Ubuntu-16.04 部署 OpenStack Ocata<下>

前端之家收集整理的这篇文章主要介绍了Ubuntu-16.04 部署 OpenStack Ocata<下>前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

六、配置 Dashboard 仪表盘服务(ControllerNode)


1.配置Dashboard

#apt-yinstallopenstack-dashboard
#vim/etc/openstack-dashboard/local_settings.py
OPENSTACK_HOST="192.168.30.145"##配置仪表盘以使用OpenStack服务
ALLOWED_HOSTS=['*']##允许所有主机访问仪表板
##配置memcached会话存储服务
SESSION_ENGINE='django.contrib.sessions.backends.cache'
CACHES={
'default':{
'BACKEND':'django.core.cache.backends.memcached.MemcachedCache','LOCATION':'192.168.30.145:11211',}
}
OPENSTACK_KEYSTONE_URL="http://%s:5000/v3"%OPENSTACK_HOST##启用第3版认证API
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT=True##启用对域的支持
OPENSTACK_API_VERSIONS={
"identity":3,"image":2,"volume":2,}##配置API版本
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN="default"##通过仪表盘创建用户时的默认域配置
OPENSTACK_KEYSTONE_DEFAULT_ROLE="user"##通过仪表盘创建的用户默认角色配置
TIME_ZONE="Asia/Chongqing"##配置时区

#cat/etc/openstack-dashboard/local_settings.py|grep-v"#"|grep-v^$


2.更改dashboard 密钥文件权限

#chownwww-data:www-data/var/lib/openstack-dashboard/secret_key
#serviceapache2reload##重新加载web服务器配置


3.验证仪表盘服务

浏览器输入 http://controller/horizon 访问仪表盘。

使用 admin 或者 demo 用户凭证和 default 域凭证验证。

wKioL1jfl_fRT8UvAAA4Nr8Yy8g768.png

身份管理-项目

wKiom1jfmBziUCDgAAB-CAburao274.png

身份管理-用户

wKioL1jfmDDTfLC1AACdsEGw0TI925.png



七、启动一个实例


1.创建公共网络


a.获取 admin 权限

#.admin-openrc


b.创建网络

#openstacknetworkcreate--share\\
--provider-physical-networkprovider\\
--provider-network-typeflatprovider
+---------------------------+--------------------------------------+
|Field|Value|
+---------------------------+--------------------------------------+
|admin_state_up|UP|
|availability_zone_hints||
|availability_zones||
|created_at|2017-03-29T11:59:09Z|
|description||
|dns_domain|None|
|id|ff30780d-45af-45dc-860f-59b1c091c2a2|
|ipv4_address_scope|None|
|ipv6_address_scope|None|
|is_default|None|
|mtu|1500|
|name|provider|
|port_security_enabled|True|
|project_id|2461396f6a344c21a2360a612d4f6abe|
|provider:network_type|flat|
|provider:physical_network|provider|
|provider:segmentation_id|None|
|qos_policy_id|None|
|revision_number|3|
|router:external|Internal|
|segments|None|
|shared|True|
|status|ACTIVE|
|subnets||
|updated_at|2017-03-29T11:59:10Z|
+---------------------------+--------------------------------------+

--shared:允许所有项目使用虚拟网络

--provider:管理员创建的直接和物理网络映射的网络

--provider-physical-network (物理网络的逻辑名称)

--provider-network-type (网络类型,包括 vxlan,gre,vlan,flat,local)


c.配置 Modular Layer 2 (ML2) 插件

#vim/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2_type_flat]
flat_networks=provider


d.配置Linuxbridge代理

#vim/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings=provider:ens33


2.在网络上创建一个子网

#openstacksubnetcreate--networkprovider\\
--allocation-poolstart=192.168.200.100,end=192.168.200.200\\
--dns-nameserver114.114.114.114--gateway192.168.200.1\\
--subnet-range192.168.200.0/24provider
+-------------------+--------------------------------------+
|Field|Value|
+-------------------+--------------------------------------+
|allocation_pools|192.168.200.100-192.168.200.200|
|cidr|192.168.200.0/24|
|created_at|2017-03-29T12:04:57Z|
|description||
|dns_nameservers|114.114.114.114|
|enable_dhcp|True|
|gateway_ip|192.168.200.1|
|host_routes||
|id|4a1899dc-581c-4ada-8ebd-ad632f0ce1ee|
|ip_version|4|
|ipv6_address_mode|None|
|ipv6_ra_mode|None|
|name|provider|
|network_id|ff30780d-45af-45dc-860f-59b1c091c2a2|
|project_id|2461396f6a344c21a2360a612d4f6abe|
|revision_number|2|
|segment_id|None|
|service_types||
|subnetpool_id|None|
|updated_at|2017-03-29T12:04:58Z|
+-------------------+--------------------------------------+


3.创建私有网络


a.获取 demo 权限

#.demo-openrc


b.创建网络

#openstacknetworkcreateselfservice
+---------------------------+--------------------------------------+
|Field|Value|
+---------------------------+--------------------------------------+
|admin_state_up|UP|
|availability_zone_hints||
|availability_zones||
|created_at|2017-03-29T12:09:05Z|
|description||
|dns_domain|None|
|id|afd4f998-901d-42ca-a002-b25f9b4c9e4e|
|ipv4_address_scope|None|
|ipv6_address_scope|None|
|is_default|None|
|mtu|1450|
|name|selfservice|
|port_security_enabled|True|
|project_id|2ef20ce389eb499696f2d7497c6009b0|
|provider:network_type|None|
|provider:physical_network|None|
|provider:segmentation_id|None|
|qos_policy_id|None|
|revision_number|3|
|router:external|Internal|
|segments|None|
|shared|False|
|status|ACTIVE|
|subnets||
|updated_at|2017-03-29T12:09:05Z|
+---------------------------+--------------------------------------+


c.配置 Modular Layer 2 (ML2) 插件

#vim/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
tenant_network_types=vxlan
[ml2_type_vxlan]
vni_ranges=1:1000


4.在网络上创建一个子网

#openstacksubnetcreate--networkselfservice\\
--dns-nameserver114.114.114.114--gateway172.16.1.1\\
--subnet-range172.16.1.0/24selfservice
+-------------------+--------------------------------------+
|Field|Value|
+-------------------+--------------------------------------+
|allocation_pools|172.16.1.2-172.16.1.254|
|cidr|172.16.1.0/24|
|created_at|2017-03-29T12:12:39Z|
|description||
|dns_nameservers|114.114.114.114|
|enable_dhcp|True|
|gateway_ip|172.16.1.1|
|host_routes||
|id|1420f8c3-fa03-4ab3-9329-4455a52f357c|
|ip_version|4|
|ipv6_address_mode|None|
|ipv6_ra_mode|None|
|name|selfservice|
|network_id|afd4f998-901d-42ca-a002-b25f9b4c9e4e|
|project_id|2ef20ce389eb499696f2d7497c6009b0|
|revision_number|2|
|segment_id|None|
|service_types||
|subnetpool_id|None|
|updated_at|2017-03-29T12:12:39Z|
+-------------------+--------------------------------------+


5.创建路由

私有网络通过虚拟路由来连接到公有网络,以双向NAT最为典型。

每个路由包含至少一个连接到私有网络的接口及一个连接到公有网络的网关的接口。


b.添加 router:external 到 provider 网络

公有提供网络必须包括 router: external 选项,用来使路由连接到外部网络

#neutronnet-updateprovider--router:external
Updatednetwork:provider


c.获取 demo 权限

#.demo-openrc


d.创建路由

#openstackroutercreaterouter
+-------------------------+--------------------------------------+
|Field|Value|
+-------------------------+--------------------------------------+
|admin_state_up|UP|
|availability_zone_hints||
|availability_zones||
|created_at|2017-03-29T12:17:13Z|
|description||
|distributed|False|
|external_gateway_info|None|
|flavor_id|None|
|ha|False|
|id|4f42ae28-fcf1-4f72-9341-e6d8f7caaa90|
|name|router|
|project_id|2ef20ce389eb499696f2d7497c6009b0|
|revision_number|None|
|routes||
|status|ACTIVE|
|updated_at|2017-03-29T12:17:13Z|
+-------------------------+--------------------------------------+

wKiom1jfmLmS_SIKAAAxN2pt9ik207.png

e.给路由器添加一个私网子网的接口

#neutronrouter-interface-addrouterselfservice
Addedinterface9f67d7fa-520b-48b4-913f-e3d6ad944e34torouterrouter.


f.给路由器设置公有网络的网关

#neutronrouter-gateway-setrouterprovider
Setgatewayforrouterrouter


6.验证操作

b.列出网络命名空间

#ipnetns
qrouter-4f42ae28-fcf1-4f72-9341-e6d8f7caaa90(id:2)
qdhcp-afd4f998-901d-42ca-a002-b25f9b4c9e4e(id:1)
qdhcp-ff30780d-45af-45dc-860f-59b1c091c2a2(id:0)


c.列出路由器上的端口来确定公网网关的 IP 地址

#neutronrouter-port-listrouter
+----------------+------+-----------+-------------+------------------+
|id|name|tenant_id|mac_address|fixed_ips|
+----------------+------+-----------+-------------+------------------+
|9448a1a4-5a62-|||fa:16:3e:9d|{"subnet_id":|
|4c82-9b86-cd58|||:df:d5|"4a1899dc-581c-|
|24711913||||4ada-8ebd-|
|||||ad632f0ce1ee",|
|||||"ip_address":"1|
|||||92.168.200.103"}|
|9f67d7fa-520b-||2ef20ce38|fa:16:3e:f7|{"subnet_id":"1|
|48b4-913f-||9eb499696|:5b:6a|420f8c3-fa03-4ab|
|e3d6ad944e34||f2d7497c6||3-9329-4455a52f3|
|||009b0||57c",|
|||||"ip_address":|
|||||"172.16.1.1"}|
+----------------+------+-----------+-------------+------------------+


d.从控制节点或任意公共物理网络上的节点Ping这个IP地址

#ping-c4192.168.200.103
PING192.168.200.103(192.168.200.103)56(84)bytesofdata.
64bytesfrom192.168.200.103:icmp_seq=1ttl=128time=25.2ms
64bytesfrom192.168.200.103:icmp_seq=2ttl=128time=2.79ms
64bytesfrom192.168.200.103:icmp_seq=3ttl=128time=2.73ms
64bytesfrom192.168.200.103:icmp_seq=4ttl=128time=2.46ms
---192.168.200.103pingstatistics---
4packetstransmitted,4received,0%packetloss,time3004ms
rttmin/avg/max/mdev=2.464/8.309/25.245/9.778ms


7.创建m1.nano规格的主机

#openstackflavorcreate--id0--vcpus1--ram64--disk1m1.nano
+----------------------------+---------+
|Field|Value|
+----------------------------+---------+
|OS-FLV-DISABLED:disabled|False|
|OS-FLV-EXT-DATA:ephemeral|0|
|disk|1|
|id|0|
|name|m1.nano|
|os-flavor-access:is_public|True|
|properties||
|ram|64|
|rxtx_factor|1.0|
|swap||
|vcpus|1|
+----------------------------+---------+


8.生成一个键值对


a.导入租户 demo 的凭证:

#.demo-openrc


b.生成添加秘钥对:

#ssh-keygen-q-N""
Enterfileinwhichtosavethekey(/root/.ssh/id_rsa):
#openstackkeypaircreate--public-key~/.ssh/id_rsa.pubmykey
+-------------+-------------------------------------------------+
|Field|Value|
+-------------+-------------------------------------------------+
|fingerprint|70:6a:75:32:4e:42:ba:2b:fb:eb:20:af:75:b1:db:61|
|name|mykey|
|user_id|7cfc508fd5d44b468aac218bd4029bae|
+-------------+-------------------------------------------------+


c.验证公钥的添加:

#openstackkeypairlist
+-------+-------------------------------------------------+
|Name|Fingerprint|
+-------+-------------------------------------------------+
|mykey|70:6a:75:32:4e:42:ba:2b:fb:eb:20:af:75:b1:db:61|
+-------+-------------------------------------------------+


9.增加安全组规则

默认下,default安全组适用于所有实例并且包括拒绝远程访问实例的防火墙规则。


添加规则到 default 安全组:

允许 ICMP (ping):

#openstacksecuritygrouprulecreate--protoicmpdefault
+-------------------+--------------------------------------+
|Field|Value|
+-------------------+--------------------------------------+
|created_at|2017-03-29T12:40:47Z|
|description||
|direction|ingress|
|ether_type|IPv4|
|id|0c62d604-a68f-40cd-821d-90259f75f536|
|name|None|
|port_range_max|None|
|port_range_min|None|
|project_id|2ef20ce389eb499696f2d7497c6009b0|
|protocol|icmp|
|remote_group_id|None|
|remote_ip_prefix|0.0.0.0/0|
|revision_number|1|
|security_group_id|74f50594-4ce0-4c29-a987-d33d4d6a5db9|
|updated_at|2017-03-29T12:40:47Z|
+-------------------+--------------------------------------+


允许安全 shell (SSH) 的访问:

#openstacksecuritygrouprulecreate--prototcp--dst-port22default
+-------------------+--------------------------------------+
|Field|Value|
+-------------------+--------------------------------------+
|created_at|2017-03-29T12:41:48Z|
|description||
|direction|ingress|
|ether_type|IPv4|
|id|42f92c1f-abd7-4321-ac03-75eeb91152f9|
|name|None|
|port_range_max|22|
|port_range_min|22|
|project_id|2ef20ce389eb499696f2d7497c6009b0|
|protocol|tcp|
|remote_group_id|None|
|remote_ip_prefix|0.0.0.0/0|
|revision_number|1|
|security_group_id|74f50594-4ce0-4c29-a987-d33d4d6a5db9|
|updated_at|2017-03-29T12:41:48Z|
+-------------------+--------------------------------------+



10.创建实例


a.获取 demo 权限

#.demo-openrc


b.一个实例指定了虚拟机资源的大致分配,包括处理器、内存和存储。

列出可用类型:

#openstackflavorlist
+----+---------+-----+------+-----------+-------+-----------+
|ID|Name|RAM|Disk|Ephemeral|Vcpus|IsPublic|
+----+---------+-----+------+-----------+-------+-----------+
|0|m1.nano|64|1|0|1|True|
+----+---------+-----+------+-----------+-------+-----------+

wKiom1jfmUCQQ2alAABD4gk7i0k321.png


c.列出可用镜像:

#openstackimagelist
+--------------------------------------+--------+--------+
|ID|Name|Status|
+--------------------------------------+--------+--------+
|4b6ebd57-80ab-4b79-8ecc-53a026f3e898|cirros|active|
+--------------------------------------+--------+--------+

wKioL1jfmVqQ1ByiAAA5aHat69s049.png


d.列出可用网络

#openstacknetworklist
+---------------------+-------------+---------------------+
|ID|Name|Subnets|
+---------------------+-------------+---------------------+
|afd4f998-901d-42ca-|selfservice|1420f8c3-fa03-4ab3-|
|a002-b25f9b4c9e4e||9329-4455a52f357c|
|ff30780d-45af-45dc-|provider|4a1899dc-581c-4ada-|
|860f-59b1c091c2a2||8ebd-ad632f0ce1ee|
+---------------------+-------------+---------------------+

wKiom1jfmXPTSR1oAABR8RPFIbw883.png


e.列出可用的安全组

#openstacksecuritygrouplist
+---------------------+---------+------------------------+---------+
|ID|Name|Description|Project|
+---------------------+---------+------------------------+---------+
|74f50594-4ce0-4c29-|default|Defaultsecuritygroup||
|a987-d33d4d6a5db9||||
|aa0b59f9-abbc-4a8d-|default|Defaultsecuritygroup||
|a16c-b8f9898cb965||||
+---------------------+---------+------------------------+---------+


11.在公有网络上创建实例


b.启动实例

#openstackservercreate--flavorm1.nano--imagecirros\\
--nicnet-id=ff30780d-45af-45dc-860f-59b1c091c2a2\\
--security-groupdefault--key-namemykeyprovider-instance
+-----------------------------+---------------------------------------+
|Field|Value|
+-----------------------------+---------------------------------------+
|OS-DCF:diskConfig|MANUAL|
|OS-EXT-AZ:availability_zone||
|OS-EXT-STS:power_state|NOSTATE|
|OS-EXT-STS:task_state|scheduling|
|OS-EXT-STS:vm_state|building|
|OS-SRV-USG:launched_at|None|
|OS-SRV-USG:terminated_at|None|
|accessIPv4||
|accessIPv6||
|addresses||
|adminPass|FQeiCB8XbXk8|
|config_drive||
|created|2017-03-30T06:04:41Z|
|flavor|m1.nano(0)|
|hostId||
|id|cb37563d-88fc-4b80-ad1a-380fc881db59|
|image|cirros|
||(b78aacf2-5448-4521-8e23-0f8db63d776a)|
|key_name|mykey|
|name|provider-instance|
|progress|0|
|project_id|2ef20ce389eb499696f2d7497c6009b0|
|properties||
|security_groups|name='default'|
|status|BUILD|
|updated|2017-03-30T06:04:41Z|
|user_id|7cfc508fd5d44b468aac218bd4029bae|
|volumes_attached||
+-----------------------------+---------------------------------------+


c.检查实例的状态

#openstackserverlist
+-----------------+-----------+--------+--------------+------------+
|ID|Name|Status|Networks|ImageName|
+-----------------+-----------+--------+--------------+------------+
|cb37563d-88fc-|provider-|ACTIVE|provider=192|cirros|
|4b80-ad1a-|instance||.168.200.108||
|380fc881db59|||||
+-----------------+-----------+--------+--------------+------------+

wKioL1jfmajAduWBAABuC3QDNk4161.png

注:当构建过程完全成功后,状态会从 BUILD 变为 ACTIVE

12.使用虚拟控制台、远程访问访问实例


a.获取实例的 VNC 会话URL并使用web浏览器访问

#openstackconsoleurlshowprovider-instance
+-------+---------------------------------------------------+
|Field|Value|
+-------+---------------------------------------------------+
|type|novnc|
|url|http://192.168.30.145:6080/vnc_auto.html?token=cb|
||37563d-88fc-4b80-ad1a-380fc881db59|
+-------+---------------------------------------------------+


b.验证能否ping通私有网络的网关和互联网


c.验证控制节点或者其他公有网络上的主机能否ping通实例


d.在控制节点或其他公有网络上的主机使用 SSH 远程访问实例


13.在私有网络上创建实例


b.启动实例

#openstackservercreate--flavorm1.nano--imagecirros\\
--nicnet-id=afd4f998-901d-42ca-a002-b25f9b4c9e4e\\
--security-groupdefault--key-namemykeyselfservice-instance

c.检查实例的状态

#openstackserverlist


d.获取实例的 VNC 会话URL并使用web浏览器访问

#openstackconsoleurlshowselfservice-instance


e.验证能否ping通私有网络的网关和互联网


14.验证能否远程访问实例

a.在公有网络上创建浮动IP地址池

#openstackipfloatingcreateprovider


b.为实例分配浮动IP

#openstackipfloatingaddselfservice-instance


c.检查这个浮动 IP 地址的状态

#openstackserverlist


d.验证控制节点或其他公有网络上的主机通过浮动IP地址ping通实例


e.在控制节点或其他公有网络上的主机使用 SSH 远程访问实


注:由于实验所用环境被收回,本人电脑又渣,所以并未进行实例验证

猜你在找的Ubuntu相关文章