openstack基础

last demo2026-01-08 12:37

openstack基础

文章目录

openstack介绍

OpenStack 是一个开源的云计算管理平台,由多个核心组件协同工作,实现计算、存储、网络、身份认证、镜像管理等功能。

重要组件介绍

  • horizon 仪表盘

    • Web 图形界面组件,提供可视化的操作入口,是用户和管理员管理 OpenStack 资源的主要界面。
    • 统一操作入口 :集成所有核心服务的功能,无需记忆命令行即可管理虚拟机、网络、存储等资源。多角色支持 :区分普通用户和管理员权限,管理员可进行全局配置,普通用户管理自己的资源。可视化监控:展示资源使用情况、节点状态、告警信息等。
    • 配置文件 :主配置文件 /etc/openstack-dashboard/local_settings.py,配置 Keystone 认证地址、界面主题、权限策略等。
    • 服务管理 :Horizon 通常部署在 Apache 或 Nginx 上,通过 systemctl restart httpd 重启服务。
    • 界面操作:直接通过浏览器访问 Horizon 地址,使用 Keystone 账号登录后进行资源管理。

  • heat 编排服务

    • 编排服务组件,通过模板(Template)自动化部署和管理 OpenStack 资源栈(Stack)。
    • 资源编排:通过模板一次性创建多个关联资源,如虚拟机、网络、卷、安全组等。
    • 命令行 :使用 openstack stack 系列命令,如 openstack stack create -t template.yamlopenstack stack list配置文件 :主配置文件 /etc/heat/heat.conf,配置模板验证、资源类型等。

  • nova 计算

    • 核心计算组件,负责虚拟机实例的全生命周期管理,是实现 IaaS 核心功能的组件。
    • 资源调度 :通过调度器(Scheduler)将实例部署到合适的计算节点(Compute Node),虚拟化层适配:支持 KVM、QEMU、VMware、Xen 等多种虚拟化技术。
    • 命令行 :使用 openstack server 系列命令,如 openstack server createopenstack server list,主配置文件 /etc/nova/nova.conf,配置虚拟化驱动、调度策略、数据库连接等。

  • swift 对象存储

    • 分布式对象存储组件,用于存储非结构化数据(如图片、视频、日志文件),具有高可用、高扩展性的特点。
    • 对象存储 :以容器(Container)- 对象(Object)的层级存储数据,支持海量数据存储。高可用设计:数据多副本存储,节点故障时自动切换,保证数据不丢失。
    • 命令行 :使用 openstack object 系列命令,如 openstack container createopenstack object upload配置文件 :主配置文件 /etc/swift/swift.conf,配置副本数、存储策略、环(Ring)等核心参数。

  • cinder 块存储

    • 块存储服务组件 ,为虚拟机提供持久化的块存储设备(类似云硬盘)。快照与备份 :为卷创建快照,支持基于快照恢复数据,或备份到 Swift。与 Nova 协同:将卷挂载到虚拟机实例,实现数据持久化(虚拟机删除后卷数据不丢失)。
    • 命令行 :使用 openstack volume 系列命令,如 openstack volume createopenstack volume snapshot create配置文件 :主配置文件 /etc/cinder/cinder.conf,配置存储后端、驱动类型等。

  • neutron 网络

    • 网络服务组件,提供灵活的软件定义网络(SDN)功能,为实例构建虚拟网络环境。
    • 三层网络功能 :实现子网内通信、跨子网路由、NAT 转发(如浮动 IP)。网络服务扩展:支持防火墙(FWaaS)、负载均衡(LBaaS)、VPN 等高级功能。
    • 命令行 :使用 openstack networkopenstack subnetopenstack router 等命令。配置文件 :主配置文件 /etc/neutron/neutron.conf,配置网络插件、L2/L3 代理等。

  • keystone 身份认证

    • 核心身份认证与授权组件,基于角色(Role)的访问控制(RBAC),决定用户能操作哪些资源,生成和验证访问令牌(Token),用户通过 Token 访问其他服务,无需重复认证。
    • 使用 openstack 客户端命令,如 openstack user createopenstack role add,主配置文件 /etc/keystone/keystone.conf,配置认证驱动、令牌过期时间等。

  • glance 镜像管理

    • 虚拟机镜像管理组件,提供镜像的创建、查询、存储和删除功能。
    • 支持多种后端存储,如本地文件系统、Swift、Ceph 等,支持多种镜像格式 :如 QCOW2、RAW、VMDK 等主流虚拟机镜像格式,镜像元数据管理:为镜像添加属性(如操作系统类型、架构),方便用户筛选。
    • 命令行 :使用 openstack image 系列命令,如 openstack image createopenstack image list,主配置文件 /etc/glance/glance-api.conf,配置存储后端、镜像格式限制等。

  • ceilometer 计量监控(不讨论)

  • ironic 裸金属(不讨论)

openstack安装

bash 复制代码 
[root@controller ~ 14:00:56]# yum install -y openstack-packstack

[root@controller ~ 14:01:27]# packstack --gen-answer-file=answers.txt
Packstack changed given value  to required value /root/.ssh/id_rsa.pub
Additional information:
 * Parameter CONFIG_NEUTRON_L2_AGENT: You have chosen OVN Neutron backend. Note that this backend does not support the VPNaaS plugin. Geneve will be used as the encapsulation method for tenant networks
[root@controller ~ 14:01:40]# sed -i '/^CONFIG_COMPUTE_HOSTS=/cCONFIG_COMPUTE_HOSTS=192.168.108.10,192.168.108.11' answers.txt
[root@controller ~ 14:01:52]# sed -i '/^CONFIG_PROVISION_DEMO=/cCONFIG_PROVISION_DEMO=n' answers.txt
[root@controller ~ 14:01:56]# sed -i '/^CONFIG_HEAT_INSTALL=/cCONFIG_HEAT_INSTALL=y' answers.txt
[root@controller ~ 14:02:04]# sed -i '/^CONFIG_NEUTRON_OVN_BRIDGE_IFACES=/cCONFIG_NEUTRON_OVN_BRIDGE_IFACES=br-ex:ens160' answers.txt
[root@controller ~ 14:02:12]# sed -i.bak -r 's/(.+_PW)=[0-9a-z]+/\1=123/g' answers.txt
[root@controller ~ 14:02:21]# systemctl stop NetworkManager; systemctl disable NetworkManager; systemctl mask NetworkManager
Removed /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.
Removed /etc/systemd/system/network-online.target.wants/NetworkManager-wait-online.service.
Created symlink /etc/systemd/system/NetworkManager.service → /dev/null.
[root@controller ~ 14:02:41]# packstack --answer-file=answers.txt

[root@controller ~ 14:25:26]# systemctl start network
[root@controller ~ 14:26:53]# systemctl enable network
network.service is not a native service, redirecting to systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable network
[root@controller ~ 14:26:58]# openstack complete >> /etc/bash_completion.d/complete
The 'openstack bgp speaker show dragents' CLI is deprecated and will be removed in the future. Use 'openstack bgp dragent list' CLI instead.
[root@controller ~ 14:27:22]# init 0

#
[root@compute ~ 14:01:01]# systemctl stop NetworkManager; systemctl disable NetworkManager; systemctl mask NetworkManager
Removed /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.
Removed /etc/systemd/system/network-online.target.wants/NetworkManager-wait-online.service.
Created symlink /etc/systemd/system/NetworkManager.service → /dev/null.
[root@compute ~ 14:02:43]# systemctl start network
[root@compute ~ 14:27:03]# systemctl enable network
network.service is not a native service, redirecting to systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable network
[root@compute ~ 14:27:09]# init 0

相关基础命令

bash 复制代码 
[root@controller ~ 15:39:27]# ls
 anaconda-ks.cfg   answers.txt   answers.txt.bak  'gpgcheck=0'   keystonerc_admin
[root@controller ~ 15:40:37]# source keystonerc_admin 
[root@controller ~(keystone_admin)]# opens
openssl                         openstack-3                     openstack-keystone-sample-data
openstack                       openstack-inventory             
[root@controller ~(keystone_admin)]# opens
openssl                         openstack-3                     openstack-keystone-sample-data
openstack                       openstack-inventory             
[root@controller ~(keystone_admin)]# openstack project list 
+----------------------------------+----------+
| ID                               | Name     |
+----------------------------------+----------+
| bcae23b5930d472dae180dc47c5f2c6a | admin    |
| f5cff4b9a08b496ea5f830bcefa3c30b | services |
+----------------------------------+----------+
[root@controller ~(keystone_admin)]# cp keystonerc_admin keystonerc_user1
[root@controller ~(keystone_admin)]# vim keystonerc_user1
[root@controller ~(keystone_admin)]# source keystonerc_user1 
[root@controller ~(keystone_user1)]# openstack project list 
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| bcae23b5930d472dae180dc47c5f2c6a | admin |
+----------------------------------+-------+
[root@controller ~(keystone_user1)]# source keystonerc_admin 
[root@controller ~(keystone_admin)]# openstack domain list 
+----------------------------------+---------+---------+--------------------+
| ID                               | Name    | Enabled | Description        |
+----------------------------------+---------+---------+--------------------+
| default                          | Default | True    | The default domain |
| e44a414a6f5a4c94ac72ca74c8c394cc | heat    | True    |                    |
+----------------------------------+---------+---------+--------------------+
[root@controller ~(keystone_admin)]# openstack domain create domain-test
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description |                                  |
| enabled     | True                             |
| id          | d8606570059a4333ad3d986c1f8d759a |
| name        | domain-test                      |
| options     | {}                               |
| tags        | []                               |
+-------------+----------------------------------+
[root@controller ~(keystone_admin)]# openstack domain set --disable domain-test
[root@controller ~(keystone_admin)]# openstack domain delete domain-test
[root@controller ~(keystone_admin)]# openstack domain list 
+----------------------------------+---------+---------+--------------------+
| ID                               | Name    | Enabled | Description        |
+----------------------------------+---------+---------+--------------------+
| default                          | Default | True    | The default domain |
| e44a414a6f5a4c94ac72ca74c8c394cc | heat    | True    |                    |
+----------------------------------+---------+---------+--------------------+
[root@controller ~(keystone_admin)]# cd /etc/openstack-dashboard/
[root@controller openstack-dashboard(keystone_admin)]# ls
cinder_policy.json  keystone_policy.json  local_settings.d     nova_policy.d
glance_policy.json  local_settings        neutron_policy.json  nova_policy.json
[root@controller openstack-dashboard(keystone_admin)]# vim local_settings
[root@controller openstack-dashboard(keystone_admin)]# systemctl restart httpd
[root@controller openstack-dashboard(keystone_admin)]# openstack user list
+----------------------------------+------------+
| ID                               | Name       |
+----------------------------------+------------+
| 23fc6e663dd04efbb2244f0208b0af5a | admin      |
| 62de6d30da8b405eb9c43692687db2ff | heat_admin |
| 07e133167c64442e90c8ffb9aa26aabf | glance     |
| 459a35e1fda74edc894aae2fbdf011d0 | cinder     |
| c694fb6ef44343ac8df788e7b51e247c | nova       |
| 06a04ccf40744199901938c27fff5cac | placement  |
| d95cf9dd81dd4bba848db9345e382d2f | neutron    |
| 1222e413361a4b16bc14cd0d5ca67547 | swift      |
| 6073c6b45a5046f8b0b24d8aad87140f | heat       |
| 283df5db4cf0490fa3cf2ea5a6a2bfac | heat-cfn   |
| d17bb468773749c08e71ce8f02c68bc6 | gnocchi    |
| 506231d1a75d4ec697f9e37924e41346 | ceilometer |
| 36c6698b2006422d899a8c6ebca9544e | aodh       |
| f8b8eaefb58347c7b634f43d40ea9394 | user1      |
+----------------------------------+------------+
[root@controller openstack-dashboard(keystone_admin)]# openstack user create --password 123 user2
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | aff97795f3204f0284bbfd3b7af1d92c |
| name                | user2                            |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@controller openstack-dashboard(keystone_admin)]# openstack user list
+----------------------------------+------------+
| ID                               | Name       |
+----------------------------------+------------+
| 23fc6e663dd04efbb2244f0208b0af5a | admin      |
| 62de6d30da8b405eb9c43692687db2ff | heat_admin |
| 07e133167c64442e90c8ffb9aa26aabf | glance     |
| 459a35e1fda74edc894aae2fbdf011d0 | cinder     |
| c694fb6ef44343ac8df788e7b51e247c | nova       |
| 06a04ccf40744199901938c27fff5cac | placement  |
| d95cf9dd81dd4bba848db9345e382d2f | neutron    |
| 1222e413361a4b16bc14cd0d5ca67547 | swift      |
| 6073c6b45a5046f8b0b24d8aad87140f | heat       |
| 283df5db4cf0490fa3cf2ea5a6a2bfac | heat-cfn   |
| d17bb468773749c08e71ce8f02c68bc6 | gnocchi    |
| 506231d1a75d4ec697f9e37924e41346 | ceilometer |
| 36c6698b2006422d899a8c6ebca9544e | aodh       |
| f8b8eaefb58347c7b634f43d40ea9394 | user1      |
| aff97795f3204f0284bbfd3b7af1d92c | user2      |
+----------------------------------+------------+
[root@controller openstack-dashboard(keystone_admin)]# openstack user show user2
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | aff97795f3204f0284bbfd3b7af1d92c |
| name                | user2                            |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@controller openstack-dashboard(keystone_admin)]# openstack group create group1
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description |                                  |
| domain_id   | default                          |
| id          | d80b6ef40c554713a049eaef5a392f5b |
| name        | group1                           |
+-------------+----------------------------------+
[root@controller openstack-dashboard(keystone_admin)]# openstack group list
+----------------------------------+--------+
| ID                               | Name   |
+----------------------------------+--------+
| d80b6ef40c554713a049eaef5a392f5b | group1 |
+----------------------------------+--------+
[root@controller openstack-dashboard(keystone_admin)]# openstack group show group1
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description |                                  |
| domain_id   | default                          |
| id          | d80b6ef40c554713a049eaef5a392f5b |
| name        | group1                           |
+-------------+----------------------------------+
[root@controller openstack-dashboard(keystone_admin)]# openstack group add user group1 user2
[root@controller openstack-dashboard(keystone_admin)]# openstack group contains user group1 user2
user2 in group group1

上传镜像不可用解决方案

bash 复制代码 
[root@controller ~(keystone_admin)]# openstack image list 
+--------------------------------------+---------+--------+
| ID                                   | Name    | Status |
+--------------------------------------+---------+--------+
| 85c53e6b-689e-4e0e-a27a-5c8f8863f226 | Img_web | active |
+--------------------------------------+---------+--------+

[root@controller ~ 09:38:55]# source keystonerc_admin 
[root@controller ~(keystone_admin)]# openstack image set --property architecture=x86_64 85c53e6b-689e-4e0e-a27a-5c8f8863f226

cli综合实验

bash 复制代码 
#创建实例类型/规格
[root@controller ~]# source keystonerc_admin
[root@controller ~(keystone_admin)]# openstack flavor create --help

[root@controller ~(keystone_admin)]# openstack flavor create --vcpus 1 --ram 1000 
--disk 1 m1.1u.1g

#上传镜像

[root@controller ~(keystone_admin)]# openstack image create --file /root/cirros0.5.2-x86_64-disk.img
 --disk-format qcow2 --public cirros-0.5.2

#创建外部网络
[root@controller ~(keystone_admin)]# openstack network create --project-domain 
admin --provider-network-type flat --provider-physical-network extnet --external 
waiwang
[root@controller ~(keystone_admin)]# openstack subnet create --subnet-range 
192.168.108.0/24 --gateway 192.168.108.2 --allocation-pool 
start=192.168.108.100,end=192.168.108.200 --network waiwang waiwang_subnet

#创建内网
[root@controller ~(keystone_admin)]# openstack network create --project-domain 
admin neiwang1
[root@controller ~(keystone_admin)]# openstack subnet create --subnet-range 
172.16.0.0/24 --gateway 172.16.0.1 --allocation-pool 
start=172.16.0.100,end=172.16.0.200 --dns-nameserver 8.8.8.8 --network neiwang1 
neiwang_subnet1

#创建路由
[root@controller ~(keystone_admin)]# openstack router create router1
[root@controller ~(keystone_admin)]# openstack router set --external-gateway 
waiwang router1
[root@controller ~(keystone_admin)]# openstack router add subnet router1 
neiwang_subnet1

#此时观察web界面网络拓扑出现路由器

#创建实例
[root@controller ~(keystone_admin)]# openstack server create --image cirros-0.5.2 
--flavor m1.1u.1g --network neiwang1 instance1

#查看实例
[root@controller ~(keystone_admin)]# openstack server list

[root@controller ~(keystone_admin)]# openstack server show instance1

#web界面instance1控制台测试外网访问成功即可

由器

#创建实例

root@controller \~(keystone_admin)\]# openstack server create --image cirros-0.5.2 --flavor m1.1u.1g --network neiwang1 instance1 #查看实例 \[root@controller \~(keystone_admin)\]# openstack server list \[root@controller \~(keystone_admin)\]# openstack server show instance1 #web界面instance1控制台测试外网访问成功即可 ``` ```

相关推荐
十日十行9 小时前
Linux和window共享文件夹
linux
木心月转码ing16 小时前
WSL+Cpp开发环境配置
linux
哈里谢顿18 小时前
云计算基础架构工程师面试终极准备指南(OpenStack 背景专属)
openstack
哈里谢顿18 小时前
云计算基础架构工程师”面试通关 Checklist
openstack
蝎子莱莱爱打怪2 天前
Centos7中一键安装K8s集群以及Rancher安装记录
运维·后端·kubernetes
崔小汤呀2 天前
最全的docker安装笔记,包含CentOS和Ubuntu
linux·后端
何中应2 天前
vi编辑器使用
linux·后端·操作系统
何中应2 天前
Linux进程无法被kill
linux·后端·操作系统
何中应2 天前
rm-rf /命令操作介绍
linux·后端·操作系统
何中应2 天前
Linux常用命令
linux·操作系统
热门推荐
01GitHub 镜像站点02【OpenClaw 本地实战 Ep.3】突破瓶颈:强制修改 openclaw.json 解锁 32k 上下文记忆03OpenClaw 使用和管理 MCP 完全指南04Clawdbot部署教程:解决‘gateway token missing’授权问题的完整步骤05OpenClaw + 飞书(Feishu)环境搭建指南06Claude Code + GLM4.7 避坑指南:解决 Unable to connect to Anthropic services07AI 规范驱动开发“三剑客”深度对比:Spec-Kit、Kiro 与 OpenSpec 实战指南08Window 10部署openclaw报错node.exe : npm error code 12809AI Agent 平台横评:ZeroClaw vs OpenClaw vs Nanobot10OpenClaw优化飞书API 额度已耗尽问题