六、配置 Dashboard 仪表盘服务(ControllerNode)
1.配置Dashboard
#apt-yinstallopenstack-dashboard #vim/etc/openstack-dashboard/local_settings.py OPENSTACK_HOST="192.168.30.145"##配置仪表盘以使用OpenStack服务 ALLOWED_HOSTS=['*']##允许所有主机访问仪表板 ##配置memcached会话存储服务 SESSION_ENGINE='django.contrib.sessions.backends.cache' CACHES={ 'default':{ 'BACKEND':'django.core.cache.backends.memcached.MemcachedCache','LOCATION':'192.168.30.145:11211',} } OPENSTACK_KEYSTONE_URL="http://%s:5000/v3"%OPENSTACK_HOST##启用第3版认证API OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT=True##启用对域的支持 OPENSTACK_API_VERSIONS={ "identity":3,"image":2,"volume":2,}##配置API版本 OPENSTACK_KEYSTONE_DEFAULT_DOMAIN="default"##通过仪表盘创建用户时的默认域配置 OPENSTACK_KEYSTONE_DEFAULT_ROLE="user"##通过仪表盘创建的用户默认角色配置 TIME_ZONE="Asia/Chongqing"##配置时区 #cat/etc/openstack-dashboard/local_settings.py|grep-v"#"|grep-v^$
2.更改dashboard 密钥文件权限
#chownwww-data:www-data/var/lib/openstack-dashboard/secret_key #serviceapache2reload##重新加载web服务器配置
3.验证仪表盘服务
浏览器输入 http://controller/horizon 访问仪表盘。
使用 admin 或者 demo 用户凭证和 default 域凭证验证。
身份管理-项目
身份管理-用户
七、启动一个实例
1.创建公共网络
a.获取 admin 权限
#.admin-openrc
b.创建网络
#openstacknetworkcreate--share\\ --provider-physical-networkprovider\\ --provider-network-typeflatprovider +---------------------------+--------------------------------------+ |Field|Value| +---------------------------+--------------------------------------+ |admin_state_up|UP| |availability_zone_hints|| |availability_zones|| |created_at|2017-03-29T11:59:09Z| |description|| |dns_domain|None| |id|ff30780d-45af-45dc-860f-59b1c091c2a2| |ipv4_address_scope|None| |ipv6_address_scope|None| |is_default|None| |mtu|1500| |name|provider| |port_security_enabled|True| |project_id|2461396f6a344c21a2360a612d4f6abe| |provider:network_type|flat| |provider:physical_network|provider| |provider:segmentation_id|None| |qos_policy_id|None| |revision_number|3| |router:external|Internal| |segments|None| |shared|True| |status|ACTIVE| |subnets|| |updated_at|2017-03-29T11:59:10Z| +---------------------------+--------------------------------------+
--shared:允许所有项目使用虚拟网络
--provider:管理员创建的直接和物理网络映射的网络
--provider-physical-network (物理网络的逻辑名称)
--provider-network-type (网络类型,包括 vxlan,gre,vlan,flat,local)
c.配置 Modular Layer 2 (ML2) 插件
#vim/etc/neutron/plugins/ml2/ml2_conf.ini [ml2_type_flat] flat_networks=provider
d.配置Linuxbridge代理
#vim/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings=provider:ens33
2.在网络上创建一个子网
#openstacksubnetcreate--networkprovider\\ --allocation-poolstart=192.168.200.100,end=192.168.200.200\\ --dns-nameserver114.114.114.114--gateway192.168.200.1\\ --subnet-range192.168.200.0/24provider +-------------------+--------------------------------------+ |Field|Value| +-------------------+--------------------------------------+ |allocation_pools|192.168.200.100-192.168.200.200| |cidr|192.168.200.0/24| |created_at|2017-03-29T12:04:57Z| |description|| |dns_nameservers|114.114.114.114| |enable_dhcp|True| |gateway_ip|192.168.200.1| |host_routes|| |id|4a1899dc-581c-4ada-8ebd-ad632f0ce1ee| |ip_version|4| |ipv6_address_mode|None| |ipv6_ra_mode|None| |name|provider| |network_id|ff30780d-45af-45dc-860f-59b1c091c2a2| |project_id|2461396f6a344c21a2360a612d4f6abe| |revision_number|2| |segment_id|None| |service_types|| |subnetpool_id|None| |updated_at|2017-03-29T12:04:58Z| +-------------------+--------------------------------------+
3.创建私有网络
a.获取 demo 权限
#.demo-openrc
b.创建网络
#openstacknetworkcreateselfservice +---------------------------+--------------------------------------+ |Field|Value| +---------------------------+--------------------------------------+ |admin_state_up|UP| |availability_zone_hints|| |availability_zones|| |created_at|2017-03-29T12:09:05Z| |description|| |dns_domain|None| |id|afd4f998-901d-42ca-a002-b25f9b4c9e4e| |ipv4_address_scope|None| |ipv6_address_scope|None| |is_default|None| |mtu|1450| |name|selfservice| |port_security_enabled|True| |project_id|2ef20ce389eb499696f2d7497c6009b0| |provider:network_type|None| |provider:physical_network|None| |provider:segmentation_id|None| |qos_policy_id|None| |revision_number|3| |router:external|Internal| |segments|None| |shared|False| |status|ACTIVE| |subnets|| |updated_at|2017-03-29T12:09:05Z| +---------------------------+--------------------------------------+
c.配置 Modular Layer 2 (ML2) 插件
#vim/etc/neutron/plugins/ml2/ml2_conf.ini [ml2] tenant_network_types=vxlan [ml2_type_vxlan] vni_ranges=1:1000
4.在网络上创建一个子网
#openstacksubnetcreate--networkselfservice\\ --dns-nameserver114.114.114.114--gateway172.16.1.1\\ --subnet-range172.16.1.0/24selfservice +-------------------+--------------------------------------+ |Field|Value| +-------------------+--------------------------------------+ |allocation_pools|172.16.1.2-172.16.1.254| |cidr|172.16.1.0/24| |created_at|2017-03-29T12:12:39Z| |description|| |dns_nameservers|114.114.114.114| |enable_dhcp|True| |gateway_ip|172.16.1.1| |host_routes|| |id|1420f8c3-fa03-4ab3-9329-4455a52f357c| |ip_version|4| |ipv6_address_mode|None| |ipv6_ra_mode|None| |name|selfservice| |network_id|afd4f998-901d-42ca-a002-b25f9b4c9e4e| |project_id|2ef20ce389eb499696f2d7497c6009b0| |revision_number|2| |segment_id|None| |service_types|| |subnetpool_id|None| |updated_at|2017-03-29T12:12:39Z| +-------------------+--------------------------------------+
5.创建路由
私有网络通过虚拟路由来连接到公有网络,以双向NAT最为典型。
每个路由包含至少一个连接到私有网络的接口及一个连接到公有网络的网关的接口。
b.添加 router:external 到 provider 网络
公有提供网络必须包括 router: external 选项,用来使路由连接到外部网络
#neutronnet-updateprovider--router:external Updatednetwork:provider
c.获取 demo 权限
#.demo-openrc
d.创建路由
#openstackroutercreaterouter +-------------------------+--------------------------------------+ |Field|Value| +-------------------------+--------------------------------------+ |admin_state_up|UP| |availability_zone_hints|| |availability_zones|| |created_at|2017-03-29T12:17:13Z| |description|| |distributed|False| |external_gateway_info|None| |flavor_id|None| |ha|False| |id|4f42ae28-fcf1-4f72-9341-e6d8f7caaa90| |name|router| |project_id|2ef20ce389eb499696f2d7497c6009b0| |revision_number|None| |routes|| |status|ACTIVE| |updated_at|2017-03-29T12:17:13Z| +-------------------------+--------------------------------------+
e.给路由器添加一个私网子网的接口
#neutronrouter-interface-addrouterselfservice Addedinterface9f67d7fa-520b-48b4-913f-e3d6ad944e34torouterrouter.
f.给路由器设置公有网络的网关
#neutronrouter-gateway-setrouterprovider Setgatewayforrouterrouter
6.验证操作
b.列出网络命名空间
#ipnetns qrouter-4f42ae28-fcf1-4f72-9341-e6d8f7caaa90(id:2) qdhcp-afd4f998-901d-42ca-a002-b25f9b4c9e4e(id:1) qdhcp-ff30780d-45af-45dc-860f-59b1c091c2a2(id:0)
c.列出路由器上的端口来确定公网网关的 IP 地址
#neutronrouter-port-listrouter +----------------+------+-----------+-------------+------------------+ |id|name|tenant_id|mac_address|fixed_ips| +----------------+------+-----------+-------------+------------------+ |9448a1a4-5a62-|||fa:16:3e:9d|{"subnet_id":| |4c82-9b86-cd58|||:df:d5|"4a1899dc-581c-| |24711913||||4ada-8ebd-| |||||ad632f0ce1ee",| |||||"ip_address":"1| |||||92.168.200.103"}| |9f67d7fa-520b-||2ef20ce38|fa:16:3e:f7|{"subnet_id":"1| |48b4-913f-||9eb499696|:5b:6a|420f8c3-fa03-4ab| |e3d6ad944e34||f2d7497c6||3-9329-4455a52f3| |||009b0||57c",| |||||"ip_address":| |||||"172.16.1.1"}| +----------------+------+-----------+-------------+------------------+
d.从控制节点或任意公共物理网络上的节点Ping这个IP地址
#ping-c4192.168.200.103 PING192.168.200.103(192.168.200.103)56(84)bytesofdata. 64bytesfrom192.168.200.103:icmp_seq=1ttl=128time=25.2ms 64bytesfrom192.168.200.103:icmp_seq=2ttl=128time=2.79ms 64bytesfrom192.168.200.103:icmp_seq=3ttl=128time=2.73ms 64bytesfrom192.168.200.103:icmp_seq=4ttl=128time=2.46ms ---192.168.200.103pingstatistics--- 4packetstransmitted,4received,0%packetloss,time3004ms rttmin/avg/max/mdev=2.464/8.309/25.245/9.778ms
7.创建m1.nano规格的主机
#openstackflavorcreate--id0--vcpus1--ram64--disk1m1.nano +----------------------------+---------+ |Field|Value| +----------------------------+---------+ |OS-FLV-DISABLED:disabled|False| |OS-FLV-EXT-DATA:ephemeral|0| |disk|1| |id|0| |name|m1.nano| |os-flavor-access:is_public|True| |properties|| |ram|64| |rxtx_factor|1.0| |swap|| |vcpus|1| +----------------------------+---------+
8.生成一个键值对
a.导入租户 demo 的凭证:
#.demo-openrc
#ssh-keygen-q-N"" Enterfileinwhichtosavethekey(/root/.ssh/id_rsa): #openstackkeypaircreate--public-key~/.ssh/id_rsa.pubmykey +-------------+-------------------------------------------------+ |Field|Value| +-------------+-------------------------------------------------+ |fingerprint|70:6a:75:32:4e:42:ba:2b:fb:eb:20:af:75:b1:db:61| |name|mykey| |user_id|7cfc508fd5d44b468aac218bd4029bae| +-------------+-------------------------------------------------+
c.验证公钥的添加:
#openstackkeypairlist +-------+-------------------------------------------------+ |Name|Fingerprint| +-------+-------------------------------------------------+ |mykey|70:6a:75:32:4e:42:ba:2b:fb:eb:20:af:75:b1:db:61| +-------+-------------------------------------------------+
9.增加安全组规则
默认下,default安全组适用于所有实例并且包括拒绝远程访问实例的防火墙规则。
添加规则到 default 安全组:
允许 ICMP (ping):
#openstacksecuritygrouprulecreate--protoicmpdefault +-------------------+--------------------------------------+ |Field|Value| +-------------------+--------------------------------------+ |created_at|2017-03-29T12:40:47Z| |description|| |direction|ingress| |ether_type|IPv4| |id|0c62d604-a68f-40cd-821d-90259f75f536| |name|None| |port_range_max|None| |port_range_min|None| |project_id|2ef20ce389eb499696f2d7497c6009b0| |protocol|icmp| |remote_group_id|None| |remote_ip_prefix|0.0.0.0/0| |revision_number|1| |security_group_id|74f50594-4ce0-4c29-a987-d33d4d6a5db9| |updated_at|2017-03-29T12:40:47Z| +-------------------+--------------------------------------+
允许安全 shell (SSH) 的访问:
#openstacksecuritygrouprulecreate--prototcp--dst-port22default +-------------------+--------------------------------------+ |Field|Value| +-------------------+--------------------------------------+ |created_at|2017-03-29T12:41:48Z| |description|| |direction|ingress| |ether_type|IPv4| |id|42f92c1f-abd7-4321-ac03-75eeb91152f9| |name|None| |port_range_max|22| |port_range_min|22| |project_id|2ef20ce389eb499696f2d7497c6009b0| |protocol|tcp| |remote_group_id|None| |remote_ip_prefix|0.0.0.0/0| |revision_number|1| |security_group_id|74f50594-4ce0-4c29-a987-d33d4d6a5db9| |updated_at|2017-03-29T12:41:48Z| +-------------------+--------------------------------------+
10.创建实例
a.获取 demo 权限
#.demo-openrc
b.一个实例指定了虚拟机资源的大致分配,包括处理器、内存和存储。
列出可用类型:
#openstackflavorlist +----+---------+-----+------+-----------+-------+-----------+ |ID|Name|RAM|Disk|Ephemeral|Vcpus|IsPublic| +----+---------+-----+------+-----------+-------+-----------+ |0|m1.nano|64|1|0|1|True| +----+---------+-----+------+-----------+-------+-----------+
c.列出可用镜像:
#openstackimagelist +--------------------------------------+--------+--------+ |ID|Name|Status| +--------------------------------------+--------+--------+ |4b6ebd57-80ab-4b79-8ecc-53a026f3e898|cirros|active| +--------------------------------------+--------+--------+
d.列出可用网络
#openstacknetworklist +---------------------+-------------+---------------------+ |ID|Name|Subnets| +---------------------+-------------+---------------------+ |afd4f998-901d-42ca-|selfservice|1420f8c3-fa03-4ab3-| |a002-b25f9b4c9e4e||9329-4455a52f357c| |ff30780d-45af-45dc-|provider|4a1899dc-581c-4ada-| |860f-59b1c091c2a2||8ebd-ad632f0ce1ee| +---------------------+-------------+---------------------+
e.列出可用的安全组
#openstacksecuritygrouplist +---------------------+---------+------------------------+---------+ |ID|Name|Description|Project| +---------------------+---------+------------------------+---------+ |74f50594-4ce0-4c29-|default|Defaultsecuritygroup|| |a987-d33d4d6a5db9|||| |aa0b59f9-abbc-4a8d-|default|Defaultsecuritygroup|| |a16c-b8f9898cb965|||| +---------------------+---------+------------------------+---------+
11.在公有网络上创建实例
b.启动实例
#openstackservercreate--flavorm1.nano--imagecirros\\ --nicnet-id=ff30780d-45af-45dc-860f-59b1c091c2a2\\ --security-groupdefault--key-namemykeyprovider-instance +-----------------------------+---------------------------------------+ |Field|Value| +-----------------------------+---------------------------------------+ |OS-DCF:diskConfig|MANUAL| |OS-EXT-AZ:availability_zone|| |OS-EXT-STS:power_state|NOSTATE| |OS-EXT-STS:task_state|scheduling| |OS-EXT-STS:vm_state|building| |OS-SRV-USG:launched_at|None| |OS-SRV-USG:terminated_at|None| |accessIPv4|| |accessIPv6|| |addresses|| |adminPass|FQeiCB8XbXk8| |config_drive|| |created|2017-03-30T06:04:41Z| |flavor|m1.nano(0)| |hostId|| |id|cb37563d-88fc-4b80-ad1a-380fc881db59| |image|cirros| ||(b78aacf2-5448-4521-8e23-0f8db63d776a)| |key_name|mykey| |name|provider-instance| |progress|0| |project_id|2ef20ce389eb499696f2d7497c6009b0| |properties|| |security_groups|name='default'| |status|BUILD| |updated|2017-03-30T06:04:41Z| |user_id|7cfc508fd5d44b468aac218bd4029bae| |volumes_attached|| +-----------------------------+---------------------------------------+
c.检查实例的状态
#openstackserverlist +-----------------+-----------+--------+--------------+------------+ |ID|Name|Status|Networks|ImageName| +-----------------+-----------+--------+--------------+------------+ |cb37563d-88fc-|provider-|ACTIVE|provider=192|cirros| |4b80-ad1a-|instance||.168.200.108|| |380fc881db59||||| +-----------------+-----------+--------+--------------+------------+
注:当构建过程完全成功后,状态会从 BUILD 变为 ACTIVE
12.使用虚拟控制台、远程访问访问实例
a.获取实例的 VNC 会话URL并使用web浏览器访问
#openstackconsoleurlshowprovider-instance +-------+---------------------------------------------------+ |Field|Value| +-------+---------------------------------------------------+ |type|novnc| |url|http://192.168.30.145:6080/vnc_auto.html?token=cb| ||37563d-88fc-4b80-ad1a-380fc881db59| +-------+---------------------------------------------------+
b.验证能否ping通私有网络的网关和互联网
c.验证控制节点或者其他公有网络上的主机能否ping通实例
d.在控制节点或其他公有网络上的主机使用 SSH 远程访问实例
13.在私有网络上创建实例
b.启动实例
#openstackservercreate--flavorm1.nano--imagecirros\\ --nicnet-id=afd4f998-901d-42ca-a002-b25f9b4c9e4e\\ --security-groupdefault--key-namemykeyselfservice-instance
c.检查实例的状态
#openstackserverlist
d.获取实例的 VNC 会话URL并使用web浏览器访问
#openstackconsoleurlshowselfservice-instance
e.验证能否ping通私有网络的网关和互联网
14.验证能否远程访问实例
a.在公有网络上创建浮动IP地址池
#openstackipfloatingcreateprovider
b.为实例分配浮动IP
#openstackipfloatingaddselfservice-instance
c.检查这个浮动 IP 地址的状态
#openstackserverlist
d.验证控制节点或其他公有网络上的主机通过浮动IP地址ping通实例
e.在控制节点或其他公有网络上的主机使用 SSH 远程访问实
注:由于实验所用环境被收回,本人电脑又渣,所以并未进行实例验证