国产 无码 综合区,色欲AV无码国产永久播放,无码天堂亚洲国产AV,国产日韩欧美女同一区二区

  1. Toy模板網(wǎng)首頁
  2. >Toy博客

openstack云平臺搭建與使用

2年前作者:小樂笙分類:Toy博客閱讀(23)違法舉報

這篇具有很好參考價值的文章主要介紹了openstack云平臺搭建與使用。希望對大家有所幫助。如果存在錯誤或未考慮完全的地方,請大家不吝賜教,您也可以點擊"舉報違法"按鈕提交疑問。

概述

使用CentOS 7系統(tǒng)搭建一個OpenStack私有云平臺。

實驗目標

(1)掌握Linux系統(tǒng)的基礎操作,包括修改主機名和配置網(wǎng)絡等。
(2)掌握OpenStack私有云平臺的搭建。

實驗環(huán)境

準備環(huán)境:
CentOS 7.2 Linux系統(tǒng)。
XianDian-IaaS-v2.2.iso鏡像文件

  • 192.168.0.21 controller
  • 192.168.0.20 compute

實驗步驟

  • 兩臺節(jié)點分別兩個網(wǎng)卡,一個是nat模式,另外一個為僅主機模式
  • 配置ip
    • controller節(jié)點
ifdown-ippp        ifdown-Team        ifup-ib            ifup-ppp           init.ipv6-global
[root@controller ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:19:16:74 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.20/24 brd 192.168.0.255 scope global eno16777736
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe19:1674/64 scope link 
       valid_lft forever preferred_lft forever
3: eno33554984: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:19:16:7e brd ff:ff:ff:ff:ff:ff
    inet6 fe80::20c:29ff:fe19:167e/64 scope link 
       valid_lft forever preferred_lft forever
[root@controller ~]# cp /etc/sysconfig/network-scripts/ifcfg-eno16777736 /etc/sysconfig/network-scripts/ifcfg-eno33554984
[root@controller ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno33554984
[root@compute ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno33554984
TYPE=Ethernet1
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=eno33554984
DEVICE=eno33554984
ONBOOT=yes
DNS1=114.114.114.114
IPADDR=192.168.10.21
PREFIX=24
GATEWAY=192.168.10.2
~
"/etc/sysconfig/network-scripts/ifcfg-eno33554984" 11L, 187C written                 
[root@controller ~]# systemctl restart network
[root@controller ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:19:16:74 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.20/24 brd 192.168.0.255 scope global eno16777736
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe19:1674/64 scope link 
       valid_lft forever preferred_lft forever
3: eno33554984: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:19:16:7e brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.20/24 brd 192.168.10.255 scope global eno33554984
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe19:167e/64 scope link 
       valid_lft forever preferred_lft forever

 compute

[root@compute ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno33554984
TYPE=Ethernet1
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=eno33554984
DEVICE=eno33554984
ONBOOT=yes
DNS1=114.114.114.114
IPADDR=192.168.10.21
PREFIX=24
GATEWAY=192.168.10.2

[root@compute ~]# systemctl restart network
[root@compute ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:f6:6f:a1 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.21/24 brd 192.168.0.255 scope global eno16777736
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fef6:6fa1/64 scope link 
       valid_lft forever preferred_lft forever
3: eno33554984: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:f6:6f:ab brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.21/24 brd 192.168.10.255 scope global eno33554984
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fef6:6fab/64 scope link 
       valid_lft forever preferred_lft forever
  • ping測試
[root@controller ~]# ping 192.168.10.21
PING 192.168.10.21 (192.168.10.21) 56(84) bytes of data.
64 bytes from 192.168.10.21: icmp_seq=1 ttl=64 time=0.454 ms
64 bytes from 192.168.10.21: icmp_seq=2 ttl=64 time=2.76 ms
64 bytes from 192.168.10.21: icmp_seq=3 ttl=64 time=0.946 ms
^C
--- 192.168.10.21 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2025ms
rtt min/avg/max/mdev = 0.454/1.389/2.769/0.996 ms
[root@controller ~]#
  • 修改主機名
[root@centos7 ~]# hostnamectl set-hostname controller
[root@cemtos7 ~]# hostnamectl set-hostname compute
  • 關閉防火墻(兩臺節(jié)點都要)
[root@centos7 ~]# iptables -F
[root@centos7 ~]# iptables -Z
[root@centos7 ~]# iptables -X
[root@centos7 ~]# iptables-save
# Generated by iptables-save v1.4.21 on Sat May 28 00:34:45 2022
*filter
:INPUT ACCEPT [34:2652]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [19:2008]
COMMIT
# Completed on Sat May 28 00:34:45 2022
[root@centos7 ~]# systemctl stop firewalld
[root@centos7 ~]# systemctl disable firewalld
[root@centos7 ~]# cat /etc/selinux/config 
##修改SELINUX=disabled
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
  • 添加主機解析
[root@centos7 ~]# vim /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.10.20 controller
192.168.10.21 compute
  • 掛載xiandian.iso(兩臺都要)
[root@compute ~]# ls
anaconda-ks.cfg  XianDian-IaaS-v2.2.iso
[root@controller ~]# vim /etc/fstab
#
# /etc/fstab
# Created by anaconda on Sat Mar 12 04:06:23 2022
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root /                       xfs     defaults        0 0
UUID=85b39342-ac84-47e5-919c-9faef57e0c58 /boot                   xfs     defaults        0 0
/dev/mapper/centos-swap swap                    swap    defaults        0 0
/dev/sr0 /cdrom iso9660 defaults 0 0
/root/XianDian-IaaS-v2.2.iso  /xiandian iso9660 defaults 0 0
[root@controller ~]# mount -a
mount: /dev/loop0 is write-protected, mounting read-only
[root@controller ~]# cat /etc/yum.repos.d/local.repo 
[local]
name=local
baseurl=file:///cdrom
enabled=1
gpgcheck=0
[xiandian]
name=xiandian
baseurl=file:///xiandian/iaas-repo
enabled=1
gpgcheck=0
[root@controller ~]# yum repolist
Loaded plugins: fastestmirror
local                                                                 | 3.6 kB  00:00:00     
xiandian                                                              | 2.9 kB  00:00:00     
xiandian/primary_db                                                   | 2.3 MB  00:00:00     
Loading mirror speeds from cached hostfile
repo id                                    repo name                                   status
local                                      local                                       3,723
xiandian                                   xiandian                                    1,688
repolist: 5,411
[root@controller ~]#
  • 在controller和compute節(jié)點同時安裝 iaas-xiandian
[root@controller ~]# yum install iaas-xiandian -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package iaas-xiandian.x86_64 0:2.2-0 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================
 Package                   Arch               Version             Repository            Size
=============================================================================================
Installing:
 iaas-xiandian             x86_64             2.2-0               xiandian              22 k

Transaction Summary
=============================================================================================
Install  1 Package

Total download size: 22 k
Installed size: 93 k
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : iaas-xiandian-2.2-0.x86_64                                                1/1 
  Verifying  : iaas-xiandian-2.2-0.x86_64                                                1/1 

Installed:
  iaas-xiandian.x86_64 0:2.2-0                                                               

Complete!
  • 在兩個節(jié)點上修改全局配置文件openrc.sh,具體內容參照下面的配置文件填寫,具體涉及到的ip得根據(jù)實際環(huán)境的controller和compute節(jié)點的ip來定
    openstack云平臺搭建與使用
  • 這里compute節(jié)點需要先添加兩塊硬盤,或者分區(qū)(這里我是sdb和sdc)
[root@compute ~]# lsblk
NAME            MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
sda               8:0    0   50G  0 disk 
├─sda1            8:1    0  500M  0 part /boot
└─sda2            8:2    0   24G  0 part 
  ├─centos-root 253:0    0   20G  0 lvm  /
  └─centos-swap 253:1    0    4G  0 lvm  [SWAP]
sdb               8:16   0   10G  0 disk 
sdc               8:32   0   20G  0 disk 
sr0              11:0    1    4G  0 rom  /cdrom
loop0             7:0    0  2.7G  0 loop /xiandian

[root@controller ~]# cat /etc/xiandian/openrc.sh
##--------------------system Config--------------------##
##Controller Server Manager IP. example:x.x.x.x
HOST_IP=192.168.10.20

##Controller Server hostname. example:controller
HOST_NAME=controller

##Compute Node Manager IP. example:x.x.x.x
HOST_IP_NODE=192.168.10.21

##Compute Node hostname. example:compute
HOST_NAME_NODE=compute

##--------------------Rabbit Config ------------------##
##user for rabbit. example:openstack
RABBIT_USER=openstack

##Password for rabbit user .example:000000
RABBIT_PASS=000000

##--------------------MySQL Config---------------------##
##Password for MySQL root user . exmaple:000000
DB_PASS=000000

##--------------------Keystone Config------------------##
##Password for Keystore admin user. exmaple:000000
DOMAIN_NAME=demo
ADMIN_PASS=000000
DEMO_PASS=000000

##Password for Mysql keystore user. exmaple:000000
KEYSTONE_DBPASS=000000

##--------------------Glance Config--------------------##
##Password for Mysql glance user. exmaple:000000
GLANCE_DBPASS=000000

##Password for Keystore glance user. exmaple:000000
GLANCE_PASS=000000

##--------------------Nova Config----------------------##
##Password for Mysql nova user. exmaple:000000
NOVA_DBPASS=000000

##Password for Keystore nova user. exmaple:000000
NOVA_PASS=000000

##--------------------Neturon Config-------------------##
##Password for Mysql neutron user. exmaple:000000
NEUTRON_DBPASS=000000

##Password for Keystore neutron user. exmaple:000000
NEUTRON_PASS=000000

##metadata secret for neutron. exmaple:000000
METADATA_SECRET=000000

##External Network Interface. example:eth1
INTERFACE_NAME=網(wǎng)卡1的名稱(Nat模式那個)

##First Vlan ID in VLAN RANGE for VLAN Network. exmaple:101
#minvlan=

##Last Vlan ID in VLAN RANGE for VLAN Network. example:200
#maxvlan=000000

##--------------------Cinder Config--------------------##
##Password for Mysql cinder user. exmaple:000000
CINDER_DBPASS=000000

##Password for Keystore cinder user. exmaple:000000
CINDER_PASS=000000

##Cinder Block Disk. example:md126p3
BLOCK_DISK=sdb

##--------------------Trove Config--------------------##
##Password for Mysql Trove User. exmaple:000000
TROVE_DBPASS=000000

##Password for Keystore Trove User. exmaple:000000
TROVE_PASS=000000

##--------------------Swift Config---------------------##
##Password for Keystore swift user. exmaple:000000
SWIFT_PASS=000000

##The NODE Object Disk for Swift. example:md126p4.
OBJECT_DISK=sdc

##The NODE IP for Swift Storage Network. example:x.x.x.x.
STORAGE_LOCAL_NET_IP=192.168.0.21

##--------------------Heat Config----------------------##
##Password for Mysql heat user. exmaple:000000
HEAT_DBPASS=000000

##Password for Keystore heat user. exmaple:000000
HEAT_PASS=000000

##--------------------Ceilometer Config----------------##
##Password for Mysql ceilometer user. exmaple:000000
CEILOMETER_DBPASS=000000

##Password for Keystore ceilometer user. exmaple:000000
CEILOMETER_PASS=000000

##--------------------AODH Config----------------##
##Password for Mysql AODH user. exmaple:000000
AODH_DBPASS=000000

##Password for Keystore AODH user. exmaple:000000
AODH_PASS=000000
[root@controller ~]# scp /etc/xiandian/openrc.sh root@compute:/etc/xiandian/openrc.sh 
The authenticity of host 'compute (192.168.0.21)' can't be established.
ECDSA key fingerprint is c8:fe:fe:fa:9d:73:26:60:f9:cb:13:2b:bb:e8:d9:ac.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'compute' (ECDSA) to the list of known hosts.
root@compute's password: 
openrc.sh                                                            100% 3095     3.0KB/s   00:00
  • 同時在controller和compute節(jié)點上執(zhí)行腳本iaas-pre-host.sh進行安裝。完成配置后,同時重啟兩個節(jié)點服務器
[root@controller ~]# iaas-pre-host.sh
  python2-debtcollector.noarch 0:1.3.0-1.el7                                                           
  python2-funcsigs.noarch 0:0.4-2.el7                                                                  
  python2-iso8601.noarch 0:0.1.11-1.el7                                                                
  python2-jsonpatch.noarch 0:1.14-1.el7                                                                
  python2-jsonpointer.noarch 0:1.10-4.el7                                                              
  python2-keystoneauth1.noarch 0:2.4.1-1.el7                                                           
  python2-openstacksdk.noarch 0:0.8.3-1.el7                                                            
  python2-os-client-config.noarch 0:1.16.0-1.el7                                                       
  python2-oslo-config.noarch 2:3.9.0-1.el7                                                             
  python2-oslo-i18n.noarch 0:3.4.0-1.el7                                                               
  python2-oslo-serialization.noarch 0:2.4.0-1.el7                                                      
  python2-oslo-utils.noarch 0:3.7.0-1.el7                                                              
  python2-positional.noarch 0:1.0.1-1.el7                                                              
  python2-pyasn1.noarch 0:0.1.9-6.el7.1                                                                
  python2-pysocks.noarch 0:1.5.6-3.el7                                                                 
  python2-requestsexceptions.noarch 0:1.1.3-1.el7                                                      
  python2-setuptools.noarch 0:22.0.5-1.el7                                                             
  pytz.noarch 0:2012d-5.el7                                                                            
  setools-libs.x86_64 0:3.3.7-46.el7                                                                   

Complete!
Please Reboot or Reconnect the terminal
  • 在controller節(jié)點執(zhí)行腳本iaas-install-mysql.sh進行數(shù)據(jù)庫及消息列表服務安裝
[root@controller ~]# iaas-install-mysql.sh
Thanks for using MariaDB!
Created symlink from /etc/systemd/system/multi-user.target.wants/mongod.service to /usr/lib/systemd/system/mongod.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.
Creating user "openstack" ...
Setting permissions for user "openstack" in vhost "/" ...
Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.
[root@controller ~]#
  • 在controller節(jié)點執(zhí)行腳本iaas-install-keystone.sh進行keystone認證服務安裝
[root@controller ~]#  iaas-install-keystone.sh
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Admin Project                    |
| domain_id   | 942f35ec481245a48d6100c6683a5fcb |
| enabled     | True                             |
| id          | 81ea07237d034c4e99369581c1b4db89 |
| is_domain   | False                            |
| name        | admin                            |
| parent_id   | 942f35ec481245a48d6100c6683a5fcb |
+-------------+----------------------------------+
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| enabled   | True                             |
| id        | 2bee802355b24023968dc6e4bd11c983 |
| name      | admin                            |
+-----------+----------------------------------+
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 28e00fea5f4344edaa093f617fc55d5a |
| name      | admin                            |
+-----------+----------------------------------+
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | 942f35ec481245a48d6100c6683a5fcb |
| enabled     | True                             |
| id          | 09ecb096e1034e5b9e5166adfc15a6f0 |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | 942f35ec481245a48d6100c6683a5fcb |
+-------------+----------------------------------+
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Demo Project                     |
| domain_id   | 942f35ec481245a48d6100c6683a5fcb |
| enabled     | True                             |
| id          | 5e04233827f848228c4a5a238c1e780b |
| is_domain   | False                            |
| name        | demo                             |
| parent_id   | 942f35ec481245a48d6100c6683a5fcb |
+-------------+----------------------------------+
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| enabled   | True                             |
| id        | ebb2d2324b054189acf2bd5a62b6555a |
| name      | demo                             |
+-----------+----------------------------------+
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | a243425ce82c445c98e98b021165f737 |
| name      | user                             |
+-----------+----------------------------------+
  • 在controller節(jié)點執(zhí)行腳本iaas-install-glance.sh進行glance鏡像服務安裝。
[root@controller ~]# iaas-install-glance.sh
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 7505aaf809124ae9b05dfe30de8ce6e0 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 13051029aec94967a8dc19238e1f9d8c |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | bc3d5a5d0ea14992baff0b89f470d3ee |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 13051029aec94967a8dc19238e1f9d8c |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+
Option "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1056: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade
  expire_on_commit=expire_on_commit, _conf=conf)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:146: Warning: Duplicate index 'ix_image_properties_image_id_name' defined on the table 'glance.image_properties'. This is deprecated and will be disallowed in a future release.
  result = self._query(query)
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-registry.service to /usr/lib/systemd/system/openstack-glance-registry.service.
  • 在controller節(jié)點執(zhí)行腳本iaas-install-nova-controller.sh進行nova計算服務安裝
[root@controller ~]# iaas-install-nova-controller.sh
Dependency Installed:
  jbigkit-libs.x86_64 0:2.0-11.el7               libjpeg-turbo.x86_64 0:1.2.90-5.el7                  
  libtiff.x86_64 0:4.0.3-25.el7_2                libwebp.x86_64 0:0.3.0-3.el7                         
  libxslt.x86_64 0:1.1.28-5.el7                  novnc.noarch 0:0.5.1-2.el7                           
  openstack-nova-common.noarch 1:13.1.0-1.el7    python-cheetah.x86_64 0:2.4.4-5.el7.centos           
  python-lxml.x86_64 0:3.2.1-4.el7               python-markdown.noarch 0:2.4.1-1.el7.centos          
  python-nova.noarch 1:13.1.0-1.el7              python-pillow.x86_64 0:2.0.0-19.gitd1c6db8.el7       
  python-psutil.x86_64 0:1.2.1-1.el7             python-pygments.noarch 0:2.0.2-4.el7                 
  python-websockify.noarch 0:0.8.0-1.el7         python2-ecdsa.noarch 0:0.13-4.el7                    
  python2-mock.noarch 0:1.3.0-2.el7              python2-os-brick.noarch 0:1.1.0-1.el7                
  python2-oslo-reports.noarch 0:1.6.0-1.el7      python2-oslo-versionedobjects.noarch 0:1.7.0-1.el7   
  python2-paramiko.noarch 0:1.16.1-1.el7         python2-rfc3986.noarch 0:0.3.1-1.el7                 

Complete!
/usr/lib/python2.7/site-packages/pymysql/cursors.py:146: Warning: Duplicate index 'block_device_mapping_instance_uuid_virtual_name_device_name_idx' defined on the table 'nova.block_device_mapping'. This is deprecated and will be disallowed in a future release.
  result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:146: Warning: Duplicate index 'uniq_instances0uuid' defined on the table 'nova.instances'. This is deprecated and will be disallowed in a future release.
  result = self._query(query)
iptables: Saving firewall rules to /etc/sysconfig/iptables: [  OK  ]
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-api.service to /usr/lib/systemd/system/openstack-nova-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-consoleauth.service to /usr/lib/systemd/system/openstack-nova-consoleauth.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-scheduler.service to /usr/lib/systemd/system/openstack-nova-scheduler.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-conductor.service to /usr/lib/systemd/system/openstack-nova-conductor.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-novncproxy.service to /usr/lib/systemd/system/openstack-nova-novncproxy.service.
  • compute節(jié)點執(zhí)行腳本iaas-install-nova-compute.sh進行nova安裝
[root@compute ~]# iaas-install-nova-compute.sh
 qemu-img-ev.x86_64 10:2.3.0-31.el7.16.1                                                               
  qemu-kvm-common-ev.x86_64 10:2.3.0-31.el7.16.1                                                        
  qemu-kvm-ev.x86_64 10:2.3.0-31.el7.16.1                                                               
  quota.x86_64 1:4.01-11.el7_2.1                                                                        
  quota-nls.noarch 1:4.01-11.el7_2.1                                                                    
  radvd.x86_64 0:1.9.2-9.el7                                                                            
  rpcbind.x86_64 0:0.2.0-33.el7_2.1                                                                     
  rsync.x86_64 0:3.0.9-17.el7                                                                           
  rsyslog-mmjsonparse.x86_64 0:7.4.7-12.el7                                                             
  scrub.x86_64 0:2.5.2-5.el7                                                                            
  seabios-bin.noarch 0:1.7.5-11.el7                                                                     
  seavgabios-bin.noarch 0:1.7.5-11.el7                                                                  
  sg3_utils.x86_64 0:1.37-5.el7                                                                         
  sg3_utils-libs.x86_64 0:1.37-5.el7                                                                    
  sgabios-bin.noarch 1:0.20110622svn-4.el7                                                              
  spice-server.x86_64 0:0.12.4-15.el7_2.2                                                               
  supermin5.x86_64 0:5.1.10-1.2.el7                                                                     
  sysfsutils.x86_64 0:2.1.0-16.el7                                                                      
  syslinux.x86_64 0:4.05-12.el7                                                                         
  syslinux-extlinux.x86_64 0:4.05-12.el7                                                                
  tcp_wrappers.x86_64 0:7.6-77.el7                                                                      
  unbound-libs.x86_64 0:1.4.20-26.el7                                                                   
  urw-fonts.noarch 0:2.4-16.el7                                                                         
  usbredir.x86_64 0:0.6-7.el7                                                                           
  xorg-x11-font-utils.x86_64 1:7.5-20.el7                                                               
  yajl.x86_64 0:2.0.4-4.el7                                                                             
  yum-utils.noarch 0:1.1.31-34.el7                                                                      

Dependency Updated:
  cyrus-sasl-lib.x86_64 0:2.1.26-20.el7_2                 gnutls.x86_64 0:3.3.8-14.el7_2                

Complete!
iptables: Saving firewall rules to /etc/sysconfig/iptables: [  OK  ]
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service to /usr/lib/systemd/system/openstack-nova-compute.service.
  • 在controller節(jié)點執(zhí)行腳本iaas-install-neutron-controller.sh進行neutron網(wǎng)絡服務安裝
[root@controller ~]# iaas-install-neutron-controller.sh
INFO  [alembic.runtime.migration] Running upgrade lbaasv2 -> 4deef6d81931, add provisioning and operating statuses
INFO  [alembic.runtime.migration] Running upgrade 4deef6d81931 -> 4b6d8d5310b8, add_index_tenant_id
INFO  [alembic.runtime.migration] Running upgrade 4b6d8d5310b8 -> 364f9b6064f0, agentv2
INFO  [alembic.runtime.migration] Running upgrade 364f9b6064f0 -> lbaasv2_tls, lbaasv2 TLS
INFO  [alembic.runtime.migration] Running upgrade lbaasv2_tls -> 4ba00375f715, edge_driver
INFO  [alembic.runtime.migration] Running upgrade 4ba00375f715 -> kilo, kilo
INFO  [alembic.runtime.migration] Running upgrade kilo -> 3345facd0452, Initial Liberty no-op expand script.
INFO  [alembic.runtime.migration] Running upgrade 3345facd0452 -> 4a408dd491c2, Addition of Name column to lbaas_members and lbaas_healthmonitors table
INFO  [alembic.runtime.migration] Running upgrade 4a408dd491c2 -> 3426acbc12de, Add flavor id
INFO  [alembic.runtime.migration] Running upgrade 3426acbc12de -> 6aee0434f911, independent pools
INFO  [alembic.runtime.migration] Running upgrade 6aee0434f911 -> 3543deab1547, add_l7_tables
INFO  [alembic.runtime.migration] Running upgrade 3543deab1547 -> 62deca5010cd, Add tenant-id index for L7 tables
INFO  [alembic.runtime.migration] Running upgrade kilo -> 130ebfdef43, Initial Liberty no-op contract revision.
  OK
Created symlink from /etc/systemd/system/multi-user.target.wants/openvswitch.service to /usr/lib/systemd/system/openvswitch.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-server.service to /usr/lib/systemd/system/neutron-server.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-openvswitch-agent.service to /usr/lib/systemd/system/neutron-openvswitch-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-dhcp-agent.service to /usr/lib/systemd/system/neutron-dhcp-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service to /usr/lib/systemd/system/neutron-metadata-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-l3-agent.service to /usr/lib/systemd/system/neutron-l3-agent.service.
  • 在compute節(jié)點執(zhí)行腳本iaas-install-neutron-compute.sh進行neutron網(wǎng)絡服務安裝
[root@compute ~]# iaas-install-neutron-compute.sh

Dependency Installed:
conntrack-tools.x86_64 0:1.4.2-9.el7 dibbler-client.x86_64 0:1.0.1-0.RC1.2.el7
dnsmasq-utils.x86_64 0:2.66-14.el7_2.1 ipset-libs.x86_64 0:6.19-4.el7
keepalived.x86_64 0:1.2.13-7.el7 libnetfilter_cthelper.x86_64 0:1.0.0-8.el7
libnetfilter_cttimeout.x86_64 0:1.0.0-6.el7 libnetfilter_queue.x86_64 0:1.0.2-2.el7
libxml2-python.x86_64 0:2.9.1-6.el7_2.3 libxslt-python.x86_64 0:1.1.28-5.el7
lm_sensors-libs.x86_64 0:3.3.4-11.el7 net-snmp-agent-libs.x86_64 1:5.7.2-24.el7_2.1
net-snmp-libs.x86_64 1:5.7.2-24.el7_2.1 openstack-neutron-common.noarch 1:8.1.2-1.el7
openvswitch.x86_64 0:2.5.0-2.el7 python-beautifulsoup4.noarch 0:4.4.1-3.el7
python-designateclient.noarch 0:2.0.0-1.el7 python-html5lib.noarch 1:0.999-5.el7
python-logutils.noarch 0:0.3.3-3.el7 python-ncclient.noarch 0:0.4.2-2.el7
python-neutron.noarch 1:8.1.2-1.el7 python-neutron-lib.noarch 0:0.0.2-1.el7
python-openvswitch.noarch 0:2.5.0-2.el7 python-ryu.noarch 0:3.30-1.el7
python-simplegeneric.noarch 0:0.8-7.el7 python-waitress.noarch 0:0.8.9-5.el7
python-webtest.noarch 0:2.0.23-1.el7 python2-pecan.noarch 0:1.0.2-2.el7
python2-singledispatch.noarch 0:3.4.0.3-4.el7

Dependency Updated:
libxml2.x86_64 0:2.9.1-6.el7_2.3

Complete!
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
Created symlink from /etc/systemd/system/multi-user.target.wants/openvswitch.service to /usr/lib/systemd/system/openvswitch.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-openvswitch-agent.service to /usr/lib/systemd/system/neutron-openvswitch-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service to /usr/lib/systemd/system/neutron-metadata-agent.service.

  • 在controller節(jié)點執(zhí)行腳本iaas-install-neutron-controller-gre.sh進行gre網(wǎng)絡安裝配置
[root@controller ~]# iaas-install-neutron-controller-gre.sh

INFO  [alembic.runtime.migration] Will assume non-transacti
  • 在compute節(jié)點執(zhí)行腳本iaas-install-neutron-compute-gre.sh進行gre網(wǎng)絡安裝配置
[root@compute ~]# iaas-install-neutron-compute-gre.sh
  • 在controller節(jié)點執(zhí)行腳本iaas-install-dashboard.sh進行dashboard服務安裝
[root@controller ~]# iaas-install-dashboard.sh
 python-XStatic-jQuery.noarch 0:1.10.2.1-1.el7                                                        
  python-XStatic-jquery-ui.noarch 0:1.10.4.1-1.el7                                                     
  python-XStatic-smart-table.noarch 0:1.4.5.3-5.el7.1                                                  
  python-XStatic-termjs.noarch 0:0.0.4.2-2.el7                                                         
  python-ceilometerclient.noarch 0:2.3.0-1.el7                                                         
  python-django.noarch 0:1.8.14-1.el7                                                                  
  python-django-appconf.noarch 0:1.0.1-4.el7                                                           
  python-django-bash-completion.noarch 0:1.8.14-1.el7                                                  
  python-django-compressor.noarch 0:2.0-1.el7                                                          
  python-django-horizon.noarch 1:9.0.1-1.el7.centos                                                    
  python-django-openstack-auth.noarch 0:2.2.0-1.el7                                                    
  python-django-pyscss.noarch 0:2.0.2-1.el7                                                            
  python-heatclient.noarch 0:1.0.0-1.el7                                                               
  python-lesscpy.noarch 0:0.9j-4.el7                                                                   
  python-lockfile.noarch 1:0.9.1-4.el7.centos                                                          
  python-pathlib.noarch 0:1.0.1-1.el7                                                                  
  python-pint.noarch 0:0.6-2.el7                                                                       
  python-saharaclient.noarch 0:0.13.0-1.el7                                                            
  python-versiontools.noarch 0:1.9.1-4.el7                                                             
  python2-XStatic-bootswatch.noarch 0:3.3.5.3-2.el7                                                    
  python2-XStatic-mdi.noarch 0:1.1.70.1-5.el7                                                          
  python2-XStatic-roboto-fontface.noarch 0:0.4.3.2-8.el7                                               
  python2-rcssmin.x86_64 0:1.0.6-2.el7                                                                 
  python2-rjsmin.x86_64 0:1.0.12-2.el7                                                                 
  python2-scss.x86_64 0:1.3.4-6.el7                                                                    
  python2-troveclient.noarch 0:2.1.2-2.el7                                                             
  roboto-fontface-common.noarch 0:0.4.3.2-8.el7                                                        
  roboto-fontface-fonts.noarch 0:0.4.3.2-8.el7                                                         
  web-assets-filesystem.noarch 0:5-1.el7                                                               

Complete!
[root@controller ~]#
  • 上述操作完成后,打開瀏覽器,打開網(wǎng)頁 http://192.168.10.20/dashboard(根據(jù)自己實際情況,填寫controller IP)進行驗證服務,域、用戶名和密碼(域:demo 用戶名:admin 密碼:000000)。
    openstack云平臺搭建與使用
    openstack云平臺搭建與使用

安裝Swift服務

  • 在controller節(jié)點依次執(zhí)行iaas-install-swift-controller.sh和compute節(jié)點iaas-install-swift-compute.sh腳本即可完成安裝
[root@controller ~]# iaas-install-swift-controller.sh
[root@compute ~]# iaas-install-swift-compute.sh

注:compute節(jié)點安裝時,需要輸入controller密碼(000000)

  • controller節(jié)點查看一下Swift的狀態(tài)
[root@controller ~]# source /etc/keystone/admin-openrc.sh
[root@controller ~]#  swift stat
        Account: AUTH_81ea07237d034c4e99369581c1b4db89
     Containers: 0
        Objects: 0
          Bytes: 0
X-Put-Timestamp: 1653716829.25598
    X-Timestamp: 1653716829.25598
     X-Trans-Id: txd872259f2fb24b0781102-006291b75c
   Content-Type: text/plain; charset=utf-8
  • 查看容器
[root@controller ~]# swift list
  • 創(chuàng)建容器(創(chuàng)建一個容器,名稱為gw001,并查看)
[root@controller ~]# swift post gw001
[root@controller ~]# swift list
gw001
  • 容器操作(上傳一個文件到這個容器中,并查看)
[root@controller ~]#  swift upload gw001 anaconda-ks.cfg 
anaconda-ks.cfg
[root@controller ~]#  swift list gw001
anaconda-ks.cfg
  • 刪除這個文件后刪除這個容器
[root@controller ~]# swift delete gw001 anaconda-ks.cfg
[root@controller ~]# swift list gw001
[root@controller ~]# swift delete gw001
[root@controller ~]# swift list

配置Cinder塊存儲

  • 在controller節(jié)點執(zhí)行下列腳本,按順序安裝Cinder服務
[root@controller ~]#  iaas-install-cinder-controller.sh
[root@compute ~]#iaas-install-cinder-compute.sh
  • 使用Cinder塊存儲
    • 登錄OpenStack
      openstack云平臺搭建與使用
    • 修改安全規(guī)則(放行所有的協(xié)議規(guī)則)
      openstack云平臺搭建與使用
  • 創(chuàng)建網(wǎng)絡

    • 單擊界面左側“管理員”列表下的“系統(tǒng)面板→網(wǎng)絡”按鈕,接著在界面右側單擊“創(chuàng)建網(wǎng)絡”按鈕

    • 首先創(chuàng)建一個網(wǎng)絡(外網(wǎng)),在彈出的“創(chuàng)建網(wǎng)絡”對話框中,“名稱”文本框內輸入“ext-net”,單擊“項目”下的倒三角按鈕▼,在打開的下拉菜單中選擇“admin”選項,供應商選擇 “GRE”,勾選“共享的”和“外部網(wǎng)絡”2個選項,段ID文本框輸入“1”,最后單擊右下角“提交”按鈕,完成創(chuàng)建
      openstack云平臺搭建與使用

    • 進入ext-net網(wǎng)絡詳情頁面,單擊“子網(wǎng)”列表中“創(chuàng)建子網(wǎng)”按鈕,進行創(chuàng)建子網(wǎng)。輸入相關信息后,點擊下一步按鈕,進入子網(wǎng)詳情界面,直接點擊已創(chuàng)建按鈕,此時子網(wǎng)創(chuàng)建成功。
      在這里插入圖片描述

  • 創(chuàng)建內網(wǎng)網(wǎng)絡
    • 彈出的“創(chuàng)建網(wǎng)絡”對話框中,“名稱”文本框內輸入“int-net”,單擊“項目”下的倒三角按鈕▼,在打開的下拉菜單中選擇“admin”選項,最后單擊右下角“提交”按鈕,完成創(chuàng)建
      openstack云平臺搭建與使用
  • 為內網(wǎng)創(chuàng)建子網(wǎng)
    openstack云平臺搭建與使用
  • 創(chuàng)建路由
    • 左側“項目”列表下的“網(wǎng)絡→路由”按鈕,接著在界面右側“路由”列表中單擊“新建路由”按鈕,進行路由的創(chuàng)建
      外部網(wǎng)絡選擇剛剛新建的外網(wǎng)ext-netopenstack云平臺搭建與使用
  • 為路由添加新的接口,接口接到我們內網(wǎng)int-net
    openstack云平臺搭建與使用

上傳鏡像

  • 回到controller節(jié)點,使用命令上傳鏡像
[root@controller ~]# glance image-create --name centos --disk-format qcow2  --container-format bare  --progress <  /xiandian/images/CentOS_7.2_x86_64_XD.qcow2 
[=============================>] 100%
+------------------+--------------------------------------+
| Property         | Value                                |
+------------------+--------------------------------------+
| checksum         | ea197f4c679b8e1ce34c0aa70ae2a94a     |
| container_format | bare                                 |
| created_at       | 2022-05-28T06:18:00Z                 |
| disk_format      | qcow2                                |
| id               | 8a3c6a4e-e7a5-4e25-83c4-6e93bbf6c2f2 |
| min_disk         | 0                                    |
| min_ram          | 0                                    |
| name             | centos                               |
| owner            | 81ea07237d034c4e99369581c1b4db89     |
| protected        | False                                |
| size             | 400752640                            |
| status           | active                               |
| tags             | []                                   |
| updated_at       | 2022-05-28T06:18:07Z                 |
| virtual_size     | None                                 |
| visibility       | private                              |
+------------------+--------------------------------------+

注:若執(zhí)行上述代碼報錯,需要先運行代碼: source /etc/keystone/admin-openrc.sh

創(chuàng)建云主機

  • 點擊 計算→云主機,開始創(chuàng)建云主機
    openstack云平臺搭建與使用
    openstack云平臺搭建與使用
    openstack云平臺搭建與使用
    openstack云平臺搭建與使用
    openstack云平臺搭建與使用
    openstack云平臺搭建與使用
    openstack云平臺搭建與使用
  • 綁定浮動ip
    openstack云平臺搭建與使用
    openstack云平臺搭建與使用
    openstack云平臺搭建與使用

openstack云平臺搭建與使用

  • 然后通過WEB界面的終端方式進去云主機即可,驗證登錄OpenStack(密碼:000000)openstack云平臺搭建與使用

云硬盤掛載使用

  • 到controller節(jié)點,創(chuàng)建一個卷設備,名稱為test 1,大小為2 G的卷??梢允褂妹頲inder list查看
[root@controller ~]# source /etc/keystone/admin-openrc.sh
You have mail in /var/spool/mail/root
[root@controller ~]# cinder create --display-name test1 2
+--------------------------------+--------------------------------------+
|            Property            |                Value                 |
+--------------------------------+--------------------------------------+
|          attachments           |                  []                  |
|       availability_zone        |                 nova                 |
|            bootable            |                false                 |
|      consistencygroup_id       |                 None                 |
|           created_at           |      2022-05-28T06:57:43.000000      |
|          description           |                 None                 |
|           encrypted            |                False                 |
|               id               | 86c41fb6-cc12-4250-b79e-1474d5f64363 |
|            metadata            |                  {}                  |
|        migration_status        |                 None                 |
|          multiattach           |                False                 |
|              name              |                test1                 |
|     os-vol-host-attr:host      |                 None                 |
| os-vol-mig-status-attr:migstat |                 None                 |
| os-vol-mig-status-attr:name_id |                 None                 |
|  os-vol-tenant-attr:tenant_id  |   81ea07237d034c4e99369581c1b4db89   |
|       replication_status       |               disabled               |
|              size              |                  2                   |
|          snapshot_id           |                 None                 |
|          source_volid          |                 None                 |
|             status             |               creating               |
|           updated_at           |                 None                 |
|            user_id             |   2bee802355b24023968dc6e4bd11c983   |
|          volume_type           |                 None                 |
+--------------------------------+--------------------------------------+
[root@controller ~]# cinder list
+--------------------------------------+-----------+-------+------+-------------+----------+-------------+
|                  ID                  |   Status  |  Name | Size | Volume Type | Bootable | Attached to |
+--------------------------------------+-----------+-------+------+-------------+----------+-------------+
| 86c41fb6-cc12-4250-b79e-1474d5f64363 | available | test1 |  2   |      -      |  false   |             |
+--------------------------------------+-----------+-------+------+-------------+----------+-------------+
  • 在OpenStack主頁面中,單擊界面左側“項目”列表下的“計算->卷”
    openstack云平臺搭建與使用

openstack云平臺搭建與使用

  • 在“卷”頁面中可以看到“連接到”中有“在設備/dev/vdb上連接到test”的信息
    openstack云平臺搭建與使用

Keystone管理認證用戶

概述

在 OpenStack 框架中,Keystone(OpenStack Identity Service)的功能是負責驗證身份、校驗服務規(guī)則和發(fā)布服務令牌的,它實現(xiàn)了OpenStack的Identity API。Keystone可分解為兩個功能,即權限管理和服務目錄。權限管理主要用于用戶的管理授權。服務目錄,類似一個服務總線,或者說是整個OpenStack框架的注冊表。認證模塊提供API服務、token令牌機制、服務目錄、規(guī)則和認證發(fā)布等功能。

實驗目標

  • 配置并啟用認證服務。
  • 創(chuàng)建用戶賬號alice。
  • 創(chuàng)建項目acme,用于管理一組賬戶。
  • 創(chuàng)建角色compute-user,用于用戶權限的管理。
  • 綁定用戶和項目的權限。

實驗環(huán)境

大數(shù)據(jù)實訓平臺、IaaS_Mitaka_ALLinone.qcow2。

實驗準備

  1. 相關概念
    (1)認證(Authentication)。
    (2)證書(Credentials)。
    (3)令牌(Token)。
    (4)項目(project)。
    (5)用戶(User)。
    (6)角色(Role)。
    使用云服務的用戶不局限于人,也可以是系統(tǒng)或者服務。用戶可以通過指定的令牌登 錄系統(tǒng)并調用資源。用戶可以被分配到特定項目并執(zhí)行項目相關操作。
  2. 認證服務流程
    用戶請求云主機的流程涉及認證Keystone服務、計算Nova服務、鏡像Glance服務,在服務流程中,令牌(Token)作為流程認證傳遞,具體服務申請認證機制流程,如圖
    openstack云平臺搭建與使用

實驗步驟

  • 配置Keystone應用環(huán)境
    • 在安裝Keystone服務之前需要指定用戶名和密碼,通過認證服務來進行身份認證,在開始階段是沒有創(chuàng)建任何的用戶的,所以必須使用授權令牌和服務的訪問接口來創(chuàng)建特定進行身份認證的用戶,之后需要創(chuàng)建一個管理用戶的環(huán)境變量(admin-openrc.sh)來管理最終的憑證和終端。
    • 在安裝Keystone服務之后,產生的主配置文件存放在/etc/keystone 目錄中,名為 keystone.conf,在配置文件中需要配置初始的Token值和數(shù)據(jù)庫的連接地址。
    • Keystone服務安裝完畢,可以通過請求身份令牌來驗證服務,具體命令如下,(以 admin 用戶訪問http://xiandian:35357/v3地址獲取token值)
[root@controller ~]# openstack --os-project-name admin --os-domain-name xiandian --os-username admin --os-password 000000 --os-auth-url http://localhost:35357/v3 token issue
+------------+----------------------------------------------------------------------------------------------+
| Field      | Value                                                                                        |
+------------+----------------------------------------------------------------------------------------------+
| expires    | 2022-05-28T08:24:46.438626Z                                                                  |
| id         | gAAAAABikc4-R-jrAhRef15-hrQxBUPw0zPMzi8WOs-ZhDazFYpPNE-                                      |
|            | M2SVktdWfAuViYImyuHFYKwyFsGe5nxnAkcfnElQZYT3nFC-eRNJAH2JJZ496i0-TCGUv4R-F55vmSSVHYO3kLN1Mj-  |
|            | cdhYjJbW-REAEY2BAUqJFckfzxT4yEe67Om1M                                                        |
| project_id | 81ea07237d034c4e99369581c1b4db89                                                             |
| user_id    | 2bee802355b24023968dc6e4bd11c983                                                             |
+------------+----------------------------------------------------------------------------------------------+

**注意:如執(zhí)行錯誤,請等待2-3秒后重新執(zhí)行該命令。 **

  • 管理用戶驗證
    OpenStack 的用戶(user)包括云平臺使用者、服務以及系統(tǒng)。用戶通過認證登錄系統(tǒng)并 調用資源。為方便管理,用戶被分配到一個或多個項目(project),項目是用戶的集合。為給用戶分配不同的權限,Keystone設置了角色(Role),角色是代表用戶可以訪問的資源等權限。用戶可以被添加到任意一個全局的或項目內的角色中。在全局的角色中,用戶的角色權限作用于所有的用戶,即可以對所有的用戶執(zhí)行角色規(guī)定的權限;項目內的角色,用戶僅能在當前項目內執(zhí)行角色規(guī)定的權限,下面介紹幾種常見操作。
    • 創(chuàng)建用戶
      在openstack系統(tǒng)中進行操作需生效環(huán)境變量,執(zhí)行命令如下。
    • 創(chuàng)建一個名稱為“alice”賬戶,密碼為“mypassword123”,郵箱為“alice@example.com”。執(zhí)行命令如下。
[root@controller ~]# openstack user create --password mypassword123 --email alice@example.com --domain demo alice
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| email     | alice@example.com                |
| enabled   | True                             |
| id        | 682c3257d62748028d1a1e7cc7ac6efb |
| name      | alice                            |
+-----------+----------------------------------+
  • 創(chuàng)建項目
    一個項目就是一個項目、團隊或組織,當請求OpenStack服務時,你必須定義一個項 目。例如,查詢計算服務正在運行的云主機實例列表
    創(chuàng)建一個名為“acme”項目
[root@controller ~]# openstack project create --domain demo acme
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description |                                  |
| domain_id   | 942f35ec481245a48d6100c6683a5fcb |
| enabled     | True                             |
| id          | 179cab81dcae4692afee5add4a6399a3 |
| is_domain   | False                            |
| name        | acme                             |
| parent_id   | 942f35ec481245a48d6100c6683a5fcb |
+-------------+----------------------------------+
  • 創(chuàng)建角色
    角色限定了用戶的操作權限。例如,創(chuàng)建一個角色“compute-user”,執(zhí)行命令如下。
[root@controller ~]# openstack role create compute-user
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | c7c1a505197246d3a20678746acc04cd |
| name      | compute-user                     |
+-----------+----------------------------------+
  • 綁定用戶和項目權限
    添加的用戶需要分配一定的權限,這就需要把用戶關聯(lián)綁定到對應的項目和角色。例如,給用戶“alice”分配“acme”項目下的“compute-user”角色,執(zhí)行命令如下。
[root@controller ~]# openstack role add --user alice --project acme compute-user

創(chuàng)建項目、用戶并綁定用戶權限

概述

權限管理主要用于用戶的管理授權。服務目錄,類似一個服務總線,或者說是整個OpenStack框架的注冊表。認證模塊提供API服務、token令牌機制、服務目錄、規(guī)則和認證發(fā)布等功能。

實驗目標

  • 公司有100名員工,其中50名為項目研發(fā)部(研發(fā)環(huán)境),45名為業(yè)務部(辦公環(huán)境),5人IT工程部(運維環(huán)境)。
  • 根據(jù)企業(yè)人員部門分配,現(xiàn)構建3個項目,100個用戶,管理人員擁有管理員權限,其余人員擁有普通用戶權限,規(guī)劃表見表
    openstack云平臺搭建與使用

實驗環(huán)境

大數(shù)據(jù)實訓平臺、IaaS_Mitaka_ALLinone.qcow2。
【實驗準備】
OpenStack服務(service),如Nova、Glance、Swift、Heat、Ceilometer 等。

  • Nova 提供 云計算服務
  • Glance提供鏡像管理服務
  • Swift提供對象存儲服務
  • Heat 提供資源編排服務
  • Ceilometer提供告警計費服務
  • Cinder提供塊存儲服務
  • 為了方便用戶調用這些服務,OpenStack為每一個服務提供一個用于訪問的端點(endpoint)
  • 如果需要訪問服務,則必須知道它的端點。端點一般為url,我們知道服務的url,就可以訪問它。
  • 端點的url具有public、private和admin三種權限。
  • public url可以被全局訪問,private url只能被局域網(wǎng)訪問,admin url被從常規(guī)的訪問中分離出來。

常用的服務管理命令

(1)創(chuàng)建服務

# openstack service create

功能:創(chuàng)建服務。
格式:

# openstack service create --name <name> <type>
[--description <description>]

參數(shù)說明。
–name 創(chuàng)建的服務名稱。
創(chuàng)建服務類型。
–description 創(chuàng)建服務描述。

(2)創(chuàng)建服務訪問端點

# openstack endpoint create

功能:創(chuàng)建服務訪問的API端點。
格式:

# openstack endpoint create [--region <region-id>] 
<service> <interface> <url>
[--enable | --disable]

參數(shù)說明。
–region 創(chuàng)建端點的區(qū)域 id。
端點創(chuàng)建的使用服務名稱。

(3)查詢服務目錄

# source /etc/keystone/admin-openrc.sh 

[root@controller ~]# openstack catalog list
+----------+--------------+-----------------------------------------------------------------------------+
| Name     | Type         | Endpoints                                                                   |
+----------+--------------+-----------------------------------------------------------------------------+
| swift    | object-store | RegionOne                                                                   |
|          |              |   internal: http://controller:8080/v1/AUTH_81ea07237d034c4e99369581c1b4db89 |
|          |              | RegionOne                                                                   |
|          |              |   admin: http://controller:8080/v1                                          |
|          |              | RegionOne                                                                   |
|          |              |   public: http://controller:8080/v1/AUTH_81ea07237d034c4e99369581c1b4db89   |
|          |              |                                                                             |
| glance   | image        | RegionOne                                                                   |
|          |              |   internal: http://controller:9292                                          |
|          |              | RegionOne                                                                   |
|          |              |   admin: http://controller:9292                                             |
|          |              | RegionOne                                                                   |
|          |              |   public: http://controller:9292                                            |
|          |              |                                                                             |
| cinder   | volume       | RegionOne                                                                   |
|          |              |   internal: http://controller:8776/v1/81ea07237d034c4e99369581c1b4db89      |
|          |              | RegionOne                                                                   |
|          |              |   admin: http://controller:8776/v1/81ea07237d034c4e99369581c1b4db89         |
|          |              | RegionOne                                                                   |
|          |              |   public: http://controller:8776/v1/81ea07237d034c4e99369581c1b4db89        |
|          |              |                                                                             |
| nova     | compute      | RegionOne                                                                   |
|          |              |   admin: http://controller:8774/v2.1/81ea07237d034c4e99369581c1b4db89       |
|          |              | RegionOne                                                                   |
|          |              |   internal: http://controller:8774/v2.1/81ea07237d034c4e99369581c1b4db89    |
|          |              | RegionOne                                                                   |
|          |              |   public: http://controller:8774/v2.1/81ea07237d034c4e99369581c1b4db89      |
|          |              |                                                                             |
| cinderv2 | volumev2     | RegionOne                                                                   |
|          |              |   public: http://controller:8776/v2/81ea07237d034c4e99369581c1b4db89        |
|          |              | RegionOne                                                                   |
|          |              |   admin: http://controller:8776/v2/81ea07237d034c4e99369581c1b4db89         |
|          |              | RegionOne                                                                   |
|          |              |   internal: http://controller:8776/v2/81ea07237d034c4e99369581c1b4db89      |
|          |              |                                                                             |
| keystone | identity     | RegionOne                                                                   |
|          |              |   internal: http://controller:5000/v3                                       |
|          |              | RegionOne                                                                   |
|          |              |   admin: http://controller:35357/v3                                         |
|          |              | RegionOne                                                                   |
|          |              |   public: http://controller:5000/v3                                         |
|          |              |                                                                             |
| neutron  | network      | RegionOne                                                                   |
|          |              |   public: http://controller:9696                                            |
|          |              | RegionOne                                                                   |
|          |              |   admin: http://controller:9696                                             |
|          |              | RegionOne                                                                   |
|          |              |   internal: http://controller:9696                                          |
|          |              |                                                                             |
+----------+--------------+-----------------------------------------------------------------------------+

Service Catalog(服務目錄)是Keystone為OpenStack提供的一個REST API 端點列表,并以此作為決策參考。顯示某個service信息,命令格式如下:

# openstack catalog show <service>

參數(shù)是指顯示某個service。

實驗步驟

  1. 創(chuàng)建項目
    創(chuàng)建項目研發(fā)部(research and development department)名為RD_Dept的項目、業(yè)務部(business department)名為BS_Dept的項目、IT 工程部(engineering department)名為IT_Dept的項目。
    在openstack系統(tǒng)中進行操作需生效環(huán)境變量,執(zhí)行命令如下:
[root@controller ~]# source /etc/keystone/admin-openrc.sh
  • 創(chuàng)建一個名為BS_Dept的項目,執(zhí)行命令如下:
[root@controller ~]# source /etc/keystone/admin-openrc.sh
[root@controller ~]# openstack project create "BS_Dept" --domain demo --description 業(yè)務部門
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | 業(yè)務部門                         |
| domain_id   | 942f35ec481245a48d6100c6683a5fcb |
| enabled     | True                             |
| id          | a7576f6ab86740cab6c7e3130ccecd82 |
| is_domain   | False                            |
| name        | BS_Dept                          |
| parent_id   | 942f35ec481245a48d6100c6683a5fcb |
+-------------+----------------------------------+
  • 獲取BS_Dept項目詳細信息,執(zhí)行命令如下:
[root@controller ~]# openstack project show BS_Dept
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | 業(yè)務部門                         |
| domain_id   | 942f35ec481245a48d6100c6683a5fcb |
| enabled     | True                             |
| id          | a7576f6ab86740cab6c7e3130ccecd82 |
| is_domain   | False                            |
| name        | BS_Dept                          |
| parent_id   | 942f35ec481245a48d6100c6683a5fcb |
+-------------+----------------------------------+
  • 通過腳本為工程部創(chuàng)建一個名為IT_Dept的項目。
  • 編寫Keystone-manage-project.sh腳本,執(zhí)行命令如下:
[root@controller ~]# vi Keystone-manage-project.sh
#!/bin/bash
if [  -f "/etc/keystone/admin-openrc.sh" ];then
        source /etc/keystone/admin-openrc.sh
else
        env_path=`find / -name admin-openrc.sh`
        source $env_path
fi
    echo -e "\033[31mPlease Input new Project name : eg (openstack)\033[0m "
        read New_Project_Name
        if [ ! -n "$New_Project_Name" ];then
            echo -e "\033[31mProject Name Is Empty,Exit\033[0m "
            exit 1
        fi
    echo -e "\033[31mPlease Input Project description : eg (openstack description)\033[0m "
        read New_Project_des
        if [ ! -n "$New_Project_des" ];then
             echo -e "\033[31mProject  Description  Is Empty,Exit\033[0m "
             exit 1
        fi
        T_Start=`echo $New_Project_Range |awk -F- '{ print $1}'| awk '{print $0+0}'`
        N_Start=`printf "%03d\n" $T_Start`
        T_End=`echo $New_Project_Range |awk -F- '{ print $2}' | awk '{print $0+0}'`
        N_End=`printf "%03d\n" $T_End`
        T_End1=$[$T_End+1]
               openstack project create --domain $OS_PROJECT_DOMAIN_NAME --description "Service Project" $New_Project_Name
               echo -e "\033[31mKeystone All Project List\033[0m "
               openstack project list 


~
"Keystone-manage-project.sh" [New] 27L, 1211C written
[root@controller ~]# chmod +x Keystone-manage-project.sh
[root@controller ~]# ./Keystone-manage-project.sh
Please Input new Project name : eg (openstack) 
IT_DEpt^H^H^HePt^H^H^C
[root@controller ~]# ./Keystone-manage-project.sh
Please Input new Project name : eg (openstack) 
IT_Dept
Please Input Project description : eg (openstack description) 
IT工程部門
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | 942f35ec481245a48d6100c6683a5fcb |
| enabled     | True                             |
| id          | d9a68590f02344e48664db501542cec2 |
| is_domain   | False                            |
| name        | IT_Dept                          |
| parent_id   | 942f35ec481245a48d6100c6683a5fcb |
+-------------+----------------------------------+
Keystone All Project List 
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 09ecb096e1034e5b9e5166adfc15a6f0 | service |
| 179cab81dcae4692afee5add4a6399a3 | acme    |
| 5e04233827f848228c4a5a238c1e780b | demo    |
| 81ea07237d034c4e99369581c1b4db89 | admin   |
| a7576f6ab86740cab6c7e3130ccecd82 | BS_Dept |
| d9a68590f02344e48664db501542cec2 | IT_Dept |
+----------------------------------+---------+
  1. 創(chuàng)建用戶賬號
  • 為項目研發(fā)部創(chuàng)建50個用戶,分別名為rduser001~rduser050,密碼為 cloudpasswd
  • 為業(yè)務部創(chuàng)建45個用戶,分別名為bsuser001~bsuser045,密碼為 cloudpasswd
  • 為IT工程部創(chuàng)建5個用戶,分別名為ituser001~ituser005,密碼為cloudpasswd。

創(chuàng)建用戶rduser002,密碼為cloudpasswd,執(zhí)行命令如下:

[root@controller ~]# openstack user create rduser002 --password cloudpasswd --domain demo --email rduser002@example.com
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| email     | rduser002@example.com            |
| enabled   | True                             |
| id        | 41cb35e9b08c4846a88e0277547a6fbd |
| name      | rduser002                        |
+-----------+----------------------------------+
  • 通過執(zhí)Shell腳本Keystone-manage-user.sh為項目研發(fā)部創(chuàng)建用戶 rduser003~rduser050,密碼為cloudpasswd。
  • 編寫Keystone-manage-user.sh腳本,執(zhí)行命令如下:
[root@controller ~]# vi  Keystone-manage-user.sh
#!/bin/bash
if [  -f "/etc/keystone/admin-openrc.sh" ];then
        source /etc/keystone/admin-openrc.sh
else
        env_path=`find / -name admin-openrc.sh`
        source $env_path
fi
        echo -e "\033[31mPlease Input New User Name : eg (username)\033[0m "
        read New_User_Name
                if [ ! -n "$New_User_Name" ];then
                         echo -e "\033[31mUser Name Is Empty,Exit\033[0m "
                         exit 1
                fi
        echo -e "\033[31mPlease Input User Password: eg (000000)\033[0m "
        read New_User_Pw
                if [ ! -n "$New_User_Pw" ];then
                 echo -e "\033[31mPasswd Is Empty,Exit\033[0m "
                 exit 1
           fi
        echo -e "\033[31mPlease Input User Email Address,If don't need  press enter: eg (openstack.com)\033[0m "
        read New_User_Email
                if [ ! -n "$New_User_Email" ];then
                 echo -e "\033[31mEmail Address Is Empty,Exit\033[0m "
                 exit 1
           fi
    echo -e "\033[31mPlease Input User   Beginning And End  Number: eg (001-002)\033[0m "
        read New_User_Range
            if [ ! -n "$New_User_Range" ];then
                    echo -e "\033[31mNumber Is Empty,Exit\033[0m "
                    exit 1
                else
                    U_Start=`echo $New_User_Range |awk -F- '{ print $1}'| awk '{print $0+0}'`
                    N_U_Start=`printf "%03d\n" $U_Start`
                    U_End=`echo $New_User_Range |awk -F- '{ print $2}' | awk '{print $0+0}'`
                    N_U_End=`printf "%03d\n" $U_End`
                    U_End1=$[$U_End+1]
                    IF_username_exists=`openstack user list | sed '1,3d'|sed '$d'|awk '{print $4}'`
                        for username_exists in $IF_username_exists;do
                            for (( username_number = $U_Start;username_number < $U_End1;username_number++ ));do
                                real_username_number=`printf "%03d\n" $username_number`
                                    if [ $New_User_Name$real_username_number == $username_exists ];then
                                        echo -e "\033[31mUser $New_User_Name$real_username_number is exists\033[0m "
                                        exit 1
                                    fi
                            done
                        done
            fi
        echo -e "\033[31mPlease enter the User belong Roles Name, Press enter for '_member_' role by default: eg (admin)\033[0m "
        read New_User_Role
            if [ ! -n "$New_User_Role" ];then
                    New_User_Role=_member_
           else
                    IF_Role_Exists=`openstack role list |sed '1,3d' |sed '$d' |awk '{print $4}'`
                   if  echo "${IF_Role_Exists[@]}" | grep -w "$New_User_Role" >> /dev/null ; then
                           echo "exists" >> /dev/null
                   else
                          echo -e "\033[31mRole $New_User_Role not exists\033[0m "
                          exit 1
                  fi
          fi

    echo -e "\033[31mPlease Input User belong Project Name: eg (projectname)\033[0m "
        read New_User_Tenant
                if [ ! -n "$New_User_Tenant" ];then
                         echo -e "\033[31mProject Name Is Empty,Exit\033[0m "
                         exit 1
            else
                    IF_Tenant_Exists=`openstack project list |sed '1,3d' |sed '$d' |awk '{print $4}'`
                   if  echo "${IF_Tenant_Exists[@]}" | grep -w "$New_User_Tenant" >> /dev/null ; then
                           echo "exists" >> /dev/null
                   else
                          echo -e "\033[31mProject $New_User_Tenant not exists\033[0m "
                          exit 1
                  fi
             fi
                            for (( username_number = $U_Start;username_number< $U_End1;username_number++ ));do
                                real_username_number=`printf "%03d\n" $username_number`
                                openstack user create --domain $OS_PROJECT_DOMAIN_NAME --password $New_User_Pw $New_User_Name$real_username_number --email $New_User_Name$real_username_number@$New_User_Email
                                openstack role add --project $New_User_Tenant --user $New_User_Name$real_username_number $New_User_Role
                            done
                                echo -e "\033[31mKeystone All User List\033[0m "
                                openstack user list
"Keystone-manage-user.sh" [New] 82L, 4518C written
[root@controller ~]# chmod +x Keystone-manage-user.sh
  • 創(chuàng)建研發(fā)部門項目,執(zhí)行命令如下:
[root@controller ~]#  openstack project create "RD_Dept" --domain demo  --description 研發(fā)部門
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | 研發(fā)部門                         |
| domain_id   | 942f35ec481245a48d6100c6683a5fcb |
| enabled     | True                             |
| id          | 93ae746f87744d6d9a2056ca08f602c8 |
| is_domain   | False                            |
| name        | RD_Dept                          |
| parent_id   | 942f35ec481245a48d6100c6683a5fcb |
+-------------+----------------------------------+
  • 執(zhí)行該腳本。命令行內按提示輸入用戶名稱、用戶密碼、電子郵件域名地址、用戶角色(這里只能賦予一個角色)和用戶所屬部門。
+-------------+----------------------------------+
[root@controller ~]# ./Keystone-manage-user.sh 
Please Input New User Name : eg (username) 
rduser
Please Input User Password: eg (000000) 
cloudpasswd
Please Input User Email Address,If don't need  press enter: eg (openstack.com) 
example.com
Please Input User   Beginning And End  Number: eg (001-002) 
003-050
Please enter the User belong Roles Name, Press enter for '_member_' role by default: eg (admin) 
admin
Please Input User belong Project Name: eg (projectname) 
RD_Dept
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| email     | rduser003@example.com            |
| enabled   | True                             |
| id        | ea6bd13fff4344019ee57bbc838b25c9 |
| name      | rduser003                        |
+-----------+----------------------------------+
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| email     | rduser004@example.com            |
| enabled   | True                             |
| id        | e4a66855bc3042cab24588d155c98826 |
| name      | rduser004                        |
+-----------+----------------------------------+
Keystone All User List 
+----------------------------------+-----------+
| ID                               | Name      |
+----------------------------------+-----------+
| 02a018e6ac3441f2835c817c7a1a207b | rduser005 |
| 03ba69a427474fbaac7599c942f37330 | rduser039 |
| 0499bbd56f72407eaca9f676c3a4bcfc | rduser017 |
| 065a379909d34891add243f46d060e9b | rduser043 |
| 0b744fa5759d43b5ade55586e0eb0af1 | rduser007 |
| 13e0d9dcd4564b7fafaf909b8216262d | rduser034 |
| 26c7ddc343fa4c91a1f682d21be1da7d | rduser049 |
| 2bee802355b24023968dc6e4bd11c983 | admin     |
| 2c4c0a61075a440d8f9783edd86844c6 | rduser040 |
| 2dd5669948a3409aa3296a3057cb0b3a | rduser023 |
| 375024d3247540e5b9048671fe577068 | rduser046 |
| 3a86600a0e5e47d4a6c67a8f5a9f701e | rduser021 |
| 3c70e43caefd4623b7e8a2fbd7e52fd2 | rduser035 |
| 41cb35e9b08c4846a88e0277547a6fbd | rduser002 |
| 4c9e1c3650da4b8a951ca08c0f6f2b3a | rduser026 |
| 520f96d6d8d44ddbbeb5df6573f11da7 | rduser006 |
| 563366420dc44ea89661bc2a8fe33f0b | rduser029 |
| 56e7081689b044cbbb4a1a66ef2132e7 | rduser014 |
| 6099f2288ef34dc5b4d541a3cf85f849 | rduser042 |
| 682c3257d62748028d1a1e7cc7ac6efb | alice     |
| 6d65072d602742cb9adff407a3ad1c94 | rduser045 |
| 70c4160866284154b56bf203171cfd90 | neutron   |
| 717f15d187f14fbca1f36a911e1162a8 | rduser019 |
| 75b1a57e0bf54f1c9d6a5e3a220d3247 | rduser027 |
| 818fbea675314d33a542ee58178c5424 | rduser016 |
| 82b97aaa126b4732b12e5af608f9c07c | rduser018 |
| 84f21a5bbd3846668d21c47a4077ec50 | rduser024 |
| 886b421475b045718fd17a090e7c8226 | rduser032 |
| 8aebf5350d1947f3bac7de41be461219 | nova      |
| 8aefa1e8548f49a2b3abb3884dca2d1a | rduser050 |
| 8e3671518d6b423dbfbf55ffa8249df8 | rduser033 |
| 8e695b3ca86c4a4da7968baeef3c6864 | swift     |
| 95ef2ac87c874250abb3302351c7b63a | rduser041 |
| a4362e11eb9749799228208bbc7660ea | rduser036 |
| a57a5017587b411d871e5f9b312f35ce | cinder    |
| b261500093da4de59c5f931aa0b189d4 | rduser048 |
| b82cc14513a64876a986dcbe716b1801 | rduser038 |
| b88a0cd21e784707ba90a2c0555342d1 | rduser022 |
| c403710a858947aca84d175f31dbf945 | rduser025 |
| c4a2432ee6f64b94b3689adf2684718b | rduser020 |
| c73dbc7aab41451f8de7f06b7bec0c76 | rduser013 |
| c9faecd63f034ba6b84c82cdd284f941 | rduser028 |
| cfa8e2ebd536453daa6218600f7e5dc0 | rduser037 |
| d58cec1f07d94eec8f9e3f62570e56e4 | rduser015 |
| d5f1679ee5a74233b2cd46c74f38f0c0 | rduser008 |
| d88027b6b6944427bda9557318b8c979 | rduser030 |
| e46f397e0f0847be8cfaf173db5529db | rduser011 |
| e4a66855bc3042cab24588d155c98826 | rduser004 |
| ea6bd13fff4344019ee57bbc838b25c9 | rduser003 |
| ebb2d2324b054189acf2bd5a62b6555a | demo      |
| ebc7727d5cb84d2494359cdd235617d9 | glance    |
| f445e8dcdd334b8d80b66c8c256456a7 | rduser010 |
| f603db86e0604034a3b6f1d0205d0dcb | rduser031 |
| f6b329cd87d6415a83ee7a80e292f7f3 | rduser012 |
| f936aead65bb4a1fad2ccc861cb8b359 | rduser044 |
| fc1ee42060ba42bc9962868b3c86c67a | rduser009 |
| fe5ee9633d574c40848732382be797ea | rduser047 |
+----------------------------------+-----------+
  • 通過執(zhí)行Shell 腳本為IT工程部創(chuàng)建用戶ituser001~ituser005,密碼為 cloudpasswd。
[root@controller ~]# ./Keystone-manage-user.sh 
Please Input New User Name : eg (username) 
ituser
Please Input User Password: eg (000000) 
cloudpasswd
Please Input User Email Address,If don't need  press enter: eg (openstack.com) 
example.com
Please Input User   Beginning And End  Number: eg (001-002) 
001-005
Please enter the User belong Roles Name, Press enter for '_member_' role by default: eg (admin) 
admin
Please Input User belong Project Name: eg (projectname) 
IT_Dept
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| email     | ituser001@example.com            |
| enabled   | True                             |
| id        | ed089ab3014d4c0393439fa6b8bf0f2e |
| name      | ituser001                        |
+-----------+----------------------------------+
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| email     | ituser002@example.com            |
| enabled   | True                             |
| id        | 8dfceea3982e4bf3875fa559b2e02b5a |
| name      | ituser002                        |
+-----------+----------------------------------+
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| email     | ituser003@example.com            |
| enabled   | True                             |
| id        | 4fb78b56fcb14175885ea188da68a468 |
| name      | ituser003                        |
+-----------+----------------------------------+
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| email     | ituser004@example.com            |
| enabled   | True                             |
| id        | 212ae123a4a345c9b05c3cf0852b2197 |
| name      | ituser004                        |
+-----------+----------------------------------+
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| email     | ituser005@example.com            |
| enabled   | True                             |
| id        | 1345c045e91e428eb64e355bbae98505 |
| name      | ituser005                        |
+-----------+----------------------------------+
Keystone All User List 
+----------------------------------+-----------+
| ID                               | Name      |
+----------------------------------+-----------+
| 02a018e6ac3441f2835c817c7a1a207b | rduser005 |
| 03ba69a427474fbaac7599c942f37330 | rduser039 |
| 0499bbd56f72407eaca9f676c3a4bcfc | rduser017 |
| 065a379909d34891add243f46d060e9b | rduser043 |
| 0b744fa5759d43b5ade55586e0eb0af1 | rduser007 |
| 1345c045e91e428eb64e355bbae98505 | ituser005 |
| 13e0d9dcd4564b7fafaf909b8216262d | rduser034 |
| 212ae123a4a345c9b05c3cf0852b2197 | ituser004 |
| 26c7ddc343fa4c91a1f682d21be1da7d | rduser049 |
| 2bee802355b24023968dc6e4bd11c983 | admin     |
| 2c4c0a61075a440d8f9783edd86844c6 | rduser040 |
| 2dd5669948a3409aa3296a3057cb0b3a | rduser023 |
| 375024d3247540e5b9048671fe577068 | rduser046 |
| 3a86600a0e5e47d4a6c67a8f5a9f701e | rduser021 |
| 3c70e43caefd4623b7e8a2fbd7e52fd2 | rduser035 |
| 41cb35e9b08c4846a88e0277547a6fbd | rduser002 |
| 4c9e1c3650da4b8a951ca08c0f6f2b3a | rduser026 |
| 4fb78b56fcb14175885ea188da68a468 | ituser003 |
| 520f96d6d8d44ddbbeb5df6573f11da7 | rduser006 |
| 563366420dc44ea89661bc2a8fe33f0b | rduser029 |
| 56e7081689b044cbbb4a1a66ef2132e7 | rduser014 |
| 6099f2288ef34dc5b4d541a3cf85f849 | rduser042 |
| 682c3257d62748028d1a1e7cc7ac6efb | alice     |
| 6d65072d602742cb9adff407a3ad1c94 | rduser045 |
| 70c4160866284154b56bf203171cfd90 | neutron   |
| 717f15d187f14fbca1f36a911e1162a8 | rduser019 |
| 75b1a57e0bf54f1c9d6a5e3a220d3247 | rduser027 |
| 818fbea675314d33a542ee58178c5424 | rduser016 |
| 82b97aaa126b4732b12e5af608f9c07c | rduser018 |
| 84f21a5bbd3846668d21c47a4077ec50 | rduser024 |
| 886b421475b045718fd17a090e7c8226 | rduser032 |
| 8aebf5350d1947f3bac7de41be461219 | nova      |
| 8aefa1e8548f49a2b3abb3884dca2d1a | rduser050 |
| 8dfceea3982e4bf3875fa559b2e02b5a | ituser002 |
| 8e3671518d6b423dbfbf55ffa8249df8 | rduser033 |
| 8e695b3ca86c4a4da7968baeef3c6864 | swift     |
| 95ef2ac87c874250abb3302351c7b63a | rduser041 |
| a4362e11eb9749799228208bbc7660ea | rduser036 |
| a57a5017587b411d871e5f9b312f35ce | cinder    |
| b261500093da4de59c5f931aa0b189d4 | rduser048 |
| b82cc14513a64876a986dcbe716b1801 | rduser038 |
| b88a0cd21e784707ba90a2c0555342d1 | rduser022 |
| c403710a858947aca84d175f31dbf945 | rduser025 |
| c4a2432ee6f64b94b3689adf2684718b | rduser020 |
| c73dbc7aab41451f8de7f06b7bec0c76 | rduser013 |
| c9faecd63f034ba6b84c82cdd284f941 | rduser028 |
| cfa8e2ebd536453daa6218600f7e5dc0 | rduser037 |
| d58cec1f07d94eec8f9e3f62570e56e4 | rduser015 |
| d5f1679ee5a74233b2cd46c74f38f0c0 | rduser008 |
| d88027b6b6944427bda9557318b8c979 | rduser030 |
| e46f397e0f0847be8cfaf173db5529db | rduser011 |
| e4a66855bc3042cab24588d155c98826 | rduser004 |
| ea6bd13fff4344019ee57bbc838b25c9 | rduser003 |
| ebb2d2324b054189acf2bd5a62b6555a | demo      |
| ebc7727d5cb84d2494359cdd235617d9 | glance    |
| ed089ab3014d4c0393439fa6b8bf0f2e | ituser001 |
| f445e8dcdd334b8d80b66c8c256456a7 | rduser010 |
| f603db86e0604034a3b6f1d0205d0dcb | rduser031 |
| f6b329cd87d6415a83ee7a80e292f7f3 | rduser012 |
| f936aead65bb4a1fad2ccc861cb8b359 | rduser044 |
| fc1ee42060ba42bc9962868b3c86c67a | rduser009 |
| fe5ee9633d574c40848732382be797ea | rduser047 |
+----------------------------------+-----------+
  • 通過Shell命令行將項目研發(fā)部用戶rduser002綁定普通用戶權限,執(zhí)行命令如下:
[root@controller ~]# openstack role create  _member_
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 9fe2ff9ee4384b1894a90878d3e92bab |
| name      | _member_                         |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --user rduser002 --project RD_Dept _member_
[root@controller ~]# openstack role list --user rduser002 --project RD_Dept
+----------------------------------+----------+---------+-----------+
| ID                               | Name     | Project | User      |
+----------------------------------+----------+---------+-----------+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | RD_Dept | rduser002 |
+----------------------------------+----------+---------+-----------+
  • 編寫 腳本將項目IT工程部用ituser001~ituser005綁定普通用戶和管理員用戶權限
[root@controller ~]# vi  Keystone-manage-add-role.sh
#!/bin/bash
# 1st keystone
if [  -f "/etc/keystone/admin-openrc.sh" ];then
        source /etc/keystone/admin-openrc.sh
else
env_path=`find / -name admin-openrc.sh`
        source $env_path
fi
        echo -e "\033[31mPlease Enter The User Name\033[0m "
        read Add_Role_Username
        echo -e "\033[31mPlease Input User  Beginning And End  Number: eg (001-002)\033[0m "
        read Add_User_Range
                if [ ! -n "$Add_User_Range" ];then
                    Add_User_Range=$Add_User_Range
                else
                    A_R_Start=`echo $Add_User_Range |awk -F- '{ print $1}'| awk '{print $0+0}'`
                    A_R_U_Start=`printf "%03d\n" $A_R_Start`
                    A_R_End=`echo $Add_User_Range |awk -F- '{ print $2}' | awk '{print $0+0}'`
                    A_R_U_End=`printf "%03d\n" $A_R_End`
                    A_R_End1=$[$A_R_End+1]
                fi
        echo -e "\033[31mPlease Enter the Project Name\033[0m "
        read Add_Role_Tenant
            IF_Tenant_Exists=`openstack project list |sed '1,3d' |sed '$d' |awk '{print $4}'`
            if  echo "${IF_Tenant_Exists[@]}" | grep -w "$Add_Role_Tenant" >> /dev/null ; then
                echo "exists" >> /dev/null
            else
                echo -e "\033[31mProject $Add_Role_Tenant not exists\033[0m "
                exit 1
            fi
        echo -e "\033[31mPlease Enter the  Role Name\033[0m "
         read Add_Role_New_Role
            IF_Role_Exists=`openstack role list |sed '1,3d' |sed '$d' |awk '{print $4}'`
            if  echo "${IF_Role_Exists[@]}" | grep -w "$Add_Role_New_Role" >> /dev/null ; then
                 echo "exists" >> /dev/null
            else
                 echo -e "\033[31mRole $Add_Role_New_Role not exists\033[0m "
                 exit 1
            fi
        for (( username_number=$A_R_Start;username_number<$A_R_End1;username_number++ ));do
                real_username_number=`printf "%03d\n" $username_number`
                openstack role add --project $Add_Role_Tenant --user $Add_Role_Username$real_username_number $Add_Role_New_Role
                echo -e "\033[31mKeystone user $Add_Role_Username$real_username_number Project $Add_Role_Tenant role list\033[0m "
                openstack role assignment list --user $Add_Role_Username$real_username_number --project $Add_Role_Tenant
        done
~
~
~
~
"Keystone-manage-add-role.sh" [New] 45L, 2377C written
[root@controller ~]# chmod +x Keystone-manage-add-role.sh
[root@controller ~]# ./Keystone-manage-add-role.sh
Please Enter The User Name 
ituser
Please Input User  Beginning And End  Number: eg (001-002) 
001-005
Please Enter the Project Name 
IT_Dept
Please Enter the  Role Name 
admin
Keystone user ituser001 Project IT_Dept role list 
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+
| Role                    | User                    | Group | Project                  | Domain | Inherited |
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+
| 28e00fea5f4344edaa093f6 | ed089ab3014d4c0393439fa |       | d9a68590f02344e48664db50 |        | False     |
| 17fc55d5a               | 6b8bf0f2e               |       | 1542cec2                 |        |           |
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+
Keystone user ituser002 Project IT_Dept role list 
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+
| Role                    | User                    | Group | Project                  | Domain | Inherited |
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+
| 28e00fea5f4344edaa093f6 | 8dfceea3982e4bf3875fa55 |       | d9a68590f02344e48664db50 |        | False     |
| 17fc55d5a               | 9b2e02b5a               |       | 1542cec2                 |        |           |
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+
Keystone user ituser003 Project IT_Dept role list 
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+
| Role                    | User                    | Group | Project                  | Domain | Inherited |
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+
| 28e00fea5f4344edaa093f6 | 4fb78b56fcb14175885ea18 |       | d9a68590f02344e48664db50 |        | False     |
| 17fc55d5a               | 8da68a468               |       | 1542cec2                 |        |           |
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+
Keystone user ituser004 Project IT_Dept role list 
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+
| Role                    | User                    | Group | Project                  | Domain | Inherited |
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+
| 28e00fea5f4344edaa093f6 | 212ae123a4a345c9b05c3cf |       | d9a68590f02344e48664db50 |        | False     |
| 17fc55d5a               | 0852b2197               |       | 1542cec2                 |        |           |
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+
Keystone user ituser005 Project IT_Dept role list 
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+
| Role                    | User                    | Group | Project                  | Domain | Inherited |
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+
| 28e00fea5f4344edaa093f6 | 1345c045e91e428eb64e355 |       | d9a68590f02344e48664db50 |        | False     |
| 17fc55d5a               | bbae98505               |       | 1542cec2                 |        |           |
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+

可以看到創(chuàng)建出來的用戶,角色,項目!
openstack云平臺搭建與使用

鏡像服務

概述

通過認證服務的學習,我們可以以不同的身份訪問企業(yè)云平臺,可以通過研發(fā)部的賬戶登錄研發(fā)部,可以通過業(yè)務部訪問業(yè)務部的資源,也可以通過IT工程部的身份登錄查看整個系統(tǒng)的運行狀況;下面我們繼續(xù)學習鏡像服務(Glance),了解這個組件是如何為平臺的正常運行提供支撐的。

實驗目標

  • 了解RabbitMQ的基本概念。
  • 理解鏡像服務的服務流程和工作機制。
  • 掌握鏡像服務的基本操作以及常見運維。

實驗環(huán)境

大數(shù)據(jù)實訓平臺、IaaS_Mitaka_ALLinone.qcow2。

實驗準備

  1. 概述Glance鏡像服務實現(xiàn)發(fā)現(xiàn)、注冊、獲取虛擬機鏡像和鏡像元數(shù)據(jù),鏡像數(shù)據(jù)支持存儲多種的存儲系統(tǒng),可以是簡單文件系統(tǒng)、對象存儲系統(tǒng)等。
  2. Glance服務架構Glance鏡像服務是典型的C/S 架構,
  • Glance架構包括 glance-Client、Glance和 Glance Store
  • Glance 主要包括 REST API、數(shù)據(jù)庫抽象層(DAL)、域控制器(glance domain controller)和注冊層(registry layer),Glance 使用集中數(shù)據(jù)庫(Glance DB)在 Glance 各組件間直接共享數(shù)據(jù)。
  • 所有的鏡像文件操作都通過 glance_store 庫完成,glance_store 庫提供了通用接口,對接后端外部不同存儲。

實驗步驟

  1. 查詢Glance版本
    (1)檢測Glance服務列表
[root@controller ~]#  source /etc/keystone/admin-openrc.sh 
[root@controller ~]# openstack-service  list | grep glance
openstack-glance-api
openstack-glance-registry

(2)檢測Glance服務是否啟動

[root@controller ~]# openstack-service status | grep glance
MainPID=1290 Id=openstack-glance-api.service ActiveState=active
MainPID=1270 Id=openstack-glance-registry.service ActiveState=active

(3)查詢glance-control版本

[root@controller ~]# glance-control --version
12.0.0
  1. 創(chuàng)建鏡像
    (1)下載CirrOS鏡像
    (2)上傳到/tmp/images
[root@controller ~]# mkdir /tmp/images
[root@controller ~]# cd /tmp/images
[root@controller images]# ls
cirros-0.3.4-x86_64-disk.img
[root@controller images]# mv cirros-0.3.4-x86_64-disk.img cirros-0.3.2-x86_64-disk.img
[root@controller images]# file cirros-0.3.2-x86_64-disk.img 
cirros-0.3.2-x86_64-disk.img: QEMU QCOW Image (v2), 41126400 bytes

(3)使用命令行創(chuàng)建鏡像

[root@controller images]# glance image-create --name "cirros-0.3.2-x86_64" --disk-format qcow2 --container-format bare --progress < cirros-0.3.2-x86_64-disk.img 
[=============================>] 100%
+------------------+--------------------------------------+
| Property         | Value                                |
+------------------+--------------------------------------+
| checksum         | ee1eca47dc88f4879d8a229cc70a07c6     |
| container_format | bare                                 |
| created_at       | 2022-05-28T09:05:40Z                 |
| disk_format      | qcow2                                |
| id               | 2fb8263b-383b-4d2d-ab92-526c08fbdcc2 |
| min_disk         | 0                                    |
| min_ram          | 0                                    |
| name             | cirros-0.3.2-x86_64                  |
| owner            | 81ea07237d034c4e99369581c1b4db89     |
| protected        | False                                |
| size             | 13287936                             |
| status           | active                               |
| tags             | []                                   |
| updated_at       | 2022-05-28T09:05:42Z                 |
| virtual_size     | None                                 |
| visibility       | private                              |
+------------------+--------------------------------------+

(4)查詢鏡像列表

[root@controller images]# glance image-list
+--------------------------------------+---------------------+
| ID                                   | Name                |
+--------------------------------------+---------------------+
| 8a3c6a4e-e7a5-4e25-83c4-6e93bbf6c2f2 | centos              |
| 2fb8263b-383b-4d2d-ab92-526c08fbdcc2 | cirros-0.3.2-x86_64 |
+--------------------------------------+---------------------+
  1. 更改鏡像
    可以使用glance image-update更新鏡像信息,可以使用glance image-delete刪除鏡像信息。 如果需要改變鏡像啟動硬盤最低要求值(min-disk)時,min-disk 默認單位為G。
    (1)獲取鏡像詳細信息
    鏡像的ID通過鏡像列表查詢得出,每個鏡像的ID都不同。
[root@controller images]# glance image-list
+--------------------------------------+---------------------+
| ID                                   | Name                |
+--------------------------------------+---------------------+
| 8a3c6a4e-e7a5-4e25-83c4-6e93bbf6c2f2 | centos              |
| 2fb8263b-383b-4d2d-ab92-526c08fbdcc2 | cirros-0.3.2-x86_64 |
+--------------------------------------+---------------------+
[root@controller images]# glance image-show 2fb8263b-383b-4d2d-ab92-526c08fbdcc2
+------------------+--------------------------------------+
| Property         | Value                                |
+------------------+--------------------------------------+
| checksum         | ee1eca47dc88f4879d8a229cc70a07c6     |
| container_format | bare                                 |
| created_at       | 2022-05-28T09:05:40Z                 |
| disk_format      | qcow2                                |
| id               | 2fb8263b-383b-4d2d-ab92-526c08fbdcc2 |
| min_disk         | 0                                    |
| min_ram          | 0                                    |
| name             | cirros-0.3.2-x86_64                  |
| owner            | 81ea07237d034c4e99369581c1b4db89     |
| protected        | False                                |
| size             | 13287936                             |
| status           | active                               |
| tags             | []                                   |
| updated_at       | 2022-05-28T09:05:42Z                 |
| virtual_size     | None                                 |
| visibility       | private                              |
+------------------+--------------------------------------+

(2)修改鏡像啟動硬盤所需大小

[root@controller images]# glance image-update --min-disk=1 2fb8263b-383b-4d2d-ab92-526c08fbdcc2
+------------------+--------------------------------------+
| Property         | Value                                |
+------------------+--------------------------------------+
| checksum         | ee1eca47dc88f4879d8a229cc70a07c6     |
| container_format | bare                                 |
| created_at       | 2022-05-28T09:05:40Z                 |
| disk_format      | qcow2                                |
| id               | 2fb8263b-383b-4d2d-ab92-526c08fbdcc2 |
| min_disk         | 1                                    |
| min_ram          | 0                                    |
| name             | cirros-0.3.2-x86_64                  |
| owner            | 81ea07237d034c4e99369581c1b4db89     |
| protected        | False                                |
| size             | 13287936                             |
| status           | active                               |
| tags             | []                                   |
| updated_at       | 2022-05-28T09:57:47Z                 |
| virtual_size     | None                                 |
| visibility       | private                              |
+------------------+--------------------------------------+

(3)刪除鏡像文章來源地址http://www.zghlxwxcb.cn/news/detail-408413.html

[root@controller images]# glance image-delete 2fb8263b-383b-4d2d-ab92-526c08fbdcc2
[root@controller images]# glance image-list
+--------------------------------------+--------+
| ID                                   | Name   |
+--------------------------------------+--------+
| 8a3c6a4e-e7a5-4e25-83c4-6e93bbf6c2f2 | centos |
+--------------------------------------+--------+

到了這里,關于openstack云平臺搭建與使用的文章就介紹完了。如果您還想了解更多內容,請在右上角搜索TOY模板網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關文章,希望大家以后多多支持TOY模板網(wǎng)!

本文來自互聯(lián)網(wǎng)用戶投稿,該文觀點僅代表作者本人,不代表本站立場。本站僅提供信息存儲空間服務,不擁有所有權,不承擔相關法律責任。如若轉載,請注明出處: 如若內容造成侵權/違法違規(guī)/事實不符,請點擊違法舉報進行投訴反饋,一經(jīng)查實,立即刪除!

領支付寶紅包贊助服務器費用

相關文章

  • Openstack服務器平臺搭建手冊(基于省賽資源搭建)

    Openstack服務器平臺搭建手冊(基于省賽資源搭建)

    Openstack版本:Q版本(chinaskills_cloud_iaas.iso)其他版本也可 配置需求:一臺交換機(能通外網(wǎng)的交換機,這里不做網(wǎng)絡的配置),兩臺服務器(CPU,內存和硬盤等資源越大越好),裝有CentOS系統(tǒng)的啟動盤(這里使用CentOS-7-x86_64-DVD-1804.iso作為例子) 1.交換機的配置 為三層交換機

    2024年04月16日
    瀏覽(30)
  • 國基北盛 openstack 云平臺搭建保姆級步驟

    國基北盛 openstack 云平臺搭建保姆級步驟

    需要使用到的軟件 VMware-workstation-full-16.1.2 鏈接:https://pan.baidu.com/s/1oauUyyfQFNAKboUXDu9QQg?pwd=6666 提取碼:6666 SecureCRTPortable 鏈接:https://pan.baidu.com/s/1kXJsYeQuQeClJYNbgkIjRw?pwd=6666 提取碼:6666 需要下載以下三種鏡像 CentOS-7.5-x86_64-DVD-1804 鏈接:https://pan.baidu.com/s/1xy8PIGowJZeFQjCGO8mtCA?pwd=6

    2024年02月06日
    瀏覽(24)
  • Ubuntu20.04 搭建W版本OpenStack平臺

    Ubuntu20.04 搭建W版本OpenStack平臺

    目錄 一、基礎環(huán)境配置 1.controller、compute配置網(wǎng)卡地址 2.配置域名解析 3.NTP時間同步 二、添加OpenStack-wallaby軟件包及基本環(huán)境 1、OpenStack 服務的所有節(jié)點上添加軟件包 2、Mysql數(shù)據(jù)庫 3、Rabbitmq消息隊列 4、Memcached 5、etcd環(huán)境部署 三、keystone服務 四、glance鏡像服務 五、Placement環(huán)

    2024年02月15日
    瀏覽(25)
  • OpenStack云計算基礎架構平臺搭建(國基北盛):第一篇

    OpenStack云計算基礎架構平臺搭建(國基北盛):第一篇

    目錄 文章介紹 一、VMware 的環(huán)境準備 二、安裝操作系統(tǒng)(本文是Centos7) 1.引導項選擇 2.語言選擇 3.安裝系統(tǒng)分區(qū)選擇 4.root用戶密碼設置,及完成安裝 三.設置操作系統(tǒng)基礎環(huán)境 1.設置靜態(tài)IP地址 2.克隆一臺虛擬機 3.使用遠程工具鏈接虛擬機 4.設置控制節(jié)點和計算節(jié)點服務器的

    2024年03月11日
    瀏覽(24)

  • 【openstack-T版 CentOS8 搭建記錄 - VMware虛擬機上部署】 搭建過程 密碼對照表

    這里的高亮部分是openstack-Train中 官網(wǎng)配置文檔中的密碼標識,在本專欄實操中密碼對照表如下,在真實部署中,可以參照做密碼對照表,方便管理。 Controller_Login_PASS : 0000@root #controller登錄密碼 Compute_Login_PASS :root@0001 #compute登錄密碼 Mysql_PASS : 0000 #數(shù)據(jù)庫密碼 RABBIT_PASS : opens

    2024年02月10日
    瀏覽(18)
  • 云計算平臺OPENSTACK-IAAS服務搭建-雙節(jié)點【詳解】

    云計算平臺OPENSTACK-IAAS服務搭建-雙節(jié)點【詳解】

    目錄:導讀 OPENSTACK云平臺基礎架構 步驟 1.搭建虛擬機: 2.IAAS搭建流程第一步 基礎搭建: 本來要搭建4節(jié)點,控制節(jié)點,網(wǎng)路節(jié)點,計算節(jié)點,存儲節(jié)點,但是。。。。。此次搭建使用雙節(jié)點測試,更多集群部署請自行增加即可。 步驟 openstack云平臺基礎架構 1.搭建虛擬機:

    2024年02月03日
    瀏覽(30)
  • Re.從零開始--基于UbuntuServer 20.04-OpenStack平臺搭建_

    Re.從零開始--基于UbuntuServer 20.04-OpenStack平臺搭建_

    前言: 本文檔基于ubuntu-server20.04版本和OpenStack Victoria搭建openstack環(huán)境 部署最小化Ubuntu-openstack滿足基本服務;本文檔均采用手動環(huán)境搭建 ubuntu源指定為阿里源,故搭環(huán)境需連接外網(wǎng); ens33 ens34 節(jié)點名稱 Ubuntu-controller 192.168.100.10 192.168.200.10 controller Ubuntu-compute 192.168.100.20 192.

    2024年01月20日
    瀏覽(37)
  • CentOS系統(tǒng)環(huán)境搭建(九)——centos系統(tǒng)下使用docker部署項目

    CentOS系統(tǒng)環(huán)境搭建(九)——centos系統(tǒng)下使用docker部署項目

    centos系統(tǒng)環(huán)境搭建專欄??點擊跳轉 關于Docker-compose安裝請看CentOS系統(tǒng)環(huán)境搭建(三)——Centos7安裝DockerDocker Compose,該文章同樣收錄于centos系統(tǒng)環(huán)境搭建專欄。 采用前后端分離的形式部署。 使用Docker運行項目。 使用Docker Compose創(chuàng)建項目容器。 使用git管理項目的更新。 安裝

    2024年02月12日
    瀏覽(46)
  • 使用Ansible部署openstack平臺

    使用Ansible部署openstack平臺

    本周沒啥博客水了,就放個云計算的作業(yè)上來吧(偷個懶) 案例描述 1、了解高可用OpenStack平臺架構 2、了解Ansible部署工具的使用 3、使用Ansible工具部署OpenStack平臺 案例目標 1、部署架構 Dashboard訪問采用負載均衡方式,提供VIP地址,平臺訪問通過VIP地址進行訪問,當其中一臺

    2023年04月09日
    瀏覽(21)
  • openstack平臺IsolatedHostsFilter的使用記錄

    openstack平臺IsolatedHostsFilter的使用記錄

    甲方的云平臺新到了一些海光的機器,希望能加入到已有的計算集群里面。問題不大,但是有些小的點需要處理。 去年的時候使用海光7265部署過openstack云平臺,平臺運行沒有問題,但是虛擬機運行有個小問題,處理之后發(fā)現(xiàn)只有使用海光定制的centos源文件制作的鏡像才可以

    2024年02月12日
    瀏覽(23)

覺得文章有用就打賞一下文章作者

支付寶掃一掃打賞

博客贊助

微信掃一掃打賞

請作者喝杯咖啡吧~博客贊助

支付寶掃一掃領取紅包,優(yōu)惠每天領

二維碼1

領取紅包

二維碼2

領紅包