ubuntu16.04 openstack newton 环境搭

---

注: 所有命令都要切换到 root 用户下执行,通过 sudo su 命令可切换到 root 用户 ,这样就不需要在每条命令中输入 sudo。
在命令行中 通过 ctrl+shift+c复制，通过 ctrl+shift+v粘贴

---

1. 配置vnc(所有节点)

• 设置共享桌面

1. ubuntu 桌面左上角 Search your computer => Desktop Sharing
   image.png
2. 勾选 Sharing->Allow other users to view your desktop 和 Sharing->Allow other users to control your desktop
3. 取消勾选 Security->You must confirm each access to this machine
   image.png

• 设置免登录 (因为 ubuntu 在登录的时候没有打开vnc,因而连不上远程桌面,所以使用免登录)

1.ubuntu 桌面左上角 Search your computer => System Settings

image.png
2.点击 User Accounts
image.png
3. 点击 Unlock 解锁, 设置 Automatic Login 为 ON
image.png

• 下载 vnc4server

1. apt-get install xrdp vnc4server xbase-clients
   apt-get install dconf-editor
2. ubuntu 桌面左上角 Search your computer=>dconf Editor
   image.png
3. org=>gnome=>desktop=>remote-access=>取消勾选 require-encryption
   image.png

2. 配置网卡(所有节点)

• 把默认的 ens 改成 eth (通过 ifconfig命令可以查看到默认网卡是 ens格式 ,现在要改成 eth)

1. gedit /etc/default/grub

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"

image.png

2. 重新生成 grub 文件
   update-grub
grub-mkconfig -o /boot/grub/grub.cfg

• 添加 eth0网卡

1. /etc/network/interfaces

auto eth0
iface eth0 inet static
address 192.168.0.200
netmask 255.255.255.0
gateway 192.168.0.1
dns-nameserver 192.168.0.1

注：controller 节点用 192.168.0.200, compute1 节点用 192.168.0.203

2. 重启 reboot

3. 设置 hosts 和 hostname (所有节点)

• 设置 hosts

1. gedit /etc/hosts

注掉 127.0.1.1
192.168.0.200 controller
192.168.0.203 compute1

image.png

• 设置 hostname

1. gedit /etc/hostname
   controller 节点上是 controller,compute1 节点上 是 conpute1
   image.png
2. 重启 reboot

4. 换源

• 换阿里源

1. gedit /etc/apt/sources.list
   注:文件中的其他内容全部删除

deb-src http://archive.ubuntu.com/ubuntu xenial main restricted
deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted
deb-src http://mirrors.aliyun.com/ubuntu/ xenial main restricted multiverse universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted multiverse universe
deb http://mirrors.aliyun.com/ubuntu/ xenial universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe
deb http://mirrors.aliyun.com/ubuntu/ xenial multiverse
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates multiverse
deb http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse
deb http://archive.canonical.com/ubuntu xenial partner
deb-src http://archive.canonical.com/ubuntu xenial partner
deb http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted multiverse universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-security universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-security multiverse

2. 更新
   apt update
apt upgrade
apt dist-upgrade
apt autoremove
3. 重启 reboot(现在就可以通过 vnc viewer 连接这些节点了)

5. 时间服务器 ntp

• controller 节点

1. 下载并配置
   apt install chrony
gedit /etc/chrony/chrony.conf

allow 192.168.0.0/24
server ntp1.aliyun.com iburst

image.png

2. 重启 ntp
   service chrony restart
3. 验证
   chronyc sources
   image.png

• 其他节点

1. 下载并配置
   apt install chrony
gedit /etc/chrony/chrony.conf

注释掉 pool 2.debian.pool.ntp.org offline iburst
server controller iburst

image.png

2. 重启 ntp
   service chrony restart
3. 验证
   chronyc sources
   image.png

5. OpenStack 所需要的包(所有节点)

• 所有节点

1. apt install software-properties-common
add-apt-repository cloud-archive:newton
apt update && apt dist-upgrade
apt install python-openstackclient

6. 配置数据库(仅controller 节点)

• controller 节点

1. 下载和配置
   apt install mariadb-server python-pymysql
gedit /etc/mysql/mariadb.conf.d/99-openstack.cnf
   注:99-openstack.cnf 并不存在,这步操作新建了一个文件

[mysqld]
bind-address = 192.168.0.200
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

2. 重启 service mysql restart

7. 配置消息队列(仅controller 节点)

• controller 节点

1. 下载
   apt install rabbitmq-server
2. 添加 openstack 用户
   rabbitmqctl add_user openstack 123456
   image.png
   注: openstack 是用户, 123456 是密码
3. 为 openstack 用户设置 读写访问权限
   rabbitmqctl set_permissions openstack ".*" ".*" ".*"
   image.png

8. 配置 Memcached(仅controller 节点)

• controller 节点

1. 下载
   apt install memcached python-memcache
2. 配置
   gedit /etc/memcached.conf

-l 192.168.0.200

image.png

3. 重启 service memcached restart

9. 配置身份服务(仅 Controller 节点)

• 创建数据库 keystone

1.登入sql: mysql -uroot -p123456
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123456';
退出sql:exit

• 下载和配置 keystone

1.下载
apt install keystone

2. 配置
   gedit /etc/keystone/keystone.conf

[database]
...
connection = mysql+pymysql://keystone:123456@controller/keystone

[token]
...
provider = fernet

注:注释掉[database]中其他的connection，provider 有多个，注意一定要是 [token]中

image.png

3. 根据配置填充数据库keystone 数据
   su -s /bin/sh -c "keystone-manage db_sync" keystone
4. 初始化Fernet密钥存储库:
   keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
5. 初始化身份服务
   keystone-manage bootstrap --bootstrap-password 123456 --bootstrap-admin-url http://controller:35357/v3/ --bootstrap-internal-url http://controller:35357/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne
   注:123456 是自定义的密码

• 配置 apache

1. 配置
   gedit /etc/apache2/apache2.conf

ServerName controller

image.png

2. 重启 service apache2 restart

• 配置管理账户

1. 删除 默认数据库 rm -f /var/lib/keystone/keystone.db
2. 配置管理账户(通过设置 环境变量的方式)
   export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
   注:123456 是前面 初始化身份服务 中的 密码

• 创建 domain, projects, users, and roles

1. 创建 service project
   openstack project create --domain default --description "Service Project" service
   image.png
2. 创建 demo(因为 openstack 的常规操作不能用 admin 账户)
   创建 demo project： openstack project create --domain default --description "Demo Project" demo
   image.png
   创建 demo user： openstack user create --domain default --password-prompt demo
   image.png
   创建 user role：openstack role create user
   image.png
   把user 角色 和 demo project 和 demo user 关联起来
   openstack role add --project demo --user demo user

• 配置

1. gedit /etc/keystone/keystone-paste.ini

删掉 [pipeline:public_api]、[pipeline:admin_api]、[pipeline:api_v3] 中的 admin_token_auth

image.png

• 验证

1. 清除环境变量
   unset OS_AUTH_URL OS_PASSWORD
2. 验证 admin
openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
   image.png

3.验证 demo
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name demo --os-username demo token issue

image.png

• 配置登录脚本

1. 配置 admin
   在当前用户目录下
   image.png
   gedit admin-openrc

export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

2. 配置 demo
   在当前用户目录下
   gedit demo-openrc

export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=123456
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

3. 验证
   登录 . admin-openrc 或 . demo-openrc
   验证 openstack token issue
   image.png

9. 配置镜像服务(仅 Controller 节点)

• 创建数据库 glance

1.登入sql: mysql -uroot -p123456
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123456';
退出sql:exit

• 创建 glance 账户

1. 登录 ：. admin-openrc
2. 创建 glance
   创建 glance user：openstack user create --domain default --password-prompt glance
   image.png
   把admin 角色 和 service project 和 glance user 关联起来：
   openstack role add --project service --user glance admin
   创建 glance service：
   openstack service create --name glance --description "OpenStack Image" image
   image.png
   创建镜像服务API(public internal admin )：
   openstack endpoint create --region RegionOne image public http://controller:9292
   image.png
   openstack endpoint create --region RegionOne image internal http://controller:9292
   image.png
   openstack endpoint create --region RegionOne image admin http://controller:9292
   image.png

• 下载和配置 glance

1. 下载
   apt install glance
2. 配置
   gedit /etc/glance/glance-api.conf

[database]
...
connection = mysql+pymysql://glance:123456@controller/glance

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = 123456

[paste_deploy]
...
flavor = keystone

[glance_store]
...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

注:[keystone_authtoken] 的所有其他选项都要删掉

image.png
image.png
gedit /etc/glance/glance-registry.conf

[database]
...
connection = mysql+pymysql://glance:123456@controller/glance

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = 123456

[paste_deploy]
...
flavor = keystone

注:[keystone_authtoken] 的所有其他选项都要删掉

3. 填充镜像服务数据库
   su -s /bin/sh -c "glance-manage db_sync" glance
4. 重启服务
   service glance-registry restart
service glance-api restart
5. 验证
   登录：. admin-openrc
   下载：wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img

注：可以通过 openssh从其他主机上传入镜像
apt-get install openssh-server
service ssh start

上传：openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public

image.png
查看：openstack image list
image.png

9. 配置计算服务(Controller 节点)

• 创建数据库 nova

1.登入sql: mysql -uroot -p123456
CREATE DATABASE nova_api;
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '123456';
退出sql：exit

• 创建 nova账户

1. 登录 ：. admin-openrc
2. 创建 nova
   创建 nova user：openstack user create --domain default --password-prompt nova
   image.png
   把admin 角色 和 nova user 关联起来：
   openstack role add --project service --user nova admin
   创建 nova service：
   openstack service create --name nova --description "OpenStack Compute" compute
   image.png
   创建计算服务服务API(public internal admin )：
   openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1/%\(tenant_id\)s
   image.png
   openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1/%\(tenant_id\)s
   image.png
   openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1/%\(tenant_id\)s
   image.png

• 下载和配置 nova

1. 下载
   apt install nova-api nova-conductor nova-consoleauth nova-novncproxy nova-scheduler
2. 配置
   gedit /etc/nova/nova.conf

注释掉 [DEFAULT]中的 log-dir
[api_database]
...
connection = mysql+pymysql://nova:123456@controller/nova_api

[database]
...
connection = mysql+pymysql://nova:123456@controller/nova

[DEFAULT]
...
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
my_ip = 192.168.0.200
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 123456

[vnc]
...
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip

[glance]
...
api_servers = http://controller:9292

[oslo_concurrency]
...
lock_path = /var/lib/nova/tmp

注:[keystone_authtoken] 的所有其他选项都要删掉

image.png

3. 填充数据库
   su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage db sync" nova
4. 重启服务
   service nova-api restart
service nova-consoleauth restart
service nova-scheduler restart
service nova-conductor restart
service nova-novncproxy restart

10. 配置计算服务( compute1 节点)

• 下载和配置 nova

1. 下载
   apt install nova-compute
2. 配置
   gedit /etc/nova/nova.conf

注释掉 [DEFAULT]中的 log-dir
[DEFAULT]
...
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
my_ip = 192.168.0.203
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 123456

[vnc]
...
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html

[glance]
...
api_servers = http://controller:9292

[oslo_concurrency]
...
lock_path = /var/lib/nova/tmp

注:[keystone_authtoken] 的所有其他选项都要删掉

image.png

3. 重启服务
   service nova-compute restart
4. 验证(controller 节点)
   登录：. admin-openrc
   查看服务列表：openstack compute service list
   image.png

11. 配置网络服务(Controller 节点)

• 创建数据库 neutron

1.登入sql: mysql -uroot -p123456
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '123456';
退出sql：exit

• 创建 nova账户

1. 登录 ：. admin-openrc
2. 创建 neutron
   创建 neutron user：openstack user create --domain default --password-prompt neutron
   image.png
   把admin 角色 和 neutron user 关联起来：
   openstack role add --project service --user neutron admin
   创建 neutron service：
   openstack service create --name neutron --description "OpenStack Networking" network
   image.png
   创建计算网络服务API(public internal admin )：
   openstack endpoint create --region RegionOne network public http://controller:9696
   image.png
   openstack endpoint create --region RegionOne network internal http://controller:9696
   image.png
   openstack endpoint create --region RegionOne network admin http://controller:9696
   image.png

• 下载和配置 neutron

1. 下载
   apt install neutron-server neutron-plugin-ml2 neutron-linuxbridge-agent neutron-dhcp-agent neutron-metadata-agent
2. 配置(Provider networks)
   gedit /etc/neutron/neutron.conf

[database]
...
connection = mysql+pymysql://neutron:123456@controller/neutron

[DEFAULT]
...
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = 123456

[nova]
...
auth_url = http://controller:35357
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = nova
password = 123456
注：transport_url 有2个 ，一定要选 [DEFAULT]中的;[keystone_authtoken] 的所有其他选项都要删掉

image.png
image.png

gedit /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
...
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security

[ml2_type_flat]
...
flat_networks = provider

[securitygroup]
...
enable_ipset = True

gedit /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:eth0
[vxlan]
enable_vxlan = False
[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

gedit /etc/neutron/dhcp_agent.ini

[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True

3. 配置

gedit /etc/neutron/metadata_agent.ini

[DEFAULT]
...
nova_metadata_ip = controller
metadata_proxy_shared_secret = 123456

gedit /etc/nova/nova.conf

[neutron]
...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = 123456
service_metadata_proxy = True
metadata_proxy_shared_secret = 123456

3. 填充数据库
   su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
4. 重启服务
   service nova-api restart
service neutron-server restart
service neutron-linuxbridge-agent restart
service neutron-dhcp-agent restart
service neutron-metadata-agent restart

12. 配置网络服务( compute1 节点)

• 下载和配置 neutron

1. 下载
   apt install neutron-linuxbridge-agent
2. 配置
   gedit /etc/neutron/neutron.conf

[DEFAULT]
...
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = 123456

注：transport_url 有2个 ，一定要选 [DEFAULT]中的;[keystone_authtoken] 的所有其他选项都要删掉

3. 配置(Provider networks)
   gedit /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:eth0

[vxlan]
enable_vxlan = False

[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

4. 配置
   gedit /etc/nova/nova.conf

[neutron]
...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = 123456

3. 重启服务
   service nova-compute restart
service neutron-linuxbridge-agent restart
4. 验证(controller 节点)
   登录：. admin-openrc
   查看服务列表：openstack network agent list
   image.png

13. 配置仪表盘(仅 controller 节点)

• 下载和配置 dashboard

1. 下载
   apt install openstack-dashboard
2. 配置
   gedit /etc/openstack-dashboard/local_settings.py

OPENSTACK_HOST = "controller"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

ALLOWED_HOSTS = ['*', ]

SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"

OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_ipv6': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}

TIME_ZONE = "UTC"

image.png

gedit /etc/apache2/conf-available/openstack-dashboard.conf

WSGIApplicationGroup %{GLOBAL}

image.png

3. 重启 service apache2 reload
4. 访问 http://192.168.0.200/horizon
   image.png

14. 开始一个 instance(仅 controller 节点)

• 创建虚拟网络(Provider network)

1. 登录：. admin-openrc
2. 创建网络：openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider
   image.png
3. 子网：openstack subnet create --network provider --allocation-pool start=192.168.0.220,end=192.168.0.229 --dns-nameserver 192.168.0.1 --gateway 192.168.0.1 --subnet-range 192.168.0.0/24 provider
   image.png

• 创建 flavor

1. openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
   image.png
   注：flavor 可以在 dashboard 中创建
   image.png

• 生成一个密钥

1. 登录：. demo-openrc
2. 创建：
   ssh-keygen -q -N ""
   image.png
   openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
   image.png
3. 查看秘钥：openstack keypair list
   image.png

• 添加安全组规则(security group rules)

1. 允许 ICMP
openstack security group rule create --proto icmp default
   image.png
2. 允许 SSH
openstack security group rule create --proto tcp --dst-port 22 default
   image.png

• 创建一个 instance

1. 登录：

   
   image.png

2. 创建

   
   image.png
   image.png
   image.png
3. 查看
   image.png
   image.png
   注：因为查看的时候url用的 是 http://controller:6080/ ,所以需要修改 C:\Windows\System32\drivers\etc\hosts,添加 192.168.0.200 controller

15. 块存储(Controller 节点)

• 创建数据库 cinder

1.登入sql: mysql -uroot -p123456
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY '123456';
退出：exit

• 创建 cinder

1. 登录：. admin-openrc
   创建 cinder user：
   openstack user create --domain default --password-prompt cinder
   关联 admin 角色 与 cinder user
   openstack role add --project service --user cinder admin
2. 创建 cinder 和 cinderv2 service
   openstack service create --name cinder --description "OpenStack Block Storage" volume
openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
3. 创建 API
openstack endpoint create --region RegionOne volume public http://controller:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volume internal http://controller:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volume admin http://controller:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(tenant_id\)s
4. 安装和配置
   安装：apt install cinder-api cinder-scheduler
   配置：gedit /etc/cinder/cinder.conf

[database]
...
connection = mysql+pymysql://cinder:123456@controller/cinder

[DEFAULT]
...
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
my_ip = 192.168.0.200

[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = cinder
password = 123456

[oslo_concurrency]
...
lock_path = /var/lib/cinder/tmp

创建数据库表：su -s /bin/sh -c "cinder-manage db sync" cinder

5. 配置 nova
gedit /etc/nova/nova.conf

[cinder]
os_region_name = RegionOne

6. 重启
   service nova-api restart
service cinder-scheduler restart
service cinder-api restart

16. 块存储(block 节点 192.168.0.204)

• 配置

1. 安装 lvm2
apt install lvm2
2. 创建 volume
pvcreate /dev/sda4
3. 创建 group
vgcreate cinder-volumes /dev/sda4
4. 配置 lvm
gedit /etc/lvm/lvm.conf

devices {
...
filter = [ "a/sda4/", "r/.*/"]

5. 下载和配置 cinder
   下载：apt install cinder-volume
   配置：gedit /etc/cinder/cinder.conf

[database]
...
connection = mysql+pymysql://cinder:123456@controller/cinder

[DEFAULT]
...
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
my_ip = 192.168.0.204
enabled_backends = lvm
glance_api_servers = http://controller:9292

[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = cinder
password = 123456

[lvm]
...
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = tgtadm

[oslo_concurrency]
...
lock_path = /var/lib/cinder/tmp

重启： service tgt restart
service cinder-volume restart

6. 验证(controller 节点)
   登录：. admin-openrc
   验证：openstack volume service list
   image.png
   7.使用 (controller 节点)
   登录：. demo-openrc
   创建卷：openstack volume create --size 1 volume1
   或者用dashboard：
   image.png

连接 volume 到 instance 上：

image.png
在 instance (192.168.0.218) 中查看：
fdisk -l
image.png

17. 对象存储(Controller 节点)

• 创建

1. 创建 swift
   登录：. admin-openrc
   创建swift user：
   openstack user create --domain default --password-prompt swift
   关联 swift 用户和 admin 角色：openstack role add --project service --user swift admin
   创建 swift service：openstack service create --name swift --description "OpenStack Object Storage" object-store
   创建 api：
   openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\(tenant_id\)s
openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\(tenant_id\)s
openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1

• 安装和配置

1. 安装：
   apt-get install swift swift-proxy python-swiftclient python-keystoneclient python-keystonemiddleware memcached
2. 从git 获取配置文件
   创建 /etc/swift 目录：
   mkdir /etc/swift
   获取配置文件proxy-server.conf：
   curl -o /etc/swift/proxy-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/proxy-server.conf-sample
   注：安装curl用 apt install curl
3. 配置
   gedit /etc/swift/proxy-server.conf

[DEFAULT]
...
bind_port = 8080
user = swift
swift_dir = /etc/swift

在 [pipeline:main] 中删除 tempurl和tempauth模块，添加 authtoken和keystoneauth 模块
[pipeline:main]
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server

[app:proxy-server]
use = egg:swift#proxy
...
account_autocreate = True

[filter:keystoneauth]
use = egg:swift#keystoneauth
...
operator_roles = admin,user

[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = swift
password = 123456
delay_auth_decision = True

[filter:cache]
use = egg:swift#memcache
...
memcache_servers = controller:11211

17. 对象存储(object 节点 192.168.0.205)

• 安装和配置 rsync

注：分区工具
apt-get install gparted
gparted

1. 安装：apt-get install xfsprogs rsync
   格式化盘：
   mkfs.xfs /dev/sda5
mkfs.xfs /dev/sda6
   创建 mount 目录：
   mkdir -p /srv/node/sda5
mkdir -p /srv/node/sda6
   配置/etc/fstab：
   gedit /etc/fstab

...
/dev/sda5 /srv/node/sda5 xfs noatime,nodiratime,nobarrier,logbufs=8 0 2
/dev/sda6 /srv/node/sda6 xfs noatime,nodiratime,nobarrier,logbufs=8 0 2

挂载：
mount /srv/node/sd5
mount /srv/node/sd6
创建/etc/rsyncd.conf：
gedit /etc/rsyncd.conf

uid = swift
gid = swift
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
address = 192.168.0.205

[account]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/account.lock

[container]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/container.lock

[object]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/object.lock

配置 /etc/default/rsync：
gedit /etc/default/rsync

RSYNC_ENABLE=true

开始：service rsync start

• 安装和配置 swift

1. 安装：apt-get install swift swift-account swift-container swift-object
2. 下载配置文件：
   curl -o /etc/swift/account-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/account-server.conf-sample?h=stable/mitaka
curl -o /etc/swift/container-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/container-server.conf-sample?h=stable/mitaka
curl -o /etc/swift/object-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/object-server.conf-sample?h=stable/mitaka
3. 配置 /etc/swift/account-server.conf
gedit /etc/swift/account-server.conf

[DEFAULT]
...
bind_ip = 192.168.0.205
bind_port = 6202
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True

[pipeline:main]
pipeline = healthcheck recon account-server

[filter:recon]
use = egg:swift#recon
...
recon_cache_path = /var/cache/swift

4. 配置 /etc/swift/container-server.conf
gedit /etc/swift/container-server.conf

[DEFAULT]
...
bind_ip = 192.168.0.205
bind_port = 6201
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True

[pipeline:main]
pipeline = healthcheck recon container-server

[filter:recon]
use = egg:swift#recon
...
recon_cache_path = /var/cache/swift

5. 配置/etc/swift/object-server.conf
gedit /etc/swift/object-server.conf

[DEFAULT]
...
bind_ip = 192.168.0.205
bind_port = 6200
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True

[pipeline:main]
pipeline = healthcheck recon object-server

[filter:recon]
use = egg:swift#recon
...
recon_cache_path = /var/cache/swift
recon_lock_path = /var/lock

6. 配置 mount目录权限：chown -R swift:swift /srv/node
7. 创建 recon 目录：
   mkdir -p /var/cache/swift
chown -R root:swift /var/cache/swift
chmod -R 775 /var/cache/swift