使用openstack搭建私有云
OpenStack 部署
一、环境准备
版本介绍
CentOS Linux release 7.6.1810 (Core)
内核版本:3.10.0-957.el7.x86_64
$ openstack versions show
+-------------+--------------+---------+-----------+------------------------------+------------------+------------------+
| Region Name | Service Type | Version | Status | Endpoint | Min Microversion | Max Microversion |
+-------------+--------------+---------+-----------+------------------------------+------------------+------------------+
| RegionOne | compute | 2.0 | SUPPORTED | http://controller:8774/v2/ | None | None |
| RegionOne | compute | 2.1 | CURRENT | http://controller:8774/v2.1/ | 2.1 | 2.65 |
| RegionOne | image | 2.0 | SUPPORTED | http://controller:9292/v2/ | None | None |
| RegionOne | image | 2.1 | SUPPORTED | http://controller:9292/v2/ | None | None |
| RegionOne | image | 2.2 | SUPPORTED | http://controller:9292/v2/ | None | None |
| RegionOne | image | 2.3 | SUPPORTED | http://controller:9292/v2/ | None | None |
| RegionOne | image | 2.4 | SUPPORTED | http://controller:9292/v2/ | None | None |
| RegionOne | image | 2.5 | SUPPORTED | http://controller:9292/v2/ | None | None |
| RegionOne | image | 2.6 | SUPPORTED | http://controller:9292/v2/ | None | None |
| RegionOne | image | 2.7 | CURRENT | http://controller:9292/v2/ | None | None |
| RegionOne | placement | 1.0 | CURRENT | http://controller:8778/ | 1.0 | 1.29 |
| RegionOne | network | 2.0 | CURRENT | http://controller:9696/v2.0/ | None | None |
| RegionOne | identity | 3.11 | CURRENT | http://controller:5000/v3/ | None | None |
+-------------+--------------+---------+-----------+------------------------------+------------------+------------------+
1、网络环境
主机 | IP |
---|---|
controller | 10.0.0.51 |
compute1 | 10.0.0.61 |
修改hosts文件
cat /etc/hosts
10.0.0.51 controller
10.0.0.61 compute1
关闭selinux、firewalld
cat env_set.sh
#!/bin/bashsystemctl stop firewalld
systemctl disable firewalldsetenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
yum install -y wget
配置阿里yum源
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
手动配置阿里源
[centotack-rocky]
name=openstack-rocky
baseurl=https://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-rocky/
enabled=1
gpgcheck=0[qume-kvm]
name=qemu-kvm
baseurl= https://mirrors.aliyun.com/centos/7/virt/x86_64/kvm-common/
enabled=1
gpgcheck=0
安装openstack客户端和openstack-selinux
yum install python-openstackclient openstack-selinux -y
2、同步时间
安装相关软件
yum install chrony vim net-tools lsof -y
#controller节点
allow 10.0.0.0/24
#其他节点
server 10.0.0.51 iburst
重启服务
systemctl enable chronyd.service
systemctl start chronyd.service
3、部署mariadb数据库
数据库节点
yum install mariadb mariadb-server python2-PyMySQL -y
修改数据库配置文件 /etc/my.cnf
bind-address = 10.0.0.51
default-storage-engine = innodb
innodb_file_per_table #innodb使用独立的表结构
max_connections = 4096 #最大的连接数
collation-server = utf8_general_ci #使用utf-8字符集
character-set-server = utf8
启动数据库
systemctl enable mariadb
systemctl start mariadb
数据库安全初始化
mysql_secure_installation#回车 n y y y y
4、消息队列RabbitMQ
安装rabbit
yum install rabbitmq-server
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
#添加openstack用户,设置密码
rabbitmqctl add_user openstack RABBIT_PASSCreating user "openstack" ...
#给openstack用户配置写和读权限
rabbitmqctl set_permissions openstack ".*" ".*" ".*"Setting permissions for user "openstack" in vhost "/" ...
Rabbitmq默认会开启25672和5672端口
验证:
# netstat -antplu|grep 5672
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 11226/beam.smp
tcp6 0 0 :::5672 :::* LISTEN 11226/beam.smp
开启插件,监控. 端口:15672
rabbitmq-plugins enable rabbitmq_management
# netstat -antplu|grep 5672
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 11226/beam.smp
tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 11226/beam.smp
tcp6 0 0 :::5672 :::* LISTEN 11226/beam.smp
5、配置memcached
yum install -y memcached python-memcached #默认监听需要修改sed -i 's/127.0.0.1/10.0.0.51/g' /etc/sysconfig/memcachedsystemctl restart memcached.service
验证:
# netstat -anpl|grep 11211
tcp 0 0 10.0.0.51:11211 0.0.0.0:* LISTEN 12152/memcached
6、openstack服务安装的通用步骤:
1.创库授权
2.在keystone创建用户,关联角色
3.在keystone上注册服务,注册api
4.安装服务相关的软件包
5.修改配置文件 数据库的连接信息 rabbitmq的连接信息 keystone认证授权信息
6.同步数据库,创建表
7.启动服务
二、keystone服务的安装
1、创库授权
create DATABASE keystone;
GRANT ALL PRIVILEGES on keystone.* to 'keystone'@'localhost' identified by 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
2、安装keystone相关软件包
yum install -y openstack-keystone httpd mod_wsgi
修改配置文件
cp /etc/keystone/keystone.conf{,.back}
grep -Ev '^$|^#' /etc/keystone/keystone.conf.back > /etc/keystone/keystone.conf
cat /etc/keystone/keystone.conf
[DEFAULT]
admin_token = ADMIN_TOKENconnection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone[token]
provider = fernet#同步数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone#初始化fernet
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
#验证
ll /etc/keystone
3、配置httpd
echo "ServerName controller" >>/etc/httpd/conf/httpd.conf
cat /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357<VirtualHost *:5000>WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}WSGIProcessGroup keystone-publicWSGIScriptAlias / /usr/bin/keystone-wsgi-publicWSGIApplicationGroup %{GLOBAL}WSGIPassAuthorization OnErrorLogFormat "%{cu}t %M"ErrorLog /var/log/httpd/keystone-error.logCustomLog /var/log/httpd/keystone-access.log combined<Directory /usr/bin>Require all granted</Directory>
</VirtualHost><VirtualHost *:35357>WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}WSGIProcessGroup keystone-adminWSGIScriptAlias / /usr/bin/keystone-wsgi-adminWSGIApplicationGroup %{GLOBAL}WSGIPassAuthorization OnErrorLogFormat "%{cu}t %M"ErrorLog /var/log/httpd/keystone-error.logCustomLog /var/log/httpd/keystone-access.log combined<Directory /usr/bin>Require all granted</Directory>
</VirtualHost>
重启
systemctl enable httpd.service
systemctl restart httpd.service
4、创建服务和注册api:
#配置认证令牌:
export OS_TOKEN=ADMIN_TOKEN
#配置端点URL:
export OS_URL=http://controller:35357/v3
#配置认证 API 版本:
export OS_IDENTITY_API_VERSION=3openstack service create \--name keystone --description "OpenStack Identity" identityopenstack endpoint create --region RegionOne \identity public http://controller:5000/v3openstack endpoint create --region RegionOne \identity internal http://controller:5000/v3openstack endpoint create --region RegionOne \identity admin http://controller:35357/v3
创建域、项目、用户、角色
openstack domain create --description "Default Domain" defaultopenstack project create --domain default \--description "Admin Project" adminopenstack user create --domain default \--password ADMIN_PASS adminopenstack role create adminopenstack role add --project admin --user admin adminopenstack project create --domain default \--description "Service Project" service
退出bash
给定初始变量
# cat admin-openrc
export OS_AUTH_URL=http://controller:35357/v3
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_IMAGE_API_VERSION=2
export OS_IDENTITY_API_VERSION=3
export OS_PASSWORD=ADMIN_PASS
source admin-openrcecho 'source admin-openrc' >> /etc/bashrc
验证:
openstack token issue
openstack user list
openstack service list
openstack endpoint list
三、镜像服务 glance
1、创库授权
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \IDENTIFIED BY 'GLANCE_DBPASS';
2、在keystone创建用户,关联角色
openstack user create --domain default --password GLANCE_PASS glance
openstack role add --project service --user glance admin
3、在keystone上注册服务,注册api
openstack endpoint create --region RegionOne \image public http://controller:9292
openstack endpoint create --region RegionOne \image internal http://controller:9292
openstack endpoint create --region RegionOne \image admin http://controller:9292
4、安装服务相关的软件包
yum install openstack-glance -y
5、修改配置文件
cp /etc/glance/glance-api.conf{,.back}
grep -Ev '^$|#' /etc/glance/glance-api.conf.back > /etc/glance/glance-api.confcp /etc/glance/glance-registry.conf{,.back}
grep -Ev '^$|#' /etc/glance/glance-registry.conf.back >/etc/glance/glance-registry.conf# cat /etc/glance/glance-api.conf
[DEFAULT]
[cors]
[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[image_format]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS
[matchmaker_redis]
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
flavor = keystone
[profiler]
[store_type_location_strategy]
[task]
[taskflow_executor]# cat /etc/glance/glance-registry.conf
[DEFAULT]
[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS
[matchmaker_redis]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_policy]
[paste_deploy]
flavor = keystone
[profiler]
6、同步数据库,创建表
# su -s /bin/sh -c "glance-manage db_sync" glance
启动镜像服务、配置他们随机启动:
systemctl enable openstack-glance-api.service \openstack-glance-registry.servicesystemctl start openstack-glance-api.service \openstack-glance-registry.service
四、nova的安装
1、创库授权
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \IDENTIFIED BY 'NOVA_DBPASS';
2、在keystone创建用户,关联角色
openstack user create --domain default --password NOVA_PASS nova
openstack role add --project service --user nova adminopenstack user create --domain default --password PLACEMENT_PASS placement
openstack role add --project service --user placement admin
3、在keystone上注册服务,注册api
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1/%\(tenant_id\)s
#解决版本兼容
openstack service create --name placement --description "Placement API" placementopenstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778
4、安装服务相关的软件包
yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler -y
5、修改配置文件
# cat /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 10.0.0.51
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
transport_url = rabbit://openstack:RABBIT_PASS@controller
[api]
[api_database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
[barbican]
[cache]
[cells]
[cinder]
[compute]
[conductor]
[console]
[consoleauth]
[cors]
[database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova
[devices]
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
api_servers = http://controller:9292
[guestfs]
[healthcheck]
[hyperv]
[ironic]
[key_manager]
[keystone]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS
[libvirt]
virt_type = qemu
cpu_mode = none
[matchmaker_redis]
[metrics]
[mks]
[neutron]
[notifications]
[osapi_v21]
[oslo_concurrency][oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[pci]
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = PLACEMENT_PASS
[placement_database]
[powervm]
[profiler]
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[upgrade_levels]
[vault]
[vendordata_dynamic_auth]
[vmware]
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[workarounds]
[wsgi]
[xenserver]
[xvp]
[zvm]tail /etc/httpd/conf.d/00-nova-placement-api.conf
<Directory /usr/bin><IfVersion >= 2.4>Require all granted</IfVersion><IfVersion < 2.4>Order allow,denyAllow from all</IfVersion>
</Directory>
重启httpd service
systemctl restart httpd
6、同步数据库,创建表
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
#验证
nova-manage cell_v2 list_cells
7、启动服务
systemctl enable openstack-nova-api.service \openstack-nova-consoleauth.service openstack-nova-scheduler.service \openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service \openstack-nova-consoleauth.service openstack-nova-scheduler.service \openstack-nova-conductor.service openstack-nova-novncproxy.service
四(2)、计算节点
1、软件安装
yum install openstack-nova-compute
配置文件
# cat /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:RABBIT_PASS@controller
my_ip = 10.0.0.61
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[api_database]
[barbican]
[cache]
[cells]
[cinder]
[compute]
[conductor]
[console]
[consoleauth]
[cors]
[database]
[devices]
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
api_servers = http://controller:9292
[guestfs]
[healthcheck]
[hyperv]
[ironic]
[key_manager]
[keystone]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS
[libvirt]
virt_type = qemu
cpu_mode = none
[matchmaker_redis]
[metrics]
[mks]
[neutron]
[notifications]
[osapi_v21]
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[pci]
[placement]
[placement_database]
[powervm]
[profiler]
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[upgrade_levels]
[vault]
[vendordata_dynamic_auth]
[vmware]
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[workarounds]
[wsgi]
[xenserver]
[xvp]
[zvm]
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = PLACEMENT_PASS
openstack hypervisor list
su -s /bin/sh -c “nova-manage cell_v2 discover_hosts --verbose” nova
启动服务
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
五、neutron网络服务
控制节点
1.创库授权
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \IDENTIFIED BY 'NEUTRON_DBPASS';
2.在keystone创建用户,关联角色
openstack user create --domain default --password NEUTRON_PASS neutron
openstack role add --project service --user neutron admin
3.在keystone上注册服务,注册api
openstack service create --name neutron \--description "OpenStack Networking" networkopenstack endpoint create --region RegionOne \network public http://controller:9696
openstack endpoint create --region RegionOne \network internal http://controller:9696
openstack endpoint create --region RegionOne \network admin http://controller:9696
4.安装服务相关的软件包
yum install openstack-neutron openstack-neutron-ml2 \openstack-neutron-linuxbridge ebtables -y
5.修改配置文件
cp /etc/neutron/neutron.conf{,.back}
grep -Ev '^$|#' /etc/neutron/neutron.conf.back > /etc/neutron/neutron.confcp /etc/neutron/dhcp_agent.ini{,.back}
grep -Ev '^$|#' /etc/neutron/dhcp_agent.ini.back > /etc/neutron/dhcp_agent.inicp /etc/neutron/metadata_agent.ini{,.back}
grep -Ev '^$|#' /etc/neutron/metadata_agent.ini.back > /etc/neutron/metadata_agent.inicp /etc/neutron/plugins/ml2/ml2_conf.ini{,.back}
grep -Ev '^$|#' /etc/neutron/plugins/ml2/ml2_conf.ini.back > /etc/neutron/plugins/ml2/ml2_conf.inicp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.back}
grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.back > /etc/neutron/plugins/ml2/linuxbridge_agent.ini#编辑/etc/nova/nova.conf
[neutron]
...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASSservice_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET
6.同步数据库,创建表
#网络服务初始化脚本
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.inisu -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
7.启动服务
systemctl restart openstack-nova-api.servicesystemctl enable neutron-server.service \neutron-linuxbridge-agent.service neutron-dhcp-agent.service \neutron-metadata-agent.service
systemctl start neutron-server.service \neutron-linuxbridge-agent.service neutron-dhcp-agent.service \neutron-metadata-agent.service
计算节点
安装
yum install openstack-neutron-linuxbridge ebtables ipset -y
修改配置文件
cp /etc/neutron/neutron.conf{,.back}
grep -Ev '^$|#' /etc/neutron/neutron.conf.back > /etc/neutron/neutron.confcp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.back}
grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.back > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
启动服务
systemctl restart openstack-nova-compute.servicesystemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
六、Dashboard
安装
yum install openstack-dashboard -y
配置文件
egrep -v '^$|#' /etc/openstack-dashboard/local_settings
import os
from django.utils.translation import ugettext_lazy as _
from openstack_dashboard import exceptions
from openstack_dashboard.settings import HORIZON_CONFIG
DEBUG = False
TEMPLATE_DEBUG = DEBUG
WEBROOT = '/dashboard/'
ALLOWED_HOSTS = ['*', ]
OPENSTACK_API_VERSIONS = {"identity": 3,"image": 2,"volume": 2,"compute": 2,
}
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'default'
LOCAL_PATH = '/tmp'
SECRET_KEY='65941f1393ea1c265ad7'
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {'default': {'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache','LOCATION': 'controller:11211',},
}
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
OPENSTACK_HOST = "controller"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_KEYSTONE_BACKEND = {'name': 'native','can_edit_user': True,'can_edit_group': True,'can_edit_project': True,'can_edit_domain': True,'can_edit_role': True,
}
OPENSTACK_HYPERVISOR_FEATURES = {'can_set_mount_point': False,'can_set_password': False,'requires_keypair': False,
}
OPENSTACK_CINDER_FEATURES = {'enable_backup': False,
}
OPENSTACK_NEUTRON_NETWORK = {'enable_router': False,'enable_quotas': False,'enable_ipv6': False,'enable_distributed_router': False,'enable_ha_router': False,'enable_lb': False,'enable_firewall': False,'enable_vpn': False,'enable_fip_topology_check': False,'default_ipv4_subnet_pool_label': None,'default_ipv6_subnet_pool_label': None,'profile_support': None,'supported_provider_types': ['*'],'supported_vnic_types': ['*'],
}
OPENSTACK_HEAT_STACK = {'enable_user_pass': True,
}
IMAGE_CUSTOM_PROPERTY_TITLES = {"architecture": _("Architecture"),"kernel_id": _("Kernel ID"),"ramdisk_id": _("Ramdisk ID"),"image_state": _("Euca2ools state"),"project_id": _("Project ID"),"image_type": _("Image Type"),
}
IMAGE_RESERVED_CUSTOM_PROPERTIES = []
API_RESULT_LIMIT = 1000
API_RESULT_PAGE_SIZE = 20
SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024
DROPDOWN_MAX_ITEMS = 30
TIME_ZONE = "Asia/Shanghai"
POLICY_FILES_PATH = '/etc/openstack-dashboard'
LOGGING = {'version': 1,'disable_existing_loggers': False,'handlers': {'null': {'level': 'DEBUG','class': 'logging.NullHandler',},'console': {'level': 'INFO','class': 'logging.StreamHandler',},},'loggers': {'django.db.backends': {'handlers': ['null'],'propagate': False,},'requests': {'handlers': ['null'],'propagate': False,},'horizon': {'handlers': ['console'],'level': 'DEBUG','propagate': False,},'openstack_dashboard': {'handlers': ['console'],'level': 'DEBUG','propagate': False,},'novaclient': {'handlers': ['console'],'level': 'DEBUG','propagate': False,},'cinderclient': {'handlers': ['console'],'level': 'DEBUG','propagate': False,},'keystoneclient': {'handlers': ['console'],'level': 'DEBUG','propagate': False,},'glanceclient': {'handlers': ['console'],'level': 'DEBUG','propagate': False,},'neutronclient': {'handlers': ['console'],'level': 'DEBUG','propagate': False,},'heatclient': {'handlers': ['console'],'level': 'DEBUG','propagate': False,},'ceilometerclient': {'handlers': ['console'],'level': 'DEBUG','propagate': False,},'swiftclient': {'handlers': ['console'],'level': 'DEBUG','propagate': False,},'openstack_auth': {'handlers': ['console'],'level': 'DEBUG','propagate': False,},'nose.plugins.manager': {'handlers': ['console'],'level': 'DEBUG','propagate': False,},'django': {'handlers': ['console'],'level': 'DEBUG','propagate': False,},'iso8601': {'handlers': ['null'],'propagate': False,},'scss': {'handlers': ['null'],'propagate': False,},},
}
SECURITY_GROUP_RULES = {'all_tcp': {'name': _('All TCP'),'ip_protocol': 'tcp','from_port': '1','to_port': '65535',},'all_udp': {'name': _('All UDP'),'ip_protocol': 'udp','from_port': '1','to_port': '65535',},'all_icmp': {'name': _('All ICMP'),'ip_protocol': 'icmp','from_port': '-1','to_port': '-1',},'ssh': {'name': 'SSH','ip_protocol': 'tcp','from_port': '22','to_port': '22',},'smtp': {'name': 'SMTP','ip_protocol': 'tcp','from_port': '25','to_port': '25',},'dns': {'name': 'DNS','ip_protocol': 'tcp','from_port': '53','to_port': '53',},'http': {'name': 'HTTP','ip_protocol': 'tcp','from_port': '80','to_port': '80',},'pop3': {'name': 'POP3','ip_protocol': 'tcp','from_port': '110','to_port': '110',},'imap': {'name': 'IMAP','ip_protocol': 'tcp','from_port': '143','to_port': '143',},'ldap': {'name': 'LDAP','ip_protocol': 'tcp','from_port': '389','to_port': '389',},'https': {'name': 'HTTPS','ip_protocol': 'tcp','from_port': '443','to_port': '443',},'smtps': {'name': 'SMTPS','ip_protocol': 'tcp','from_port': '465','to_port': '465',},'imaps': {'name': 'IMAPS','ip_protocol': 'tcp','from_port': '993','to_port': '993',},'pop3s': {'name': 'POP3S','ip_protocol': 'tcp','from_port': '995','to_port': '995',},'ms_sql': {'name': 'MS SQL','ip_protocol': 'tcp','from_port': '1433','to_port': '1433',},'mysql': {'name': 'MYSQL','ip_protocol': 'tcp','from_port': '3306','to_port': '3306',},'rdp': {'name': 'RDP','ip_protocol': 'tcp','from_port': '3389','to_port': '3389',},
}
REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES','LAUNCH_INSTANCE_DEFAULTS']
# ll /etc/openstack-dashboard/local_settings
-rw-r-----. 1 root apache 26505 Apr 28 21:56 /etc/openstack-dashboard/local_settings
对域的修改
vim /etc/httpd/conf.d/openstack-dashboard.confWSGIApplicationGroup %{GLOBAL}systemctl restart httpd
七、创建一个实例
1、创建网路
neutron net-create --shared --provider:physical_network provider \--provider:network_type flat ouzhenetneutron subnet-create --name ouzhe1 \--allocation-pool start=10.0.0.101,end=10.0.0.200 \--dns-nameserver 114.114.114.114 --gateway 10.0.0.2 \ouzhenet 10.0.0.0/24
2、创建m1.nano规格的主机
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
3、生成和添加秘钥对
ssh-keygen -q -N "" -f ~/.ssh/id_rsa
openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
4、增加安全组规则
openstack security group rule create --proto icmp default
openstack security group rule create --proto tcp --dst-port 22 default
5、创建主机
neutron net-list
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+--------------------------------------+----------+----------------------------------+--------------------------------------------------+
| id | name | tenant_id | subnets |
+--------------------------------------+----------+----------------------------------+--------------------------------------------------+
| cae26611-d5d1-4465-a352-c35a014e6f08 | ouzhenet | fd444319c4874e908d66d1c91e07c42d | 29281230-6848-4397-bfec-241c5e8c9e65 10.0.0.0/24 |
+--------------------------------------+----------+----------------------------------+--------------------------------------------------+openstack server create --flavor m1.nano --image cirros \--nic net-id=cae26611-d5d1-4465-a352-c35a014e6f08 --security-group default \--key-name mykey ouzhe001
验证创建的虚拟机
验证是否有IP地址,能否上外网
搭建时的一些下错误
Host ‘compute1’ is not mapped to any cell
解决方案
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
参考文档:
https://docs.openstack.org/mitaka/install-guide-rdo/
https://blog.51cto.com/egon09/1845226
使用openstack搭建私有云相关推荐
- OpenStack搭建私有云一:认证服务
实验环境部署 主机名 IP 备注 controllre 192.168.80.184 控制节点 compute01 192.168.80.185 计算节点 注:计算节点可有多个 控制节点和计算节点 ...
- nextcloud网站不安全_教你搭建私有云盘,简单快速,完全傻瓜式!不限速,永久有效!...
免费的云盘服务有很多,但是总感觉把重要文件存在上面不安全,动不动就跑路或者限速. 辛辛苦苦收集的学习资料,一夜直接可能就会付诸东流. 最稳妥的方式是存放在本地硬盘中,但是要进行共享或者不同设备之间进行 ...
- 百度云盘云知梦php_教你搭建私有云盘,简单快速,完全傻瓜式!不限速,永久有效!...
免费的云盘服务有很多,但是总感觉把重要文件存在上面不安全,动不动就跑路或者限速. 辛辛苦苦收集的学习资料,一夜直接可能就会付诸东流. 最稳妥的方式是存放在本地硬盘中,但是要进行共享或者不同设备之间进行 ...
- linux 可道云_如何搭建私有云
最近有个Team共享文档的需求.包括大文件,有个access文件超过500m.开始用百度网盘,发现只能分享,不能共享.试了几个其它网盘,广告超级多,但是都没有共享这个功能. 基于此,找了几个私有云程序 ...
- 本地搭建私有云盘:虚拟机安装群晖NAS 1/5
系列文章 本地搭建私有云盘:虚拟机安装群晖NAS 1/5 本地搭建私有云盘:安装Synology Assistant 2/5 本地搭建私有云盘:群晖系统存储空间设置 3/5 本地搭建私有云盘设定:设置 ...
- 搭建私有云:owncloud(用Docker构建owncloud私有云盘)
网上各种云盘都要收费,又或有速度限制,感觉用起来不方便,想抽时间想搭建一个私有云盘.下面讲解下搭建私有云:owncloud. 搭建私有云:owncloud(用Docker构建owncloud私有云盘) ...
- 华为私有云的搭建方案_如何搭建私有云
最近有个Team共享文档的需求.包括大文件,有个access文件超过500m.开始用百度网盘,发现只能分享,不能共享.试了几个其它网盘,广告超级多,但是都没有共享这个功能. 基于此,找了几个私有云程序 ...
- php owncloud_技术|搭建私有云:OwnCloud
所有人都在讨论云.尽管市面上有很多为我们提供云存储和其他云服务的主要服务商,但是我们还是可以为自己搭建一个私有云. 在本教程中,我们将讨论如何利用 OwnCloud 搭建私有云.OwnCloud 是一 ...
- 华为私有云的搭建方案_Kali linux 搭建私有云
Kali linux搭建私有云 1:安装Apache apt-get install apache2 2:安装PHP apt-get install php7.0 3:安装PHP模块 apt-get ...
最新文章
- eval解析JSON中的注意点
- ZTE EPON新添加终端设备数据配置
- vue中使用elmentUI的Upload组件提交文件和后台接收
- mqtt客户端_初次接触MQTT
- ITK:处理3D图像的2D切片
- php 发邮件 500错误,使用PHP发送邮件出现这个错误:The following From address failed:xxxx@163.com...
- React Native官方DEMO
- SharePoint 2013网站管理-网站策略(关闭和删除策略)
- python 函数嵌套 报错_《Python》 函数嵌套、闭包和迭代器
- 蒙特卡洛粒子滤波定位算法_基于粒子滤波的TBD算法仿真—MATLAB仿真
- 数据挖掘:模型选择——XGBoost与LightBGM
- Nodejs解压版安装
- oracle bitmap btree 索引,oracle之bitmap索引
- Mac 没有声音怎么恢复
- 每周阅读精选(2013-02-18)
- 闲鱼直播flutter化实践
- 边云协同的优点_关于边缘计算和边云协同,看这一篇就够了
- ECCV 2022放榜了!1629篇论文中选,录用率不到20%...
- CSS-Sprite(雪碧图)
- linux fastq.gz文件如何解压,科学网—批量gzip,ungzip快速压缩和解压fastq文件 - 陈明杰的博文...
热门文章
- metabase table 类型entity_type 识别
- 减字 浣溪沙-听歌有感 (清)况周颐
- 音频信号耦合为何要用极性电容?如何选型?
- Docker安装及镜像配置(常用命令介绍)
- OSG场景漫游(一)
- Unity 3D 中的专业“术语表”。
- bravado哺乳内衣适合试穿体验,分享给需要买哺乳内衣的妈妈们。
- webrtc学习笔记二:webrtc介绍
- Caused by: java.lang.IllegalArgumentException: Could not resolve placeholder
- 金海佳学C++primer 练习9.20