溫馨提示×

溫馨提示×

您好，登錄后才能下訂單哦！

密碼登錄×

忘記密碼？

登錄注冊×

獲取短信驗證碼

其他方式登錄

點擊登錄注冊即表示同意《億速云用戶服務條款》

用戶登錄×

賬戶密碼登錄

請使用微信掃描上方二維碼

使用幫助

請求超時！

請點擊重新獲取二維碼

openstack下

發(fā)布時間：2020-08-04 00:00:08 來源：網絡閱讀：1234 作者：rockSnail 欄目：數據庫

接上篇

計算服務：

安裝配置控制節(jié)點：

yum install openstack-nova-api openstack-nova-conductor \

openstack-nova-console openstack-nova-novncproxy \

openstack-nova-scheduler

此時，缺少一個包： python-pygments需要自己下載并安裝

1、獲得 admin 憑證來獲取只有管理員能執(zhí)行的命令的訪問權限：

#. admin-openrc

2、要創(chuàng)建服務證書，完成這些步驟：

創(chuàng)建 nova 用戶：

openstack user create --domain default \

--password-prompt nova

給 nova 用戶添加 admin 角色：

openstack role add --project service --user nova admin

創(chuàng)建 nova 服務實體：

openstack service create --name nova \

--description "OpenStack Compute" compute

創(chuàng)建 Compute 服務 API 端點：

# openstack endpoint create --region RegionOne \

> compute public http://172.25.33.10:8774/v2.1/%\(tenant_id\)s

# openstack endpoint create --region RegionOne compute internal http://172.25.33.10:8774/v2.1/%\(tenant_id\)s

+--------------+---------------------------------------------+

| Field | Value |

+--------------+---------------------------------------------+

| enabled | True |

| id | 44b3adb6ce2348908abbf4d3f9a52f2b |

| interface | internal |

| region | RegionOne |

| region_id | RegionOne |

| service_id | a394a2c40c144d6fb9db567a1105c44a |

| service_name | nova |

| service_type | compute |

| url | http://172.25.33.10:8774/v2.1/%(tenant_id)s |

+--------------+---------------------------------------------+

# openstack endpoint create --region RegionOne compute admin http://172.25.33.10:8774/v2.1/%\(tenant_id\)s

編輯``/etc/nova/nova.conf``文件并完成下面的操作：

1、在``[DEFAULT]``部分，只啟用計算和元數據API

[DEFAULT]

enabled_apis = osapi_compute,metadata

在``[api_database]``和``[database]``部分，配置數據庫的連接：

[api_database]

connection = mysql+pymysql://nova:nova@172.25.33.10/nova_api

[database]

connection = mysql+pymysql://nova:nova@172.25.33.10/nova

在 “[DEFAULT]” 和 “[oslo_messaging_rabbit]”部分，配置 “RabbitMQ” 消息隊列訪問：

[DEFAULT]

rpc_backend = rabbit

[oslo_messaging_rabbit]

rabbit_host = controller

rabbit_userid = openstack

rabbit_password = rabbit

在 “[DEFAULT]” 和 “[keystone_authtoken]” 部分，配置認證服務訪問

[DEFAULT]

auth_strategy = keystone

[keystone_authtoken]

auth_uri = http://172.25.33.10:5000

auth_url = http://172.25.33.10:35357

memcached_servers = 172.25.33.10:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = nova

password = nova

在 [DEFAULT 部分，配置``my_ip`` 來使用控制節(jié)點的管理接口的IP 地址。

[DEFAULT]

my_ip = 10.0.0.11

在 [DEFAULT] 部分，使能 Networking 服務：

[DEFAULT]

use_neutron = True

firewall_driver = nova.virt.firewall.NoopFirewallDriver

默認情況下，計算服務使用內置的防火墻服務。由于網絡服務包含了防火墻服務，你必須使用``nova.virt.firewall.NoopFirewallDriver``防火墻服務來禁用掉計算服務內置的防火墻服務

在``[vnc]``部分，配置VNC代理使用控制節(jié)點的管理接口IP地址

[vnc]

vncserver_listen = $my_ip

vncserver_proxyclient_address = $my_ip

在 [glance] 區(qū)域，配置鏡像服務 API 的位置：

[glance]

api_servers = http://controller:9292

在 [oslo_concurrency] 部分，配置鎖路徑：

[oslo_concurrency]

lock_path = /var/lib/nova/tmp

同步Compute 數據庫：

# su -s /bin/sh -c "nova-manage api_db sync" nova

# su -s /bin/sh -c "nova-manage db sync" nova

# systemctl enable openstack-nova-api.service \

openstack-nova-consoleauth.service openstack-nova-scheduler.service \

openstack-nova-conductor.service openstack-nova-novncproxy.service

# systemctl start openstack-nova-api.service \

openstack-nova-consoleauth.service openstack-nova-scheduler.service \

openstack-nova-conductor.service openstack-nova-novncproxy.service

# grep ^[a-Z] /etc/nova/nova.conf

rpc_backend = rabbit

enabled_apis = osapi_compute,metadata

auth_strategy = keystone

my_ip = 172.25.33.10

use_neutron = True

firewall_driver = nova.virt.firewall.NoopFirewallDriver

debug=true

connection = mysql+pymysql://nova:nova@172.25.33.10/nova_api

connection = mysql+pymysql://nova:nova@172.25.33.10/nova

api_servers = http://172.25.33.10:9292

auth_uri = http://172.25.33.10:5000

auth_url = http://172.25.33.10:35357

memcached_servers = 172.25.33.10:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = nova

password = nova

lock_path = /var/lib/nova/tmp

rabbit_host = 172.25.33.10

rabbit_userid = openstack

rabbit_password = rabbit

vncserver_listen = $my_ip

vncserver_proxyclient_address = $my_ip

安裝和配置計算節(jié)點：

minion2：172.25.33.11

安裝軟件包：

# yum install openstack-nova-compute

編輯``/etc/nova/nova.conf``文件并完成下面的操作

在``[DEFAULT]`` 和 [oslo_messaging_rabbit]部分，配置``RabbitMQ``消息隊列的連接：

[DEFAULT]

rpc_backend = rabbit

[oslo_messaging_rabbit]

rabbit_host =172.25.33.10

rabbit_userid = openstack

rabbit_password =rabbit

在 “[DEFAULT]” 和 “[keystone_authtoken]” 部分，配置認證服務訪問

[DEFAULT]

auth_strategy = keystone

[keystone_authtoken]

auth_uri = http://172.25.33.10:5000

auth_url = http://172.25.33.10:35357

memcached_servers = 172.25.33.10:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = nova

password = nova

在 [DEFAULT] 部分，配置 my_ip 選項

[DEFAULT]

my_ip = MANAGEMENT_INTERFACE_IP_ADDRESS

將其中的 MANAGEMENT_INTERFACE_IP_ADDRESS 替換為計算節(jié)點上的管理網絡接口的IP 地址

my_ip =172.25.33.11

在 [DEFAULT] 部分，使能 Networking 服務：

[DEFAULT]

use_neutron = True

firewall_driver = nova.virt.firewall.NoopFirewallDriver

缺省情況下，Compute 使用內置的防火墻服務。由于 Networking 包含了防火墻服務，所以你必須通過使用 nova.virt.firewall.NoopFirewallDriver 來去除 Compute 內置的防火墻服務

在``[vnc]``部分，啟用并配置遠程控制臺訪問：

[vnc]

enabled = True

vncserver_listen = 0.0.0.0

vncserver_proxyclient_address = $my_ip

novncproxy_base_url = http://172.25.33.10:6080/vnc_auto.html

在 [glance] 區(qū)域，配置鏡像服務 API 的位置：

[glance]

api_servers = http://172.25.33.10:9292

在 [oslo_concurrency] 部分，配置鎖路徑：

[oslo_concurrency]

lock_path = /var/lib/nova/tmp

官方文檔漏掉的配置：回報錯誤：oslo_service.service [-] Error starting thread.

或PlacementNotConfigured: This compute is not configured to talk to the placement service

[placement]

auth_uri = http://172.25.33.10:5000

auth_url = http://172.25.33.10:35357

memcached_servers = 172.25.33.10:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = nova

password = nova

os_region_name = RegionOne

完成安裝

1、確定您的計算節(jié)點是否支持虛擬機的硬件加速。

#egrep -c '(vmx|svm)' /proc/cpuinfo

如果這個命令返回了 one or greater 的值，那么你的計算節(jié)點支持硬件加速且不需要額外的配置。

如果這個命令返回了 zero 值，那么你的計算節(jié)點不支持硬件加速。你必須配置 libvirt 來使用 QEMU 去代替 KVM

# egrep -c '(vmx|svm)' /proc/cpuinfo

0

在 /etc/nova/nova.conf 文件的 [libvirt] 區(qū)域做出如下的編輯

[libvirt]

virt_type = qemu

2、啟動計算服務及其依賴，并將其配置為隨系統自動啟動：

# systemctl enable libvirtd.service openstack-nova-compute.service

# systemctl start libvirtd.service openstack-nova-compute.service

驗證操作：在控制節(jié)點172.25.33.10上進行

獲得 admin 憑證來獲取只有管理員能執(zhí)行的命令的訪問權限：

#. admin-openrc

列出服務組件，以驗證是否成功啟動并注冊了每個進程：

# openstack compute service list

+----+------------------+------------------+----------+---------+-------+--------------------+

| ID | Binary | Host | Zone | Status | State | Updated At |

+----+------------------+------------------+----------+---------+-------+--------------------+

| 1 | nova-conductor | server10.example | internal | enabled | up | 2017-04-04T14:07:4 |

| | | | | | | 9.000000 |

| 2 | nova-scheduler | server10.example | internal | enabled | up | 2017-04-04T14:07:5 |

| | | | | | | 1.000000 |

| 3 | nova-consoleauth | server10.example | internal | enabled | up | 2017-04-04T14:07:5 |

| | | | | | | 0.000000 |

| 6 | nova-compute | server11.example | nova | enabled | up | 2017-04-04T14:07:5 |

| | | .com | | | | 1.000000

網絡服務：

控制節(jié)點：

OpenStack網絡（neutron）管理OpenStack環(huán)境中所有虛擬網絡基礎設施（VNI），物理網絡基礎設施（PNI）的接入層。OpenStack網絡允許租戶創(chuàng)建包括像 firewall， :term:`load balancer`和 :term:`virtual private network (×××)`等這樣的高級虛擬網絡拓撲。

配置：

1、獲得 admin 憑證來獲取只有管理員能執(zhí)行的命令的訪問權限：

. admin-openrc

2、要創(chuàng)建服務證書，完成這些步驟：

創(chuàng)建``neutron``用戶：

openstack user create --domain default --password-prompt neutron

添加``admin`` 角色到``neutron`` 用戶：

openstack role add --project service --user neutron admin

創(chuàng)建``neutron``服務實體：

# openstack service create --name neutron \

> --description "OpenStack Networking" network

創(chuàng)建網絡服務API端點

# openstack endpoint create --region RegionOne \

> network public http://172.25.33.10:9696

+--------------+----------------------------------+

| Field | Value |

+--------------+----------------------------------+

| enabled | True |

| id | 0092457b66b84d869d710e84c715219c |

| interface | public |

| region | RegionOne |

| region_id | RegionOne |

| service_id | a33565b8fdfa4531963fdbb74245d960 |

| service_name | neutron |

| service_type | network |

| url | http://172.25.33.10:9696 |

+--------------+----------------------------------+

# openstack endpoint create --region RegionOne network internal http://172.25.33.10:9696

# openstack endpoint create --region RegionOne network admin http://172.25.33.10:9696

本網絡實例采用公共網絡：

選項1采用盡可能簡單的架構進行部署，只支持實例連接到公有網絡（外部網絡）。沒有私有網絡（個人網絡），路由器以及浮動IP地址。只有``admin``或者其他特權用戶才可以管理公有網絡

選項2在選項1的基礎上多了layer－3服務，支持實例連接到私有網絡。``demo``或者其他沒有特權的用戶可以管理自己的私有網絡，包含連接公網和私網的路由器。另外，浮動IP地址可以讓實例使用私有網絡連接到外部網絡，例如互聯網

yum install openstack-neutron openstack-neutron-ml2 \

openstack-neutron-linuxbridge ebtables

配置服務組件

Networking 服務器組件的配置包括數據庫、認證機制、消息隊列、拓撲變化通知和插件。

編輯``/etc/neutron/neutron.conf`` 文件并完成如下操作：

在 [database] 部分，配置數據庫訪問

[database]

connection = mysql+pymysql://neutron:neutron@172.25.33.10/neutron

在``[DEFAULT]``部分，啟用Modular Layer 2 (ML2)插件，路由服務和重疊的IP地址：

[DEFAULT]

core_plugin = ml2

service_plugins =

在 “[DEFAULT]” 和 “[oslo_messaging_rabbit]”部分，配置 “RabbitMQ” 消息隊列的連接：

[DEFAULT]

rpc_backend = rabbit

[oslo_messaging_rabbit]

rabbit_host = 172.25.33.10

rabbit_userid = openstack

rabbit_password =rabbit

在 “[DEFAULT]” 和 “[keystone_authtoken]” 部分，配置認證服務訪問：

[DEFAULT]

auth_strategy = keystone

[keystone_authtoken]

auth_uri = http://172.25.33.10:5000

auth_url = http://172.25.33.10:35357

memcached_servers = 172.25.33.10:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = neutron

在``[DEFAULT]``和``[nova]``部分，配置網絡服務來通知計算節(jié)點的網絡拓撲變化：

[DEFAULT]

notify_nova_on_port_status_changes = True

notify_nova_on_port_data_changes = True

[nova]

auth_url = http://172.25.33.10:35357

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = nova

password = nova

在 [oslo_concurrency] 部分，配置鎖路徑：

[oslo_concurrency]

lock_path = /var/lib/neutron/tmp

配置 Modular Layer 2 (ML2) 插件

ML2插件使用Linuxbridge機制來為實例創(chuàng)建layer－2虛擬網絡基礎設施

編輯``/etc/neutron/plugins/ml2/ml2_conf.ini``文件并完成以下操作：

在``[ml2]``部分，啟用flat和VLAN網絡以及VXLAN網絡：：

[ml2]

type_drivers = flat,vlan

在``[ml2]``部分，禁用私有網絡：

[ml2]

tenant_network_types =

在``[ml2]``部分，啟用Linuxbridge機制：

[ml2]

mechanism_drivers = linuxbridge

在``[ml2]`` 部分，啟用端口安全擴展驅動：

[ml2]

extension_drivers = port_security

在``[ml2_type_flat]``部分，配置公共虛擬網絡為flat網絡

[ml2_type_flat]

flat_networks = provider

在 ``[securitygroup]``部分，啟用 ipset 增加安全組規(guī)則的高效性：

[securitygroup]

enable_ipset = True

配置Linuxbridge代理

Linuxbridge代理為實例建立layer－2虛擬網絡并且處理安全組規(guī)則。

編輯``/etc/neutron/plugins/ml2/linuxbridge_agent.ini``文件并且完成以下操作：

在``[linux_bridge]``部分，將公共虛擬網絡和公共物理網絡接口對應起來：

[linux_bridge]

physical_interface_mappings =public:eth0

將``PUBLIC_INTERFACE_NAME`` 替換為底層的物理公共網絡接口

在``[vxlan]``部分，禁用VXLAN覆蓋網絡

[vxlan]

enable_vxlan = False

在 ``[securitygroup]``部分，啟用安全組并配置 Linuxbridge iptables firewall driver:

[securitygroup]

enable_security_group = True

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

配置DHCP代理

The DHCP agent provides DHCP services for virtual networks

編輯``/etc/neutron/dhcp_agent.ini``文件并完成下面的操作：

在``[DEFAULT]``部分，配置Linuxbridge驅動接口，DHCP驅動并啟用隔離元數據，這樣在公共網絡上的實例就可以通過網絡來訪問元數據

[DEFAULT]

interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver

dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq

enable_isolated_metadata = True

配置元數據代理

編輯``/etc/neutron/metadata_agent.ini``文件并完成以下操作：

在``[DEFAULT]`` 部分，配置元數據主機以及共享密碼：

[DEFAULT]

nova_metadata_ip = 172.25.33.10

metadata_proxy_shared_secret =redhat

為計算節(jié)點配置網絡服務

編輯``/etc/nova/nova.conf``文件并完成以下操作：

在``[neutron]``部分，配置訪問參數，啟用元數據代理并設置密碼：

[neutron]

url = http://172.25.33.10:9696

auth_url = http:/172.25.33.10:35357

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = neutron

service_metadata_proxy = True

metadata_proxy_shared_secret = redhat

完成安裝

網絡服務初始化腳本需要一個超鏈接 /etc/neutron/plugin.ini``指向ML2插件配置文件/etc/neutron/plugins/ml2/ml2_conf.ini``。如果超鏈接不存在，使用下面的命令創(chuàng)建它：

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

同步數據庫：

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \

--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

最后顯示OK 即為成功

重啟計算API 服務

# systemctl restart openstack-nova-api.service

開機啟動

# systemctl enable neutron-server.service \

neutron-linuxbridge-agent.service neutron-dhcp-agent.service \

neutron-metadata-agent.service

# systemctl start neutron-server.service \

neutron-linuxbridge-agent.service neutron-dhcp-agent.service \

neutron-metadata-agent.service

對于網絡選項2，同樣啟用layer－3服務并設置其隨系統自啟動

# systemctl enable neutron-l3-agent.service

# systemctl start neutron-l3-agent.service

計算節(jié)點：

# yum install openstack-neutron-linuxbridge ebtables ipset

Networking 通用組件的配置包括認證機制、消息隊列和插件

編輯``/etc/neutron/neutron.conf`` 文件并完成如下操作：

在``[database]`` 部分，注釋所有``connection`` 項，因為計算節(jié)點不直接訪問數據庫。

在“[DEFAULT]” 和 “[oslo_messaging_rabbit]”部分，配置 “RabbitMQ” 消息隊列的連接：

[DEFAULT]

rpc_backend = rabbit

[oslo_messaging_rabbit]

rabbit_host = 172.25.33.10

rabbit_userid = openstack

rabbit_password = rabbit

在 “[DEFAULT]” 和 “[keystone_authtoken]” 部分，配置認證服務訪問：

[DEFAULT]

auth_strategy = keystone

[keystone_authtoken]

auth_uri = http://172.25.33.10:5000

auth_url = http://172.25.33.10:35357

memcached_servers = 172.25.33.10:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = neturon

在 [oslo_concurrency] 部分，配置鎖路徑：

[oslo_concurrency]

lock_path = /var/lib/neutron/tmp

選擇公有網絡：（可以將minion1上的配置考過來）

配置Linuxbridge代理

Linuxbridge代理為實例建立layer－2虛擬網絡并且處理安全組規(guī)則。

編輯``/etc/neutron/plugins/ml2/linuxbridge_agent.ini``文件并且完成以下操作：

在``[linux_bridge]``部分，將公共虛擬網絡和公共物理網絡接口對應起來：

[linux_bridge]

physical_interface_mappings =public:eth0

在``[vxlan]``部分，禁止VXLAN覆蓋網絡：

[vxlan]

enable_vxlan = False

在 ``[securitygroup]``部分，啟用安全組并配置 Linuxbridge iptables firewall driver:

[securitygroup]

enable_security_group = True

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDr

編輯``/etc/nova/nova.conf``文件并完成下面的操作：

在``[neutron]`` 部分，配置訪問參數：

[neutron]

url = http://172.25.33.10:9696

auth_url = http://172.25.33.10:35357

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = neutron

重啟計算服務：

# systemctl restart openstack-nova-compute.service

開機啟動：

# systemctl enable neutron-linuxbridge-agent.service

# systemctl start neutron-linuxbridge-agent.service

檢驗：

neutron ext-listneutron ext-list

neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.

+---------------------------+--------------------------------------------------+

| alias | name |

+---------------------------+--------------------------------------------------+

| default-subnetpools | Default Subnetpools |

| availability_zone | Availability Zone |

| network_availability_zone | Network Availability Zone |

| binding | Port Binding |

| agent | agent |

| subnet_allocation | Subnet Allocation |

| dhcp_agent_scheduler | DHCP Agent Scheduler |

| tag | Tag support |

| external-net | Neutron external network |

| flavors | Neutron Service Flavors |

| net-mtu | Network MTU |

| network-ip-availability | Network IP Availability |

| quotas | Quota management support |

| provider | Provider Network |

| multi-provider | Multi Provider Network |

| address-scope | Address scope |

| subnet-service-types | Subnet service types |

| standard-attr-timestamp | Resource timestamps |

| service-type | Neutron Service Type Management |

| tag-ext | Tag support for resources: subnet, subnetpool, |

| | port, router |

| extra_dhcp_opt | Neutron Extra DHCP opts |

| standard-attr-revisions | Resource revision numbers |

| pagination | Pagination support |

| sorting | Sorting support |

| security-group | security-group |

| rbac-policies | RBAC Policies |

| standard-attr-description | standard-attr-description |

| port-security | Port Security |

| allowed-address-pairs | Allowed Address Pairs |

| project-id | project_id field enabled |

+---------------------------+--------------------------------------------------+

列出代理以驗證啟動 neutron 代理是否成功：

# neutron agent-list

neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.

+----------+------------+----------+-------------------+-------+----------------+---------------+

| id | agent_type | host | availability_zone | alive | admin_state_up | binary |

+----------+------------+----------+-------------------+-------+----------------+---------------+

| 0d135b32 | DHCP agent | server10 | nova | :-) | True | neutron-dhcp- |

| -f115-4d | | .example | | | | agent |

| 2f-8296- | | | | | | |

| 27c6590c | | | | | | |

| a08c | | | | | | |

| 6c603475 | Metadata | server10 | | :-) | True | neutron- |

| -571a-4b | agent | .example | | | | metadata- |

| de-a414- | | | | | | agent |

| b6531938 | | | | | | |

| 8508 | | | | | | |

| b8667984 | Linux | server11 | | :-) | True | neutron- |

| -0d75 | bridge | .example | | | | linuxbridge- |

| -47bf- | agent | .com | | | | agent |

| 958b-c88 | | | | | | |

| 6244ff1f | | | | | | |

| 7 | | | | | | |

+----------+------------+----------+-------------------+-------+----------------+---------------+

配置文件一覽：

控制節(jié)點：

# cat /etc/neutron/neutron.conf

[DEFAULT]

rpc_backend = rabbit

core_plugin = ml2

service_plugins =

auth_strategy = keystone

notify_nova_on_port_status_changes = True

notify_nova_on_port_data_changes = True

[database]

connection = mysql+pymysql://neutron:neutron@172.25.33.10/neutron

[oslo_messaging_rabbit]

rabbit_host = 172.25.33.10

rabbit_userid = openstack

rabbit_password = rabbit

[keystone_authtoken]

auth_uri = http://172.25.33.10:5000

auth_url = http://172.25.33.10:35357

memcached_servers = 172.25.33.10:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = neutron

[nova]

auth_url = http://172.25.33.10:35357

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = nova

password = nova

[oslo_concurrency]

lock_path = /var/lib/neutron/tmp

# grep ^[a-Z] /etc/nova/nova.conf

rpc_backend = rabbit

enabled_apis = osapi_compute,metadata

auth_strategy = keystone

my_ip = 172.25.33.10

use_neutron = True

firewall_driver = nova.virt.firewall.NoopFirewallDriver

connection = mysql+pymysql://nova:nova@172.25.33.10/nova_api

connection = mysql+pymysql://nova:nova@172.25.33.10/nova

api_servers = http://172.25.33.10:9292

auth_uri = http://172.25.33.10:5000

auth_url = http://172.25.33.10:35357

memcached_servers = 172.25.33.10:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = nova

password = nova

url = http://172.25.33.10:9696

auth_url = http:/172.25.33.10:35357

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = neutron

service_metadata_proxy = True

metadata_proxy_shared_secret = redhat//Z這個密碼后邊要用

lock_path = /var/lib/nova/tmp

rabbit_host = 172.25.33.10

rabbit_userid = openstack

rabbit_password = rabbit

vncserver_listen = $my_ip

vncserver_proxyclient_address = $my_ip

[root@server10 ~]# grep ^[a-Z] /etc/neutron/plugins/ml2/ml2_conf.ini

type_drivers = flat,vlan

tenant_network_types =

mechanism_drivers = linuxbridge

extension_drivers = port_security

flat_networks = provider

enable_ipset = True

[root@server10 ~]# grep ^[a-Z] /etc/neutron/plugins/ml2/linuxbridge_agent.ini

physical_interface_mappings = public:eth0

enable_security_group = True

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewal

enable_vxlan = False

# grep ^[a-Z] /etc/neutron/plugins/ml2/linuxbridge_agent.ini

physical_interface_mappings = public:eth0

enable_security_group = True

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewal

enable_vxlan = False

[root@server10 ~]# grep ^[a-Z] //etc/neutron/dhcp_agent.ini

interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver

dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq

enable_isolated_metadata = True

# grep ^[a-Z] //etc/neutron/dhcp_agent.ini

interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver

dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq

enable_isolated_metadata = True

[root@server10 ~]# grep ^[a-Z] /etc/neutron/metadata_agent.ini

nova_metadata_ip = 172.25.33.10

metadata_proxy_shared_secret = redhat//用的是上邊的元數據區(qū)密碼

計算節(jié)點：

# grep ^[a-Z] /etc/neutron/neutron.conf

rpc_backend = rabbit

auth_strategy = keystone

rabbit_host = 172.25.33.10

rabbit_userid = openstack

rabbit_password = rabbit

auth_uri = http://172.25.33.10:5000

auth_url = http://172.25.33.10:35357

memcached_servers = 172.25.33.10:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = neutron

lock_path = /var/lib/neutron/tmp

# grep ^[a-Z] /etc/neutron/plugins/ml2/linuxbridge_agent.ini

physical_interface_mappings = public:eth0

enable_vxlan = False

enable_security_group = True

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

# grep ^[a-Z] /etc/nova/nova.conf

rpc_backend = rabbit

enabled_apis = osapi_compute,metadata

auth_strategy = keystone

my_ip = 172.25.33.10

use_neutron = True

firewall_driver = nova.virt.firewall.NoopFirewallDriver

connection = mysql+pymysql://nova:nova@172.25.33.10/nova_api

connection = mysql+pymysql://nova:nova@172.25.33.10/nova

api_servers = http://172.25.33.10:9292

auth_uri = http://172.25.33.10:5000

auth_url = http://172.25.33.10:35357

memcached_servers = 172.25.33.10:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = nova

password = nova

virt_type = qemu

url = http://172.25.33.10:9696

auth_url = http://172.25.33.10:35357

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = neutron

lock_path = /var/lib/nova/tmp

rabbit_host = 172.25.33.10

rabbit_userid = openstack

rabbit_password = rabbit

auth_uri = http://172.25.33.10:5000

auth_url = http://172.25.33.10:35357

memcached_servers = 172.25.33.10:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = nova

password = nova

os_region_name = RegionOne

enabled = True

vncserver_listen = 0.0.0.0

vncserver_proxyclient_address = 172.25.33.11

ovncproxy_base_url = http://172.25.33.10:6080/vnc_auto.html

注意：所有密碼和服務名稱相同

172.25.33.10為控制節(jié)點

172.25.33.11為計算節(jié)點

至此，基礎服務已經完成，可以創(chuàng)建實例：

----------

創(chuàng)建虛擬網絡

---------

公共網絡：

創(chuàng)建公共網絡：

1、在控制節(jié)點上，加載 admin 憑證來獲取管理員能執(zhí)行的命令訪問權限：

source admin-openrc

2、創(chuàng)建網絡：

# neutron net-create --shared --provider:physical_network provider \

> --provider:network_type flat public

neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.

Created a new network:

+---------------------------+--------------------------------------+

| Field | Value |

+---------------------------+--------------------------------------+

| admin_state_up | True |

| availability_zone_hints | |

| availability_zones | |

| created_at | 2017-04-09T11:35:39Z |

| description | |

| id | 876887d3-2cf3-4253-9804-346f180b6077 |

| ipv4_address_scope | |

| ipv6_address_scope | |

| mtu | 1500 |

| name | public |

| port_security_enabled | True |

| project_id | 7f1f3eae73dc439da7f53c15c634c4e7 |

| provider:network_type | flat |

| provider:physical_network | provider |

| provider:segmentation_id | |

| revision_number | 3 |

| router:external | False |

| shared | True |

| status | ACTIVE |

| subnets | |

| tags | |

| tenant_id | 7f1f3eae73dc439da7f53c15c634c4e7 |

| updated_at | 2017-04-09T11:35:39Z |

+---------------------------+--------------------------------------+

``–shared``選項允許所有項目使用虛擬網絡

查看網絡CIDR # neutron net-list

neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.

+----------------------+--------+----------------------+-----------------------+

| id | name | tenant_id | subnets |

+----------------------+--------+----------------------+-----------------------+

| 876887d3-2cf3-4253-9 | public | 7f1f3eae73dc439da7f5 | 6428d4dd-e15d-48b0 |

| 804-346f180b6077 | | 3c15c634c4e7 | -995e-45df957f4735 |

| | | | 172.25.33.0/24 |

+----------------------+--------+----------------------+-----------------------+

3、在網絡上創(chuàng)建一個子網：

# neutron subnet-create --name provider --allocation-pool start=172.25.33.100,end=172.25.33.200 --dns-nameserver 114.114.114.114 --gateway 172.25.33.250 public 172.25.33.0/24

neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.

Created a new subnet:

+-------------------+----------------------------------------------------+

| Field | Value |

+-------------------+----------------------------------------------------+

| allocation_pools | {"start": "172.25.33.100", "end": "172.25.33.200"} |

| cidr | 172.25.33.0/24 |

| created_at | 2017-04-09T11:40:38Z |

| description | |

| dns_nameservers | 114.114.114.114 |

| enable_dhcp | True |

| gateway_ip | 172.25.33.250 |

| host_routes | |

| id | 6428d4dd-e15d-48b0-995e-45df957f4735 |

| ip_version | 4 |

| ipv6_address_mode | |

| ipv6_ra_mode | |

| name | provider |

| network_id | 876887d3-2cf3-4253-9804-346f180b6077 |

| project_id | 7f1f3eae73dc439da7f53c15c634c4e7 |

| revision_number | 2 |

| service_types | |

| subnetpool_id | |

| tags | |

| tenant_id | 7f1f3eae73dc439da7f53c15c634c4e7 |

| updated_at | 2017-04-09T11:40:38Z |

+-------------------+----------------------------------------------------+

使用提供者物理網絡的子網CIDR標記替換``PROVIDER_NETWORK_CIDR``。即上文列出的子網

將 DNS_RESOLVER 替換為DNS解析服務的IP地址。在大多數情況下，你可以從主機``/etc/resolv.conf`` 文件選擇一個使用。

將``PUBLIC_NETWORK_GATEWAY`` 替換為公共網絡的網關，一般的網關IP地址以 ”.1” 結尾。也可以使用宿主機的IP。

創(chuàng)建m1.nano規(guī)格的主機

默認的最小規(guī)格的主機需要512 MB內存。對于環(huán)境中計算節(jié)點內存不足4 GB的，我們推薦創(chuàng)建只需要64 MB的``m1.nano``規(guī)格的主機。若單純?yōu)榱藴y試的目的，請使用``m1.nano``規(guī)格的主機來加載CirrOS鏡像

# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano

+----------------------------+---------+

| Field | Value |

+----------------------------+---------+

| OS-FLV-DISABLED:disabled | False |

| OS-FLV-EXT-DATA:ephemeral | 0 |

| disk | 1 |

| id | 0 |

| name | m1.nano |

| os-flavor-access:is_public | True |

| properties | |

| ram | 64 |

| rxtx_factor | 1.0 |

| swap | |

| vcpus | 1 |

+----------------------------+---------+

生成一個鍵值對

大部分云鏡像支持公共密鑰認證而不是傳統的密碼認證。在啟動實例前，你必須添加一個公共密鑰到計算服務。

導入租戶``demo``的憑證

$ . demo-openrc

生成和添加秘鑰對：

$ ssh-keygen -q -N ""

$ openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey

+-------------+-------------------------------------------------+

| Field | Value |

+-------------+-------------------------------------------------+

| fingerprint | 7f:a9:fd:62:e4:2b:87:84:27:f1:ce:d4:c1:89:f3:b8 |

| name | mykey |

| user_id | 251ad20a4d754dc4a104a3f5b8159142 |

+-------------+-------------------------------------------------+

驗證公鑰的添加：

# openstack keypair list

+-------+-------------------------------------------------+

| Name | Fingerprint |

+-------+-------------------------------------------------+

| mykey | 7f:a9:fd:62:e4:2b:87:84:27:f1:ce:d4:c1:89:f3:b8 |

+-------+-------------------------------------------------+

增加安全組規(guī)則

默認情況下， ``default``安全組適用于所有實例并且包括拒絕遠程訪問實例的防火墻規(guī)則。對諸如CirrOS這樣的Linux鏡像，我們推薦至少允許ICMP (ping) 和安全shell(SSH)規(guī)則。

添加規(guī)則到 default 安全組。

允許 ICMP (ping)：

# openstack security group rule create --proto icmp default

+-------------------+--------------------------------------+

| Field | Value |

+-------------------+--------------------------------------+

| created_at | 2017-04-09T11:46:06Z |

| description | |

| direction | ingress |

| ether_type | IPv4 |

| id | 5a168a4b-7e2a-40ee-8302-d19fbb7dda6d |

| name | None |

| port_range_max | None |

| port_range_min | None |

| project_id | 45a1b89bc5de479e8d3e04eae314ee88 |

| protocol | icmp |

| remote_group_id | None |

| remote_ip_prefix | 0.0.0.0/0 |

| revision_number | 1 |

| security_group_id | eb93c9e4-c2fd-45fc-806c-d1640ac3bf2e |

| updated_at | 2017-04-09T11:46:06Z |

+-------------------+--------------------------------------+

允許安全 shell (SSH) 的訪問：

[root@server10 ~]# openstack security group rule create --proto tcp --dst-port 22 default

+-------------------+--------------------------------------+

| Field | Value |

+-------------------+--------------------------------------+

| created_at | 2017-04-09T11:46:34Z |

| description | |

| direction | ingress |

| ether_type | IPv4 |

| id | 26a91aee-5cd7-4c4d-acc6-104b7be0bc59 |

| name | None |

| port_range_max | 22 |

| port_range_min | 22 |

| project_id | 45a1b89bc5de479e8d3e04eae314ee88 |

| protocol | tcp |

| remote_group_id | None |

| remote_ip_prefix | 0.0.0.0/0 |

| revision_number | 1 |

| security_group_id | eb93c9e4-c2fd-45fc-806c-d1640ac3bf2e |

| updated_at | 2017-04-09T11:46:34Z |

+-------------------+--------------------------------------+

在公有網絡上創(chuàng)建實例

一個實例指定了虛擬機資源的大致分配，包括處理器、內存和存儲。

列出可用類型：

# openstack flavor list

+----+---------+-----+------+-----------+-------+-----------+

| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |

+----+---------+-----+------+-----------+-------+-----------+

| 0 | m1.nano | 64 | 1 | 0 | 1 | True |

+----+---------+-----+------+-----------+-------+-----------+

這里由于給虛擬機的內存過小發(fā)生了一個cannot allocate memory的報錯

列出可用鏡像：

# openstack p_w_picpath list

+--------------------------------------+--------+--------+

| ID | Name | Status |

+--------------------------------------+--------+--------+

| 2ed41322-bbd2-45b0-8560-35af76041798 | cirros | active |

+--------------------------------------+--------+--------+

列出可用網絡：

# openstack network list

+----------------------------------+--------+----------------------------------+

| ID | Name | Subnets |

+----------------------------------+--------+----------------------------------+

| 876887d3-2cf3-4253-9804-346f180b | public | 6428d4dd-e15d-48b0-995e- |

| 6077 | | 45df957f4735 |

+----------------------------------+--------+----------------------------------+

這個實例使用 ``provider``公有網絡。你必須使用ID而不是名稱才可以使用這個網絡

列出可用的安全組：

# openstack security group list

+----------------------------+---------+------------------------+---------+

| ID | Name | Description | Project |

+----------------------------+---------+------------------------+---------+

| eb93c9e4-c2fd-45fc-806c- | default | Default security group | |

| d1640ac3bf2e | | | |

+----------------------------+---------+------------------------+---------+

創(chuàng)建實例

啟動實例：

使用``public``公有網絡的ID替換``PUBLIC_NET_ID``

# openstack server create --flavor m1.nano --p_w_picpath cirros --nic net-id=876887d3-2cf3-4253-9804-346f180b6077 --security-group default --key-name mykey public-instance

+-----------------------------+-----------------------------------------------+

| Field | Value |

+-----------------------------+-----------------------------------------------+

| OS-DCF:diskConfig | MANUAL |

| OS-EXT-AZ:availability_zone | |

| OS-EXT-STS:power_state | NOSTATE |

| OS-EXT-STS:task_state | scheduling |

| OS-EXT-STS:vm_state | building |

| OS-SRV-USG:launched_at | None |

| OS-SRV-USG:terminated_at | None |

| accessIPv4 | |

| accessIPv6 | |

| addresses | |

| adminPass | nJ5gwMuEG4vN |

| config_drive | |

| created | 2017-04-09T12:11:15Z |

| flavor | m1.nano (0) |

| hostId | |

| id | 9ddc6c6b-4847-47ae-91de-8cd7a607c212 |

| p_w_picpath | cirros (2ed41322-bbd2-45b0-8560-35af76041798) |

| key_name | mykey |

| name | public-instance |

| progress | 0 |

| project_id | 45a1b89bc5de479e8d3e04eae314ee88 |

| properties | |

| security_groups | name='default' |

| status | BUILD |

| updated | 2017-04-09T12:11:16Z |

| user_id | 251ad20a4d754dc4a104a3f5b8159142 |

| volumes_attached | |

+-----------------------------+-----------------------------------------------+

檢查實例的狀態(tài)

# openstack server list

+----------------------+-----------------+--------+----------+------------+

| ID | Name | Status | Networks | Image Name |

+----------------------+-----------------+--------+----------+------------+

| 9ddc6c6b-4847-47ae- | public-instance | BUILD | | cirros |

| 91de-8cd7a607c212 | | | | |

+----------------------+-----------------+--------+----------+------------+

當構建過程完全成功后，狀態(tài)會從 BUILD``變?yōu)?/span>``ACTIVE

使用虛擬控制臺訪問實例

獲取你實例的 Virtual Network Computing (VNC) 會話URL并從web瀏覽器訪問它：

向AI問一下細節(jié)

推薦閱讀：

免責聲明：本站發(fā)布的內容（圖片、視頻和文字）以原創(chuàng)、轉載和分享為主，文章觀點不代表本網站立場，如果涉及侵權請聯系站長郵箱：is@yisu.com進行舉報，并提供相關證據，一經查實，將立刻刪除涉嫌侵權內容。

上一篇新聞：
avro簡介
下一篇新聞：
三種Oracle RMAN備份加密策略

猜你喜歡

AI
助
手

產品服務

地區(qū)劃分

專題活動

幫助支持

關于我們

售后咨詢

7*24小時在線電話：400-100-2938

7*24小時在線 QQ：800811969

關注億速云

億速云公眾號

手機網站二維碼

<nobr id="j5vff"></nobr>

<thead id="j5vff"><menuitem id="j5vff"></menuitem></thead>

<rp id="j5vff"><sup id="j5vff"></sup></rp>

<strong id="j5vff"><sub id="j5vff"><tbody id="j5vff"></tbody></sub></strong>