一、Openstack各组件简单介绍
keystone:身份认证服务
glance:镜像服务
nova:计算服务
neutron:网络服务
Cinder:块存储服务
Swift:对象存储服务
heat:编排服务
HoRizon:web控制面板
Ceilometer:资源监控、计量服务
二、环境准备:
VMvare虚拟机,详情如下:
|
主机名 |
操作系统 |
IP |
备注 |
|
controller |
CentOS 7.1 x86_64 |
eth0:192.168.200.201/24 |
控制节点 |
|
compute1 |
CentOS 7.1 x86_64 |
eth0:192.168.200.202/24 |
计算节点 |
注意:每个节点上面两个网卡(一个网卡用户为用户提供服务,一个网卡用于管理网络 。可以使用两个vmnet网络来模拟,一个VMNET8_NAT(这里为200网段),一个vmnet1)
控制节点:
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:5f:6a:23 brd ff:ff:ff:ff:ff:ff
inet 192.168.200.201/24 brd 192.168.25.255 scope global eno16777736
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe5f:6a23/64 scope link
valid_lft forever preferred_lft forever (提供者网络)
3: eno33554984: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:5f:6a:2d brd ff:ff:ff:ff:ff:ff
inet 192.168.110.38/24 brd 192.168.110.255 scope global eno33554984
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe5f:6a2d/64 scope link
valid_lft forever preferred_lft forever (管理网络)
计算节点:
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:df:21:b8 brd ff:ff:ff:ff:ff:ff
inet 192.168.200.202/24 brd 192.168.25.255 scope global eno16777736
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fedf:21b8/64 scope link
valid_lft forever preferred_lft forever (提供者网络)
4: eno33554984: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master brq89fb29a3-d6 state UP qlen 1000
inet 192.168.110.39/24 brd 192.168.110.255 scope global eno33554984
link/ether 00:0c:29:df:21:c2 brd ff:ff:ff:ff:ff:ff
inet6 fe80::20c:29ff:fedf:21c2/64 scope link
valid_lft forever preferred_lft forever (管理网络)
关闭防火墙及selinux,修改hosts文件及主机名:
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# systemctl disable firewalld.service
[root@localhost ~]# setenforce 0
[root@openstack01 ~]# sed -i '7 s/enforcing/disabled/' /etc/selinux/config
[root@localhost ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.200.201 controller
192.168.200.202 compute1
[root@localhost ~]# hostnamectl set-hostname controller #computer节点也要做此步
[root@localhost ~]# bash
2.2 OpenStack版本介绍
略。本文使用的是M(Mitaka)版。
2.3 安装组件服务
yum -y install centos-release-openstack-mitaka #centos7 直接安装软件,extra仓库里面包含(需要连网)
2.3.1 控制节点安装
yum -y install python-openstackclient mariadb mariadb-server MySQL-python rabbitmq-server openstack-keystone httpd mod_wsgi memcached python-memcached openstack-glance python-glance python-glanceclient openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset openstack-dashboard #这其中包括MySQL、Keystone、Rabbitmq、Glance、Nova、Neutron、Dashboard服务。
2.3.2 计算节点安装
yum -y install centos-release-openstack-mitaka python-openstackclient device-mapper lvm2 openstack-nova-compute sysfsutils openstack-neutron openstack-neutron-linuxbridge ebtables ipset
三、OpenStack之控制节点
3.1 首先保证控制节点与计算节点时间同步,可配置一台NTP服务器,然后另一台机器使用ntpdate命令同步时间(非常重要)。
3.2 控制节点的mysql
Openstack的所有组件除了Horizon,都要用到数据库,本文使用的是mysql,在CentOS7中,默认叫做MariaDB。
修改mysql配置,创建并编辑/etc/my.cnf.d/openstack.cnf
[root@controller ~]# vim /etc/my.cnf.d/openstack.cnf(在mysqld模块下添加如下内容)
[mysqld]
bind-address = 192.168.200.201
max_connections = 4096
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
开机自启和启动mysql
[root@controller ~]# systemctl enable mariadb.service
[root@controller ~]# systemctl start mariadb.service
[root@controller ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): //直接回车
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password: //输入新密码:123123
Re-enter new password: //重填密码:123123
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
创建所有组件的数据库并授权:
【root@controller~】#mysql -uroot -p123123
执行sql语句:
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';
flush privileges;
3.3 Rabbit消息队列
SOA架构,面向服务的体系结构是一个组件模型,它将应用程序的不同功能单元(称为服务)通过这些服务之间定义好的借口和契约联系起来。接口是采用中立的方式进行定义的,它应该独立于实现服务的硬件平台、操作系统和编程语言。这使得构建在各种各样的系统中的服务可以使用一种统一和通用的方式进行交互。
在这里OpenStack采用了SOA架构方案,结合了SOA架构的松耦合特点,单独组件单独部署,每个组件之间可能互为消费者和提供者,通过消息队列(OpenStack支持Rabbitmq、Zeromq、Qpid)进行通信,保证了某个服务当掉的情况,不至于其他都当掉。
启动Rabbitmq
[root@controller ~]# systemctl enable rabbitmq-server.service
[root@controller ~]# systemctl start rabbitmq-server.service
新家Rabbitmq用户并授权,密码为123123
[root@controller ~]# rabbitmqctl add_user openstack 123123
授权给OpenStack用户以访问、写、读的权限
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
安装Memcached服务
[root@controller ~]# yum -y install memcached python-memcached
[root@controller ~]# systemctl enable memcached.service
[root@controller ~]# systemctl start memcached.service
3.4Keystone组件
修改keystone的配置文件
为初始化时的管理员生成一个token令牌
[root@controller ~]# openssl rand -hex 10
17cd889044c22ee274f9 //复制下来
[root@controller ~]# cp /etc/keystone/keystone.conf{,.org}
[root@controller ~]# vim /etc/keystone/keystone.conf
13 admin_token = 17cd889044c22ee274f9 #用作无用户时,创建用户来链接,此内容使用openssl随机产生
549 connection = mysql://keystone:keystone@localhost/keystone #用作链接数据库,三个keysthone分别为keystone组件,keystone用户名,mysql中的keysthone库名
2005 provider = fernet
1463 rabbit_host = controller
1469 rabbit_port = 5672
1481 rabbit_userid = openstack
1485 rabbit_password = 123123
[root@controller opt]# su -s /bin/sh -c "keystone-manage db_sync" keystone
构建数据库
[root@controller keystone]# ll /var/log/keystone/
total 8
-rw-r--r-- 1 keystone keystone 7064 Dec 15 14:43 keystone.log
更改后的结果
[root@controller ~]# grep -n '^[a-z]' /etc/keystone/keystone.conf
13:admin_token = 17cd889044c22ee274f9
549:connection = mysql://keystone:keystone@localhost/keystone
1463:rabbit_host = controller
1469:rabbit_port = 5672
1481:rabbit_userid = openstack
1485:rabbit_password = 123123
2005:provider = fernet
[root@controller keystone]# mysql -u root -p123123 -e 'use keystone;show tables;'
+------------------------+
| Tables_in_keystone |
+------------------------+
| access_token |
| assignment |
| config_register |
| consumer |
| credential |
| domain |
| endpoint |
| endpoint_group |
| federated_user |
| federation_protocol |
| group |
| id_mapping |
| identity_provider |
| idp_remote_ids |
| implied_role |
| local_user |
| mapping |
| migrate_version |
| password |
| policy |
| policy_association |
| project |
| project_endpoint |
| project_endpoint_group |
| region |
| request_token |
| revocation_event |
| role |
| sensitive_config |
| service |
| service_provider |
| token |
| trust |
| trust_role |
| user |
| user_group_membership |
| whitelisted_config |
初始化fernet keys
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
添加一个apache的wsgi-keystone配置文件,其中5000端口是提供该服务的,35357是为admin提供管理用的
[root@controller ~]# httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built: Jul 18 2016 15:30:14
创建/etc/httpd/conf.d/wsgi-keystone.conf配置文件
[root@controller keystone]# vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
配置apache的servername,如果不配置servername,会影响keystone服务
[root@controller httpd]# vim /etc/httpd/conf/httpd.conf
95 ServerName controller
启动memcached,httpd,keystone
[root@controller ~]# httpd -t
Syntax OK
[root@controller ~]# systemctl enable httpd.service
[root@controller ~]# systemctl start httpd.service
查看httpd端口占用情况
[root@controller httpd]# netstat -lntup|grep httpd
tcp6 0 0 :::5000 :::* LISTEN 70482/httpd
tcp6 0 0 :::80 :::* LISTEN 70482/httpd
tcp6 0 0 :::35357 :::* LISTEN 70482/httpd
创建用户并连接keystone,在这里可以使用两种方式,通过keystone –help后加参数的方式,或者使用环境变量env的方式,下面就将使用环境变量的方式,分别设置了token,API及控制版本(SOA种很适用)
[root@controller ~]# export OS_TOKEN=17cd889044c22ee274f9
[root@controller ~]# export OS_URL=http://192.168.200.201:35357/v3
[root@controller ~]# export OS_IDENTITY_API_VERSION=3
注册keystone服务,虽然keystone本身是搞注册的,但是自己也需要注册服务。
创建keystone认证
【root@controller ~】#openstack service create --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | d241e6f094764717bd33615ff843c420 |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
创建一个API端点
分别创建三种类型的endpoint,分别为public:对外可见,internal内部使用,admin管理使用
[root@controller ~]# openstack endpoint create --region RegionOne identity public http://192.168.200.201:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | ae271b2ca66548de85df93d577cbd1a4 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d241e6f094764717bd33615ff843c420 |
| service_name | keystone |
| service_type | identity |
| url | http://192.168.200.201:5000/v3 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne identity internal http://192.168.200.201:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 46ef634562df474dac0175fd8750d10f |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d241e6f094764717bd33615ff843c420 |
| service_name | keystone |
| service_type | identity |
| url | http://192.168.200.201:5000/v3 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne identity admin http://192.168.200.201:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | de6819281cdf4007af362c1fc8453443 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | d241e6f094764717bd33615ff843c420 |
| service_name | keystone |
| service_type | identity |
| url | http://192.168.200.201:5000/v3 |
+--------------+----------------------------------+
查看创建的endpoint
[root@controller ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
| 46ef634562df474dac0175fd8750d10f | RegionOne | keystone | identity | True | internal | http://192.168.200.201:5000/v3 |
| ae271b2ca66548de85df93d577cbd1a4 | RegionOne | keystone | identity | True | public | http://192.168.200.201:5000/v3 |
| de6819281cdf4007af362c1fc8453443 | RegionOne | keystone | identity | True | admin | http://192.168.200.201:5000/v3 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
6、创建一个域、项目、用户和角色:身份认证服务为每个OpenStack服务提供认证服务。认证服务使用 T domains, projects (tenants), :term:`users<user>`和 :term:`roles<role>`的组合
创建一个域default
[root@controller ~]# openstack domain create --description "Default Domain" default
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Default Domain |
| enabled | True |
| id | aafb36608df346569c49bc9b7f2d7d70 |
| name | default |
+-------------+----------------------------------+
在你的环境中,为进行管理操作,创建管理的项目、用户和角色。
创建admin项目(project)
[root@controller ~]# openstack project create --domain default --description "Admin Project" admin
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Admin Project |
| domain_id | aafb36608df346569c49bc9b7f2d7d70 |
| enabled | True |
| id | 468cb1fa46f14484b9b4aeef8eef9c12 |
| is_domain | False |
| name | admin |
| parent_id | aafb36608df346569c49bc9b7f2d7d70 |
+-------------+----------------------------------+
创建admin用户(user)并设置密码(生产环境一定设置一个复杂的)
[root@controller ~]# openstack user create --domain default --password-prompt admin #--password-prompt:密码提示
User Password:123123
Repeat User Password:123123
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | aafb36608df346569c49bc9b7f2d7d70 |
| enabled | True |
| id | dc1844e36323461f8c63c0a0269c7c7e |
| name | admin |
+-----------+----------------------------------+
创建admin的角色(role)
[root@controller ~]# openstack role create admin
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | d87e6fda598247e7a4b02e885587c42b |
| name | admin |
+-----------+----------------------------------+
把admin用户加到admin项目,赋予admin角色,把角色,项目,用户关联起来
[root@controller ~]# openstack role add --project admin --user admin admin
创建一个service的项目,此服务用来管理nova,neuturn,glance等组件的服务
[root@controller ~]# openstack project create --domain default --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | aafb36608df346569c49bc9b7f2d7d70 |
| enabled | True |
| id | 3fad6d3845a04e638987f36f197e92e3 |
| is_domain | False |
| name | demo |
| parent_id | aafb36608df346569c49bc9b7f2d7d70 |
+-------------+----------------------------------+
[root@controller ~]# openstack user create --domain default --password-prompt demo
User Password:123123
Repeat User Password:123123
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | aafb36608df346569c49bc9b7f2d7d70 |
| enabled | True |
| id | 79cc3725e0bb453eaed17c6b5a715c18 |
| name | demo |
+-----------+----------------------------------+
[root@controller ~]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | a415b67d79d44509823a6e59565b01ac |
| name | user |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project demo --user demo user
查看创建的用户,角色,项目
[root@controller ~]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 79cc3725e0bb453eaed17c6b5a715c18 | demo |
| dc1844e36323461f8c63c0a0269c7c7e | admin |
+----------------------------------+-------+
[root@controller ~]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 3fad6d3845a04e638987f36f197e92e3 | demo |
| 468cb1fa46f14484b9b4aeef8eef9c12 | admin |
| 64c8bab970af4576aa97cf030fd6313f | service |
+----------------------------------+---------+
[root@controller ~]# openstack role list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| a415b67d79d44509823a6e59565b01ac | user |
| d87e6fda598247e7a4b02e885587c42b | admin |
+----------------------------------+-------+
出于安全原因,禁用临时身份验证令牌机制
[root@controller ~]# cp /etc/keystone/keystone-paste.ini{,.org}
[root@controller ~]# vim /etc/keystone/keystone-paste.ini
将高亮字段删除,结果如下:
链接到keystone,请求token,在这里由于已经添加了用户名和密码,就不再使用token,所以就一定要取消环境变量
删除临时环境变量
[root@controller httpd]# unset OS_TOKEN OS_URL
作为管理用户,请求一个身份验证令牌(token)
[root@controller ~]# openstack --os-auth-url http://192.168.200.201:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue
Password:123123
作为演示用户(demo),请求一个身份验证令牌
[root@controller ~]# openstack --os-auth-url http://192.168.200.201:5000/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name demo --os-username demo token issue
Password:123123
配置admin和demo用户的环境变量,并添加执行权限,以后执行命令,直接source一下就行了
[root@controller ~]# vim admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123123
export OS_AUTH_URL=http://192.168.200.201:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@controller ~]# vim demo-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=123123
export OS_AUTH_URL=http://192.168.200.201:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@controller ~]# source admin-openrc
请求一个身份验证令牌
[root@controller ~]# openstack token issue
3.5 Glance部署(控制节点部署)glance为虚拟机提供镜像服务
修改glance-api和glance-registry的配置文件,同步数据库
配置glance连接keystone,对于keystone,每个服务都要有一个用户连接keystone
[root@controller ~]# . admin-openrc
[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:glance
Repeat User Password:glance
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 9b99e025ebce48f49cbff37e1ca1fa90 |
| enabled | True |
| id | fff9521db78d4dceb217e8841d8667c4 |
| name | glance |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project service --user glance admin
创建glance服务
使glangce服务在keystone上注册,才可以允许其他服务调用glance
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 0eec337e1a1842a2a66aa54f0d9cef88 |
| name | glance |
| type | image |
+-------------+----------------------------------+
创建API端点
[root@controller ~]# openstack endpoint create --region RegionOne image public http://192.168.200.201:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3558615924df428bbb68fee05831ad32 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0eec337e1a1842a2a66aa54f0d9cef88 |
| service_name | glance |
| service_type | image |
| url | http://192.168.200.201:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image internal http://192.168.200.201:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f7763299fbb1478a81333cc1332a993f |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0eec337e1a1842a2a66aa54f0d9cef88 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image admin http://192.168.200.201:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f2f3cce6383b44fea78fb4270ed31fb4 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0eec337e1a1842a2a66aa54f0d9cef88 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# cp /etc/glance/glance-api.conf{,.org}
[root@controller ~]# grep -n "^[a-z]" /etc/glance/glance-api.conf
641:connection = mysql+pymysql://glance:glance@192.168.200.201/glance
741:stores = file,http
746:default_store = file
1025:filesystem_store_datadir = /var/lib/glance/images/
1118:auth_uri = http://192.168.200.201:5000
1119:auth_url = http://192.168.200.201:35357
1120:memcached_servers = 192.168.200.201:11211
1121:auth_type = password
1122:project_domain_name = default
1123:user_domain_name = default
1124:project_name = service
1125:username = glance
1126:password = glance
1694:flavor = keystone
[root@controller ~]# cp /etc/glance/glance-registry.conf{,.org}
[root@controller ~]# grep -n "^[a-z]" /etc/glance/glance-registry.conf
382:connection = mysql+pymysql://glance:glance@192.168.200.201/glance
843:auth_uri = http://192.168.200.201:5000
844:auth_url = http://192.168.200.201:35357
845:memcached_servers = 192.168.200.201:11211
846:auth_type = password
847:project_domain_name = default
848:user_domain_name = default
849:project_name = service
850:username = glance
851:password = glance
1401:flavor = keystone
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
(有可能出现以下信息)
Option "verbose" from group "DEFAULT" is deprecated for removal. Its value may be silently ignored in the future.
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1056: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade
expire_on_commit=expire_on_commit, _conf=conf)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u"Duplicate index 'ix_image_properties_image_id_name' defined on the table 'glance.image_properties'. This is deprecated and will be disallowed in a future release.")
result = self._query(query)
检查导入glance库的表情况
[root@controller ~]# mysql -uroot -p123123
MariaDB [(none)]> use glance;
MariaDB [glance]> show tables;
+----------------------------------+
| Tables_in_glance |
+----------------------------------+
| artifact_blob_locations |
| artifact_blobs |
| artifact_dependencies |
| artifact_properties |
| artifact_tags |
| artifacts |
| image_locations |
| image_members |
| image_properties |
| image_tags |
| images |
| metadef_namespace_resource_types |
| metadef_namespaces |
| metadef_objects |
| metadef_properties |
| metadef_resource_types |
| metadef_tags |
| migrate_version |
| task_info |
| tasks |
+----------------------------------+
20 rows in set (0.00 sec)
对glance设置开机启动并启动glance服务
[root@controller ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api
.service.Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-registry.service to /usr/lib/systemd/system/openstack-glanc
e-registry.service.
[root@controller ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service
查看galnce占用端口情况,其中9191是registry占用端口,9292是api占用端口
[root@controller ~]# netstat -lntup|egrep 9191
tcp 0 0 0.0.0.0:9191 0.0.0.0:* LISTEN 25180/python2
[root@controller ~]# netstat -lntup|egrep 9292
tcp 0 0 0.0.0.0:9292 0.0.0.0:* LISTEN 25174/python2
下载一个镜像
[root@controller ~]# source admin-openrc
[root@controller ~]# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
--2016-09-25 17:45:49-- http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
正在解析主机 download.cirros-cloud.net (download.cirros-cloud.net)... 64.90.42.85
正在连接 download.cirros-cloud.net (download.cirros-cloud.net)|64.90.42.85|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:13287936 (13M) [text/plain]
正在保存至: “cirros-0.3.4-x86_64-disk.img”
100%[==========================>] 13,287,936 11.9KB/s 用时 16m 46s ] 7,966,528 12.6KB/s 剩余 6m 28s
上传镜像到glance,要在上一步所下载的镜像当前目录执行
[root@controller ~]# openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2016-09-25T12:02:05Z |
| disk_format | qcow2 |
| file | /v2/images/eacd3625-b661-47df-8bf2-28fce8db25d2/file |
| id | eacd3625-b661-47df-8bf2-28fce8db25d2 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | d9b72df5058b421186369874190fb228 |
| protected | False |
| schema | /v2/schemas/image |
| size | 13287936 |
| status | active |
| tags | |
| updated_at | 2016-09-25T12:02:09Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
查看上传镜像
[root@controller ~]# glance image-list
+--------------------------------------+--------+
| ID | Name |
+--------------------------------------+--------+
| eacd3625-b661-47df-8bf2-28fce8db25d2 | cirros |
+--------------------------------------+--------+
[root@controller ~]# cd /var/lib/glance/images/
[root@controller images]# ls
eacd3625-b661-47df-8bf2-28fce8db25d2 (和上述ID一致)