六、配置 Dashboard 仪表盘服务(Controller Node)
1.配置Dashboard
# apt -y install openstack-dashboard # vim /etc/openstack-dashboard/local_settings.py OPENSTACK_HOST = "192.168.30.145" ##配置仪表盘以使用 OpenStack 服务 ALLOWED_HOSTS = ['*'] ##允许所有主机访问仪表板 ##配置 memcached 会话存储服务 SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': '192.168.30.145:11211', } } OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST ##启用第3版认证API OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True ##启用对域的支持 OPENSTACK_API_VERSIONS = { "identity": 3, "p_w_picpath": 2, "volume": 2, } ##配置API版本 OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default" ##通过仪表盘创建用户时的默认域配置 OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user" ##通过仪表盘创建的用户默认角色配置 TIME_ZONE = "Asia/Chongqing" ##配置时区 # cat /etc/openstack-dashboard/local_settings.py|grep -v "#"|grep -v ^$
2.更改 dashboard 密钥文件权限
# chown www-data:www-data /var/lib/openstack-dashboard/secret_key # service apache2 reload ##重新加载 web 服务器配置
3.验证仪表盘服务
浏览器输入 http://controller/horizon 访问仪表盘。
使用 admin 或者 demo 用户凭证和 default 域凭证验证。
身份管理-项目
身份管理-用户
七、启动一个实例
1.创建公共网络
a.获取 admin 权限
# . admin-openrc
b.创建网络
# openstack network create --share \\ --provider-physical-network provider \\ --provider-network-type flat provider +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2017-03-29T11:59:09Z | | description | | | dns_domain | None | | id | ff30780d-45af-45dc-860f-59b1c091c2a2 | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | None | | mtu | 1500 | | name | provider | | port_security_enabled | True | | project_id | 2461396f6a344c21a2360a612d4f6abe | | provider:network_type | flat | | provider:physical_network | provider | | provider:segmentation_id | None | | qos_policy_id | None | | revision_number | 3 | | router:external | Internal | | segments | None | | shared | True | | status | ACTIVE | | subnets | | | updated_at | 2017-03-29T11:59:10Z | +---------------------------+--------------------------------------+
--shared:允许所有项目使用虚拟网络
--provider:管理员创建的直接和物理网络映射的网络
--provider-physical-network (物理网络的逻辑名称)
--provider-network-type (网络类型,包括 vxlan, gre, vlan, flat, local)
c.配置 Modular Layer 2 (ML2) 插件
# vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2_type_flat] flat_networks = provider
d.配置Linuxbridge代理
# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:ens33
2.在网络上创建一个子网
# openstack subnet create --network provider \\ --allocation-pool start=192.168.200.100,end=192.168.200.200 \\ --dns-nameserver 114.114.114.114 --gateway 192.168.200.1 \\ --subnet-range 192.168.200.0/24 provider +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | allocation_pools | 192.168.200.100-192.168.200.200 | | cidr | 192.168.200.0/24 | | created_at | 2017-03-29T12:04:57Z | | description | | | dns_nameservers | 114.114.114.114 | | enable_dhcp | True | | gateway_ip | 192.168.200.1 | | host_routes | | | id | 4a1899dc-581c-4ada-8ebd-ad632f0ce1ee | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | provider | | network_id | ff30780d-45af-45dc-860f-59b1c091c2a2 | | project_id | 2461396f6a344c21a2360a612d4f6abe | | revision_number | 2 | | segment_id | None | | service_types | | | subnetpool_id | None | | updated_at | 2017-03-29T12:04:58Z | +-------------------+--------------------------------------+
3.创建私有网络
a.获取 demo 权限
# . demo-openrc
b.创建网络
# openstack network create selfservice +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2017-03-29T12:09:05Z | | description | | | dns_domain | None | | id | afd4f998-901d-42ca-a002-b25f9b4c9e4e | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | None | | mtu | 1450 | | name | selfservice | | port_security_enabled | True | | project_id | 2ef20ce389eb499696f2d7497c6009b0 | | provider:network_type | None | | provider:physical_network | None | | provider:segmentation_id | None | | qos_policy_id | None | | revision_number | 3 | | router:external | Internal | | segments | None | | shared | False | | status | ACTIVE | | subnets | | | updated_at | 2017-03-29T12:09:05Z | +---------------------------+--------------------------------------+
c.配置 Modular Layer 2 (ML2) 插件
# vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] tenant_network_types = vxlan [ml2_type_vxlan] vni_ranges = 1:1000
4.在网络上创建一个子网
# openstack subnet create --network selfservice \\ --dns-nameserver 114.114.114.114 --gateway 172.16.1.1 \\ --subnet-range 172.16.1.0/24 selfservice +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | allocation_pools | 172.16.1.2-172.16.1.254 | | cidr | 172.16.1.0/24 | | created_at | 2017-03-29T12:12:39Z | | description | | | dns_nameservers | 114.114.114.114 | | enable_dhcp | True | | gateway_ip | 172.16.1.1 | | host_routes | | | id | 1420f8c3-fa03-4ab3-9329-4455a52f357c | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | selfservice | | network_id | afd4f998-901d-42ca-a002-b25f9b4c9e4e | | project_id | 2ef20ce389eb499696f2d7497c6009b0 | | revision_number | 2 | | segment_id | None | | service_types | | | subnetpool_id | None | | updated_at | 2017-03-29T12:12:39Z | +-------------------+--------------------------------------+
5.创建路由
私有网络通过虚拟路由来连接到公有网络,以双向NAT最为典型。
每个路由包含至少一个连接到私有网络的接口及一个连接到公有网络的网关的接口。
a.获取 admin 权限
# . admin-openrc
b.添加 router:external 到 provider 网络
公有提供网络必须包括 router: external 选项,用来使路由连接到外部网络
# neutron net-update provider --router:external Updated network: provider
c.获取 demo 权限
# . demo-openrc
d.创建路由
# openstack router create router +-------------------------+--------------------------------------+ | Field | Value | +-------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2017-03-29T12:17:13Z | | description | | | distributed | False | | external_gateway_info | None | | flavor_id | None | | ha | False | | id | 4f42ae28-fcf1-4f72-9341-e6d8f7caaa90 | | name | router | | project_id | 2ef20ce389eb499696f2d7497c6009b0 | | revision_number | None | | routes | | | status | ACTIVE | | updated_at | 2017-03-29T12:17:13Z | +-------------------------+--------------------------------------+
e.给路由器添加一个私网子网的接口
# neutron router-interface-add router selfservice Added interface 9f67d7fa-520b-48b4-913f-e3d6ad944e34 to router router.
f.给路由器设置公有网络的网关
# neutron router-gateway-set router provider Set gateway for router router
6.验证操作
a.获取 admin 权限
# . admin-openrc
b.列出网络命名空间
# ip netns qrouter-4f42ae28-fcf1-4f72-9341-e6d8f7caaa90 (id: 2) qdhcp-afd4f998-901d-42ca-a002-b25f9b4c9e4e (id: 1) qdhcp-ff30780d-45af-45dc-860f-59b1c091c2a2 (id: 0)
c.列出路由器上的端口来确定公网网关的 IP 地址
# neutron router-port-list router +----------------+------+-----------+-------------+------------------+ | id | name | tenant_id | mac_address | fixed_ips | +----------------+------+-----------+-------------+------------------+ | 9448a1a4-5a62- | | | fa:16:3e:9d | {"subnet_id": | | 4c82-9b86-cd58 | | | :df:d5 | "4a1899dc-581c- | | 24711913 | | | | 4ada-8ebd- | | | | | | ad632f0ce1ee", | | | | | | "ip_address": "1 | | | | | | 92.168.200.103"} | | 9f67d7fa-520b- | | 2ef20ce38 | fa:16:3e:f7 | {"subnet_id": "1 | | 48b4-913f- | | 9eb499696 | :5b:6a | 420f8c3-fa03-4ab | | e3d6ad944e34 | | f2d7497c6 | | 3-9329-4455a52f3 | | | | 009b0 | | 57c", | | | | | | "ip_address": | | | | | | "172.16.1.1"} | +----------------+------+-----------+-------------+------------------+
d.从控制节点或任意公共物理网络上的节点Ping这个IP地址
# ping -c 4 192.168.200.103 PING 192.168.200.103 (192.168.200.103) 56(84) bytes of data. 64 bytes from 192.168.200.103: icmp_seq=1 ttl=128 time=25.2 ms 64 bytes from 192.168.200.103: icmp_seq=2 ttl=128 time=2.79 ms 64 bytes from 192.168.200.103: icmp_seq=3 ttl=128 time=2.73 ms 64 bytes from 192.168.200.103: icmp_seq=4 ttl=128 time=2.46 ms --- 192.168.200.103 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 2.464/8.309/25.245/9.778 ms
7.创建m1.nano规格的主机
# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano +----------------------------+---------+ | Field | Value | +----------------------------+---------+ | OS-FLV-DISABLED:disabled | False | | OS-FLV-EXT-DATA:ephemeral | 0 | | disk | 1 | | id | 0 | | name | m1.nano | | os-flavor-access:is_public | True | | properties | | | ram | 64 | | rxtx_factor | 1.0 | | swap | | | vcpus | 1 | +----------------------------+---------+
8.生成一个键值对
a.导入租户 demo 的凭证:
# . demo-openrc
b.生成和添加秘钥对:
# ssh-keygen -q -N "" Enter file in which to save the key (/root/.ssh/id_rsa): # openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey +-------------+-------------------------------------------------+ | Field | Value | +-------------+-------------------------------------------------+ | fingerprint | 70:6a:75:32:4e:42:ba:2b:fb:eb:20:af:75:b1:db:61 | | name | mykey | | user_id | 7cfc508fd5d44b468aac218bd4029bae | +-------------+-------------------------------------------------+
c.验证公钥的添加:
# openstack keypair list +-------+-------------------------------------------------+ | Name | Fingerprint | +-------+-------------------------------------------------+ | mykey | 70:6a:75:32:4e:42:ba:2b:fb:eb:20:af:75:b1:db:61 | +-------+-------------------------------------------------+
9.增加安全组规则
默认下,default安全组适用于所有实例并且包括拒绝远程访问实例的防火墙规则。
添加规则到 default 安全组:
允许 ICMP (ping):
# openstack security group rule create --proto icmp default +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2017-03-29T12:40:47Z | | description | | | direction | ingress | | ether_type | IPv4 | | id | 0c62d604-a68f-40cd-821d-90259f75f536 | | name | None | | port_range_max | None | | port_range_min | None | | project_id | 2ef20ce389eb499696f2d7497c6009b0 | | protocol | icmp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 1 | | security_group_id | 74f50594-4ce0-4c29-a987-d33d4d6a5db9 | | updated_at | 2017-03-29T12:40:47Z | +-------------------+--------------------------------------+
允许安全 shell (SSH) 的访问:
# openstack security group rule create --proto tcp --dst-port 22 default +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2017-03-29T12:41:48Z | | description | | | direction | ingress | | ether_type | IPv4 | | id | 42f92c1f-abd7-4321-ac03-75eeb91152f9 | | name | None | | port_range_max | 22 | | port_range_min | 22 | | project_id | 2ef20ce389eb499696f2d7497c6009b0 | | protocol | tcp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 1 | | security_group_id | 74f50594-4ce0-4c29-a987-d33d4d6a5db9 | | updated_at | 2017-03-29T12:41:48Z | +-------------------+--------------------------------------+
10.创建实例
a.获取 demo 权限
# . demo-openrc
b.一个实例指定了虚拟机资源的大致分配,包括处理器、内存和存储。
列出可用类型:
# openstack flavor list +----+---------+-----+------+-----------+-------+-----------+ | ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public | +----+---------+-----+------+-----------+-------+-----------+ | 0 | m1.nano | 64 | 1 | 0 | 1 | True | +----+---------+-----+------+-----------+-------+-----------+
c.列出可用镜像:
# openstack p_w_picpath list +--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | 4b6ebd57-80ab-4b79-8ecc-53a026f3e898 | cirros | active | +--------------------------------------+--------+--------+
d.列出可用网络
# openstack network list +---------------------+-------------+---------------------+ | ID | Name | Subnets | +---------------------+-------------+---------------------+ | afd4f998-901d-42ca- | selfservice | 1420f8c3-fa03-4ab3- | | a002-b25f9b4c9e4e | | 9329-4455a52f357c | | ff30780d-45af-45dc- | provider | 4a1899dc-581c-4ada- | | 860f-59b1c091c2a2 | | 8ebd-ad632f0ce1ee | +---------------------+-------------+---------------------+
e.列出可用的安全组
# openstack security group list +---------------------+---------+------------------------+---------+ | ID | Name | Description | Project | +---------------------+---------+------------------------+---------+ | 74f50594-4ce0-4c29- | default | Default security group | | | a987-d33d4d6a5db9 | | | | | aa0b59f9-abbc-4a8d- | default | Default security group | | | a16c-b8f9898cb965 | | | | +---------------------+---------+------------------------+---------+
11.在公有网络上创建实例
a.获取 demo 权限
# . demo-openrc
b.启动实例
# openstack server create --flavor m1.nano --p_w_picpath cirros \\ --nic net-id=ff30780d-45af-45dc-860f-59b1c091c2a2 \\ --security-group default --key-name mykey provider-instance +-----------------------------+---------------------------------------+ | Field | Value | +-----------------------------+---------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | | | OS-EXT-STS:power_state | NOSTATE | | OS-EXT-STS:task_state | scheduling | | OS-EXT-STS:vm_state | building | | OS-SRV-USG:launched_at | None | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | | | adminPass | FQeiCB8XbXk8 | | config_drive | | | created | 2017-03-30T06:04:41Z | | flavor | m1.nano (0) | | hostId | | | id | cb37563d-88fc-4b80-ad1a-380fc881db59 | | p_w_picpath | cirros | | | (b78aacf2-5448-4521-8e23-0f8db63d776a)| | key_name | mykey | | name | provider-instance | | progress | 0 | | project_id | 2ef20ce389eb499696f2d7497c6009b0 | | properties | | | security_groups | name='default' | | status | BUILD | | updated | 2017-03-30T06:04:41Z | | user_id | 7cfc508fd5d44b468aac218bd4029bae | | volumes_attached | | +-----------------------------+---------------------------------------+
c.检查实例的状态
# openstack server list +-----------------+-----------+--------+--------------+------------+ | ID | Name | Status | Networks | Image Name | +-----------------+-----------+--------+--------------+------------+ | cb37563d-88fc- | provider- | ACTIVE | provider=192 | cirros | | 4b80-ad1a- | instance | | .168.200.108 | | | 380fc881db59 | | | | | +-----------------+-----------+--------+--------------+------------+
注:当构建过程完全成功后,状态会从 BUILD 变为 ACTIVE
12.使用虚拟控制台、远程访问访问实例
a.获取实例的 VNC 会话URL并使用web浏览器访问
# openstack console url show provider-instance +-------+---------------------------------------------------+ | Field | Value | +-------+---------------------------------------------------+ | type | novnc | | url | http://192.168.30.145:6080/vnc_auto.html?token=cb | | | 37563d-88fc-4b80-ad1a-380fc881db59 | +-------+---------------------------------------------------+
b.验证能否ping通私有网络的网关和互联网
c.验证控制节点或者其他公有网络上的主机能否ping通实例
d.在控制节点或其他公有网络上的主机使用 SSH 远程访问实例
13.在私有网络上创建实例
a.获取 demo 权限
# . demo-openrc
b.启动实例
# openstack server create --flavor m1.nano --p_w_picpath cirros \\ --nic net-id=afd4f998-901d-42ca-a002-b25f9b4c9e4e \\ --security-group default --key-name mykey selfservice-instance
c.检查实例的状态
# openstack server list
d.获取实例的 VNC 会话URL并使用web浏览器访问
# openstack console url show selfservice-instance
e.验证能否ping通私有网络的网关和互联网
14.验证能否远程访问实例
a.在公有网络上创建浮动IP地址池
# openstack ip floating create provider
b.为实例分配浮动IP
# openstack ip floating add selfservice-instance
c.检查这个浮动 IP 地址的状态
# openstack server list
d.验证控制节点或其他公有网络上的主机通过浮动IP地址ping通实例
e.在控制节点或其他公有网络上的主机使用 SSH 远程访问实
注:由于实验所用环境被收回,本人电脑又渣,所以并未进行实例验证