六、配置 Dashboard 仪表盘服务(ControllerNode)
1.配置Dashboard
#apt-yinstallopenstack-dashboard
#vim/etc/openstack-dashboard/local_settings.py
OPENSTACK_HOST="192.168.30.145"##配置仪表盘以使用OpenStack服务
ALLOWED_HOSTS=['*']##允许所有主机访问仪表板
##配置memcached会话存储服务
SESSION_ENGINE='django.contrib.sessions.backends.cache'
CACHES={
'default':{
'BACKEND':'django.core.cache.backends.memcached.MemcachedCache','LOCATION':'192.168.30.145:11211',}
}
OPENSTACK_KEYSTONE_URL="http://%s:5000/v3"%OPENSTACK_HOST##启用第3版认证API
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT=True##启用对域的支持
OPENSTACK_API_VERSIONS={
"identity":3,"image":2,"volume":2,}##配置API版本
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN="default"##通过仪表盘创建用户时的默认域配置
OPENSTACK_KEYSTONE_DEFAULT_ROLE="user"##通过仪表盘创建的用户默认角色配置
TIME_ZONE="Asia/Chongqing"##配置时区
#cat/etc/openstack-dashboard/local_settings.py|grep-v"#"|grep-v^$
2.更改dashboard 密钥文件权限
#chownwww-data:www-data/var/lib/openstack-dashboard/secret_key #serviceapache2reload##重新加载web服务器配置
3.验证仪表盘服务
浏览器输入 http://controller/horizon 访问仪表盘。
使用 admin 或者 demo 用户凭证和 default 域凭证验证。
身份管理-项目
身份管理-用户
七、启动一个实例
1.创建公共网络
a.获取 admin 权限
#.admin-openrc
b.创建网络
#openstacknetworkcreate--share\\ --provider-physical-networkprovider\\ --provider-network-typeflatprovider +---------------------------+--------------------------------------+ |Field|Value| +---------------------------+--------------------------------------+ |admin_state_up|UP| |availability_zone_hints|| |availability_zones|| |created_at|2017-03-29T11:59:09Z| |description|| |dns_domain|None| |id|ff30780d-45af-45dc-860f-59b1c091c2a2| |ipv4_address_scope|None| |ipv6_address_scope|None| |is_default|None| |mtu|1500| |name|provider| |port_security_enabled|True| |project_id|2461396f6a344c21a2360a612d4f6abe| |provider:network_type|flat| |provider:physical_network|provider| |provider:segmentation_id|None| |qos_policy_id|None| |revision_number|3| |router:external|Internal| |segments|None| |shared|True| |status|ACTIVE| |subnets|| |updated_at|2017-03-29T11:59:10Z| +---------------------------+--------------------------------------+
--shared:允许所有项目使用虚拟网络
--provider:管理员创建的直接和物理网络映射的网络
--provider-physical-network (物理网络的逻辑名称)
--provider-network-type (网络类型,包括 vxlan,gre,vlan,flat,local)
c.配置 Modular Layer 2 (ML2) 插件
#vim/etc/neutron/plugins/ml2/ml2_conf.ini [ml2_type_flat] flat_networks=provider
d.配置Linuxbridge代理
#vim/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings=provider:ens33
2.在网络上创建一个子网
#openstacksubnetcreate--networkprovider\\ --allocation-poolstart=192.168.200.100,end=192.168.200.200\\ --dns-nameserver114.114.114.114--gateway192.168.200.1\\ --subnet-range192.168.200.0/24provider +-------------------+--------------------------------------+ |Field|Value| +-------------------+--------------------------------------+ |allocation_pools|192.168.200.100-192.168.200.200| |cidr|192.168.200.0/24| |created_at|2017-03-29T12:04:57Z| |description|| |dns_nameservers|114.114.114.114| |enable_dhcp|True| |gateway_ip|192.168.200.1| |host_routes|| |id|4a1899dc-581c-4ada-8ebd-ad632f0ce1ee| |ip_version|4| |ipv6_address_mode|None| |ipv6_ra_mode|None| |name|provider| |network_id|ff30780d-45af-45dc-860f-59b1c091c2a2| |project_id|2461396f6a344c21a2360a612d4f6abe| |revision_number|2| |segment_id|None| |service_types|| |subnetpool_id|None| |updated_at|2017-03-29T12:04:58Z| +-------------------+--------------------------------------+
3.创建私有网络
a.获取 demo 权限
#.demo-openrc
b.创建网络
#openstacknetworkcreateselfservice +---------------------------+--------------------------------------+ |Field|Value| +---------------------------+--------------------------------------+ |admin_state_up|UP| |availability_zone_hints|| |availability_zones|| |created_at|2017-03-29T12:09:05Z| |description|| |dns_domain|None| |id|afd4f998-901d-42ca-a002-b25f9b4c9e4e| |ipv4_address_scope|None| |ipv6_address_scope|None| |is_default|None| |mtu|1450| |name|selfservice| |port_security_enabled|True| |project_id|2ef20ce389eb499696f2d7497c6009b0| |provider:network_type|None| |provider:physical_network|None| |provider:segmentation_id|None| |qos_policy_id|None| |revision_number|3| |router:external|Internal| |segments|None| |shared|False| |status|ACTIVE| |subnets|| |updated_at|2017-03-29T12:09:05Z| +---------------------------+--------------------------------------+
c.配置 Modular Layer 2 (ML2) 插件
#vim/etc/neutron/plugins/ml2/ml2_conf.ini [ml2] tenant_network_types=vxlan [ml2_type_vxlan] vni_ranges=1:1000
4.在网络上创建一个子网
#openstacksubnetcreate--networkselfservice\\ --dns-nameserver114.114.114.114--gateway172.16.1.1\\ --subnet-range172.16.1.0/24selfservice +-------------------+--------------------------------------+ |Field|Value| +-------------------+--------------------------------------+ |allocation_pools|172.16.1.2-172.16.1.254| |cidr|172.16.1.0/24| |created_at|2017-03-29T12:12:39Z| |description|| |dns_nameservers|114.114.114.114| |enable_dhcp|True| |gateway_ip|172.16.1.1| |host_routes|| |id|1420f8c3-fa03-4ab3-9329-4455a52f357c| |ip_version|4| |ipv6_address_mode|None| |ipv6_ra_mode|None| |name|selfservice| |network_id|afd4f998-901d-42ca-a002-b25f9b4c9e4e| |project_id|2ef20ce389eb499696f2d7497c6009b0| |revision_number|2| |segment_id|None| |service_types|| |subnetpool_id|None| |updated_at|2017-03-29T12:12:39Z| +-------------------+--------------------------------------+
5.创建路由
私有网络通过虚拟路由来连接到公有网络,以双向NAT最为典型。
每个路由包含至少一个连接到私有网络的接口及一个连接到公有网络的网关的接口。
b.添加 router:external 到 provider 网络
公有提供网络必须包括 router: external 选项,用来使路由连接到外部网络
#neutronnet-updateprovider--router:external Updatednetwork:provider
c.获取 demo 权限
#.demo-openrc
d.创建路由
#openstackroutercreaterouter +-------------------------+--------------------------------------+ |Field|Value| +-------------------------+--------------------------------------+ |admin_state_up|UP| |availability_zone_hints|| |availability_zones|| |created_at|2017-03-29T12:17:13Z| |description|| |distributed|False| |external_gateway_info|None| |flavor_id|None| |ha|False| |id|4f42ae28-fcf1-4f72-9341-e6d8f7caaa90| |name|router| |project_id|2ef20ce389eb499696f2d7497c6009b0| |revision_number|None| |routes|| |status|ACTIVE| |updated_at|2017-03-29T12:17:13Z| +-------------------------+--------------------------------------+
#neutronrouter-interface-addrouterselfservice Addedinterface9f67d7fa-520b-48b4-913f-e3d6ad944e34torouterrouter.
f.给路由器设置公有网络的网关
#neutronrouter-gateway-setrouterprovider Setgatewayforrouterrouter
6.验证操作
b.列出网络命名空间
#ipnetns qrouter-4f42ae28-fcf1-4f72-9341-e6d8f7caaa90(id:2) qdhcp-afd4f998-901d-42ca-a002-b25f9b4c9e4e(id:1) qdhcp-ff30780d-45af-45dc-860f-59b1c091c2a2(id:0)
c.列出路由器上的端口来确定公网网关的 IP 地址
#neutronrouter-port-listrouter
+----------------+------+-----------+-------------+------------------+
|id|name|tenant_id|mac_address|fixed_ips|
+----------------+------+-----------+-------------+------------------+
|9448a1a4-5a62-|||fa:16:3e:9d|{"subnet_id":|
|4c82-9b86-cd58|||:df:d5|"4a1899dc-581c-|
|24711913||||4ada-8ebd-|
|||||ad632f0ce1ee",|
|||||"ip_address":"1|
|||||92.168.200.103"}|
|9f67d7fa-520b-||2ef20ce38|fa:16:3e:f7|{"subnet_id":"1|
|48b4-913f-||9eb499696|:5b:6a|420f8c3-fa03-4ab|
|e3d6ad944e34||f2d7497c6||3-9329-4455a52f3|
|||009b0||57c",|
|||||"ip_address":|
|||||"172.16.1.1"}|
+----------------+------+-----------+-------------+------------------+
d.从控制节点或任意公共物理网络上的节点Ping这个IP地址
#ping-c4192.168.200.103 PING192.168.200.103(192.168.200.103)56(84)bytesofdata. 64bytesfrom192.168.200.103:icmp_seq=1ttl=128time=25.2ms 64bytesfrom192.168.200.103:icmp_seq=2ttl=128time=2.79ms 64bytesfrom192.168.200.103:icmp_seq=3ttl=128time=2.73ms 64bytesfrom192.168.200.103:icmp_seq=4ttl=128time=2.46ms ---192.168.200.103pingstatistics--- 4packetstransmitted,4received,0%packetloss,time3004ms rttmin/avg/max/mdev=2.464/8.309/25.245/9.778ms
7.创建m1.nano规格的主机
#openstackflavorcreate--id0--vcpus1--ram64--disk1m1.nano +----------------------------+---------+ |Field|Value| +----------------------------+---------+ |OS-FLV-disABLED:disabled|False| |OS-FLV-EXT-DATA:ephemeral|0| |disk|1| |id|0| |name|m1.nano| |os-flavor-access:is_public|True| |properties|| |ram|64| |rxtx_factor|1.0| |swap|| |vcpus|1| +----------------------------+---------+
a.导入租户 demo 的凭证:
#.demo-openrc
#ssh-keygen-q-N"" Enterfileinwhichtosavethekey(/root/.ssh/id_rsa): #openstackkeypaircreate--public-key~/.ssh/id_rsa.pubmykey +-------------+-------------------------------------------------+ |Field|Value| +-------------+-------------------------------------------------+ |fingerprint|70:6a:75:32:4e:42:ba:2b:fb:eb:20:af:75:b1:db:61| |name|mykey| |user_id|7cfc508fd5d44b468aac218bd4029bae| +-------------+-------------------------------------------------+
c.验证公钥的添加:
#openstackkeypairlist +-------+-------------------------------------------------+ |Name|Fingerprint| +-------+-------------------------------------------------+ |mykey|70:6a:75:32:4e:42:ba:2b:fb:eb:20:af:75:b1:db:61| +-------+-------------------------------------------------+
9.增加安全组规则
默认下,default安全组适用于所有实例并且包括拒绝远程访问实例的防火墙规则。
添加规则到 default 安全组:
允许 ICMP (ping):
#openstacksecuritygrouprulecreate--protoicmpdefault +-------------------+--------------------------------------+ |Field|Value| +-------------------+--------------------------------------+ |created_at|2017-03-29T12:40:47Z| |description|| |direction|ingress| |ether_type|IPv4| |id|0c62d604-a68f-40cd-821d-90259f75f536| |name|None| |port_range_max|None| |port_range_min|None| |project_id|2ef20ce389eb499696f2d7497c6009b0| |protocol|icmp| |remote_group_id|None| |remote_ip_prefix|0.0.0.0/0| |revision_number|1| |security_group_id|74f50594-4ce0-4c29-a987-d33d4d6a5db9| |updated_at|2017-03-29T12:40:47Z| +-------------------+--------------------------------------+
允许安全 shell (SSH) 的访问:
#openstacksecuritygrouprulecreate--prototcp--dst-port22default +-------------------+--------------------------------------+ |Field|Value| +-------------------+--------------------------------------+ |created_at|2017-03-29T12:41:48Z| |description|| |direction|ingress| |ether_type|IPv4| |id|42f92c1f-abd7-4321-ac03-75eeb91152f9| |name|None| |port_range_max|22| |port_range_min|22| |project_id|2ef20ce389eb499696f2d7497c6009b0| |protocol|tcp| |remote_group_id|None| |remote_ip_prefix|0.0.0.0/0| |revision_number|1| |security_group_id|74f50594-4ce0-4c29-a987-d33d4d6a5db9| |updated_at|2017-03-29T12:41:48Z| +-------------------+--------------------------------------+
10.创建实例
a.获取 demo 权限
#.demo-openrc
b.一个实例指定了虚拟机资源的大致分配,包括处理器、内存和存储。
列出可用类型:
#openstackflavorlist +----+---------+-----+------+-----------+-------+-----------+ |ID|Name|RAM|disk|Ephemeral|Vcpus|IsPublic| +----+---------+-----+------+-----------+-------+-----------+ |0|m1.nano|64|1|0|1|True| +----+---------+-----+------+-----------+-------+-----------+
c.列出可用镜像:
#openstackimagelist +--------------------------------------+--------+--------+ |ID|Name|Status| +--------------------------------------+--------+--------+ |4b6ebd57-80ab-4b79-8ecc-53a026f3e898|cirros|active| +--------------------------------------+--------+--------+
d.列出可用网络
#openstacknetworklist +---------------------+-------------+---------------------+ |ID|Name|subnets| +---------------------+-------------+---------------------+ |afd4f998-901d-42ca-|selfservice|1420f8c3-fa03-4ab3-| |a002-b25f9b4c9e4e||9329-4455a52f357c| |ff30780d-45af-45dc-|provider|4a1899dc-581c-4ada-| |860f-59b1c091c2a2||8ebd-ad632f0ce1ee| +---------------------+-------------+---------------------+
e.列出可用的安全组
#openstacksecuritygrouplist +---------------------+---------+------------------------+---------+ |ID|Name|Description|Project| +---------------------+---------+------------------------+---------+ |74f50594-4ce0-4c29-|default|Defaultsecuritygroup|| |a987-d33d4d6a5db9|||| |aa0b59f9-abbc-4a8d-|default|Defaultsecuritygroup|| |a16c-b8f9898cb965|||| +---------------------+---------+------------------------+---------+
11.在公有网络上创建实例
b.启动实例
#openstackservercreate--flavorm1.nano--imagecirros\\ --nicnet-id=ff30780d-45af-45dc-860f-59b1c091c2a2\\ --security-groupdefault--key-namemykeyprovider-instance +-----------------------------+---------------------------------------+ |Field|Value| +-----------------------------+---------------------------------------+ |OS-DCF:diskConfig|MANUAL| |OS-EXT-AZ:availability_zone|| |OS-EXT-STS:power_state|NOSTATE| |OS-EXT-STS:task_state|scheduling| |OS-EXT-STS:vm_state|building| |OS-SRV-USG:launched_at|None| |OS-SRV-USG:terminated_at|None| |accessIPv4|| |accessIPv6|| |addresses|| |adminPass|FQeiCB8XbXk8| |config_drive|| |created|2017-03-30T06:04:41Z| |flavor|m1.nano(0)| |hostId|| |id|cb37563d-88fc-4b80-ad1a-380fc881db59| |image|cirros| ||(b78aacf2-5448-4521-8e23-0f8db63d776a)| |key_name|mykey| |name|provider-instance| |progress|0| |project_id|2ef20ce389eb499696f2d7497c6009b0| |properties|| |security_groups|name='default'| |status|BUILD| |updated|2017-03-30T06:04:41Z| |user_id|7cfc508fd5d44b468aac218bd4029bae| |volumes_attached|| +-----------------------------+---------------------------------------+
c.检查实例的状态
#openstackserverlist +-----------------+-----------+--------+--------------+------------+ |ID|Name|Status|Networks|ImageName| +-----------------+-----------+--------+--------------+------------+ |cb37563d-88fc-|provider-|ACTIVE|provider=192|cirros| |4b80-ad1a-|instance||.168.200.108|| |380fc881db59||||| +-----------------+-----------+--------+--------------+------------+
注:当构建过程完全成功后,状态会从 BUILD 变为 ACTIVE
12.使用虚拟控制台、远程访问访问实例
a.获取实例的 VNC 会话URL并使用web浏览器访问
#openstackconsoleurlshowprovider-instance +-------+---------------------------------------------------+ |Field|Value| +-------+---------------------------------------------------+ |type|novnc| |url|http://192.168.30.145:6080/vnc_auto.html?token=cb| ||37563d-88fc-4b80-ad1a-380fc881db59| +-------+---------------------------------------------------+
b.验证能否ping通私有网络的网关和互联网
c.验证控制节点或者其他公有网络上的主机能否ping通实例
d.在控制节点或其他公有网络上的主机使用 SSH 远程访问实例
13.在私有网络上创建实例
b.启动实例
#openstackservercreate--flavorm1.nano--imagecirros\\ --nicnet-id=afd4f998-901d-42ca-a002-b25f9b4c9e4e\\ --security-groupdefault--key-namemykeyselfservice-instance
c.检查实例的状态
#openstackserverlist
d.获取实例的 VNC 会话URL并使用web浏览器访问
#openstackconsoleurlshowselfservice-instance
e.验证能否ping通私有网络的网关和互联网
14.验证能否远程访问实例
a.在公有网络上创建浮动IP地址池
#openstackipfloatingcreateprovider
b.为实例分配浮动IP
#openstackipfloatingaddselfservice-instance
c.检查这个浮动 IP 地址的状态
#openstackserverlist
d.验证控制节点或其他公有网络上的主机通过浮动IP地址ping通实例
e.在控制节点或其他公有网络上的主机使用 SSH 远程访问实
注:由于实验所用环境被收回,本人电脑又渣,所以并未进行实例验证
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
