openstack基础
文章目录
openstack介绍
OpenStack 是一个开源的云计算管理平台,由多个核心组件协同工作,实现计算、存储、网络、身份认证、镜像管理等功能。
重要组件介绍
-
horizon 仪表盘
- Web 图形界面组件,提供可视化的操作入口,是用户和管理员管理 OpenStack 资源的主要界面。
- 统一操作入口 :集成所有核心服务的功能,无需记忆命令行即可管理虚拟机、网络、存储等资源。多角色支持 :区分普通用户和管理员权限,管理员可进行全局配置,普通用户管理自己的资源。可视化监控:展示资源使用情况、节点状态、告警信息等。
- 配置文件 :主配置文件
/etc/openstack-dashboard/local_settings.py,配置 Keystone 认证地址、界面主题、权限策略等。 - 服务管理 :Horizon 通常部署在 Apache 或 Nginx 上,通过
systemctl restart httpd重启服务。 - 界面操作:直接通过浏览器访问 Horizon 地址,使用 Keystone 账号登录后进行资源管理。
-
heat 编排服务
- 编排服务组件,通过模板(Template)自动化部署和管理 OpenStack 资源栈(Stack)。
- 资源编排:通过模板一次性创建多个关联资源,如虚拟机、网络、卷、安全组等。
- 命令行 :使用
openstack stack系列命令,如openstack stack create -t template.yaml、openstack stack list。配置文件 :主配置文件/etc/heat/heat.conf,配置模板验证、资源类型等。
-
nova 计算
- 核心计算组件,负责虚拟机实例的全生命周期管理,是实现 IaaS 核心功能的组件。
- 资源调度 :通过调度器(Scheduler)将实例部署到合适的计算节点(Compute Node),虚拟化层适配:支持 KVM、QEMU、VMware、Xen 等多种虚拟化技术。
- 命令行 :使用
openstack server系列命令,如openstack server create、openstack server list,主配置文件/etc/nova/nova.conf,配置虚拟化驱动、调度策略、数据库连接等。
-
swift 对象存储
- 分布式对象存储组件,用于存储非结构化数据(如图片、视频、日志文件),具有高可用、高扩展性的特点。
- 对象存储 :以容器(Container)- 对象(Object)的层级存储数据,支持海量数据存储。高可用设计:数据多副本存储,节点故障时自动切换,保证数据不丢失。
- 命令行 :使用
openstack object系列命令,如openstack container create、openstack object upload。配置文件 :主配置文件/etc/swift/swift.conf,配置副本数、存储策略、环(Ring)等核心参数。
-
cinder 块存储
- 块存储服务组件 ,为虚拟机提供持久化的块存储设备(类似云硬盘)。快照与备份 :为卷创建快照,支持基于快照恢复数据,或备份到 Swift。与 Nova 协同:将卷挂载到虚拟机实例,实现数据持久化(虚拟机删除后卷数据不丢失)。
- 命令行 :使用
openstack volume系列命令,如openstack volume create、openstack volume snapshot create。配置文件 :主配置文件/etc/cinder/cinder.conf,配置存储后端、驱动类型等。
-
neutron 网络
- 网络服务组件,提供灵活的软件定义网络(SDN)功能,为实例构建虚拟网络环境。
- 三层网络功能 :实现子网内通信、跨子网路由、NAT 转发(如浮动 IP)。网络服务扩展:支持防火墙(FWaaS)、负载均衡(LBaaS)、VPN 等高级功能。
- 命令行 :使用
openstack network、openstack subnet、openstack router等命令。配置文件 :主配置文件/etc/neutron/neutron.conf,配置网络插件、L2/L3 代理等。
-
keystone 身份认证
- 核心身份认证与授权组件,基于角色(Role)的访问控制(RBAC),决定用户能操作哪些资源,生成和验证访问令牌(Token),用户通过 Token 访问其他服务,无需重复认证。
- 使用
openstack客户端命令,如openstack user create、openstack role add,主配置文件/etc/keystone/keystone.conf,配置认证驱动、令牌过期时间等。
-
glance 镜像管理
- 虚拟机镜像管理组件,提供镜像的创建、查询、存储和删除功能。
- 支持多种后端存储,如本地文件系统、Swift、Ceph 等,支持多种镜像格式 :如 QCOW2、RAW、VMDK 等主流虚拟机镜像格式,镜像元数据管理:为镜像添加属性(如操作系统类型、架构),方便用户筛选。
- 命令行 :使用
openstack image系列命令,如openstack image create、openstack image list,主配置文件/etc/glance/glance-api.conf,配置存储后端、镜像格式限制等。
-
ceilometer 计量监控(不讨论)
-
ironic 裸金属(不讨论)
openstack安装
bash
[root@controller ~ 14:00:56]# yum install -y openstack-packstack
[root@controller ~ 14:01:27]# packstack --gen-answer-file=answers.txt
Packstack changed given value to required value /root/.ssh/id_rsa.pub
Additional information:
* Parameter CONFIG_NEUTRON_L2_AGENT: You have chosen OVN Neutron backend. Note that this backend does not support the VPNaaS plugin. Geneve will be used as the encapsulation method for tenant networks
[root@controller ~ 14:01:40]# sed -i '/^CONFIG_COMPUTE_HOSTS=/cCONFIG_COMPUTE_HOSTS=192.168.108.10,192.168.108.11' answers.txt
[root@controller ~ 14:01:52]# sed -i '/^CONFIG_PROVISION_DEMO=/cCONFIG_PROVISION_DEMO=n' answers.txt
[root@controller ~ 14:01:56]# sed -i '/^CONFIG_HEAT_INSTALL=/cCONFIG_HEAT_INSTALL=y' answers.txt
[root@controller ~ 14:02:04]# sed -i '/^CONFIG_NEUTRON_OVN_BRIDGE_IFACES=/cCONFIG_NEUTRON_OVN_BRIDGE_IFACES=br-ex:ens160' answers.txt
[root@controller ~ 14:02:12]# sed -i.bak -r 's/(.+_PW)=[0-9a-z]+/\1=123/g' answers.txt
[root@controller ~ 14:02:21]# systemctl stop NetworkManager; systemctl disable NetworkManager; systemctl mask NetworkManager
Removed /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.
Removed /etc/systemd/system/network-online.target.wants/NetworkManager-wait-online.service.
Created symlink /etc/systemd/system/NetworkManager.service → /dev/null.
[root@controller ~ 14:02:41]# packstack --answer-file=answers.txt
[root@controller ~ 14:25:26]# systemctl start network
[root@controller ~ 14:26:53]# systemctl enable network
network.service is not a native service, redirecting to systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable network
[root@controller ~ 14:26:58]# openstack complete >> /etc/bash_completion.d/complete
The 'openstack bgp speaker show dragents' CLI is deprecated and will be removed in the future. Use 'openstack bgp dragent list' CLI instead.
[root@controller ~ 14:27:22]# init 0
#
[root@compute ~ 14:01:01]# systemctl stop NetworkManager; systemctl disable NetworkManager; systemctl mask NetworkManager
Removed /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.
Removed /etc/systemd/system/network-online.target.wants/NetworkManager-wait-online.service.
Created symlink /etc/systemd/system/NetworkManager.service → /dev/null.
[root@compute ~ 14:02:43]# systemctl start network
[root@compute ~ 14:27:03]# systemctl enable network
network.service is not a native service, redirecting to systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable network
[root@compute ~ 14:27:09]# init 0相关基础命令
bash
[root@controller ~ 15:39:27]# ls
anaconda-ks.cfg answers.txt answers.txt.bak 'gpgcheck=0' keystonerc_admin
[root@controller ~ 15:40:37]# source keystonerc_admin
[root@controller ~(keystone_admin)]# opens
openssl openstack-3 openstack-keystone-sample-data
openstack openstack-inventory
[root@controller ~(keystone_admin)]# opens
openssl openstack-3 openstack-keystone-sample-data
openstack openstack-inventory
[root@controller ~(keystone_admin)]# openstack project list
+----------------------------------+----------+
| ID | Name |
+----------------------------------+----------+
| bcae23b5930d472dae180dc47c5f2c6a | admin |
| f5cff4b9a08b496ea5f830bcefa3c30b | services |
+----------------------------------+----------+
[root@controller ~(keystone_admin)]# cp keystonerc_admin keystonerc_user1
[root@controller ~(keystone_admin)]# vim keystonerc_user1
[root@controller ~(keystone_admin)]# source keystonerc_user1
[root@controller ~(keystone_user1)]# openstack project list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| bcae23b5930d472dae180dc47c5f2c6a | admin |
+----------------------------------+-------+
[root@controller ~(keystone_user1)]# source keystonerc_admin
[root@controller ~(keystone_admin)]# openstack domain list
+----------------------------------+---------+---------+--------------------+
| ID | Name | Enabled | Description |
+----------------------------------+---------+---------+--------------------+
| default | Default | True | The default domain |
| e44a414a6f5a4c94ac72ca74c8c394cc | heat | True | |
+----------------------------------+---------+---------+--------------------+
[root@controller ~(keystone_admin)]# openstack domain create domain-test
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | d8606570059a4333ad3d986c1f8d759a |
| name | domain-test |
| options | {} |
| tags | [] |
+-------------+----------------------------------+
[root@controller ~(keystone_admin)]# openstack domain set --disable domain-test
[root@controller ~(keystone_admin)]# openstack domain delete domain-test
[root@controller ~(keystone_admin)]# openstack domain list
+----------------------------------+---------+---------+--------------------+
| ID | Name | Enabled | Description |
+----------------------------------+---------+---------+--------------------+
| default | Default | True | The default domain |
| e44a414a6f5a4c94ac72ca74c8c394cc | heat | True | |
+----------------------------------+---------+---------+--------------------+
[root@controller ~(keystone_admin)]# cd /etc/openstack-dashboard/
[root@controller openstack-dashboard(keystone_admin)]# ls
cinder_policy.json keystone_policy.json local_settings.d nova_policy.d
glance_policy.json local_settings neutron_policy.json nova_policy.json
[root@controller openstack-dashboard(keystone_admin)]# vim local_settings
[root@controller openstack-dashboard(keystone_admin)]# systemctl restart httpd
[root@controller openstack-dashboard(keystone_admin)]# openstack user list
+----------------------------------+------------+
| ID | Name |
+----------------------------------+------------+
| 23fc6e663dd04efbb2244f0208b0af5a | admin |
| 62de6d30da8b405eb9c43692687db2ff | heat_admin |
| 07e133167c64442e90c8ffb9aa26aabf | glance |
| 459a35e1fda74edc894aae2fbdf011d0 | cinder |
| c694fb6ef44343ac8df788e7b51e247c | nova |
| 06a04ccf40744199901938c27fff5cac | placement |
| d95cf9dd81dd4bba848db9345e382d2f | neutron |
| 1222e413361a4b16bc14cd0d5ca67547 | swift |
| 6073c6b45a5046f8b0b24d8aad87140f | heat |
| 283df5db4cf0490fa3cf2ea5a6a2bfac | heat-cfn |
| d17bb468773749c08e71ce8f02c68bc6 | gnocchi |
| 506231d1a75d4ec697f9e37924e41346 | ceilometer |
| 36c6698b2006422d899a8c6ebca9544e | aodh |
| f8b8eaefb58347c7b634f43d40ea9394 | user1 |
+----------------------------------+------------+
[root@controller openstack-dashboard(keystone_admin)]# openstack user create --password 123 user2
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | aff97795f3204f0284bbfd3b7af1d92c |
| name | user2 |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller openstack-dashboard(keystone_admin)]# openstack user list
+----------------------------------+------------+
| ID | Name |
+----------------------------------+------------+
| 23fc6e663dd04efbb2244f0208b0af5a | admin |
| 62de6d30da8b405eb9c43692687db2ff | heat_admin |
| 07e133167c64442e90c8ffb9aa26aabf | glance |
| 459a35e1fda74edc894aae2fbdf011d0 | cinder |
| c694fb6ef44343ac8df788e7b51e247c | nova |
| 06a04ccf40744199901938c27fff5cac | placement |
| d95cf9dd81dd4bba848db9345e382d2f | neutron |
| 1222e413361a4b16bc14cd0d5ca67547 | swift |
| 6073c6b45a5046f8b0b24d8aad87140f | heat |
| 283df5db4cf0490fa3cf2ea5a6a2bfac | heat-cfn |
| d17bb468773749c08e71ce8f02c68bc6 | gnocchi |
| 506231d1a75d4ec697f9e37924e41346 | ceilometer |
| 36c6698b2006422d899a8c6ebca9544e | aodh |
| f8b8eaefb58347c7b634f43d40ea9394 | user1 |
| aff97795f3204f0284bbfd3b7af1d92c | user2 |
+----------------------------------+------------+
[root@controller openstack-dashboard(keystone_admin)]# openstack user show user2
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | aff97795f3204f0284bbfd3b7af1d92c |
| name | user2 |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller openstack-dashboard(keystone_admin)]# openstack group create group1
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| domain_id | default |
| id | d80b6ef40c554713a049eaef5a392f5b |
| name | group1 |
+-------------+----------------------------------+
[root@controller openstack-dashboard(keystone_admin)]# openstack group list
+----------------------------------+--------+
| ID | Name |
+----------------------------------+--------+
| d80b6ef40c554713a049eaef5a392f5b | group1 |
+----------------------------------+--------+
[root@controller openstack-dashboard(keystone_admin)]# openstack group show group1
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| domain_id | default |
| id | d80b6ef40c554713a049eaef5a392f5b |
| name | group1 |
+-------------+----------------------------------+
[root@controller openstack-dashboard(keystone_admin)]# openstack group add user group1 user2
[root@controller openstack-dashboard(keystone_admin)]# openstack group contains user group1 user2
user2 in group group1上传镜像不可用解决方案
bash
[root@controller ~(keystone_admin)]# openstack image list
+--------------------------------------+---------+--------+
| ID | Name | Status |
+--------------------------------------+---------+--------+
| 85c53e6b-689e-4e0e-a27a-5c8f8863f226 | Img_web | active |
+--------------------------------------+---------+--------+
[root@controller ~ 09:38:55]# source keystonerc_admin
[root@controller ~(keystone_admin)]# openstack image set --property architecture=x86_64 85c53e6b-689e-4e0e-a27a-5c8f8863f226cli综合实验
bash
#创建实例类型/规格
[root@controller ~]# source keystonerc_admin
[root@controller ~(keystone_admin)]# openstack flavor create --help
[root@controller ~(keystone_admin)]# openstack flavor create --vcpus 1 --ram 1000
--disk 1 m1.1u.1g
#上传镜像
[root@controller ~(keystone_admin)]# openstack image create --file /root/cirros0.5.2-x86_64-disk.img
--disk-format qcow2 --public cirros-0.5.2
#创建外部网络
[root@controller ~(keystone_admin)]# openstack network create --project-domain
admin --provider-network-type flat --provider-physical-network extnet --external
waiwang
[root@controller ~(keystone_admin)]# openstack subnet create --subnet-range
192.168.108.0/24 --gateway 192.168.108.2 --allocation-pool
start=192.168.108.100,end=192.168.108.200 --network waiwang waiwang_subnet
#创建内网
[root@controller ~(keystone_admin)]# openstack network create --project-domain
admin neiwang1
[root@controller ~(keystone_admin)]# openstack subnet create --subnet-range
172.16.0.0/24 --gateway 172.16.0.1 --allocation-pool
start=172.16.0.100,end=172.16.0.200 --dns-nameserver 8.8.8.8 --network neiwang1
neiwang_subnet1
#创建路由
[root@controller ~(keystone_admin)]# openstack router create router1
[root@controller ~(keystone_admin)]# openstack router set --external-gateway
waiwang router1
[root@controller ~(keystone_admin)]# openstack router add subnet router1
neiwang_subnet1
#此时观察web界面网络拓扑出现路由器
#创建实例
[root@controller ~(keystone_admin)]# openstack server create --image cirros-0.5.2
--flavor m1.1u.1g --network neiwang1 instance1
#查看实例
[root@controller ~(keystone_admin)]# openstack server list
[root@controller ~(keystone_admin)]# openstack server show instance1
#web界面instance1控制台测试外网访问成功即可由器
#创建实例
root@controller \~(keystone_admin)\]# openstack server create --image cirros-0.5.2 --flavor m1.1u.1g --network neiwang1 instance1 #查看实例 \[root@controller \~(keystone_admin)\]# openstack server list \[root@controller \~(keystone_admin)\]# openstack server show instance1 #web界面instance1控制台测试外网访问成功即可 ``` ```