Openstack作为业界著名的开源ISSA,我在这单机部署所有模块。
安装要求
- Centos7 mini
- vmware workstation
- 内存 4G+
Centos7安装
vmware安装Centos7 mini版本,安装步骤就不在赘述了。下载Centos7 mini
Centos7环境准备
更新Yum下载源
1
2
3mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum makecache使用国内Yum源加快下载速度
更新Centos
1
yum update
使用代理
编辑
vi ~/.bashrc1
2
3
4
5
6
7function setproxy() {
export {http,https,ftp}_proxy="http://192.168.29.1:16808"
}
function unsetproxy() {
unset {http,https,ftp}_proxy
}为了加快下载国外源使用VPN(没有vpn可以不配置,192.168.206.1:16808是我的代理程序与端口)。在终端中输入
setproxy使用代理安装网络工具
命令
yum install net-tools关闭防火墙
命令
systemctl disable firewalld.service关闭Selinux
修改
/etc/selinux/config文件中设置SELINUX=disabled,然后重启服务器。重启系统
命令
reboot拍摄快照
给安装好的Centos7系统拍摄快照,准备OpenStack的安装。拍摄快照方便后续安装出错可回退。选择
虚拟机>快照>拍摄快照如图:
OpenStack环境
Centos7环境准备完毕,接下来准备安装OpenStack环境。
网络环境配置
安装openstack需要两张网卡
- 管理内部网络(management interface)
- 提供internet网络(provider interface)
如图需要vmware添加网卡。
vmware配置添加网卡,选择
虚拟机>设置>添加如图:
查看网络
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24# ifconifg
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.206.131 netmask 255.255.255.0 broadcast 192.168.206.255
inet6 fe80::20c:29ff:fe1f:3222 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:1f:32:22 txqueuelen 1000 (Ethernet)
RX packets 566 bytes 54421 (53.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 372 bytes 42227 (41.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eno33554984: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::20c:29ff:fe1f:322c prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:1f:32:2c txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10 bytes 1308 (1.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 4 bytes 340 (340.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4 bytes 340 (340.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0eno33554984是新添加网络设备。其中eno16777736是外网网卡,eno33554984是内网管理网卡。
网卡配置eno33554984
1
2
3
4
5# cp /etc/sysconfig/network-scripts/ifcfg-eno16777736 /etc/sysconfig/network-scripts/ifcfg-eno33554984
# vi /etc/sysconfig/network-scripts/ifcfg-eno33554984
...
NAME=eno33554984
DEVICE=eno33554984配置内部网络
1
2
3
4
5
6# vi /etc/sysconfig/network-scripts/ifcfg-eno33554984
...
IPADDR=192.168.70.2
NETMASK=255.255.255.0
NM_CONTROLLED=no
ONBOOT=yes注:192.168.70.2在vmware only-host网段相同,确保与主主机在192.168.70.0/24网段连通性。
配置外部网络
编辑
/etc/sysconfig/network-scripts/ifcfg-eno16777736,HWADDRUUID值不修改1
2
3
4DEVICE=eno16777736
TYPE=Ethernet
ONBOOT="yes"
BOOTPROTO="dhcp"配置主机名
编辑
/etc/hostname修改主机名为controller, 编辑/etc/hosts(单机部署) 如下:1
2
3
4
5
6
7
8
9
10# controller
192.168.70.2 controller
# compute1
192.168.70.2 compute1
# block1
192.168.70.2 block1
# object1
192.168.70.2 object1
# object2
192.168.70.2 object2
注意: 某些发行版在/etc/hosts文件中添加了一个无关的条目,将实际的主机名解析为另一个环回IP地址(例如127.0.1.1)。 您必须注释掉或删除此条目以防止名称解析问题。 不要删除127.0.0.1条目
设置DNS服务器
vi /etc/resolv.conf添加nameserver 114.114.114.1141
2
3
4# Generated by NetworkManager
search localdomain
nameserver 192.168.29.2
nameserver 114.114.114.114重启激活配置
reboot验证网络连通性
1
2
3
4
5
6
7
8
9# ping -c 4 www.baidu.com
PING www.a.shifen.com (180.97.33.107) 56(84) bytes of data.
64 bytes from 180.97.33.107: icmp_seq=1 ttl=128 time=39.5 ms
64 bytes from 180.97.33.107: icmp_seq=2 ttl=128 time=37.8 ms
64 bytes from 180.97.33.107: icmp_seq=3 ttl=128 time=39.5 ms
64 bytes from 180.97.33.107: icmp_seq=4 ttl=128 time=39.6 ms
--- www.a.shifen.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3006ms
rtt min/avg/max/mdev = 37.885/39.154/39.666/0.734 ms1
2
3
4
5
6
7
8
9# ping -c 4 controller
PING controller (192.168.70.2) 56(84) bytes of data
64 bytes from controller (192.168.70.2): icmp_seq=1 ttl=64 time=0.037 ms
64 bytes from controller (192.168.70.2): icmp_seq=2 ttl=64 time=0.045 ms
64 bytes from controller (192.168.70.2): icmp_seq=3 ttl=64 time=0.026 ms
64 bytes from controller (192.168.70.2): icmp_seq=4 ttl=64 time=0.037 ms
--- controller ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.026/0.036/0.045/0.008 ms安装Network Time Protocol (NTP)
安装包
1
# yum install chrony
编辑
/etc/chrony.conf添加修改删除ntp服务器:1
server NTP_SERVER iburst
NTP_SERVER替换为ntp服务器域名或ip,如果没有自己的NTP服务器使用默认。这里vmware安装不用配置ntp。如果添加其他节点则需要
编辑
/etc/chrony.conf添加ntp客户端网段(单一节点可以不使用):1
allow 192.168.70/24
开机启动与启动ntp
1
2# systemctl enable chronyd.service
# systemctl start chronyd.service验证安装的ntp
1
2
3
4
5
6
7# chronyc sources
210 Number of sources = 3
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* news.neu.edu.cn 2 6 377 49 +804us[ +545us] +/- 38ms
^+ time6.aliyun.com 2 6 337 49 -676us[ -676us] +/- 38ms
^+ 202.118.1.130 2 6 377 50 -5469us[-5727us] +/- 44msOpenStack安装源
CentOS系统中需要额外提供rpm的openstack安装源
1
# yum install centos-release-openstack-newton
CentOS系统中需要额外提供rdo的openstack安装源
1
# yum install https://rdoproject.org/repos/rdo-release.rpm
如果yum下载不了,请手动下载后放置
/etc/yum.repos.d/更新系统
1
# yum upgrade
安装OpenStack Client
1
# yum install python-openstackclient
安装OpenStack Selinux
1
# yum install openstack-selinux
安装Mysql
安装mysql
1
# yum install mariadb mariadb-server python2-PyMySQL
创建和编辑
/etc/my.cnf.d/openstack.cnf创建
[mysqld]设置bind-address为 控制节点(controller node)management IP地址1
2
3
4
5
6
7[mysqld]
bind-address = 192.168.70.2
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8开机启动和启动mysql
1
2# systemctl enable mariadb.service
# systemctl start mariadb.service设置mysql安全脚本
1
# mysql_secure_installation
设置root密码为123456,为了方便后续所有密度都设置为123456。
安装消息队列
安装rabbitmq
1
# yum install rabbitmq-server
开机启动和启动rabbitmq
1
2# systemctl enable rabbitmq-server.service
# systemctl start rabbitmq-server.service添加
openstack用户1
2# rabbitmqctl add_user openstack 123456
Creating user "openstack" ...123456是rabbitmq密码(RABBIT_PASS)。配置rabbitmq权限
1
2# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...安装memcache
安装memcache包
1
# yum install memcached python-memcached
开机启动和启动memcache
1
2# systemctl enable memcached.service
# systemctl start memcached.service到此openstack安装环境准备就绪,接下来就是安装OpenStack组件了。
身份认证组件 - keystone
Keystone套件作為OpenStack中的身份驗證服務(Identity Service),Keystone執行了以下兩個功能:
- 認證與授權。
- 提供可用服務的 API 服務端點目錄資訊。
當安裝OpenStack Identity Service套件後,必須將OpenStack的每個服務註冊到Keystone。這樣身份驗證服務才可以認證已經安裝的OpenStack服務套件,並且得知服務在網絡上的位置。Identity Service 提供了 Role-based 的管理概念,並提供傳統的 UserName/Password 及 Token 的認證方式
想要了解OpenStack的身份驗證套件以前,須先理解以下概念:
User
使用OpenStack雲端服務的人、系統、服務,在Keystone會以一個數字表示。身份驗證服務會驗證那些產生呼叫的使用者傳來的請求,使用者登入後會被賦予token來存取資源,使用者可以直接被分配到特定的 Tenant 與Behave,如果這些是被包含在Tenant中的。
Credentials
使用者身份的確認資料,諸如:使用者名稱、密碼、API金鑰,或者是一個有身份的服務提供授權token。
Authentication
確認使用者身份的流程,OpenStack身份驗證服務會確認傳送過來的請求,即驗證由使用者提供的憑證。
這些憑證通常是使用者名稱、密碼、API金鑰等。當使用者憑證被驗證過後,OpenStack身份驗證服務會給該使用者一個token,透過該token即可請求OpenStack其他服務。
Token
一個以字母與數字混合的字串,用來讓使用者存取OpenStack的API與資源,token可以隨時清除,且本身就有一定時間限制。
在近幾版本中,OpenStack身份驗證服務支援了基於token的驗證,這也表示未來會支持更多協定,主要目的是集成服務,且不希望成為一個完整的身份驗證儲存與管理解決方案。
Tenant
用來分組或隔離資訊的容器,tenant會分組或者隔離身份對象。根據不同的服務操作者,tenant可以映射到一個客戶(customer)、帳號(account)、組織(organization)或者專案(Project)。
Service
一個OpenStack的服務,如運算(nova),物件儲存(swift),或映像檔服務(glance)。它提供了一個或多個Endpoint,使用者可以訪問的資源和執行操作。
Endpoint
當一個使用者存取服務時,所有可存取的網路網址,通常是一個URL網址。如果使用者是為板模的擴展而使用,一個Endpoint是可以被建立的,用來表示板模是所有可用的跨Region的可消費服務。
Role
一個定義使用者權限和特權,可賦予其執行某些特定的操作。管理者可以根據不同的 role 給定不同的權限,再將 role 指定給 user,每個 user 可以同時被指定為多個 role 藉以授予系統存取權限
在身份驗證服務中,一個token會帶有使用者訊息,其包含了角色列表。服務在被呼叫時,會看使用者是什麼角色,而這個角色賦予的權限能夠操作哪些資源。
Keystone Client
OpenStack 身份驗證服務API提供了一套指令介面。例如,使用者可以執行keystone service-create與keystone endpoint-create指令,在OpenStack中註冊服務。
下面示意圖展示了OpenStack身份驗證的流程:
了解概念后,我们开始安装keystone。
创建数据库及数据结构
登录数据库
1
# mysql -u root -p123456
创建keystone数据库
1
mysql> CREATE DATABASE keystone;
数据库权限
1
2
3
4mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY '123456';
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY '123456';123456是密码(KEYSTONE_DBPASS)。
安装配置keystone
安装包
1
# yum install openstack-keystone httpd mod_wsgi
编辑
/etc/keystone/keystone.conf如下:1
2
3
4
5
6
7[database]
...
connection = mysql+pymysql://keystone:123456@controller/keystone
[token]
...
provider = fernet123456是密码(KEYSTONE_DBPASS)。填充数据
1
su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化Fernet
1
2# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone启动身份服务
1
2
3
4
5keystone-manage bootstrap --bootstrap-password 123456 \
--bootstrap-admin-url http://controller:35357/v3/ \
--bootstrap-internal-url http://controller:35357/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne123456是密码(ADMIN_PASS)。
配置Apache HTTP
编辑
/etc/httpd/conf/httpd.conf配置ServerName项:1
ServerName controller
创建链接文件
/usr/share/keystone/wsgi-keystone.conf:1
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
keystone命令
开机启动及启动Apache HTTP服务
1
2# systemctl enable httpd.service
# systemctl start httpd.service查看占用端口
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.70.2:3306 0.0.0.0:* LISTEN 2700/mysqld
tcp 0 0 0.0.0.0:11211 0.0.0.0:* LISTEN 3957/memcached
tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1097/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1423/master
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 2917/beam
tcp6 0 0 :::11211 :::* LISTEN 3957/memcached
tcp6 0 0 :::80 :::* LISTEN 26461/httpd
tcp6 0 0 :::22 :::* LISTEN 1097/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1423/master
tcp6 0 0 :::35357 :::* LISTEN 26461/httpd
tcp6 0 0 :::5000 :::* LISTEN 26461/httpd
tcp6 0 0 :::5672 :::* LISTEN 2917/beam353575000端口配置administrative账号环境变量
1
2
3
4
5
6
7# export OS_USERNAME=admin
# export OS_PASSWORD=123456
# export OS_PROJECT_NAME=admin
# export OS_USER_DOMAIN_NAME=default
# export OS_PROJECT_DOMAIN_NAME=default
# export OS_AUTH_URL=http://controller:35357/v3
# export OS_IDENTITY_API_VERSION=3123456是密码(ADMIN_PASS)。
keystone用户
创建service项目:
1
2
3
4
5
6
7
8
9
10
11
12
13# openstack project create --domain default \
--description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | b6e39648297f496d8bd351f91c5dbc01 |
| is_domain | False |
| name | service |
| parent_id | default |
+-------------+----------------------------------+创建demo项目:
1
2
3
4
5
6
7
8
9
10
11
12
13openstack project create --domain default \
--description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | acada8b2e88943aaa094dc0617ffd266 |
| is_domain | False |
| name | demo |
| parent_id | default |
+-------------+----------------------------------+创建demo用户:
1
2
3
4
5
6
7
8
9
10
11
12
13# openstack user create --domain default \
--password-prompt demo
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 53c9811a2a7940a1a2d89d641c1f7b2a |
| name | demo |
| password_expires_at | None |
+---------------------+----------------------------------+创建用户角色:
1
2
3
4
5
6
7
8# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 5e2f64124ff54868b63fdf042671dbfa |
| name | user |
+-----------+----------------------------------+添加用户角色到demo项目和demo用户:
1
# openstack role add --project demo --user demo user
验证keystone
安全性考虑,禁止临时认证token:
编辑
/etc/keystone/keystone-paste.ini文件从[pipeline:public_api][pipeline:admin_api][pipeline:api_v3]中删除admin_token_auth选项Unset OS_URL 环境变量:
1
# unset OS_URL
请求一个admin用户认证token:
1
2
3
4
5
6
7
8
9
10
11
12
13
14# openstack --os-auth-url http://controller:35357/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name admin --os-username admin token issue
Password:
+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:14:07.056119Z |
| id | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
| | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
| | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws |
| project_id | 343d245e850143a096806dfaefa9afdc |
| user_id | ac3377633149401296f6c0d92d79dc16 |
+------------+-----------------------------------------------------------------+请求一个demo用户认证token:
1
2
3
4
5
6
7
8
9
10
11
12
13
14# openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name demo --os-username demo token issue
Password:
+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:15:39.014479Z |
| id | gAAAAABWvi9bsh7vkiby5BpCCnc-JkbGhm9wH3fabS_cY7uabOubesi-Me6IGWW |
| | yQqNegDDZ5jw7grI26vvgy1J5nCVwZ_zFRqPiz_qhbq29mgbQLglbkq6FQvzBRQ |
| | JcOzq3uwhzNxszJWmzGC7rJE_H0A_a3UFhqv8M4zMRYSbS2YF0MyFmp_U |
| project_id | ed0b60bf607743088218b0a533d5943f |
| user_id | 58126687cbcc4888bfa9ab73a2256f27 |
+------------+-----------------------------------------------------------------+创建OpenStack client环境脚本
编辑
admin-openrc文件内容如下:1
2
3
4
5
6
7
8export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2123456是密码(ADMIN_PASS)。编辑
demo-openrc文件内容如下:1
2
3
4
5
6
7
8export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=123456
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2123456是密码(DEMO_PASS)。脚本使用,使用
admin用户环境:1
# . admin-openrc
请求认证token:
1
2
3
4
5
6
7
8
9
10
11# openstack token issue
+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:44:35.659723Z |
| id | gAAAAABWvjYj-Zjfg8WXFaQnUd1DMYTBVrKw4h3fIagi5NoEmh21U72SrRv2trl |
| | JWFYhLi2_uPR31Igf6A8mH2Rw9kv_bxNo1jbLNPLGzW_u5FC7InFqx0yYtTwa1e |
| | eq2b0f6-18KZyQhs7F3teAta143kJEWuNEYET-y7u29y0be1_64KYkM7E |
| project_id | 343d245e850143a096806dfaefa9afdc |
| user_id | ac3377633149401296f6c0d92d79dc16 |
+------------+-----------------------------------------------------------------+Glance 镜像组件
Glance作為OpenStack的Image service,提供使用者可以去尋找、註冊、取得虛擬機的Image。並提供了一個REST API,使你能夠查詢虛擬機Image的metadata與取得實際的Image。你可以透過Image service儲存在不同的地點所提供虛擬機Image,從簡單的檔案系統到像是物件儲存系統的OpenStack Object Storage(Swift)。除了可以讓使用者新增 image 之外,也可以從正在運作的 server 上取得 snapshop 來作為 image 的備份或者是其他虛擬磁碟的 image。
OpenStack的映像檔服務(Image service)包含了以下幾個元件:
- glance-api:接受來至其他服務的API呼叫,諸如Image尋找、取得、儲存。
- glance-registry:儲存、處理以及取得Image的metadata,metadata(包含諸如檔案大小、類型等資訊)。
- Database:存放Images的metadata資訊,使用者可以根據個人喜好選擇資料庫,大多數選擇MySQL或SQLite。
- Image的Storage Repository:支援多種類型的Repository,可以從一般檔案系統、Object Storage(Swift)、RADOS Block device、HTTP、Amazon S3等。但要注意,其中一些Repository只支援讀取。
從Openstack架構圖,可以看到Glance的定位:
- 可以將 image 存於 Swift 中。
- 提供 image 給 Nova 作為執行 VM 之用。
- 使用者可以透過 Horizon 呼叫 Glance API 來管理 image。
- 在使用 Glance API 之前,都需要通過 Keystone 的認證。
创建数据库及数据结构
登录数据库
1
# mysql -u root -p123456
创建keystone数据库
1
mysql> CREATE DATABASE glance;
数据库权限
1
2
3
4mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY '123456';
mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY '123456';123456是密码(GLANCE_DBPASS)。获取
admin命令行证书权限1
# . admin-openrc
创建glance用户
1
2
3
4
5
6
7
8
9
10
11
12# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | bf72dd3d5806479ab175be3b630bda0d |
| name | glance |
| password_expires_at | None |
+---------------------+----------------------------------+用户glance添加角色
1
# openstack role add --project service --user glance admin
添加glance服务
1
2
3
4
5
6
7
8
9
10
11# openstack service create --name glance \
--description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 385dcc7f756a4dd8801063dcc4f75a35 |
| name | glance |
| type | image |
+-------------+----------------------------------+创建镜像服务API点:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15# openstack endpoint create --region RegionOne \
image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | bd89aaca7ab34c2fa5e3ab96b42b69af |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 385dcc7f756a4dd8801063dcc4f75a35 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+1
2
3
4
5
6
7
8
9
10
11
12
13
14
15# openstack endpoint create --region RegionOne \
image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 65af6f8c900242f9bb4a9c8dec9b4ba0 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 385dcc7f756a4dd8801063dcc4f75a35 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+1
2
3
4
5
6
7
8
9
10
11
12
13
14
15# openstack endpoint create --region RegionOne \
image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | bde313f29d4745cd87da35e63608fce7 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 385dcc7f756a4dd8801063dcc4f75a35 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+安装配置Glance
安装包:
1
# yum install openstack-glance
编辑
/etc/glance/glance-api.conf文件内容:1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25[database]
...
connection = mysql+pymysql://glance:123456@controller/glance
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123456
[paste_deploy]
...
flavor = keystone
[glance_store]
...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/123456是密码(GLANCE_DBPASS)。编辑
/etc/glance/glance-registry.conf文件内容:1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19[database]
...
connection = mysql+pymysql://glance:123456@controller/glance
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123456
[paste_deploy]
...
flavor = keystone123456是密码(GLANCE_DBPASS)。填充数据
1
# su -s /bin/sh -c "glance-manage db_sync" glance
终端打印过时信息
开机启动及启动glance
1
2
3
4# systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
# systemctl start openstack-glance-api.service \
openstack-glance-registry.service校验glance
获取
admin命令行证书权限1
# . admin-openrc
下载cirros镜像:
1
2# yum install wget
# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img上传QCOW2格式镜像文件:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26# openstack image create "cirros" \
--file cirros-0.3.4-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | 133eae9fb1c98f45894a4e60d8736619 |
| container_format | bare |
| created_at | 2015-03-26T16:52:10Z |
| disk_format | qcow2 |
| file | /v2/images/cc5c6982-4910-471e-b864-1098015901b5/file |
| id | cc5c6982-4910-471e-b864-1098015901b5 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | ae7a98326b9c455588edd2656d723b9d |
| protected | False |
| schema | /v2/schemas/image |
| size | 13200896 |
| status | active |
| tags | |
| updated_at | 2015-03-26T16:52:10Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+查看镜像:
1
2
3
4
5
6# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 38047887-61a7-41ea-9b49-27987d5e8bb9 | cirros | active |
+--------------------------------------+--------+--------+