OpenStack簡(jiǎn)介
OpenStack既是一個(gè)社區(qū)共啃,也是一個(gè)項(xiàng)目和一個(gè)開(kāi)源軟件土全,它提供了一個(gè)部署云的操作平臺(tái)或工具集(IaaS)香璃。其宗旨在于:幫助組織運(yùn)行為虛擬計(jì)算或存儲(chǔ)服務(wù)的云,為公有云椅亚、私有云提供可擴(kuò)展的源武、靈活的云計(jì)算扼褪。
OpenStack主要包含以下幾個(gè)組件,各個(gè)組件的功能如下粱栖,其中Nova话浇,Keyston,Neutron闹究,Glance幔崖,DashBoard為必須裝的組件,其余可以選擇性安裝渣淤,圖為OpenStack生態(tài)系統(tǒng)赏寇。
- Nova 計(jì)算管理服務(wù),支撐虛擬機(jī)運(yùn)行
- Keystone 提供所有組件的認(rèn)證
- Neutron 提供網(wǎng)絡(luò)支持
- Glance 提供給鏡像服務(wù)
- DashBoard 提供WEB管理界面服務(wù)
- Swift 提供對(duì)象存儲(chǔ)
- Cinder 提供擴(kuò)展硬盤給nova
- Ceilometer 監(jiān)控cinder,neutron,nova,glance運(yùn)行并計(jì)量
- Heat 支持云平臺(tái)資源自動(dòng)部署价认,集群服務(wù)
OpenStack安裝配置
由于OpenStack的各個(gè)模塊都需要通過(guò)KeyStone來(lái)進(jìn)行認(rèn)證嗅定,所以在配置安裝OpenStack過(guò)程中需要主要,安裝其他模塊之前必須先進(jìn)行安裝KeyStone模塊用踩,本次安裝步驟如下:
- 配置認(rèn)證服務(wù)KeyStone
- 配置鏡像服務(wù)Glance
- 配置計(jì)算服務(wù)Nova
- 配置網(wǎng)絡(luò)服務(wù)Neutron
- 配置Web管理服務(wù)DashBoard
配置認(rèn)證服務(wù)KeyStone
主要分為以下幾步
- 安裝配置認(rèn)證服務(wù)
- 創(chuàng)建用戶渠退、租戶和角色
安裝配置認(rèn)證服務(wù)
KeyStone只需要在controller上面進(jìn)行配置,執(zhí)行yum指令即可安裝脐彩,安裝成功后需要進(jìn)行數(shù)據(jù)庫(kù)相關(guān)配置碎乃,還需要對(duì)相關(guān)權(quán)限進(jìn)行配置
- 安裝KeyStone
yum install -y openstack-keystone python-opnstackclient
- 修改配置文件設(shè)置數(shù)據(jù)庫(kù)
openstack-config --set /etc/keystone/keystone.conf database connection mysql://keystone:000000@controller/keystone
- 配置數(shù)據(jù)庫(kù)用戶
[root@controller ~]# mysql -u root -p000000
MariaDB [(none)]> create database keystone;
MariaDB [(none)]> grant all privileges on keystone.* to keystone@'localhost' identified by '000000';
MariaDB [(none)]> grant all privileges on keystone.* to keystone@'%' identified by '000000';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit;
- 為認(rèn)證服務(wù)創(chuàng)建數(shù)據(jù)庫(kù)表
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
- 定義配置授權(quán)令牌
[root@controller ~]# ADMIN_TOKEN=$(openssl rand -hex 10)
[root@controller ~]# echo $ADMIN_TOKEN
3a4756d6a595a5d6794c
[root@controller ~]# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
- 相關(guān)權(quán)限配置
[root@controller ~]# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# chown -R keystone:keystone /etc/keystone/ssl
[root@controller ~]# chmod -R o-rwx /etc/keystone/ssl
啟動(dòng)KeyStone服務(wù)并設(shè)置自啟動(dòng)
[root@controller ~]# systemctl restart openstack-keystone
[root@controller ~]# systemctl enable openstack-keystone創(chuàng)建計(jì)劃任務(wù)并定期執(zhí)行
[root@controller ~]# (crontab -l -u keystone 2>&1 | grep -q token_flush) || echo '@hourly /usr/bin/keystone-manage token_flush > /var/log/keystone/keystone-tokenflush.log 2>&1' >> /var/spool/cron/keystone
[root@controller ~]# crontab -l -u keystone
@hourly /usr/bin/keystone-manage token_flush > /var/log/keystone/keystone-tokenflush.log 2>&1
創(chuàng)建用戶、租戶和角色
- 配置環(huán)境變量丁屎,編輯admin-openrc.sh文件荠锭,并寫入以下幾句,保存后執(zhí)行
[root@controller ~]# vi admin-openrc.sh
export OS_TOKEN=3a4756d6a595a5d6794c
export OS_URL=http://controller:35357/v3
export OS_USERNAME=admin
export OS_PASSWORD=000000
export OS_AUTH_URL=http://controller:35357/v3
export OS_PROJECT_NAME=admin
export OS_IDENTITY_API_VERSION=3
[root@controller ~]# source admin-openrc.sh
- 通過(guò)openstackclient創(chuàng)建服務(wù)及對(duì)應(yīng)的endpoint
[root@controller ~]# openstack
(openstack) service create --name keystone --description "Openstack Identity" identity
(openstack) endpoint create --region RegionOne identity public http://controller:5000/v3
(openstack) endpoint create --region RegionOne identity admin http://controller:35357/v3
(openstack) endpoint create --region RegionOne identity internal http://controller:35357/v3
- 創(chuàng)建admin相關(guān)項(xiàng)目晨川、用戶证九、角色
(openstack) project create --domain default --description "Admin Project" admin
(openstack) user create --domain default --password 000000 --email admin@localhost admin
(openstack) role create admin
(openstack) role add --project admin --user admin admin
- 創(chuàng)建demo相關(guān)項(xiàng)目、用戶共虑、角色
(openstack) project create --domain default --description "Demo Project" demo
(openstack) user create --domain default --password 000000 demo
(openstack) role create demo
(openstack) role add --project demo --user demo user
- 創(chuàng)建service相關(guān)項(xiàng)目愧怜、用戶、角色
(openstack) project create --domain default --description="Service Project" service
驗(yàn)證認(rèn)證服務(wù)
- 重置環(huán)境變量并獲取token
[root@controller ~]# unset OS_TOKEN
[root@controller ~]# unset OS_URL
[root@controller ~]# openstack token issue
配置鏡像服務(wù)Glance
Glance鏡像服務(wù)實(shí)現(xiàn)發(fā)現(xiàn)妈拌、注冊(cè)拥坛、獲取虛擬機(jī)鏡像和鏡像元數(shù)據(jù)蓬蝶,鏡像數(shù)據(jù)支持存儲(chǔ)多種的存儲(chǔ)系統(tǒng),可以是簡(jiǎn)單文件系統(tǒng)猜惋、對(duì)象存儲(chǔ)系統(tǒng)等丸氛。
Glance鏡像服務(wù)是典型的C/S架構(gòu),Glance架構(gòu)包括glance-CLIent著摔、Glance缓窜、Glance Store。Glance包括主要包括REST API谍咆、數(shù)據(jù)庫(kù)抽閑層(DAL)禾锤、域控制器(Glance Domain controller)、注冊(cè)層(Registry Layer)摹察,Glance 使用集中數(shù)據(jù)庫(kù)(Glance DB)在Glance各組件直接共享數(shù)據(jù)恩掷。
該過(guò)程僅需在controller節(jié)點(diǎn)布置。
- 下載安裝Glance
[root@controller ~]# yum install openstack-glance -y - 修改相關(guān)配置文件供嚎,設(shè)置數(shù)據(jù)庫(kù)連接以及keystone相關(guān)設(shè)置
openstack-config --set /etc/glance/glance-api.conf database connection mysql://glance:000000@controller/glance
openstack-config --set /etc/glance/glance-registry.conf database connection mysql://glance:000000@controller/glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_plugin password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_id default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_id default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password 000000
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_plugin password
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_id default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_id default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password 000000
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
配置成功后兩個(gè)文件均會(huì)多出以下幾行
- 配置數(shù)據(jù)庫(kù)相關(guān)權(quán)限及表
[root@controller ~]# mysql -u root -p000000
create database glance;
grant all privileges on glance.* to 'glance'@'localhost' identified by '000000';
grant all privileges on glance.* to 'glance'@'%' identified by '000000';
flush privileges;
exit
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
-
建立相關(guān)用戶
[root@controller ~]# openstack
(openstack) user create --password 000000 --email glance@localhost glance
(openstack) role add --project service --user glance admin
成功 建立endpoint
(openstack) service create --name glance --description="Openstack Image Service" image
(openstack) endpoint create --region RegionOne image public http://controller:9292
(openstack) endpoint create --region RegionOne image internal http://controller:9292
(openstack) endpoint create --region RegionOne image admin http://controller:9292
- 啟動(dòng)服務(wù)并設(shè)置自啟動(dòng)
[root@controller ~]# systemctl restart openstack-glance-api
[root@controller ~]# systemctl restart openstack-glance-registry
[root@controller ~]# systemctl enable openstack-glance-api
[root@controller ~]# systemctl enable openstack-glance-registry
-
上傳鏡像
[root@controller images]# openstack image create --disk-format qcow2 --container-format bare --public --file /opt/images/centos_65_x86_6420140327.qcow2 centos
上傳成功
遇見(jiàn)問(wèn)題
- 安裝openstack-keystone的時(shí)候會(huì)報(bào)錯(cuò)黄娘,提示缺少python-zope-interface這個(gè)包,在阿里云查坪、網(wǎng)易云鏡像站均找不到這個(gè)包寸宏,最后通過(guò)關(guān)鍵字搜索python-zope-interface rpm找到了對(duì)應(yīng)的包,放入epel文件夾并更新repodate文件偿曙,再次安裝成功氮凝。
- 由于k版本后keystone client被openstack client所代替,所以如果yum的是python-keystoneclient望忆,執(zhí)行命令時(shí)候會(huì)出現(xiàn)如圖所示告警罩阵,下載
- 在配置賬戶的時(shí)候出現(xiàn)很多問(wèn)題,例如試驗(yàn)指導(dǎo)書里面給的環(huán)境變量是 OS_SERVICE_ENDPOINT和OS_SERVICE_TOKEN启摄,但是幫助里面沒(méi)有這個(gè)環(huán)境變量的用法稿壁,當(dāng)我修改為OS_URL和OS_TOKEN的時(shí)候可以正常使用,可能是因?yàn)榘姹咀兏膯?wèn)題吧歉备。并且這里如果沒(méi)有配置OS_URL和OS_TOKEN環(huán)境變量的話傅是,報(bào)錯(cuò)的很多問(wèn)題可能都不會(huì)指向OS_URL,可能會(huì)提示其他諸如
openstack could not determine a suitable url for the plugin
openstack The request you have made requires authentication蕾羊,
還有一些其他的報(bào)錯(cuò)沒(méi)有一一記錄喧笔,總之,這兩個(gè)環(huán)境變量很重要龟再。
在配置環(huán)境變量的時(shí)候各參數(shù)一定要一致书闸,如果地址末尾給的是v3,那么一定要將export OS_IDENTITY_API_VERSION的值設(shè)置成3利凑,如果給的是v2.0浆劲,則這一項(xiàng)可以不填嫌术,因?yàn)槟J(rèn)的是2,不然會(huì)因?yàn)榘姹締?wèn)題無(wú)法繼續(xù)配置牌借。
注意這里對(duì)于環(huán)境變量OS_URL和OS_TOKEN一定要重置度气,否則會(huì)提示404未找到等
