:newton
apt update && apt dist-upgrade
apt install python-openstackclient
6. 配置数据库(仅controller 节点)
- controller 节点
- 下载和配置
apt install mariadb-server python-pymysql
gedit /etc/mysql/mariadb.conf.d/99-openstack.cnf
注:99-openstack.cnf并不存在,这步操作新建了一个文件
[mysqld]
bind-address = 192.168.0.200
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
- 重启
service mysql restart
7. 配置消息队列(仅controller 节点)
- controller 节点
- 下载
apt install rabbitmq-server- 添加 openstack 用户
rabbitmqctl add_user openstack 123456
image.png
注: openstack 是用户, 123456 是密码- 为 openstack 用户设置 读写访问权限
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
image.png
8. 配置 Memcached(仅controller 节点)
- controller 节点
- 下载
apt install memcached python-memcache- 配置
gedit /etc/memcached.conf
-l 192.168.0.200image.png
- 重启
service memcached restart
9. 配置身份服务(仅 Controller 节点)
- 创建数据库 keystone
1.登入sql:
mysql -uroot -p123456
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123456';
退出sql:exit
- 下载和配置 keystone
1.下载
apt install keystone
- 配置
gedit /etc/keystone/keystone.conf
[database]
...
connection = mysql+pymysql://keystone:123456@controller/keystone
[token]
...
provider = fernet注:注释掉
[database]中其他的connection,provider有多个,注意一定要是[token]中
image.png
- 根据配置填充数据库
keystone数据
su -s /bin/sh -c "keystone-manage db_sync" keystone- 初始化Fernet密钥存储库:
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone- 初始化身份服务
keystone-manage bootstrap --bootstrap-password 123456 --bootstrap-admin-url http://controller:35357/v3/ --bootstrap-internal-url http://controller:35357/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne
注:123456 是自定义的密码
- 配置 apache
- 配置
gedit /etc/apache2/apache2.conf
ServerName controllerimage.png
- 重启
service apache2 restart
- 配置管理账户
- 删除 默认数据库
rm -f /var/lib/keystone/keystone.db- 配置管理账户(通过设置 环境变量的方式)
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
注:123456 是前面初始化身份服务中的 密码
- 创建 domain, projects, users, and roles
- 创建
serviceproject
openstack project create --domain default --description "Service Project" service
image.png- 创建
demo(因为 openstack 的常规操作不能用 admin 账户)
创建demoproject:openstack project create --domain default --description "Demo Project" demo
image.png
创建demouser:openstack user create --domain default --password-prompt demo
image.png
创建userrole:openstack role create user
image.png
把user角色 和demoproject 和demouser 关联起来
openstack role add --project demo --user demo user
- 配置
gedit /etc/keystone/keystone-paste.ini删掉
[pipeline:public_api]、[pipeline:admin_api]、[pipeline:api_v3]中的admin_token_authimage.png
- 验证
- 清除环境变量
unset OS_AUTH_URL OS_PASSWORD- 验证
admin
openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
image.png3.验证
demo
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name demo --os-username demo token issue
image.png
- 配置登录脚本
- 配置
admin
在当前用户目录下
image.png
gedit admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
- 配置
demo
在当前用户目录下
gedit demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=123456
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
- 验证
登录. admin-openrc或. demo-openrc
验证openstack token issue
image.png
9. 配置镜像服务(仅 Controller 节点)
- 创建数据库 glance
1.登入sql:
mysql -uroot -p123456
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123456';
退出sql:exit
- 创建 glance 账户
- 登录 :
. admin-openrc- 创建
glance
创建glanceuser:openstack user create --domain default --password-prompt glance
image.png
把admin角色 和serviceproject 和glanceuser 关联起来:
openstack role add --project service --user glance admin
创建glanceservice:
openstack service create --name glance --description "OpenStack Image" image
image.png
创建镜像服务API(public internal admin ):
openstack endpoint create --region RegionOne image public http://controller:9292
image.png
openstack endpoint create --region RegionOne image internal http://controller:9292
image.png
openstack endpoint create --region RegionOne image admin http://controller:9292
image.png
- 下载和配置
glance
- 下载
apt install glance- 配置
gedit /etc/glance/glance-api.conf
[database]
...
connection = mysql+pymysql://glance:123456@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = 123456
[paste_deploy]
...
flavor = keystone
[glance_store]
...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/注:
[keystone_authtoken]的所有其他选项都要删掉
image.png
image.png
gedit /etc/glance/glance-registry.conf
[database]
...
connection = mysql+pymysql://glance:123456@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = 123456
[paste_deploy]
...
flavor = keystone注:
[keystone_authtoken]的所有其他选项都要删掉
- 填充镜像服务数据库
su -s /bin/sh -c "glance-manage db_sync" glance- 重启服务
service glance-registry restart
service glance-api restart- 验证
登录:. admin-openrc
下载:wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img注:可以通过
openssh从其他主机上传入镜像
apt-get install openssh-server
service ssh start上传:
openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
image.png
查看:openstack image list
image.png
9. 配置计算服务(Controller 节点)
- 创建数据库 nova
1.登入sql:
mysql -uroot -p123456
CREATE DATABASE nova_api;
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '123456';
退出sql:exit
- 创建 nova账户
- 登录 :
. admin-openrc- 创建
nova
创建novauser:openstack user create --domain default --password-prompt nova
image.png
把admin角色 和novauser 关联起来:
openstack role add --project service --user nova admin
创建novaservice:
openstack service create --name nova --description "OpenStack Compute" compute
image.png
创建计算服务服务API(public internal admin ):
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1/%\(tenant_id\)s
image.png
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1/%\(tenant_id\)s
image.png
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1/%\(tenant_id\)s
image.png
- 下载和配置
nova
- 下载
apt install nova-api nova-conductor nova-consoleauth nova-novncproxy nova-scheduler- 配置
gedit /etc/nova/nova.conf注释掉
[DEFAULT]中的log-dir
[api_database]
...
connection = mysql+pymysql://nova:123456@controller/nova_api
[database]
...
connection = mysql+pymysql://nova:123456@controller/nova
[DEFAULT]
...
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
my_ip = 192.168.0.200
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 123456
[vnc]
...
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
...
api_servers = http://controller:9292
[oslo_concurrency]
...
lock_path = /var/lib/nova/tmp注:
[keystone_authtoken]的所有其他选项都要删掉
image.png
- 填充数据库
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage db sync" nova- 重启服务
service nova-api restart
service nova-consoleauth restart
service nova-scheduler restart
service nova-conductor restart
service nova-novncproxy restart
10. 配置计算服务( compute1 节点)
- 下载和配置
nova
- 下载
apt install nova-compute- 配置
gedit /etc/nova/nova.conf注释掉
[DEFAULT]中的log-dir
[DEFAULT]
...
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
my_ip = 192.168.0.203
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 123456
[vnc]
...
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[glance]
...
api_servers = http://controller:9292
[oslo_concurrency]
...
lock_path = /var/lib/nova/tmp注:
[keystone_authtoken]的所有其他选项都要删掉
image.png
- 重启服务
service nova-compute restart- 验证(controller 节点)
登录:. admin-openrc
查看服务列表:openstack compute service list
image.png
11. 配置网络服务(Controller 节点)
- 创建数据库 neutron
1.登入sql:
mysql -uroot -p123456
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '123456';
退出sql:exit
- 创建 nova账户
- 登录 :
. admin-openrc- 创建
neutron
创建neutronuser:openstack user create --domain default --password-prompt neutron
image.png
把admin角色 和neutronuser 关联起来:
openstack role add --project service --user neutron admin
创建neutronservice:
openstack service create --name neutron --description "OpenStack Networking" network
image.png
创建计算网络服务API(public internal admin ):
openstack endpoint create --region RegionOne network public http://controller:9696
image.png
openstack endpoint create --region RegionOne network internal http://controller:9696
image.png
openstack endpoint create --region RegionOne network admin http://controller:9696
image.png
- 下载和配置
neutron
- 下载
apt install neutron-server neutron-plugin-ml2 neutron-linuxbridge-agent neutron-dhcp-agent neutron-metadata-agent- 配置(
Provider networks)
gedit /etc/neutron/neutron.conf
[database]
...
connection = mysql+pymysql://neutron:123456@controller/neutron
[DEFAULT]
...
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = 123456
[nova]
...
auth_url = http://controller:35357
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = nova
password = 123456
注:transport_url有2个 ,一定要选[DEFAULT]中的;[keystone_authtoken]的所有其他选项都要删掉
image.png
image.png
gedit /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
...
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
...
flat_networks = provider
[securitygroup]
...
enable_ipset = True
gedit /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth0
[vxlan]
enable_vxlan = False
[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
gedit /etc/neutron/dhcp_agent.ini
[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
- 配置
gedit /etc/neutron/metadata_agent.ini
[DEFAULT]
...
nova_metadata_ip = controller
metadata_proxy_shared_secret = 123456
gedit /etc/nova/nova.conf
[neutron]
...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = 123456
service_metadata_proxy = True
metadata_proxy_shared_secret = 123456
- 填充数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron- 重启服务
service nova-api restart
service neutron-server restart
service neutron-linuxbridge-agent restart
service neutron-dhcp-agent restart
service neutron-metadata-agent restart
12. 配置网络服务( compute1 节点)
- 下载和配置
neutron
- 下载
apt install neutron-linuxbridge-agent- 配置
gedit /etc/neutron/neutron.conf
[DEFAULT]
...
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = 123456注:
transport_url有2个 ,一定要选[DEFAULT]中的;[keystone_authtoken]的所有其他选项都要删掉
- 配置(
Provider networks)
gedit /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth0
[vxlan]
enable_vxlan = False
[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
- 配置
gedit /etc/nova/nova.conf
[neutron]
...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = 123456
- 重启服务
service nova-compute restart
service neutron-linuxbridge-agent restart- 验证(controller 节点)
登录:. admin-openrc
查看服务列表:openstack network agent list
image.png
13. 配置仪表盘(仅 controller 节点)
- 下载和配置
dashboard
- 下载
apt install openstack-dashboard- 配置
gedit /etc/openstack-dashboard/local_settings.py
OPENSTACK_HOST = "controller"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
ALLOWED_HOSTS = ['*', ]
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_ipv6': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
TIME_ZONE = "UTC"image.png
gedit /etc/apache2/conf-available/openstack-dashboard.conf
WSGIApplicationGroup %{GLOBAL}image.png
- 重启
service apache2 reload- 访问
http://192.168.0.200/horizon
image.png
14. 开始一个 instance(仅 controller 节点)
- 创建虚拟网络(Provider network)
- 登录:
. admin-openrc- 创建网络:
openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider
image.png- 子网:
openstack subnet create --network provider --allocation-pool start=192.168.0.220,end=192.168.0.229 --dns-nameserver 192.168.0.1 --gateway 192.168.0.1 --subnet-range 192.168.0.0/24 provider
image.png
- 创建 flavor
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
image.png
注:flavor 可以在 dashboard 中创建
image.png
- 生成一个密钥
- 登录:
. demo-openrc- 创建:
ssh-keygen -q -N ""
image.png
openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
image.png- 查看秘钥:
openstack keypair list
image.png
- 添加安全组规则(security group rules)
- 允许
ICMP
openstack security group rule create --proto icmp default
image.png- 允许
SSH
openstack security group rule create --proto tcp --dst-port 22 default
image.png
- 创建一个 instance
登录:
image.png创建
image.png
image.png
image.png- 查看
image.png
image.png
注:因为查看的时候url用的 是http://controller:6080/,所以需要修改C:\Windows\System32\drivers\etc\hosts,添加192.168.0.200 controller
15. 块存储(Controller 节点)
- 创建数据库 cinder
1.登入sql:
mysql -uroot -p123456
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY '123456';
退出:exit
- 创建
cinder
- 登录:
. admin-openrc
创建cinderuser:
openstack user create --domain default --password-prompt cinder
关联admin角色 与cinderuser
openstack role add --project service --user cinder admin- 创建
cinder和cinderv2service
openstack service create --name cinder --description "OpenStack Block Storage" volume
openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2- 创建
API
openstack endpoint create --region RegionOne volume public http://controller:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volume internal http://controller:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volume admin http://controller:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(tenant_id\)s- 安装和配置
安装:apt install cinder-api cinder-scheduler
配置:gedit /etc/cinder/cinder.conf
[database]
...
connection = mysql+pymysql://cinder:123456@controller/cinder
[DEFAULT]
...
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
my_ip = 192.168.0.200
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = cinder
password = 123456
[oslo_concurrency]
...
lock_path = /var/lib/cinder/tmp创建数据库表:
su -s /bin/sh -c "cinder-manage db sync" cinder
- 配置
nova
gedit /etc/nova/nova.conf
[cinder]
os_region_name = RegionOne
- 重启
service nova-api restart
service cinder-scheduler restart
service cinder-api restart
16. 块存储(block 节点 192.168.0.204)
- 配置
- 安装
lvm2
apt install lvm2- 创建
volume
pvcreate /dev/sda4- 创建
group
vgcreate cinder-volumes /dev/sda4- 配置
lvm
gedit /etc/lvm/lvm.conf
devices {
...
filter = [ "a/sda4/", "r/.*/"]
- 下载和配置
cinder
下载:apt install cinder-volume
配置:gedit /etc/cinder/cinder.conf
[database]
...
connection = mysql+pymysql://cinder:123456@controller/cinder
[DEFAULT]
...
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
my_ip = 192.168.0.204
enabled_backends = lvm
glance_api_servers = http://controller:9292
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = cinder
password = 123456
[lvm]
...
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = tgtadm
[oslo_concurrency]
...
lock_path = /var/lib/cinder/tmp重启:
service tgt restart
service cinder-volume restart
- 验证(controller 节点)
登录:. admin-openrc
验证:openstack volume service list
image.png
7.使用 (controller 节点)
登录:. demo-openrc
创建卷:openstack volume create --size 1 volume1
或者用dashboard:
image.png连接
volume到instance上:
image.png
在instance (192.168.0.218)中查看:
fdisk -l
image.png
17. 对象存储(Controller 节点)
- 创建
- 创建
swift
登录:. admin-openrc
创建swiftuser:
openstack user create --domain default --password-prompt swift
关联swift用户和admin角色:openstack role add --project service --user swift admin
创建swiftservice:openstack service create --name swift --description "OpenStack Object Storage" object-store
创建api:
openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\(tenant_id\)s
openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\(tenant_id\)s
openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1
- 安装和配置
- 安装:
apt-get install swift swift-proxy python-swiftclient python-keystoneclient python-keystonemiddleware memcached- 从
git获取配置文件
创建/etc/swift目录:
mkdir /etc/swift
获取配置文件proxy-server.conf:
curl -o /etc/swift/proxy-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/proxy-server.conf-sample
注:安装curl用apt install curl- 配置
gedit /etc/swift/proxy-server.conf
[DEFAULT]
...
bind_port = 8080
user = swift
swift_dir = /etc/swift在
[pipeline:main]中删除tempurl和tempauth模块,添加authtoken和keystoneauth模块
[pipeline:main]
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server
[app:proxy-server]
use = egg:swift#proxy
...
account_autocreate = True
[filter:keystoneauth]
use = egg:swift#keystoneauth
...
operator_roles = admin,user
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = swift
password = 123456
delay_auth_decision = True
[filter:cache]
use = egg:swift#memcache
...
memcache_servers = controller:11211
17. 对象存储(object 节点 192.168.0.205)
- 安装和配置
rsync
注:分区工具
apt-get install gparted
gparted
- 安装:
apt-get install xfsprogs rsync
格式化盘:
mkfs.xfs /dev/sda5
mkfs.xfs /dev/sda6
创建mount目录:
mkdir -p /srv/node/sda5
mkdir -p /srv/node/sda6
配置/etc/fstab:
gedit /etc/fstab
...
/dev/sda5 /srv/node/sda5 xfs noatime,nodiratime,nobarrier,logbufs=8 0 2
/dev/sda6 /srv/node/sda6 xfs noatime,nodiratime,nobarrier,logbufs=8 0 2挂载:
mount /srv/node/sd5
mount /srv/node/sd6
创建/etc/rsyncd.conf:
gedit /etc/rsyncd.conf
uid = swift
gid = swift
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
address = 192.168.0.205
[account]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/account.lock
[container]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/container.lock
[object]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/object.lock配置
/etc/default/rsync:
gedit /etc/default/rsync
RSYNC_ENABLE=true开始:
service rsync start
- 安装和配置
swift
- 安装:
apt-get install swift swift-account swift-container swift-object- 下载配置文件:
curl -o /etc/swift/account-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/account-server.conf-sample?h=stable/mitaka
curl -o /etc/swift/container-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/container-server.conf-sample?h=stable/mitaka
curl -o /etc/swift/object-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/object-server.conf-sample?h=stable/mitaka- 配置
/etc/swift/account-server.conf
gedit /etc/swift/account-server.conf
[DEFAULT]
...
bind_ip = 192.168.0.205
bind_port = 6202
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True
[pipeline:main]
pipeline = healthcheck recon account-server
[filter:recon]
use = egg:swift#recon
...
recon_cache_path = /var/cache/swift
- 配置
/etc/swift/container-server.conf
gedit /etc/swift/container-server.conf
[DEFAULT]
...
bind_ip = 192.168.0.205
bind_port = 6201
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True
[pipeline:main]
pipeline = healthcheck recon container-server
[filter:recon]
use = egg:swift#recon
...
recon_cache_path = /var/cache/swift
- 配置
/etc/swift/object-server.conf
gedit /etc/swift/object-server.conf
[DEFAULT]
...
bind_ip = 192.168.0.205
bind_port = 6200
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True
[pipeline:main]
pipeline = healthcheck recon object-server
[filter:recon]
use = egg:swift#recon
...
recon_cache_path = /var/cache/swift
recon_lock_path = /var/lock
- 配置
mount目录权限:chown -R swift:swift /srv/node- 创建
recon目录:
mkdir -p /var/cache/swift
chown -R root:swift /var/cache/swift
chmod -R 775 /var/cache/swift
