概述
使用CentOS 7系统搭建一个OpenStack私有云平台。
实验目标
(1)掌握Linux系统的基础操作,包括修改主机名和配置网络等。
(2)掌握OpenStack私有云平台的搭建。
实验环境
准备环境:
CentOS 7.2 Linux系统。XianDian-IaaS-v2.2.iso镜像文件
- 192.168.0.21 controller
- 192.168.0.20 compute
实验步骤
- 两台节点分别两个网卡,一个是nat模式,另外一个为仅主机模式
- 配置ip
- controller节点
ifdown-ippp ifdown-Team ifup-ib ifup-ppp init.ipv6-global
[root@controller ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:19:16:74 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.20/24 brd 192.168.0.255 scope global eno16777736
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe19:1674/64 scope link
valid_lft forever preferred_lft forever
3: eno33554984: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:19:16:7e brd ff:ff:ff:ff:ff:ff
inet6 fe80::20c:29ff:fe19:167e/64 scope link
valid_lft forever preferred_lft forever
[root@controller ~]# cp /etc/sysconfig/network-scripts/ifcfg-eno16777736 /etc/sysconfig/network-scripts/ifcfg-eno33554984
[root@controller ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno33554984
[root@compute ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno33554984
TYPE=Ethernet1
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=eno33554984
DEVICE=eno33554984
ONBOOT=yes
DNS1=114.114.114.114
IPADDR=192.168.10.21
PREFIX=24
GATEWAY=192.168.10.2
~
"/etc/sysconfig/network-scripts/ifcfg-eno33554984" 11L, 187C written
[root@controller ~]# systemctl restart network
[root@controller ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:19:16:74 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.20/24 brd 192.168.0.255 scope global eno16777736
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe19:1674/64 scope link
valid_lft forever preferred_lft forever
3: eno33554984: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:19:16:7e brd ff:ff:ff:ff:ff:ff
inet 192.168.10.20/24 brd 192.168.10.255 scope global eno33554984
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe19:167e/64 scope link
valid_lft forever preferred_lft forever
compute
[root@compute ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno33554984
TYPE=Ethernet1
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=eno33554984
DEVICE=eno33554984
ONBOOT=yes
DNS1=114.114.114.114
IPADDR=192.168.10.21
PREFIX=24
GATEWAY=192.168.10.2
[root@compute ~]# systemctl restart network
[root@compute ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:f6:6f:a1 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.21/24 brd 192.168.0.255 scope global eno16777736
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef6:6fa1/64 scope link
valid_lft forever preferred_lft forever
3: eno33554984: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:f6:6f:ab brd ff:ff:ff:ff:ff:ff
inet 192.168.10.21/24 brd 192.168.10.255 scope global eno33554984
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef6:6fab/64 scope link
valid_lft forever preferred_lft forever
- ping测试
[root@controller ~]# ping 192.168.10.21
PING 192.168.10.21 (192.168.10.21) 56(84) bytes of data.
64 bytes from 192.168.10.21: icmp_seq=1 ttl=64 time=0.454 ms
64 bytes from 192.168.10.21: icmp_seq=2 ttl=64 time=2.76 ms
64 bytes from 192.168.10.21: icmp_seq=3 ttl=64 time=0.946 ms
^C
--- 192.168.10.21 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2025ms
rtt min/avg/max/mdev = 0.454/1.389/2.769/0.996 ms
[root@controller ~]#
- 修改主机名
[root@centos7 ~]# hostnamectl set-hostname controller
[root@cemtos7 ~]# hostnamectl set-hostname compute
- 关闭防火墙(两台节点都要)
[root@centos7 ~]# iptables -F
[root@centos7 ~]# iptables -Z
[root@centos7 ~]# iptables -X
[root@centos7 ~]# iptables-save
# Generated by iptables-save v1.4.21 on Sat May 28 00:34:45 2022
*filter
:INPUT ACCEPT [34:2652]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [19:2008]
COMMIT
# Completed on Sat May 28 00:34:45 2022
[root@centos7 ~]# systemctl stop firewalld
[root@centos7 ~]# systemctl disable firewalld
[root@centos7 ~]# cat /etc/selinux/config
##修改SELINUX=disabled
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
- 添加主机解析
[root@centos7 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.10.20 controller
192.168.10.21 compute
- 挂载xiandian.iso(两台都要)
[root@compute ~]# ls
anaconda-ks.cfg XianDian-IaaS-v2.2.iso
[root@controller ~]# vim /etc/fstab
#
# /etc/fstab
# Created by anaconda on Sat Mar 12 04:06:23 2022
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root / xfs defaults 0 0
UUID=85b39342-ac84-47e5-919c-9faef57e0c58 /boot xfs defaults 0 0
/dev/mapper/centos-swap swap swap defaults 0 0
/dev/sr0 /cdrom iso9660 defaults 0 0
/root/XianDian-IaaS-v2.2.iso /xiandian iso9660 defaults 0 0
[root@controller ~]# mount -a
mount: /dev/loop0 is write-protected, mounting read-only
[root@controller ~]# cat /etc/yum.repos.d/local.repo
[local]
name=local
baseurl=file:///cdrom
enabled=1
gpgcheck=0
[xiandian]
name=xiandian
baseurl=file:///xiandian/iaas-repo
enabled=1
gpgcheck=0
[root@controller ~]# yum repolist
Loaded plugins: fastestmirror
local | 3.6 kB 00:00:00
xiandian | 2.9 kB 00:00:00
xiandian/primary_db | 2.3 MB 00:00:00
Loading mirror speeds from cached hostfile
repo id repo name status
local local 3,723
xiandian xiandian 1,688
repolist: 5,411
[root@controller ~]#
- 在controller和compute节点同时安装 iaas-xiandian
[root@controller ~]# yum install iaas-xiandian -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package iaas-xiandian.x86_64 0:2.2-0 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================================
Package Arch Version Repository Size
=============================================================================================
Installing:
iaas-xiandian x86_64 2.2-0 xiandian 22 k
Transaction Summary
=============================================================================================
Install 1 Package
Total download size: 22 k
Installed size: 93 k
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : iaas-xiandian-2.2-0.x86_64 1/1
Verifying : iaas-xiandian-2.2-0.x86_64 1/1
Installed:
iaas-xiandian.x86_64 0:2.2-0
Complete!
- 在两个节点上修改全局配置文件openrc.sh,具体内容参照下面的配置文件填写,具体涉及到的ip得根据实际环境的controller和compute节点的ip来定
- 这里compute节点需要先添加两块硬盘,或者分区(这里我是sdb和sdc)
[root@compute ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 50G 0 disk
├─sda1 8:1 0 500M 0 part /boot
└─sda2 8:2 0 24G 0 part
├─centos-root 253:0 0 20G 0 lvm /
└─centos-swap 253:1 0 4G 0 lvm [SWAP]
sdb 8:16 0 10G 0 disk
sdc 8:32 0 20G 0 disk
sr0 11:0 1 4G 0 rom /cdrom
loop0 7:0 0 2.7G 0 loop /xiandian
[root@controller ~]# cat /etc/xiandian/openrc.sh
##--------------------system Config--------------------##
##Controller Server Manager IP. example:x.x.x.x
HOST_IP=192.168.10.20
##Controller Server hostname. example:controller
HOST_NAME=controller
##Compute Node Manager IP. example:x.x.x.x
HOST_IP_NODE=192.168.10.21
##Compute Node hostname. example:compute
HOST_NAME_NODE=compute
##--------------------Rabbit Config ------------------##
##user for rabbit. example:openstack
RABBIT_USER=openstack
##Password for rabbit user .example:000000
RABBIT_PASS=000000
##--------------------MySQL Config---------------------##
##Password for MySQL root user . exmaple:000000
DB_PASS=000000
##--------------------Keystone Config------------------##
##Password for Keystore admin user. exmaple:000000
DOMAIN_NAME=demo
ADMIN_PASS=000000
DEMO_PASS=000000
##Password for Mysql keystore user. exmaple:000000
KEYSTONE_DBPASS=000000
##--------------------Glance Config--------------------##
##Password for Mysql glance user. exmaple:000000
GLANCE_DBPASS=000000
##Password for Keystore glance user. exmaple:000000
GLANCE_PASS=000000
##--------------------Nova Config----------------------##
##Password for Mysql nova user. exmaple:000000
NOVA_DBPASS=000000
##Password for Keystore nova user. exmaple:000000
NOVA_PASS=000000
##--------------------Neturon Config-------------------##
##Password for Mysql neutron user. exmaple:000000
NEUTRON_DBPASS=000000
##Password for Keystore neutron user. exmaple:000000
NEUTRON_PASS=000000
##metadata secret for neutron. exmaple:000000
METADATA_SECRET=000000
##External Network Interface. example:eth1
INTERFACE_NAME=网卡1的名称(Nat模式那个)
##First Vlan ID in VLAN RANGE for VLAN Network. exmaple:101
#minvlan=
##Last Vlan ID in VLAN RANGE for VLAN Network. example:200
#maxvlan=000000
##--------------------Cinder Config--------------------##
##Password for Mysql cinder user. exmaple:000000
CINDER_DBPASS=000000
##Password for Keystore cinder user. exmaple:000000
CINDER_PASS=000000
##Cinder Block Disk. example:md126p3
BLOCK_DISK=sdb
##--------------------Trove Config--------------------##
##Password for Mysql Trove User. exmaple:000000
TROVE_DBPASS=000000
##Password for Keystore Trove User. exmaple:000000
TROVE_PASS=000000
##--------------------Swift Config---------------------##
##Password for Keystore swift user. exmaple:000000
SWIFT_PASS=000000
##The NODE Object Disk for Swift. example:md126p4.
OBJECT_DISK=sdc
##The NODE IP for Swift Storage Network. example:x.x.x.x.
STORAGE_LOCAL_NET_IP=192.168.0.21
##--------------------Heat Config----------------------##
##Password for Mysql heat user. exmaple:000000
HEAT_DBPASS=000000
##Password for Keystore heat user. exmaple:000000
HEAT_PASS=000000
##--------------------Ceilometer Config----------------##
##Password for Mysql ceilometer user. exmaple:000000
CEILOMETER_DBPASS=000000
##Password for Keystore ceilometer user. exmaple:000000
CEILOMETER_PASS=000000
##--------------------AODH Config----------------##
##Password for Mysql AODH user. exmaple:000000
AODH_DBPASS=000000
##Password for Keystore AODH user. exmaple:000000
AODH_PASS=000000
[root@controller ~]# scp /etc/xiandian/openrc.sh root@compute:/etc/xiandian/openrc.sh
The authenticity of host 'compute (192.168.0.21)' can't be established.
ECDSA key fingerprint is c8:fe:fe:fa:9d:73:26:60:f9:cb:13:2b:bb:e8:d9:ac.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'compute' (ECDSA) to the list of known hosts.
root@compute's password:
openrc.sh 100% 3095 3.0KB/s 00:00
- 同时在controller和compute节点上执行脚本iaas-pre-host.sh进行安装。完成配置后,同时重启两个节点服务器
[root@controller ~]# iaas-pre-host.sh
python2-debtcollector.noarch 0:1.3.0-1.el7
python2-funcsigs.noarch 0:0.4-2.el7
python2-iso8601.noarch 0:0.1.11-1.el7
python2-jsonpatch.noarch 0:1.14-1.el7
python2-jsonpointer.noarch 0:1.10-4.el7
python2-keystoneauth1.noarch 0:2.4.1-1.el7
python2-openstacksdk.noarch 0:0.8.3-1.el7
python2-os-client-config.noarch 0:1.16.0-1.el7
python2-oslo-config.noarch 2:3.9.0-1.el7
python2-oslo-i18n.noarch 0:3.4.0-1.el7
python2-oslo-serialization.noarch 0:2.4.0-1.el7
python2-oslo-utils.noarch 0:3.7.0-1.el7
python2-positional.noarch 0:1.0.1-1.el7
python2-pyasn1.noarch 0:0.1.9-6.el7.1
python2-pysocks.noarch 0:1.5.6-3.el7
python2-requestsexceptions.noarch 0:1.1.3-1.el7
python2-setuptools.noarch 0:22.0.5-1.el7
pytz.noarch 0:2012d-5.el7
setools-libs.x86_64 0:3.3.7-46.el7
Complete!
Please Reboot or Reconnect the terminal
- 在controller节点执行脚本iaas-install-mysql.sh进行数据库及消息列表服务安装
[root@controller ~]# iaas-install-mysql.sh
Thanks for using MariaDB!
Created symlink from /etc/systemd/system/multi-user.target.wants/mongod.service to /usr/lib/systemd/system/mongod.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.
Creating user "openstack" ...
Setting permissions for user "openstack" in vhost "/" ...
Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.
[root@controller ~]#
- 在controller节点执行脚本iaas-install-keystone.sh进行keystone认证服务安装
[root@controller ~]# iaas-install-keystone.sh
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Admin Project |
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| enabled | True |
| id | 81ea07237d034c4e99369581c1b4db89 |
| is_domain | False |
| name | admin |
| parent_id | 942f35ec481245a48d6100c6683a5fcb |
+-------------+----------------------------------+
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| enabled | True |
| id | 2bee802355b24023968dc6e4bd11c983 |
| name | admin |
+-----------+----------------------------------+
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 28e00fea5f4344edaa093f617fc55d5a |
| name | admin |
+-----------+----------------------------------+
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| enabled | True |
| id | 09ecb096e1034e5b9e5166adfc15a6f0 |
| is_domain | False |
| name | service |
| parent_id | 942f35ec481245a48d6100c6683a5fcb |
+-------------+----------------------------------+
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| enabled | True |
| id | 5e04233827f848228c4a5a238c1e780b |
| is_domain | False |
| name | demo |
| parent_id | 942f35ec481245a48d6100c6683a5fcb |
+-------------+----------------------------------+
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| enabled | True |
| id | ebb2d2324b054189acf2bd5a62b6555a |
| name | demo |
+-----------+----------------------------------+
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | a243425ce82c445c98e98b021165f737 |
| name | user |
+-----------+----------------------------------+
- 在controller节点执行脚本iaas-install-glance.sh进行glance镜像服务安装。
[root@controller ~]# iaas-install-glance.sh
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 7505aaf809124ae9b05dfe30de8ce6e0 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 13051029aec94967a8dc19238e1f9d8c |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | bc3d5a5d0ea14992baff0b89f470d3ee |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 13051029aec94967a8dc19238e1f9d8c |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
Option "verbose" from group "DEFAULT" is deprecated for removal. Its value may be silently ignored in the future.
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1056: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade
expire_on_commit=expire_on_commit, _conf=conf)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:146: Warning: Duplicate index 'ix_image_properties_image_id_name' defined on the table 'glance.image_properties'. This is deprecated and will be disallowed in a future release.
result = self._query(query)
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-registry.service to /usr/lib/systemd/system/openstack-glance-registry.service.
- 在controller节点执行脚本iaas-install-nova-controller.sh进行nova计算服务安装
[root@controller ~]# iaas-install-nova-controller.sh
Dependency Installed:
jbigkit-libs.x86_64 0:2.0-11.el7 libjpeg-turbo.x86_64 0:1.2.90-5.el7
libtiff.x86_64 0:4.0.3-25.el7_2 libwebp.x86_64 0:0.3.0-3.el7
libxslt.x86_64 0:1.1.28-5.el7 novnc.noarch 0:0.5.1-2.el7
openstack-nova-common.noarch 1:13.1.0-1.el7 python-cheetah.x86_64 0:2.4.4-5.el7.centos
python-lxml.x86_64 0:3.2.1-4.el7 python-markdown.noarch 0:2.4.1-1.el7.centos
python-nova.noarch 1:13.1.0-1.el7 python-pillow.x86_64 0:2.0.0-19.gitd1c6db8.el7
python-psutil.x86_64 0:1.2.1-1.el7 python-pygments.noarch 0:2.0.2-4.el7
python-websockify.noarch 0:0.8.0-1.el7 python2-ecdsa.noarch 0:0.13-4.el7
python2-mock.noarch 0:1.3.0-2.el7 python2-os-brick.noarch 0:1.1.0-1.el7
python2-oslo-reports.noarch 0:1.6.0-1.el7 python2-oslo-versionedobjects.noarch 0:1.7.0-1.el7
python2-paramiko.noarch 0:1.16.1-1.el7 python2-rfc3986.noarch 0:0.3.1-1.el7
Complete!
/usr/lib/python2.7/site-packages/pymysql/cursors.py:146: Warning: Duplicate index 'block_device_mapping_instance_uuid_virtual_name_device_name_idx' defined on the table 'nova.block_device_mapping'. This is deprecated and will be disallowed in a future release.
result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:146: Warning: Duplicate index 'uniq_instances0uuid' defined on the table 'nova.instances'. This is deprecated and will be disallowed in a future release.
result = self._query(query)
iptables: Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-api.service to /usr/lib/systemd/system/openstack-nova-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-consoleauth.service to /usr/lib/systemd/system/openstack-nova-consoleauth.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-scheduler.service to /usr/lib/systemd/system/openstack-nova-scheduler.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-conductor.service to /usr/lib/systemd/system/openstack-nova-conductor.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-novncproxy.service to /usr/lib/systemd/system/openstack-nova-novncproxy.service.
- 在compute节点执行脚本iaas-install-nova-compute.sh进行nova安装
[root@compute ~]# iaas-install-nova-compute.sh
qemu-img-ev.x86_64 10:2.3.0-31.el7.16.1
qemu-kvm-common-ev.x86_64 10:2.3.0-31.el7.16.1
qemu-kvm-ev.x86_64 10:2.3.0-31.el7.16.1
quota.x86_64 1:4.01-11.el7_2.1
quota-nls.noarch 1:4.01-11.el7_2.1
radvd.x86_64 0:1.9.2-9.el7
rpcbind.x86_64 0:0.2.0-33.el7_2.1
rsync.x86_64 0:3.0.9-17.el7
rsyslog-mmjsonparse.x86_64 0:7.4.7-12.el7
scrub.x86_64 0:2.5.2-5.el7
seabios-bin.noarch 0:1.7.5-11.el7
seavgabios-bin.noarch 0:1.7.5-11.el7
sg3_utils.x86_64 0:1.37-5.el7
sg3_utils-libs.x86_64 0:1.37-5.el7
sgabios-bin.noarch 1:0.20110622svn-4.el7
spice-server.x86_64 0:0.12.4-15.el7_2.2
supermin5.x86_64 0:5.1.10-1.2.el7
sysfsutils.x86_64 0:2.1.0-16.el7
syslinux.x86_64 0:4.05-12.el7
syslinux-extlinux.x86_64 0:4.05-12.el7
tcp_wrappers.x86_64 0:7.6-77.el7
unbound-libs.x86_64 0:1.4.20-26.el7
urw-fonts.noarch 0:2.4-16.el7
usbredir.x86_64 0:0.6-7.el7
xorg-x11-font-utils.x86_64 1:7.5-20.el7
yajl.x86_64 0:2.0.4-4.el7
yum-utils.noarch 0:1.1.31-34.el7
Dependency Updated:
cyrus-sasl-lib.x86_64 0:2.1.26-20.el7_2 gnutls.x86_64 0:3.3.8-14.el7_2
Complete!
iptables: Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service to /usr/lib/systemd/system/openstack-nova-compute.service.
- 在controller节点执行脚本iaas-install-neutron-controller.sh进行neutron网络服务安装
[root@controller ~]# iaas-install-neutron-controller.sh
INFO [alembic.runtime.migration] Running upgrade lbaasv2 -> 4deef6d81931, add provisioning and operating statuses
INFO [alembic.runtime.migration] Running upgrade 4deef6d81931 -> 4b6d8d5310b8, add_index_tenant_id
INFO [alembic.runtime.migration] Running upgrade 4b6d8d5310b8 -> 364f9b6064f0, agentv2
INFO [alembic.runtime.migration] Running upgrade 364f9b6064f0 -> lbaasv2_tls, lbaasv2 TLS
INFO [alembic.runtime.migration] Running upgrade lbaasv2_tls -> 4ba00375f715, edge_driver
INFO [alembic.runtime.migration] Running upgrade 4ba00375f715 -> kilo, kilo
INFO [alembic.runtime.migration] Running upgrade kilo -> 3345facd0452, Initial Liberty no-op expand script.
INFO [alembic.runtime.migration] Running upgrade 3345facd0452 -> 4a408dd491c2, Addition of Name column to lbaas_members and lbaas_healthmonitors table
INFO [alembic.runtime.migration] Running upgrade 4a408dd491c2 -> 3426acbc12de, Add flavor id
INFO [alembic.runtime.migration] Running upgrade 3426acbc12de -> 6aee0434f911, independent pools
INFO [alembic.runtime.migration] Running upgrade 6aee0434f911 -> 3543deab1547, add_l7_tables
INFO [alembic.runtime.migration] Running upgrade 3543deab1547 -> 62deca5010cd, Add tenant-id index for L7 tables
INFO [alembic.runtime.migration] Running upgrade kilo -> 130ebfdef43, Initial Liberty no-op contract revision.
OK
Created symlink from /etc/systemd/system/multi-user.target.wants/openvswitch.service to /usr/lib/systemd/system/openvswitch.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-server.service to /usr/lib/systemd/system/neutron-server.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-openvswitch-agent.service to /usr/lib/systemd/system/neutron-openvswitch-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-dhcp-agent.service to /usr/lib/systemd/system/neutron-dhcp-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service to /usr/lib/systemd/system/neutron-metadata-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-l3-agent.service to /usr/lib/systemd/system/neutron-l3-agent.service.
- 在compute节点执行脚本iaas-install-neutron-compute.sh进行neutron网络服务安装
[root@compute ~]# iaas-install-neutron-compute.sh
Dependency Installed:
conntrack-tools.x86_64 0:1.4.2-9.el7 dibbler-client.x86_64 0:1.0.1-0.RC1.2.el7
dnsmasq-utils.x86_64 0:2.66-14.el7_2.1 ipset-libs.x86_64 0:6.19-4.el7
keepalived.x86_64 0:1.2.13-7.el7 libnetfilter_cthelper.x86_64 0:1.0.0-8.el7
libnetfilter_cttimeout.x86_64 0:1.0.0-6.el7 libnetfilter_queue.x86_64 0:1.0.2-2.el7
libxml2-python.x86_64 0:2.9.1-6.el7_2.3 libxslt-python.x86_64 0:1.1.28-5.el7
lm_sensors-libs.x86_64 0:3.3.4-11.el7 net-snmp-agent-libs.x86_64 1:5.7.2-24.el7_2.1
net-snmp-libs.x86_64 1:5.7.2-24.el7_2.1 openstack-neutron-common.noarch 1:8.1.2-1.el7
openvswitch.x86_64 0:2.5.0-2.el7 python-beautifulsoup4.noarch 0:4.4.1-3.el7
python-designateclient.noarch 0:2.0.0-1.el7 python-html5lib.noarch 1:0.999-5.el7
python-logutils.noarch 0:0.3.3-3.el7 python-ncclient.noarch 0:0.4.2-2.el7
python-neutron.noarch 1:8.1.2-1.el7 python-neutron-lib.noarch 0:0.0.2-1.el7
python-openvswitch.noarch 0:2.5.0-2.el7 python-ryu.noarch 0:3.30-1.el7
python-simplegeneric.noarch 0:0.8-7.el7 python-waitress.noarch 0:0.8.9-5.el7
python-webtest.noarch 0:2.0.23-1.el7 python2-pecan.noarch 0:1.0.2-2.el7
python2-singledispatch.noarch 0:3.4.0.3-4.el7
Dependency Updated:
libxml2.x86_64 0:2.9.1-6.el7_2.3
Complete!
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
Created symlink from /etc/systemd/system/multi-user.target.wants/openvswitch.service to /usr/lib/systemd/system/openvswitch.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-openvswitch-agent.service to /usr/lib/systemd/system/neutron-openvswitch-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service to /usr/lib/systemd/system/neutron-metadata-agent.service.
- 在controller节点执行脚本iaas-install-neutron-controller-gre.sh进行gre网络安装配置
[root@controller ~]# iaas-install-neutron-controller-gre.sh
INFO [alembic.runtime.migration] Will assume non-transacti
- 在compute节点执行脚本iaas-install-neutron-compute-gre.sh进行gre网络安装配置
[root@compute ~]# iaas-install-neutron-compute-gre.sh
- 在controller节点执行脚本iaas-install-dashboard.sh进行dashboard服务安装
[root@controller ~]# iaas-install-dashboard.sh
python-XStatic-jQuery.noarch 0:1.10.2.1-1.el7
python-XStatic-jquery-ui.noarch 0:1.10.4.1-1.el7
python-XStatic-smart-table.noarch 0:1.4.5.3-5.el7.1
python-XStatic-termjs.noarch 0:0.0.4.2-2.el7
python-ceilometerclient.noarch 0:2.3.0-1.el7
python-django.noarch 0:1.8.14-1.el7
python-django-appconf.noarch 0:1.0.1-4.el7
python-django-bash-completion.noarch 0:1.8.14-1.el7
python-django-compressor.noarch 0:2.0-1.el7
python-django-horizon.noarch 1:9.0.1-1.el7.centos
python-django-openstack-auth.noarch 0:2.2.0-1.el7
python-django-pyscss.noarch 0:2.0.2-1.el7
python-heatclient.noarch 0:1.0.0-1.el7
python-lesscpy.noarch 0:0.9j-4.el7
python-lockfile.noarch 1:0.9.1-4.el7.centos
python-pathlib.noarch 0:1.0.1-1.el7
python-pint.noarch 0:0.6-2.el7
python-saharaclient.noarch 0:0.13.0-1.el7
python-versiontools.noarch 0:1.9.1-4.el7
python2-XStatic-bootswatch.noarch 0:3.3.5.3-2.el7
python2-XStatic-mdi.noarch 0:1.1.70.1-5.el7
python2-XStatic-roboto-fontface.noarch 0:0.4.3.2-8.el7
python2-rcssmin.x86_64 0:1.0.6-2.el7
python2-rjsmin.x86_64 0:1.0.12-2.el7
python2-scss.x86_64 0:1.3.4-6.el7
python2-troveclient.noarch 0:2.1.2-2.el7
roboto-fontface-common.noarch 0:0.4.3.2-8.el7
roboto-fontface-fonts.noarch 0:0.4.3.2-8.el7
web-assets-filesystem.noarch 0:5-1.el7
Complete!
[root@controller ~]#
- 上述操作完成后,打开浏览器,打开网页 http://192.168.10.20/dashboard(根据自己实际情况,填写controller IP)进行验证服务,域、用户名和密码(域:demo 用户名:admin 密码:000000)。
安装Swift服务
- 在controller节点依次执行iaas-install-swift-controller.sh和compute节点iaas-install-swift-compute.sh脚本即可完成安装
[root@controller ~]# iaas-install-swift-controller.sh
[root@compute ~]# iaas-install-swift-compute.sh
注:compute节点安装时,需要输入controller密码(000000)
- controller节点查看一下Swift的状态
[root@controller ~]# source /etc/keystone/admin-openrc.sh
[root@controller ~]# swift stat
Account: AUTH_81ea07237d034c4e99369581c1b4db89
Containers: 0
Objects: 0
Bytes: 0
X-Put-Timestamp: 1653716829.25598
X-Timestamp: 1653716829.25598
X-Trans-Id: txd872259f2fb24b0781102-006291b75c
Content-Type: text/plain; charset=utf-8
- 查看容器
[root@controller ~]# swift list
- 创建容器(创建一个容器,名称为gw001,并查看)
[root@controller ~]# swift post gw001
[root@controller ~]# swift list
gw001
- 容器操作(上传一个文件到这个容器中,并查看)
[root@controller ~]# swift upload gw001 anaconda-ks.cfg
anaconda-ks.cfg
[root@controller ~]# swift list gw001
anaconda-ks.cfg
- 删除这个文件后删除这个容器
[root@controller ~]# swift delete gw001 anaconda-ks.cfg
[root@controller ~]# swift list gw001
[root@controller ~]# swift delete gw001
[root@controller ~]# swift list
配置Cinder块存储
- 在controller节点执行下列脚本,按顺序安装Cinder服务
[root@controller ~]# iaas-install-cinder-controller.sh
[root@compute ~]#iaas-install-cinder-compute.sh
- 使用Cinder块存储
- 登录OpenStack
- 修改安全规则(放行所有的协议规则)
- 登录OpenStack
- 创建网络
-
单击界面左侧“管理员”列表下的“系统面板→网络”按钮,接着在界面右侧单击“创建网络”按钮
-
首先创建一个网络(外网),在弹出的“创建网络”对话框中,“名称”文本框内输入“ext-net”,单击“项目”下的倒三角按钮▼,在打开的下拉菜单中选择“admin”选项,供应商选择 “GRE”,勾选“共享的”和“外部网络”2个选项,段ID文本框输入“1”,最后单击右下角“提交”按钮,完成创建
-
进入ext-net网络详情页面,单击“子网”列表中“创建子网”按钮,进行创建子网。输入相关信息后,点击下一步按钮,进入子网详情界面,直接点击已创建按钮,此时子网创建成功。
在这里插入图片描述
-
- 创建内网网络
- 弹出的“创建网络”对话框中,“名称”文本框内输入“int-net”,单击“项目”下的倒三角按钮▼,在打开的下拉菜单中选择“admin”选项,最后单击右下角“提交”按钮,完成创建
- 弹出的“创建网络”对话框中,“名称”文本框内输入“int-net”,单击“项目”下的倒三角按钮▼,在打开的下拉菜单中选择“admin”选项,最后单击右下角“提交”按钮,完成创建
- 为内网创建子网
- 创建路由
- 左侧“项目”列表下的“网络→路由”按钮,接着在界面右侧“路由”列表中单击“新建路由”按钮,进行路由的创建
外部网络选择刚刚新建的外网ext-net
- 左侧“项目”列表下的“网络→路由”按钮,接着在界面右侧“路由”列表中单击“新建路由”按钮,进行路由的创建
- 为路由添加新的接口,接口接到我们内网int-net
上传镜像
- 回到controller节点,使用命令上传镜像
[root@controller ~]# glance image-create --name centos --disk-format qcow2 --container-format bare --progress < /xiandian/images/CentOS_7.2_x86_64_XD.qcow2
[=============================>] 100%
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | ea197f4c679b8e1ce34c0aa70ae2a94a |
| container_format | bare |
| created_at | 2022-05-28T06:18:00Z |
| disk_format | qcow2 |
| id | 8a3c6a4e-e7a5-4e25-83c4-6e93bbf6c2f2 |
| min_disk | 0 |
| min_ram | 0 |
| name | centos |
| owner | 81ea07237d034c4e99369581c1b4db89 |
| protected | False |
| size | 400752640 |
| status | active |
| tags | [] |
| updated_at | 2022-05-28T06:18:07Z |
| virtual_size | None |
| visibility | private |
+------------------+--------------------------------------+
注:若执行上述代码报错,需要先运行代码: source /etc/keystone/admin-openrc.sh
创建云主机
- 点击 计算→云主机,开始创建云主机
- 绑定浮动ip
- 然后通过WEB界面的终端方式进去云主机即可,验证登录OpenStack(密码:000000)
云硬盘挂载使用
- 到controller节点,创建一个卷设备,名称为test 1,大小为2 G的卷。可以使用命令cinder list查看
[root@controller ~]# source /etc/keystone/admin-openrc.sh
You have mail in /var/spool/mail/root
[root@controller ~]# cinder create --display-name test1 2
+--------------------------------+--------------------------------------+
| Property | Value |
+--------------------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2022-05-28T06:57:43.000000 |
| description | None |
| encrypted | False |
| id | 86c41fb6-cc12-4250-b79e-1474d5f64363 |
| metadata | {} |
| migration_status | None |
| multiattach | False |
| name | test1 |
| os-vol-host-attr:host | None |
| os-vol-mig-status-attr:migstat | None |
| os-vol-mig-status-attr:name_id | None |
| os-vol-tenant-attr:tenant_id | 81ea07237d034c4e99369581c1b4db89 |
| replication_status | disabled |
| size | 2 |
| snapshot_id | None |
| source_volid | None |
| status | creating |
| updated_at | None |
| user_id | 2bee802355b24023968dc6e4bd11c983 |
| volume_type | None |
+--------------------------------+--------------------------------------+
[root@controller ~]# cinder list
+--------------------------------------+-----------+-------+------+-------------+----------+-------------+
| ID | Status | Name | Size | Volume Type | Bootable | Attached to |
+--------------------------------------+-----------+-------+------+-------------+----------+-------------+
| 86c41fb6-cc12-4250-b79e-1474d5f64363 | available | test1 | 2 | - | false | |
+--------------------------------------+-----------+-------+------+-------------+----------+-------------+
- 在OpenStack主页面中,单击界面左侧“项目”列表下的“计算->卷”
- 在“卷”页面中可以看到“连接到”中有“在设备/dev/vdb上连接到test”的信息
Keystone管理认证用户
概述
在 OpenStack 框架中,Keystone(OpenStack Identity Service)的功能是负责验证身份、校验服务规则和发布服务令牌的,它实现了OpenStack的Identity API。Keystone可分解为两个功能,即权限管理和服务目录。权限管理主要用于用户的管理授权。服务目录,类似一个服务总线,或者说是整个OpenStack框架的注册表。认证模块提供API服务、token令牌机制、服务目录、规则和认证发布等功能。
实验目标
- 配置并启用认证服务。
- 创建用户账号alice。
- 创建项目acme,用于管理一组账户。
- 创建角色compute-user,用于用户权限的管理。
- 绑定用户和项目的权限。
实验环境
大数据实训平台、IaaS_Mitaka_ALLinone.qcow2。
实验准备
- 相关概念
(1)认证(Authentication)。
(2)证书(Credentials)。
(3)令牌(Token)。
(4)项目(project)。
(5)用户(User)。
(6)角色(Role)。
使用云服务的用户不局限于人,也可以是系统或者服务。用户可以通过指定的令牌登 录系统并调用资源。用户可以被分配到特定项目并执行项目相关操作。 - 认证服务流程
用户请求云主机的流程涉及认证Keystone服务、计算Nova服务、镜像Glance服务,在服务流程中,令牌(Token)作为流程认证传递,具体服务申请认证机制流程,如图
实验步骤
- 配置Keystone应用环境
- 在安装Keystone服务之前需要指定用户名和密码,通过认证服务来进行身份认证,在开始阶段是没有创建任何的用户的,所以必须使用授权令牌和服务的访问接口来创建特定进行身份认证的用户,之后需要创建一个管理用户的环境变量(admin-openrc.sh)来管理最终的凭证和终端。
- 在安装Keystone服务之后,产生的主配置文件存放在/etc/keystone 目录中,名为 keystone.conf,在配置文件中需要配置初始的Token值和数据库的连接地址。
- Keystone服务安装完毕,可以通过请求身份令牌来验证服务,具体命令如下,(以 admin 用户访问http://xiandian:35357/v3地址获取token值)
[root@controller ~]# openstack --os-project-name admin --os-domain-name xiandian --os-username admin --os-password 000000 --os-auth-url http://localhost:35357/v3 token issue
+------------+----------------------------------------------------------------------------------------------+
| Field | Value |
+------------+----------------------------------------------------------------------------------------------+
| expires | 2022-05-28T08:24:46.438626Z |
| id | gAAAAABikc4-R-jrAhRef15-hrQxBUPw0zPMzi8WOs-ZhDazFYpPNE- |
| | M2SVktdWfAuViYImyuHFYKwyFsGe5nxnAkcfnElQZYT3nFC-eRNJAH2JJZ496i0-TCGUv4R-F55vmSSVHYO3kLN1Mj- |
| | cdhYjJbW-REAEY2BAUqJFckfzxT4yEe67Om1M |
| project_id | 81ea07237d034c4e99369581c1b4db89 |
| user_id | 2bee802355b24023968dc6e4bd11c983 |
+------------+----------------------------------------------------------------------------------------------+
**注意:如执行错误,请等待2-3秒后重新执行该命令。 **
- 管理用户验证
OpenStack 的用户(user)包括云平台使用者、服务以及系统。用户通过认证登录系统并 调用资源。为方便管理,用户被分配到一个或多个项目(project),项目是用户的集合。为给用户分配不同的权限,Keystone设置了角色(Role),角色是代表用户可以访问的资源等权限。用户可以被添加到任意一个全局的或项目内的角色中。在全局的角色中,用户的角色权限作用于所有的用户,即可以对所有的用户执行角色规定的权限;项目内的角色,用户仅能在当前项目内执行角色规定的权限,下面介绍几种常见操作。- 创建用户
在openstack系统中进行操作需生效环境变量,执行命令如下。 - 创建一个名称为“alice”账户,密码为“mypassword123”,邮箱为“alice@example.com”。执行命令如下。
- 创建用户
[root@controller ~]# openstack user create --password mypassword123 --email alice@example.com --domain demo alice
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| email | alice@example.com |
| enabled | True |
| id | 682c3257d62748028d1a1e7cc7ac6efb |
| name | alice |
+-----------+----------------------------------+
- 创建项目
一个项目就是一个项目、团队或组织,当请求OpenStack服务时,你必须定义一个项 目。例如,查询计算服务正在运行的云主机实例列表
创建一个名为“acme”项目
[root@controller ~]# openstack project create --domain demo acme
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| enabled | True |
| id | 179cab81dcae4692afee5add4a6399a3 |
| is_domain | False |
| name | acme |
| parent_id | 942f35ec481245a48d6100c6683a5fcb |
+-------------+----------------------------------+
- 创建角色
角色限定了用户的操作权限。例如,创建一个角色“compute-user”,执行命令如下。
[root@controller ~]# openstack role create compute-user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | c7c1a505197246d3a20678746acc04cd |
| name | compute-user |
+-----------+----------------------------------+
- 绑定用户和项目权限
添加的用户需要分配一定的权限,这就需要把用户关联绑定到对应的项目和角色。例如,给用户“alice”分配“acme”项目下的“compute-user”角色,执行命令如下。
[root@controller ~]# openstack role add --user alice --project acme compute-user
创建项目、用户并绑定用户权限
概述
权限管理主要用于用户的管理授权。服务目录,类似一个服务总线,或者说是整个OpenStack框架的注册表。认证模块提供API服务、token令牌机制、服务目录、规则和认证发布等功能。
实验目标
- 公司有100名员工,其中50名为项目研发部(研发环境),45名为业务部(办公环境),5人IT工程部(运维环境)。
- 根据企业人员部门分配,现构建3个项目,100个用户,管理人员拥有管理员权限,其余人员拥有普通用户权限,规划表见表
实验环境
大数据实训平台、IaaS_Mitaka_ALLinone.qcow2。
【实验准备】
OpenStack服务(service),如Nova、Glance、Swift、Heat、Ceilometer 等。
- Nova 提供 云计算服务
- Glance提供镜像管理服务
- Swift提供对象存储服务
- Heat 提供资源编排服务
- Ceilometer提供告警计费服务
- Cinder提供块存储服务
- 为了方便用户调用这些服务,OpenStack为每一个服务提供一个用于访问的端点(endpoint)
- 如果需要访问服务,则必须知道它的端点。端点一般为url,我们知道服务的url,就可以访问它。
- 端点的url具有public、private和admin三种权限。
- public url可以被全局访问,private url只能被局域网访问,admin url被从常规的访问中分离出来。
常用的服务管理命令
(1)创建服务
# openstack service create
功能:创建服务。
格式:
# openstack service create --name <name> <type>
[--description <description>]
参数说明。
–name 创建的服务名称。
创建服务类型。
–description 创建服务描述。
(2)创建服务访问端点
# openstack endpoint create
功能:创建服务访问的API端点。
格式:
# openstack endpoint create [--region <region-id>]
<service> <interface> <url>
[--enable | --disable]
参数说明。
–region 创建端点的区域 id。
端点创建的使用服务名称。
(3)查询服务目录
# source /etc/keystone/admin-openrc.sh
[root@controller ~]# openstack catalog list
+----------+--------------+-----------------------------------------------------------------------------+
| Name | Type | Endpoints |
+----------+--------------+-----------------------------------------------------------------------------+
| swift | object-store | RegionOne |
| | | internal: http://controller:8080/v1/AUTH_81ea07237d034c4e99369581c1b4db89 |
| | | RegionOne |
| | | admin: http://controller:8080/v1 |
| | | RegionOne |
| | | public: http://controller:8080/v1/AUTH_81ea07237d034c4e99369581c1b4db89 |
| | | |
| glance | image | RegionOne |
| | | internal: http://controller:9292 |
| | | RegionOne |
| | | admin: http://controller:9292 |
| | | RegionOne |
| | | public: http://controller:9292 |
| | | |
| cinder | volume | RegionOne |
| | | internal: http://controller:8776/v1/81ea07237d034c4e99369581c1b4db89 |
| | | RegionOne |
| | | admin: http://controller:8776/v1/81ea07237d034c4e99369581c1b4db89 |
| | | RegionOne |
| | | public: http://controller:8776/v1/81ea07237d034c4e99369581c1b4db89 |
| | | |
| nova | compute | RegionOne |
| | | admin: http://controller:8774/v2.1/81ea07237d034c4e99369581c1b4db89 |
| | | RegionOne |
| | | internal: http://controller:8774/v2.1/81ea07237d034c4e99369581c1b4db89 |
| | | RegionOne |
| | | public: http://controller:8774/v2.1/81ea07237d034c4e99369581c1b4db89 |
| | | |
| cinderv2 | volumev2 | RegionOne |
| | | public: http://controller:8776/v2/81ea07237d034c4e99369581c1b4db89 |
| | | RegionOne |
| | | admin: http://controller:8776/v2/81ea07237d034c4e99369581c1b4db89 |
| | | RegionOne |
| | | internal: http://controller:8776/v2/81ea07237d034c4e99369581c1b4db89 |
| | | |
| keystone | identity | RegionOne |
| | | internal: http://controller:5000/v3 |
| | | RegionOne |
| | | admin: http://controller:35357/v3 |
| | | RegionOne |
| | | public: http://controller:5000/v3 |
| | | |
| neutron | network | RegionOne |
| | | public: http://controller:9696 |
| | | RegionOne |
| | | admin: http://controller:9696 |
| | | RegionOne |
| | | internal: http://controller:9696 |
| | | |
+----------+--------------+-----------------------------------------------------------------------------+
Service Catalog(服务目录)是Keystone为OpenStack提供的一个REST API 端点列表,并以此作为决策参考。显示某个service信息,命令格式如下:
# openstack catalog show <service>
参数是指显示某个service。
实验步骤
- 创建项目
创建项目研发部(research and development department)名为RD_Dept的项目、业务部(business department)名为BS_Dept的项目、IT 工程部(engineering department)名为IT_Dept的项目。
在openstack系统中进行操作需生效环境变量,执行命令如下:
[root@controller ~]# source /etc/keystone/admin-openrc.sh
- 创建一个名为BS_Dept的项目,执行命令如下:
[root@controller ~]# source /etc/keystone/admin-openrc.sh
[root@controller ~]# openstack project create "BS_Dept" --domain demo --description 业务部门
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | 业务部门 |
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| enabled | True |
| id | a7576f6ab86740cab6c7e3130ccecd82 |
| is_domain | False |
| name | BS_Dept |
| parent_id | 942f35ec481245a48d6100c6683a5fcb |
+-------------+----------------------------------+
- 获取BS_Dept项目详细信息,执行命令如下:
[root@controller ~]# openstack project show BS_Dept
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | 业务部门 |
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| enabled | True |
| id | a7576f6ab86740cab6c7e3130ccecd82 |
| is_domain | False |
| name | BS_Dept |
| parent_id | 942f35ec481245a48d6100c6683a5fcb |
+-------------+----------------------------------+
- 通过脚本为工程部创建一个名为IT_Dept的项目。
- 编写Keystone-manage-project.sh脚本,执行命令如下:
[root@controller ~]# vi Keystone-manage-project.sh
#!/bin/bash
if [ -f "/etc/keystone/admin-openrc.sh" ];then
source /etc/keystone/admin-openrc.sh
else
env_path=`find / -name admin-openrc.sh`
source $env_path
fi
echo -e "\033[31mPlease Input new Project name : eg (openstack)\033[0m "
read New_Project_Name
if [ ! -n "$New_Project_Name" ];then
echo -e "\033[31mProject Name Is Empty,Exit\033[0m "
exit 1
fi
echo -e "\033[31mPlease Input Project description : eg (openstack description)\033[0m "
read New_Project_des
if [ ! -n "$New_Project_des" ];then
echo -e "\033[31mProject Description Is Empty,Exit\033[0m "
exit 1
fi
T_Start=`echo $New_Project_Range |awk -F- '{ print $1}'| awk '{print $0+0}'`
N_Start=`printf "%03d\n" $T_Start`
T_End=`echo $New_Project_Range |awk -F- '{ print $2}' | awk '{print $0+0}'`
N_End=`printf "%03d\n" $T_End`
T_End1=$[$T_End+1]
openstack project create --domain $OS_PROJECT_DOMAIN_NAME --description "Service Project" $New_Project_Name
echo -e "\033[31mKeystone All Project List\033[0m "
openstack project list
~
"Keystone-manage-project.sh" [New] 27L, 1211C written
[root@controller ~]# chmod +x Keystone-manage-project.sh
[root@controller ~]# ./Keystone-manage-project.sh
Please Input new Project name : eg (openstack)
IT_DEpt^H^H^HePt^H^H^C
[root@controller ~]# ./Keystone-manage-project.sh
Please Input new Project name : eg (openstack)
IT_Dept
Please Input Project description : eg (openstack description)
IT工程部门
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| enabled | True |
| id | d9a68590f02344e48664db501542cec2 |
| is_domain | False |
| name | IT_Dept |
| parent_id | 942f35ec481245a48d6100c6683a5fcb |
+-------------+----------------------------------+
Keystone All Project List
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 09ecb096e1034e5b9e5166adfc15a6f0 | service |
| 179cab81dcae4692afee5add4a6399a3 | acme |
| 5e04233827f848228c4a5a238c1e780b | demo |
| 81ea07237d034c4e99369581c1b4db89 | admin |
| a7576f6ab86740cab6c7e3130ccecd82 | BS_Dept |
| d9a68590f02344e48664db501542cec2 | IT_Dept |
+----------------------------------+---------+
- 创建用户账号
- 为项目研发部创建50个用户,分别名为rduser001~rduser050,密码为 cloudpasswd
- 为业务部创建45个用户,分别名为bsuser001~bsuser045,密码为 cloudpasswd
- 为IT工程部创建5个用户,分别名为ituser001~ituser005,密码为cloudpasswd。
创建用户rduser002,密码为cloudpasswd,执行命令如下:
[root@controller ~]# openstack user create rduser002 --password cloudpasswd --domain demo --email rduser002@example.com
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| email | rduser002@example.com |
| enabled | True |
| id | 41cb35e9b08c4846a88e0277547a6fbd |
| name | rduser002 |
+-----------+----------------------------------+
- 通过执Shell脚本Keystone-manage-user.sh为项目研发部创建用户 rduser003~rduser050,密码为cloudpasswd。
- 编写Keystone-manage-user.sh脚本,执行命令如下:
[root@controller ~]# vi Keystone-manage-user.sh
#!/bin/bash
if [ -f "/etc/keystone/admin-openrc.sh" ];then
source /etc/keystone/admin-openrc.sh
else
env_path=`find / -name admin-openrc.sh`
source $env_path
fi
echo -e "\033[31mPlease Input New User Name : eg (username)\033[0m "
read New_User_Name
if [ ! -n "$New_User_Name" ];then
echo -e "\033[31mUser Name Is Empty,Exit\033[0m "
exit 1
fi
echo -e "\033[31mPlease Input User Password: eg (000000)\033[0m "
read New_User_Pw
if [ ! -n "$New_User_Pw" ];then
echo -e "\033[31mPasswd Is Empty,Exit\033[0m "
exit 1
fi
echo -e "\033[31mPlease Input User Email Address,If don't need press enter: eg (openstack.com)\033[0m "
read New_User_Email
if [ ! -n "$New_User_Email" ];then
echo -e "\033[31mEmail Address Is Empty,Exit\033[0m "
exit 1
fi
echo -e "\033[31mPlease Input User Beginning And End Number: eg (001-002)\033[0m "
read New_User_Range
if [ ! -n "$New_User_Range" ];then
echo -e "\033[31mNumber Is Empty,Exit\033[0m "
exit 1
else
U_Start=`echo $New_User_Range |awk -F- '{ print $1}'| awk '{print $0+0}'`
N_U_Start=`printf "%03d\n" $U_Start`
U_End=`echo $New_User_Range |awk -F- '{ print $2}' | awk '{print $0+0}'`
N_U_End=`printf "%03d\n" $U_End`
U_End1=$[$U_End+1]
IF_username_exists=`openstack user list | sed '1,3d'|sed '$d'|awk '{print $4}'`
for username_exists in $IF_username_exists;do
for (( username_number = $U_Start;username_number < $U_End1;username_number++ ));do
real_username_number=`printf "%03d\n" $username_number`
if [ $New_User_Name$real_username_number == $username_exists ];then
echo -e "\033[31mUser $New_User_Name$real_username_number is exists\033[0m "
exit 1
fi
done
done
fi
echo -e "\033[31mPlease enter the User belong Roles Name, Press enter for '_member_' role by default: eg (admin)\033[0m "
read New_User_Role
if [ ! -n "$New_User_Role" ];then
New_User_Role=_member_
else
IF_Role_Exists=`openstack role list |sed '1,3d' |sed '$d' |awk '{print $4}'`
if echo "${IF_Role_Exists[@]}" | grep -w "$New_User_Role" >> /dev/null ; then
echo "exists" >> /dev/null
else
echo -e "\033[31mRole $New_User_Role not exists\033[0m "
exit 1
fi
fi
echo -e "\033[31mPlease Input User belong Project Name: eg (projectname)\033[0m "
read New_User_Tenant
if [ ! -n "$New_User_Tenant" ];then
echo -e "\033[31mProject Name Is Empty,Exit\033[0m "
exit 1
else
IF_Tenant_Exists=`openstack project list |sed '1,3d' |sed '$d' |awk '{print $4}'`
if echo "${IF_Tenant_Exists[@]}" | grep -w "$New_User_Tenant" >> /dev/null ; then
echo "exists" >> /dev/null
else
echo -e "\033[31mProject $New_User_Tenant not exists\033[0m "
exit 1
fi
fi
for (( username_number = $U_Start;username_number< $U_End1;username_number++ ));do
real_username_number=`printf "%03d\n" $username_number`
openstack user create --domain $OS_PROJECT_DOMAIN_NAME --password $New_User_Pw $New_User_Name$real_username_number --email $New_User_Name$real_username_number@$New_User_Email
openstack role add --project $New_User_Tenant --user $New_User_Name$real_username_number $New_User_Role
done
echo -e "\033[31mKeystone All User List\033[0m "
openstack user list
"Keystone-manage-user.sh" [New] 82L, 4518C written
[root@controller ~]# chmod +x Keystone-manage-user.sh
- 创建研发部门项目,执行命令如下:
[root@controller ~]# openstack project create "RD_Dept" --domain demo --description 研发部门
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | 研发部门 |
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| enabled | True |
| id | 93ae746f87744d6d9a2056ca08f602c8 |
| is_domain | False |
| name | RD_Dept |
| parent_id | 942f35ec481245a48d6100c6683a5fcb |
+-------------+----------------------------------+
- 执行该脚本。命令行内按提示输入用户名称、用户密码、电子邮件域名地址、用户角色(这里只能赋予一个角色)和用户所属部门。
+-------------+----------------------------------+
[root@controller ~]# ./Keystone-manage-user.sh
Please Input New User Name : eg (username)
rduser
Please Input User Password: eg (000000)
cloudpasswd
Please Input User Email Address,If don't need press enter: eg (openstack.com)
example.com
Please Input User Beginning And End Number: eg (001-002)
003-050
Please enter the User belong Roles Name, Press enter for '_member_' role by default: eg (admin)
admin
Please Input User belong Project Name: eg (projectname)
RD_Dept
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| email | rduser003@example.com |
| enabled | True |
| id | ea6bd13fff4344019ee57bbc838b25c9 |
| name | rduser003 |
+-----------+----------------------------------+
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| email | rduser004@example.com |
| enabled | True |
| id | e4a66855bc3042cab24588d155c98826 |
| name | rduser004 |
+-----------+----------------------------------+
Keystone All User List
+----------------------------------+-----------+
| ID | Name |
+----------------------------------+-----------+
| 02a018e6ac3441f2835c817c7a1a207b | rduser005 |
| 03ba69a427474fbaac7599c942f37330 | rduser039 |
| 0499bbd56f72407eaca9f676c3a4bcfc | rduser017 |
| 065a379909d34891add243f46d060e9b | rduser043 |
| 0b744fa5759d43b5ade55586e0eb0af1 | rduser007 |
| 13e0d9dcd4564b7fafaf909b8216262d | rduser034 |
| 26c7ddc343fa4c91a1f682d21be1da7d | rduser049 |
| 2bee802355b24023968dc6e4bd11c983 | admin |
| 2c4c0a61075a440d8f9783edd86844c6 | rduser040 |
| 2dd5669948a3409aa3296a3057cb0b3a | rduser023 |
| 375024d3247540e5b9048671fe577068 | rduser046 |
| 3a86600a0e5e47d4a6c67a8f5a9f701e | rduser021 |
| 3c70e43caefd4623b7e8a2fbd7e52fd2 | rduser035 |
| 41cb35e9b08c4846a88e0277547a6fbd | rduser002 |
| 4c9e1c3650da4b8a951ca08c0f6f2b3a | rduser026 |
| 520f96d6d8d44ddbbeb5df6573f11da7 | rduser006 |
| 563366420dc44ea89661bc2a8fe33f0b | rduser029 |
| 56e7081689b044cbbb4a1a66ef2132e7 | rduser014 |
| 6099f2288ef34dc5b4d541a3cf85f849 | rduser042 |
| 682c3257d62748028d1a1e7cc7ac6efb | alice |
| 6d65072d602742cb9adff407a3ad1c94 | rduser045 |
| 70c4160866284154b56bf203171cfd90 | neutron |
| 717f15d187f14fbca1f36a911e1162a8 | rduser019 |
| 75b1a57e0bf54f1c9d6a5e3a220d3247 | rduser027 |
| 818fbea675314d33a542ee58178c5424 | rduser016 |
| 82b97aaa126b4732b12e5af608f9c07c | rduser018 |
| 84f21a5bbd3846668d21c47a4077ec50 | rduser024 |
| 886b421475b045718fd17a090e7c8226 | rduser032 |
| 8aebf5350d1947f3bac7de41be461219 | nova |
| 8aefa1e8548f49a2b3abb3884dca2d1a | rduser050 |
| 8e3671518d6b423dbfbf55ffa8249df8 | rduser033 |
| 8e695b3ca86c4a4da7968baeef3c6864 | swift |
| 95ef2ac87c874250abb3302351c7b63a | rduser041 |
| a4362e11eb9749799228208bbc7660ea | rduser036 |
| a57a5017587b411d871e5f9b312f35ce | cinder |
| b261500093da4de59c5f931aa0b189d4 | rduser048 |
| b82cc14513a64876a986dcbe716b1801 | rduser038 |
| b88a0cd21e784707ba90a2c0555342d1 | rduser022 |
| c403710a858947aca84d175f31dbf945 | rduser025 |
| c4a2432ee6f64b94b3689adf2684718b | rduser020 |
| c73dbc7aab41451f8de7f06b7bec0c76 | rduser013 |
| c9faecd63f034ba6b84c82cdd284f941 | rduser028 |
| cfa8e2ebd536453daa6218600f7e5dc0 | rduser037 |
| d58cec1f07d94eec8f9e3f62570e56e4 | rduser015 |
| d5f1679ee5a74233b2cd46c74f38f0c0 | rduser008 |
| d88027b6b6944427bda9557318b8c979 | rduser030 |
| e46f397e0f0847be8cfaf173db5529db | rduser011 |
| e4a66855bc3042cab24588d155c98826 | rduser004 |
| ea6bd13fff4344019ee57bbc838b25c9 | rduser003 |
| ebb2d2324b054189acf2bd5a62b6555a | demo |
| ebc7727d5cb84d2494359cdd235617d9 | glance |
| f445e8dcdd334b8d80b66c8c256456a7 | rduser010 |
| f603db86e0604034a3b6f1d0205d0dcb | rduser031 |
| f6b329cd87d6415a83ee7a80e292f7f3 | rduser012 |
| f936aead65bb4a1fad2ccc861cb8b359 | rduser044 |
| fc1ee42060ba42bc9962868b3c86c67a | rduser009 |
| fe5ee9633d574c40848732382be797ea | rduser047 |
+----------------------------------+-----------+
- 通过执行Shell 脚本为IT工程部创建用户ituser001~ituser005,密码为 cloudpasswd。
[root@controller ~]# ./Keystone-manage-user.sh
Please Input New User Name : eg (username)
ituser
Please Input User Password: eg (000000)
cloudpasswd
Please Input User Email Address,If don't need press enter: eg (openstack.com)
example.com
Please Input User Beginning And End Number: eg (001-002)
001-005
Please enter the User belong Roles Name, Press enter for '_member_' role by default: eg (admin)
admin
Please Input User belong Project Name: eg (projectname)
IT_Dept
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| email | ituser001@example.com |
| enabled | True |
| id | ed089ab3014d4c0393439fa6b8bf0f2e |
| name | ituser001 |
+-----------+----------------------------------+
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| email | ituser002@example.com |
| enabled | True |
| id | 8dfceea3982e4bf3875fa559b2e02b5a |
| name | ituser002 |
+-----------+----------------------------------+
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| email | ituser003@example.com |
| enabled | True |
| id | 4fb78b56fcb14175885ea188da68a468 |
| name | ituser003 |
+-----------+----------------------------------+
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| email | ituser004@example.com |
| enabled | True |
| id | 212ae123a4a345c9b05c3cf0852b2197 |
| name | ituser004 |
+-----------+----------------------------------+
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 942f35ec481245a48d6100c6683a5fcb |
| email | ituser005@example.com |
| enabled | True |
| id | 1345c045e91e428eb64e355bbae98505 |
| name | ituser005 |
+-----------+----------------------------------+
Keystone All User List
+----------------------------------+-----------+
| ID | Name |
+----------------------------------+-----------+
| 02a018e6ac3441f2835c817c7a1a207b | rduser005 |
| 03ba69a427474fbaac7599c942f37330 | rduser039 |
| 0499bbd56f72407eaca9f676c3a4bcfc | rduser017 |
| 065a379909d34891add243f46d060e9b | rduser043 |
| 0b744fa5759d43b5ade55586e0eb0af1 | rduser007 |
| 1345c045e91e428eb64e355bbae98505 | ituser005 |
| 13e0d9dcd4564b7fafaf909b8216262d | rduser034 |
| 212ae123a4a345c9b05c3cf0852b2197 | ituser004 |
| 26c7ddc343fa4c91a1f682d21be1da7d | rduser049 |
| 2bee802355b24023968dc6e4bd11c983 | admin |
| 2c4c0a61075a440d8f9783edd86844c6 | rduser040 |
| 2dd5669948a3409aa3296a3057cb0b3a | rduser023 |
| 375024d3247540e5b9048671fe577068 | rduser046 |
| 3a86600a0e5e47d4a6c67a8f5a9f701e | rduser021 |
| 3c70e43caefd4623b7e8a2fbd7e52fd2 | rduser035 |
| 41cb35e9b08c4846a88e0277547a6fbd | rduser002 |
| 4c9e1c3650da4b8a951ca08c0f6f2b3a | rduser026 |
| 4fb78b56fcb14175885ea188da68a468 | ituser003 |
| 520f96d6d8d44ddbbeb5df6573f11da7 | rduser006 |
| 563366420dc44ea89661bc2a8fe33f0b | rduser029 |
| 56e7081689b044cbbb4a1a66ef2132e7 | rduser014 |
| 6099f2288ef34dc5b4d541a3cf85f849 | rduser042 |
| 682c3257d62748028d1a1e7cc7ac6efb | alice |
| 6d65072d602742cb9adff407a3ad1c94 | rduser045 |
| 70c4160866284154b56bf203171cfd90 | neutron |
| 717f15d187f14fbca1f36a911e1162a8 | rduser019 |
| 75b1a57e0bf54f1c9d6a5e3a220d3247 | rduser027 |
| 818fbea675314d33a542ee58178c5424 | rduser016 |
| 82b97aaa126b4732b12e5af608f9c07c | rduser018 |
| 84f21a5bbd3846668d21c47a4077ec50 | rduser024 |
| 886b421475b045718fd17a090e7c8226 | rduser032 |
| 8aebf5350d1947f3bac7de41be461219 | nova |
| 8aefa1e8548f49a2b3abb3884dca2d1a | rduser050 |
| 8dfceea3982e4bf3875fa559b2e02b5a | ituser002 |
| 8e3671518d6b423dbfbf55ffa8249df8 | rduser033 |
| 8e695b3ca86c4a4da7968baeef3c6864 | swift |
| 95ef2ac87c874250abb3302351c7b63a | rduser041 |
| a4362e11eb9749799228208bbc7660ea | rduser036 |
| a57a5017587b411d871e5f9b312f35ce | cinder |
| b261500093da4de59c5f931aa0b189d4 | rduser048 |
| b82cc14513a64876a986dcbe716b1801 | rduser038 |
| b88a0cd21e784707ba90a2c0555342d1 | rduser022 |
| c403710a858947aca84d175f31dbf945 | rduser025 |
| c4a2432ee6f64b94b3689adf2684718b | rduser020 |
| c73dbc7aab41451f8de7f06b7bec0c76 | rduser013 |
| c9faecd63f034ba6b84c82cdd284f941 | rduser028 |
| cfa8e2ebd536453daa6218600f7e5dc0 | rduser037 |
| d58cec1f07d94eec8f9e3f62570e56e4 | rduser015 |
| d5f1679ee5a74233b2cd46c74f38f0c0 | rduser008 |
| d88027b6b6944427bda9557318b8c979 | rduser030 |
| e46f397e0f0847be8cfaf173db5529db | rduser011 |
| e4a66855bc3042cab24588d155c98826 | rduser004 |
| ea6bd13fff4344019ee57bbc838b25c9 | rduser003 |
| ebb2d2324b054189acf2bd5a62b6555a | demo |
| ebc7727d5cb84d2494359cdd235617d9 | glance |
| ed089ab3014d4c0393439fa6b8bf0f2e | ituser001 |
| f445e8dcdd334b8d80b66c8c256456a7 | rduser010 |
| f603db86e0604034a3b6f1d0205d0dcb | rduser031 |
| f6b329cd87d6415a83ee7a80e292f7f3 | rduser012 |
| f936aead65bb4a1fad2ccc861cb8b359 | rduser044 |
| fc1ee42060ba42bc9962868b3c86c67a | rduser009 |
| fe5ee9633d574c40848732382be797ea | rduser047 |
+----------------------------------+-----------+
- 通过Shell命令行将项目研发部用户rduser002绑定普通用户权限,执行命令如下:
[root@controller ~]# openstack role create _member_
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 9fe2ff9ee4384b1894a90878d3e92bab |
| name | _member_ |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --user rduser002 --project RD_Dept _member_
[root@controller ~]# openstack role list --user rduser002 --project RD_Dept
+----------------------------------+----------+---------+-----------+
| ID | Name | Project | User |
+----------------------------------+----------+---------+-----------+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | RD_Dept | rduser002 |
+----------------------------------+----------+---------+-----------+
- 编写 脚本将项目IT工程部用ituser001~ituser005绑定普通用户和管理员用户权限
[root@controller ~]# vi Keystone-manage-add-role.sh
#!/bin/bash
# 1st keystone
if [ -f "/etc/keystone/admin-openrc.sh" ];then
source /etc/keystone/admin-openrc.sh
else
env_path=`find / -name admin-openrc.sh`
source $env_path
fi
echo -e "\033[31mPlease Enter The User Name\033[0m "
read Add_Role_Username
echo -e "\033[31mPlease Input User Beginning And End Number: eg (001-002)\033[0m "
read Add_User_Range
if [ ! -n "$Add_User_Range" ];then
Add_User_Range=$Add_User_Range
else
A_R_Start=`echo $Add_User_Range |awk -F- '{ print $1}'| awk '{print $0+0}'`
A_R_U_Start=`printf "%03d\n" $A_R_Start`
A_R_End=`echo $Add_User_Range |awk -F- '{ print $2}' | awk '{print $0+0}'`
A_R_U_End=`printf "%03d\n" $A_R_End`
A_R_End1=$[$A_R_End+1]
fi
echo -e "\033[31mPlease Enter the Project Name\033[0m "
read Add_Role_Tenant
IF_Tenant_Exists=`openstack project list |sed '1,3d' |sed '$d' |awk '{print $4}'`
if echo "${IF_Tenant_Exists[@]}" | grep -w "$Add_Role_Tenant" >> /dev/null ; then
echo "exists" >> /dev/null
else
echo -e "\033[31mProject $Add_Role_Tenant not exists\033[0m "
exit 1
fi
echo -e "\033[31mPlease Enter the Role Name\033[0m "
read Add_Role_New_Role
IF_Role_Exists=`openstack role list |sed '1,3d' |sed '$d' |awk '{print $4}'`
if echo "${IF_Role_Exists[@]}" | grep -w "$Add_Role_New_Role" >> /dev/null ; then
echo "exists" >> /dev/null
else
echo -e "\033[31mRole $Add_Role_New_Role not exists\033[0m "
exit 1
fi
for (( username_number=$A_R_Start;username_number<$A_R_End1;username_number++ ));do
real_username_number=`printf "%03d\n" $username_number`
openstack role add --project $Add_Role_Tenant --user $Add_Role_Username$real_username_number $Add_Role_New_Role
echo -e "\033[31mKeystone user $Add_Role_Username$real_username_number Project $Add_Role_Tenant role list\033[0m "
openstack role assignment list --user $Add_Role_Username$real_username_number --project $Add_Role_Tenant
done
~
~
~
~
"Keystone-manage-add-role.sh" [New] 45L, 2377C written
[root@controller ~]# chmod +x Keystone-manage-add-role.sh
[root@controller ~]# ./Keystone-manage-add-role.sh
Please Enter The User Name
ituser
Please Input User Beginning And End Number: eg (001-002)
001-005
Please Enter the Project Name
IT_Dept
Please Enter the Role Name
admin
Keystone user ituser001 Project IT_Dept role list
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+
| Role | User | Group | Project | Domain | Inherited |
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+
| 28e00fea5f4344edaa093f6 | ed089ab3014d4c0393439fa | | d9a68590f02344e48664db50 | | False |
| 17fc55d5a | 6b8bf0f2e | | 1542cec2 | | |
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+
Keystone user ituser002 Project IT_Dept role list
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+
| Role | User | Group | Project | Domain | Inherited |
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+
| 28e00fea5f4344edaa093f6 | 8dfceea3982e4bf3875fa55 | | d9a68590f02344e48664db50 | | False |
| 17fc55d5a | 9b2e02b5a | | 1542cec2 | | |
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+
Keystone user ituser003 Project IT_Dept role list
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+
| Role | User | Group | Project | Domain | Inherited |
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+
| 28e00fea5f4344edaa093f6 | 4fb78b56fcb14175885ea18 | | d9a68590f02344e48664db50 | | False |
| 17fc55d5a | 8da68a468 | | 1542cec2 | | |
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+
Keystone user ituser004 Project IT_Dept role list
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+
| Role | User | Group | Project | Domain | Inherited |
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+
| 28e00fea5f4344edaa093f6 | 212ae123a4a345c9b05c3cf | | d9a68590f02344e48664db50 | | False |
| 17fc55d5a | 0852b2197 | | 1542cec2 | | |
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+
Keystone user ituser005 Project IT_Dept role list
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+
| Role | User | Group | Project | Domain | Inherited |
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+
| 28e00fea5f4344edaa093f6 | 1345c045e91e428eb64e355 | | d9a68590f02344e48664db50 | | False |
| 17fc55d5a | bbae98505 | | 1542cec2 | | |
+-------------------------+-------------------------+-------+--------------------------+--------+-----------+
可以看到创建出来的用户,角色,项目!
镜像服务
概述
通过认证服务的学习,我们可以以不同的身份访问企业云平台,可以通过研发部的账户登录研发部,可以通过业务部访问业务部的资源,也可以通过IT工程部的身份登录查看整个系统的运行状况;下面我们继续学习镜像服务(Glance),了解这个组件是如何为平台的正常运行提供支撑的。
实验目标
- 了解RabbitMQ的基本概念。
- 理解镜像服务的服务流程和工作机制。
- 掌握镜像服务的基本操作以及常见运维。
实验环境
大数据实训平台、IaaS_Mitaka_ALLinone.qcow2。
实验准备
- 概述Glance镜像服务实现发现、注册、获取虚拟机镜像和镜像元数据,镜像数据支持存储多种的存储系统,可以是简单文件系统、对象存储系统等。
- Glance服务架构Glance镜像服务是典型的C/S 架构,
- Glance架构包括 glance-Client、Glance和 Glance Store
- Glance 主要包括 REST API、数据库抽象层(DAL)、域控制器(glance domain controller)和注册层(registry layer),Glance 使用集中数据库(Glance DB)在 Glance 各组件间直接共享数据。
- 所有的镜像文件操作都通过 glance_store 库完成,glance_store 库提供了通用接口,对接后端外部不同存储。
实验步骤
- 查询Glance版本
(1)检测Glance服务列表
[root@controller ~]# source /etc/keystone/admin-openrc.sh
[root@controller ~]# openstack-service list | grep glance
openstack-glance-api
openstack-glance-registry
(2)检测Glance服务是否启动
[root@controller ~]# openstack-service status | grep glance
MainPID=1290 Id=openstack-glance-api.service ActiveState=active
MainPID=1270 Id=openstack-glance-registry.service ActiveState=active
(3)查询glance-control版本
[root@controller ~]# glance-control --version
12.0.0
- 创建镜像
(1)下载CirrOS镜像
(2)上传到/tmp/images
[root@controller ~]# mkdir /tmp/images
[root@controller ~]# cd /tmp/images
[root@controller images]# ls
cirros-0.3.4-x86_64-disk.img
[root@controller images]# mv cirros-0.3.4-x86_64-disk.img cirros-0.3.2-x86_64-disk.img
[root@controller images]# file cirros-0.3.2-x86_64-disk.img
cirros-0.3.2-x86_64-disk.img: QEMU QCOW Image (v2), 41126400 bytes
(3)使用命令行创建镜像
[root@controller images]# glance image-create --name "cirros-0.3.2-x86_64" --disk-format qcow2 --container-format bare --progress < cirros-0.3.2-x86_64-disk.img
[=============================>] 100%
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2022-05-28T09:05:40Z |
| disk_format | qcow2 |
| id | 2fb8263b-383b-4d2d-ab92-526c08fbdcc2 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros-0.3.2-x86_64 |
| owner | 81ea07237d034c4e99369581c1b4db89 |
| protected | False |
| size | 13287936 |
| status | active |
| tags | [] |
| updated_at | 2022-05-28T09:05:42Z |
| virtual_size | None |
| visibility | private |
+------------------+--------------------------------------+
(4)查询镜像列表
[root@controller images]# glance image-list
+--------------------------------------+---------------------+
| ID | Name |
+--------------------------------------+---------------------+
| 8a3c6a4e-e7a5-4e25-83c4-6e93bbf6c2f2 | centos |
| 2fb8263b-383b-4d2d-ab92-526c08fbdcc2 | cirros-0.3.2-x86_64 |
+--------------------------------------+---------------------+
- 更改镜像
可以使用glance image-update更新镜像信息,可以使用glance image-delete删除镜像信息。 如果需要改变镜像启动硬盘最低要求值(min-disk)时,min-disk 默认单位为G。
(1)获取镜像详细信息
镜像的ID通过镜像列表查询得出,每个镜像的ID都不同。
[root@controller images]# glance image-list
+--------------------------------------+---------------------+
| ID | Name |
+--------------------------------------+---------------------+
| 8a3c6a4e-e7a5-4e25-83c4-6e93bbf6c2f2 | centos |
| 2fb8263b-383b-4d2d-ab92-526c08fbdcc2 | cirros-0.3.2-x86_64 |
+--------------------------------------+---------------------+
[root@controller images]# glance image-show 2fb8263b-383b-4d2d-ab92-526c08fbdcc2
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2022-05-28T09:05:40Z |
| disk_format | qcow2 |
| id | 2fb8263b-383b-4d2d-ab92-526c08fbdcc2 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros-0.3.2-x86_64 |
| owner | 81ea07237d034c4e99369581c1b4db89 |
| protected | False |
| size | 13287936 |
| status | active |
| tags | [] |
| updated_at | 2022-05-28T09:05:42Z |
| virtual_size | None |
| visibility | private |
+------------------+--------------------------------------+
(2)修改镜像启动硬盘所需大小文章来源:https://www.toymoban.com/news/detail-408413.html
[root@controller images]# glance image-update --min-disk=1 2fb8263b-383b-4d2d-ab92-526c08fbdcc2
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2022-05-28T09:05:40Z |
| disk_format | qcow2 |
| id | 2fb8263b-383b-4d2d-ab92-526c08fbdcc2 |
| min_disk | 1 |
| min_ram | 0 |
| name | cirros-0.3.2-x86_64 |
| owner | 81ea07237d034c4e99369581c1b4db89 |
| protected | False |
| size | 13287936 |
| status | active |
| tags | [] |
| updated_at | 2022-05-28T09:57:47Z |
| virtual_size | None |
| visibility | private |
+------------------+--------------------------------------+
(3)删除镜像文章来源地址https://www.toymoban.com/news/detail-408413.html
[root@controller images]# glance image-delete 2fb8263b-383b-4d2d-ab92-526c08fbdcc2
[root@controller images]# glance image-list
+--------------------------------------+--------+
| ID | Name |
+--------------------------------------+--------+
| 8a3c6a4e-e7a5-4e25-83c4-6e93bbf6c2f2 | centos |
+--------------------------------------+--------+
到了这里,关于openstack云平台搭建与使用的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!