Skip to content

天楚锐齿

人工智能 云计算 大数据 物联网 IT 通信 嵌入式

天楚锐齿

  • 下载
  • 物联网
  • 云计算
  • 大数据
  • 人工智能
  • Linux&Android
  • 网络
  • 通信
  • 嵌入式
  • 杂七杂八

OpenStack 安装和使用(一)

2018-03-13
OpenStack 安装和使用

OpenStack的yum安装位置:
1. http://yum.griddynamics.net/yum/
2. http://archive.fedoraproject.org/pub/fedora/linux/updates/testing/17/x86_64/
3. 如果centos6或rhel6,则需要先安装:http://archive.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm
安装:
# yum install –enablerepo=updates-testing openstack-utils openstack-nova openstack-glance openstack-keystone openstack-dashboard qpid-cpp-server
# yum install –enablerepo=updates-testing ntp
# yum install –enablerepo=updates-testing mysql
# yum install –enablerepo=updates-testing MySQL-python
安装完成之后,python方式的Django http目录在:
/usr/lib/python2.7/site-packages/keystone/
调用keystone命令时,第一个执行的py文件是:/usr/lib/python2.7/site-packages/keystone/service.py,可以看到里面当前定义的service版本为v2.0。
修改hosts文件:
# vi /etc/hosts
10.24.1.49 cc
去掉SELinux:
# setenforce 0
# getenforce

Permissive
启动ntp:
# service ntpd start
# chkconfig ntpd on
# service ntpd status
增加iptables规则,开放amqp, MySQL, Nova API and iSCSI ports:
# lokkit -p 3306:tcp     (MySQL)
# lokkit -p 5672:tcp     (qpid)
# lokkit -p 9292:tcp     (glance-api)
# lokkit -p 3260:tcp     (iSCSI target)
# lokkit -p 5000:tcp     (keystone)
# lokkit -p 8773:tcp     (nova-api)
# lokkit -p 8774:tcp     (nova-api)
# lokkit -p 8775:tcp     (nova-api)
# lokkit -p 8776:tcp     (nova-api)
让libvritd重读配置文件:
# service libvirtd reload
查看一下iptables:
# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  —  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  —  anywhere             anywhere             tcp dpt:domain
ACCEPT     udp  —  anywhere             anywhere             udp dpt:bootps
ACCEPT     tcp  —  anywhere             anywhere             tcp dpt:bootps
ACCEPT     all  —  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp —  anywhere             anywhere
ACCEPT     all  —  anywhere             anywhere
ACCEPT     tcp  —  anywhere             anywhere             state NEW tcp dpt:ssh
ACCEPT     tcp  —  anywhere             anywhere             state NEW tcp dpt:mysql
ACCEPT     tcp  —  anywhere             anywhere             state NEW tcp dpt:amqp
ACCEPT     tcp  —  anywhere             anywhere             state NEW tcp dpt:armtechdaemon
ACCEPT     tcp  —  anywhere             anywhere             state NEW tcp dpt:iscsi-target
ACCEPT     tcp  —  anywhere             anywhere             state NEW tcp dpt:commplex-main
ACCEPT     tcp  —  anywhere             anywhere             state NEW tcp dpt:8774
REJECT     all  —  anywhere             anywhere             reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  —  anywhere             192.168.122.0/24     state RELATED,ESTABLISHED
ACCEPT     all  —  192.168.122.0/24     anywhere
ACCEPT     all  —  anywhere             anywhere
REJECT     all  —  anywhere             anywhere             reject-with icmp-port-unreachable
REJECT     all  —  anywhere             anywhere             reject-with icmp-port-unreachable
REJECT     all  —  anywhere             anywhere             reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
启动mysql:
# chkconfig mysqld on            (# systemctl enable mysqld.service)
# chkconfig –list |grep mysql  (# systemctl -a list-unit-files |grep mysql)(# systemctl -a list-units |grep mysql)
# service mysqld start             (# /bin/systemctl  start mysqld.service)
初始化mysql数据库:
# openstack-db –service keystone –init
# openstack-db –service nova –init
# openstack-db –service glance –init
# mysql -unova -pnova nova
# mysql -uglance -pglance glance
# mysql -ukeystone -pkeystone keystone
mysql> show tables;
+————————+
| Tables_in_keystone     |
+————————+
| ec2_credential         |
| endpoint               |
| metadata               |
| migrate_version        |
| role                   |
| service                |
| tenant                 |
| token                  |
| user                   |
| user_tenant_membership |
+————————+
10 rows in set (0.00 sec)
启动qpidd服务:
# systemctl start qpidd.service
# systemctl enable qpidd.service
# chkconfig –list|grep qpidd
启动libvirtd服务:
# systemctl start libvirtd.service
# systemctl enable libvirtd.service
# systemctl -a list-unit-files |grep libvirtd
libvirtd.service                            enabled
启动openstack-glance-api和openstack-glance-registry服务: 
# for svc in api registry; do systemctl start openstack-glance-$svc.service; done
# for svc in api registry; do systemctl enable openstack-glance-$svc.service; done
# ps axf |grep glance
30071 ?        Ss     0:00 /usr/bin/python /usr/bin/glance-api –config-file /etc/glance/glance-api.conf
30074 ?        Ss     0:00 /usr/bin/python /usr/bin/glance-registry –config-file /etc/glance/glance-registry.conf
建立VG给openstack-nova-volume服务使用:
# fdisk /dev/sdb
d
w
# pvcreate /dev/sdb
# pvdisplay
# vgcreate vg_nova_volume /dev/sdb
# vgdisplay
设置虚拟机类型为KVM方式,还可以为qemu等:
# openstack-config –set /etc/nova/nova.conf DEFAULT volume_group vg_nova_volume
设置虚拟机类型为KVM方式,还可以为qemu等:
# openstack-config –set /etc/nova/nova.conf DEFAULT libvirt_type kvm
允许多个客户化的分区信息能够注入虚拟机:
# openstack-config –set /etc/nova/nova.conf DEFAULT libvirt_inject_partition -1
启动openstack-nova-api、openstack-nova-objectstone、openstack-nova-compute、openstack-nova-network、openstack-nova-volume、openstack-nova-scheduler、openstack-nova-cert服务: 
# for svc in api objectstore compute network volume scheduler cert; do systemctl enable openstack-nova-$svc.service; done
# systemctl -a list-unit-files |grep nova
# for svc in api objectstore compute network volume scheduler cert; do systemctl start openstack-nova-$svc.service; done
# killall dnsmasq; for svc in api objectstore compute network volume scheduler cert; do systemctl stop openstack-nova-$svc.service; done
# for svc in api objectstore compute network volume scheduler cert; do systemctl status openstack-nova-$svc.service; done

# ps axf |grep nova
31284 ?        Ss     0:01 /usr/bin/python /usr/bin/nova-api –config-file /etc/nova/nova.conf –logfile /var/log/nova/api.log
31288 ?        Ss     0:00 /usr/bin/python /usr/bin/nova-objectstore –config-file /etc/nova/nova.conf –logfile /var/log/nova/objectstore.log
31296 ?        Ssl    0:01 /usr/bin/python /usr/bin/nova-compute –config-file /etc/nova/nova.conf –logfile /var/log/nova/compute.log
31304 ?        Ss     0:00 /usr/bin/python /usr/bin/nova-network –config-file /etc/nova/nova.conf –logfile /var/log/nova/network.log
31311 ?        Ss     0:00 /usr/bin/python /usr/bin/nova-volume –config-file /etc/nova/nova.conf –logfile /var/log/nova/volume.log
31319 ?        Ss     0:00 /usr/bin/python /usr/bin/nova-scheduler –config-file /etc/nova/nova.conf –logfile /var/log/nova/scheduler.log
31327 ?        Ss     0:00 /usr/bin/python /usr/bin/nova-cert –config-file /etc/nova/nova.conf –logfile /var/log/nova/cert.log

# killall dnsmasq; for svc in api objectstore compute network volume scheduler cert; do systemctl restart openstack-nova-$svc.service; done
生成即设置鉴权信息,注意这里的USERNAME/PASSWORD/TENANT_NAME必须跟下面keystone建立的租户、该租户的管理用户名、密码一致:
增加鉴权设置到profile文件,以后命令行就不用老是输入:–os_username=admin –os_password=123456 –os_tenant=hanborq –os_auth_url=http://127.0.0.1:5000/v2.0 这些参数。
# cat > keystonerc <<EOF
export ADMIN_TOKEN=$(openssl rand -hex 10)
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_TENANT_NAME=hanborq
export OS_AUTH_URL=http://127.0.0.1:5000/v2.0/
EOF
# cat keystonerc >> ~/.bash_profile
# . ~/.bash_profile
# openstack-config –set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
# openstack-config –set /etc/keystone/keystone.conf DEFAULT connection mysql://keystone:keystone@localhost/keystone
启动Keystone服务:
# systemctl start openstack-keystone.service
# systemctl enable openstack-keystone.service
# ps axf|grep keystone
31876 ?        Ss     0:00 /usr/bin/python /usr/bin/keystone-all –config-file /etc/keystone/keystone.conf
初始化keystone数据库:
# keystone-manage db_sync
查看log位置:
# vi /var/log/keystone/keystone.log
建立一个KeyStone的用户、租户、角色:
建立租户:
这里token为上面keystone.conf配置文件里面的admin_token,这里的endpoint地址为刚安装的keystone地址和keystone.conf配置文件的admin_port,如果这两项已经放入~/.bash_profile,则这里可以不需要。
版本固定为v2.0,租户名字为hanborq。
# keystone –token  c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0/ tenant-create –name hanborq –description “HanBorq Tenant” –enabled true
+————-+———————————-+
|   Property  |              Value               |
+————-+———————————-+
| description | HanBorq Tenant                   |
| enabled     | True                             |
| id          | 94d38db32a7d4107beeed36d9e98bf06 |
| name        | hanborq                          |
+————-+———————————-+
建立用户:
这里的tenant_id为上面建立的tenant的id,用户名为admin,口令为123456。
# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 user-create –tenant_id 94d38db32a7d4107beeed36d9e98bf06 –name admin –pass 123456 –enabled true
+———-+————————————————————————————————————————-+
| Property |                                                          Value                                                          |
+———-+————————————————————————————————————————-+
| email    | None                                                                                                                    |
| enabled  | True                                                                                                                    |
| id       | cd5e2e764fc7420dad016f9af7be7123                                                                                        |
| name     | admin                                                                                                                   |
| password | $6$rounds=40000$tfY5suG0ySPZ05RL$Kz7SUdAFhQOX8YYs01pGyznHS85wBcdm/a4DVKRQ6VEDZdZATGiB94/BKUedHa51mZ8wbF3VF3/VLt0QSTwc11 |
| tenantId | 94d38db32a7d4107beeed36d9e98bf06                                                                                        |
+———-+————————————————————————————————————————-+
建立角色:
角色名字为admin。
# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 role-create –name admin

+———-+———————————-+
| Property |              Value               |
+———-+———————————-+
| id       | 428438feb3eb4946907b519383f38ceb |
| name     | admin                            |

+———-+———————————-+
角色名字为member。
# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 role-create –name member
+———-+———————————-+
| Property |              Value               |
+———-+———————————-+
| id       | aee579c6430c46d9861c5b684d42ebb7 |
| name     | member                           |
+———-+———————————-+
把admin角色授予hanborq租户的admin用户:
# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 user-role-add –user cd5e2e764fc7420dad016f9af7be7123 –tenant_id 94d38db32a7d4107beeed36d9e98bf06 –role 428438feb3eb4946907b519383f38ceb
建立公用的服务租户、Glance用户、Nova用户、EC2用户、Swift用户:
建立服务租户:
# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 tenant-create –name service –description “Service Tenant” –enabled true
+————-+———————————-+
|   Property  |              Value               |
+————-+———————————-+
| description | Service Tenant                   |
| enabled     | True                             |
| id          | d9eb763b350b4ff681be7f2bf95d65d5 |
| name        | service                          |
+————-+———————————-+
建立Glance用户:
# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 user-create –tenant_id d9eb763b350b4ff681be7f2bf95d65d5 –name glance –pass glance –enabled true
+———-+————————————————————————————————————————-+
| Property |                                                          Value                                                          |
+———-+————————————————————————————————————————-+
| email    | None                                                                                                                    |
| enabled  | True                                                                                                                    |
| id       | 1c8074ce6b13400bbeb6efaa4e11910d                                                                                        |
| name     | glance                                                                                                                  |
| password | $6$rounds=40000$I7EGyqt4HaDxdWRM$7gPPkF5XCDNz4aucLXwAUzz9ipzRM9JgtwsCPLeUqFilfeFper/kjhV3XWWvnmUzSTqnv/C.WbbMkgSEapViy. |
| tenantId | d9eb763b350b4ff681be7f2bf95d65d5                                                                                        |
+———-+————————————————————————————————————————-+
把admin角色授予service租户的glance用户:
# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 user-role-add –user 1c8074ce6b13400bbeb6efaa4e11910d –tenant_id d9eb763b350b4ff681be7f2bf95d65d5 –role 428438feb3eb4946907b519383f38ceb
建立nova用户:
# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 user-create –tenant_id d9eb763b350b4ff681be7f2bf95d65d5 –name nova –pass nova –enabled true
+———-+————————————————————————————————————————-+
| Property |                                                          Value                                                          |
+———-+————————————————————————————————————————-+
| email    | None                                                                                                                    |
| enabled  | True                                                                                                                    |
| id       | 4e8e9fb808b64e3f8a6fc266e7cc6517                                                                                        |
| name     | nova                                                                                                                    |
| password | $6$rounds=40000$clEIMiItgmqk9czI$oFXKlxq0b3oRKGdMv8o0sg2fm9bMk2yMt24NaJ4agcBRdCmRhv3WWkj2WdtswuCHang2qHLuC3tT3d69SRFSR0 |
| tenantId | d9eb763b350b4ff681be7f2bf95d65d5                                                                                        |
+———-+————————————————————————————————————————-+
把admin角色授予service租户的nova用户:
# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 user-role-add –user 4e8e9fb808b64e3f8a6fc266e7cc6517 –tenant_id d9eb763b350b4ff681be7f2bf95d65d5 –role  428438feb3eb4946907b519383f38ceb
建立ec2用户:
# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 user-create –tenant_id d9eb763b350b4ff681be7f2bf95d65d5 –name ec2 –pass ec2 –enabled true
+———-+————————————————————————————————————————-+
| Property |                                                          Value                                                          |
+———-+————————————————————————————————————————-+
| email    | None                                                                                                                    |
| enabled  | True                                                                                                                    |
| id       | b8ac2f679d6545e38b3fb5dcf14ac0c1                                                                                        |
| name     | ec2                                                                                                                     |
| password | $6$rounds=40000$Im..ohGThtaN1rLb$PSaXZSfJWyu5VHXZZ3l1j5uPyrl4wQIqKWBABRAlhR6lDh2qdBB/u3DFa9LjHdVuHetttHEhHu7VgXNevYsYu. |
| tenantId | d9eb763b350b4ff681be7f2bf95d65d5                                                                                        |
+———-+————————————————————————————————————————-+
把admin角色授予service租户的ec2用户:
# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 user-role-add –user b8ac2f679d6545e38b3fb5dcf14ac0c1 –tenant_id d9eb763b350b4ff681be7f2bf95d65d5 –role 428438feb3eb4946907b519383f38ceb
建立用于对象存储的swift用户:
# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 user-create –tenant_id d9eb763b350b4ff681be7f2bf95d65d5 –name swift –pass swift –enabled true
+———-+————————————————————————————————————————-+
| Property |                                                          Value                                                          |
+———-+————————————————————————————————————————-+
| email    | None                                                                                                                    |
| enabled  | True                                                                                                                    |
| id       | 6fceec63405a432a9e3ccbe89a1bbdb4                                                                                        |
| name     | swift                                                                                                                   |
| password | $6$rounds=40000$JJlQ2vmlsbd.OP8d$pbv90hRcQbkJvBz1oI1hZsf01BEaI30M9Ae0jiXBmnFmCb.WOiw9SPXqhk7kuWtb5BV/os9cqdXm6nZA.Ajll. |
| tenantId | d9eb763b350b4ff681be7f2bf95d65d5                                                                                        |
+———-+————————————————————————————————————————-+
把admin角色授予service租户的swift用户:
# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 user-role-add –user 6fceec63405a432a9e3ccbe89a1bbdb4 –tenant_id d9eb763b350b4ff681be7f2bf95d65d5 –role 428438feb3eb4946907b519383f38ceb
查看一下这些列表:
# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 role-list
+———————————-+——–+
|                id                |  name  |
+———————————-+——–+
| 428438feb3eb4946907b519383f38ceb | admin  |
| aee579c6430c46d9861c5b684d42ebb7 | member |
+———————————-+——–+
[root@cc ~]#
[root@cc ~]# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 tenant-list
+———————————-+———+———+
|                id                |   name  | enabled |
+———————————-+———+———+
| 94d38db32a7d4107beeed36d9e98bf06 | hanborq | True    |
| d9eb763b350b4ff681be7f2bf95d65d5 | service | True    |
+———————————-+———+———+
[root@cc ~]#
[root@cc ~]# keystone –token c8701a128708a76161e3 –endpoint http://127.0.0.1:35357/v2.0 user-list
+———————————-+———+——-+——–+
|                id                | enabled | email |  name  |
+———————————-+———+——-+——–+
| 1c8074ce6b13400bbeb6efaa4e11910d | True    | None  | glance |
| 4e8e9fb808b64e3f8a6fc266e7cc6517 | True    | None  | nova   |
| 6fceec63405a432a9e3ccbe89a1bbdb4 | True    | None  | swift  |
| b8ac2f679d6545e38b3fb5dcf14ac0c1 | True    | None  | ec2    |
| cd5e2e764fc7420dad016f9af7be7123 | True    | None  | admin  |
+———————————-+———+——-+——–+
为了和S3兼容,需要修改keystone.conf文件:
增加两行,修改一行:
…
[filter:ec2_extension]
paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
[filter:s3_extension]
paste.filter_factory = keystone.contrib.s3:S3Extension.factory
…
[pipeline:admin_api]
pipeline = token_auth admin_token_auth xml_body json_body debug ec2_extension s3_extension crud_extension admin_service
…
788次阅读

Post navigation

前一篇:

linux的arch/arm/kernel/head.S

后一篇:

OpenStack 安装和使用(二)

发表评论 取消回复

邮箱地址不会被公开。 必填项已用*标注

个人介绍

需要么,有事情这里找联系方式:关于天楚锐齿

=== 美女同欣赏,好酒共品尝 ===

微信扫描二维码赞赏该文章:

扫描二维码分享该文章:

分类目录

  • Linux&Android (79)
  • Uncategorized (1)
  • 下载 (28)
  • 云计算 (37)
  • 人工智能 (8)
  • 大数据 (24)
  • 嵌入式 (34)
  • 杂七杂八 (34)
  • 物联网 (59)
  • 网络 (23)
  • 通信 (21)

文章归档

近期文章

  • 使用Python渲染OpenGL的.obj和.mtl文件
  • 用LVGL图形库绘制二维码
  • Android使用Messenger和SharedMemory实现跨app的海量数据传输
  • CAN信号的c语言解析代码
  • QT qml下DBus的使用例子

近期评论

  • 硕发表在《使用Android的HIDL+AIDL方式编写从HAL层到APP层的程序》
  • maxshu发表在《使用Android的HIDL+AIDL方式编写从HAL层到APP层的程序》
  • Ambition发表在《使用Android的HIDL+AIDL方式编写从HAL层到APP层的程序》
  • Ambition发表在《使用Android的HIDL+AIDL方式编写从HAL层到APP层的程序》
  • maxshu发表在《Android9下用ethernet 的Tether模式来做路由器功能》

阅读量

  • 使用Android的HIDL+AIDL方式编写从HAL层到APP层的程序 - 16,806次阅读
  • 卸载深信服Ingress、SecurityDesktop客户端 - 12,078次阅读
  • 车机技术之Android Automotive - 6,661次阅读
  • 车机技术之车规级Linux-Automotive Grade Linux(AGL) - 5,862次阅读
  • Linux策略路由及iptables mangle、ip rule、ip route关系及一种Network is unreachable错误 - 5,711次阅读
  • 在Android9下用ndk编译vSomeIP和CommonAPI以及使用例子 - 5,658次阅读
  • linux下的unbound DNS服务器设置详解 - 5,601次阅读
  • linux的tee命令导致ssh客户端下的shell卡住不动 - 4,998次阅读
  • 车机技术之360°全景影像(环视)系统 - 4,897次阅读
  • libwebp(处理webp图像)的安装和使用 - 4,749次阅读

功能

  • 文章RSS
  • 评论RSS

联系方式

地址
深圳市科技园

时间
周一至周五:  9:00~12:00,14:00~18:00
周六和周日:10:00~12:00

标签

android AT命令 centos Hadoop hdfs ip ipv6 kickstart linux mapreduce mini6410 modem OAuth openstack os python socket ssh uboot 内核 协议 安装 嵌入式 性能 报表 授权 操作系统 数据 数据库 月报 模型 汽车 测试 深信服 深度学习 源代码 神经网络 统计 编译 网络 脚本 虚拟机 调制解调器 车机 金融
© 2023 天楚锐齿