OpenStack deployment
1, Environmental preparation
1. Network environment
| host | IP |
|---|---|
| controller | 10.0.0.51 |
| compute1 | 10.0.0.61 |
Modify hosts file
cat /etc/hosts
10.0.0.51 controller
10.0.0.61 compute1
Close selinux and firewalld
cat env_set.sh #!/bin/bash systemctl stop firewalld systemctl disable firewalld setenforce 0 sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config yum install -y wget
Configure Alibaba yum source
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
Configure Ali source manually
[centotack-rocky] name=openstack-rocky baseurl=https://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-rocky/ enabled=1 gpgcheck=0 [qume-kvm] name=qemu-kvm baseurl= https://mirrors.aliyun.com/centos/7/virt/x86_64/kvm-common/ enabled=1 gpgcheck=0
Install openstack client and openstack SELinux
yum install python-openstackclient openstack-selinux -y
2. Synchronization time
Install relevant software
yum install chrony vim net-tools lsof -y
#controller node
allow 10.0.0.0/24
#Other nodes
server 10.0.0.51 iburst
Restart service
systemctl enable chronyd.service systemctl start chronyd.service
3. Deploy mariadb database
Database node
yum install mariadb mariadb-server python2-PyMySQL -y
Modify the database configuration file / etc / my cnf
bind-address = 10.0.0.51 default-storage-engine = innodb innodb_file_per_table #innodb uses a separate table structure max_connections = 4096 #Maximum connections collation-server = utf8_general_ci #Using utf-8 character set character-set-server = utf8
Start database
systemctl enable mariadb systemctl start mariadb
Database security initialization
mysql_secure_installation #Enter N Y
4. Message queue RabbitMQ
Install rabbit
yum install rabbitmq-server systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service
#Add openstack user and set password rabbitmqctl add_user openstack RABBIT_PASS Creating user "openstack" ... #Configure write and read permissions for openstack users rabbitmqctl set_permissions openstack ".*" ".*" ".*" Setting permissions for user "openstack" in vhost "/" ...
Rabbitmq will open ports 25672 and 5672 by default
verification:
# netstat -antplu|grep 5672 tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 11226/beam.smp tcp6 0 0 :::5672 :::* LISTEN 11226/beam.smp
Open the plug-in and monitor Port: 15672
rabbitmq-plugins enable rabbitmq_management
# netstat -antplu|grep 5672 tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 11226/beam.smp tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 11226/beam.smp tcp6 0 0 :::5672 :::* LISTEN 11226/beam.smp
5. Configure memcached
yum install -y memcached python-memcached #Default listening needs to be modified sed -i 's/127.0.0.1/10.0.0.51/g' /etc/sysconfig/memcached systemctl restart memcached.service
verification:
# netstat -anpl|grep 11211 tcp 0 0 10.0.0.51:11211 0.0.0.0:* LISTEN 12152/memcached
6. General steps for openstack service installation:
1.Creative library authorization 2.stay keystone Create users and associate roles 3.stay keystone Register service on api 4.Install service related packages 5.Modify profile Connection information of database rabbitmq Connection information for keystone Authentication authorization information 6.Synchronize database and create tables 7.Start service
2, keystone service installation
1. Creative library authorization
create DATABASE keystone; GRANT ALL PRIVILEGES on keystone.* to 'keystone'@'localhost' identified by 'KEYSTONE_DBPASS'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
2. Install keystone related packages
yum install -y openstack-keystone httpd mod_wsgi
Modify profile
cp /etc/keystone/keystone.conf{,.back}
grep -Ev '^$|^#' /etc/keystone/keystone.conf.back > /etc/keystone/keystone.conf
cat /etc/keystone/keystone.conf
[DEFAULT]
admin_token = ADMIN_TOKEN
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
[token]
provider = fernet
#Synchronize database
su -s /bin/sh -c "keystone-manage db_sync" keystone
#Initialize fernet
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
#verification
ll /etc/keystone
3. Configure httpd
echo "ServerName controller" >>/etc/httpd/conf/httpd.conf
cat /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
restart
systemctl enable httpd.service
systemctl restart httpd.service
4. Create service and registration APIs:
#Configure authentication token: export OS_TOKEN=ADMIN_TOKEN #Configure endpoint URL: export OS_URL=http://controller:35357/v3 #Configure authentication API version: export OS_IDENTITY_API_VERSION=3 openstack service create \ --name keystone --description "OpenStack Identity" identity openstack endpoint create --region RegionOne \ identity public http://controller:5000/v3 openstack endpoint create --region RegionOne \ identity internal http://controller:5000/v3 openstack endpoint create --region RegionOne \ identity admin http://controller:35357/v3
Create domain, project, user, role
openstack domain create --description "Default Domain" default openstack project create --domain default \ --description "Admin Project" admin openstack user create --domain default \ --password ADMIN_PASS admin openstack role create admin openstack role add --project admin --user admin admin openstack project create --domain default \ --description "Service Project" service
Exit bash
Given initial variable
# cat admin-openrc export OS_AUTH_URL=http://controller:35357/v3 export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_IMAGE_API_VERSION=2 export OS_IDENTITY_API_VERSION=3 export OS_PASSWORD=ADMIN_PASS source admin-openrc echo 'source admin-openrc' >> /etc/bashrc
verification:
openstack token issue openstack user list openstack service list openstack endpoint list
3, Mirror service grace
1. Creative library authorization
CREATE DATABASE glance; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \ IDENTIFIED BY 'GLANCE_DBPASS'; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \ IDENTIFIED BY 'GLANCE_DBPASS';
2. Create users in keystone and associate roles
openstack user create --domain default --password GLANCE_PASS glance openstack role add --project service --user glance admin
3. Register the service and api on keystone
openstack endpoint create --region RegionOne \ image public http://controller:9292 openstack endpoint create --region RegionOne \ image internal http://controller:9292 openstack endpoint create --region RegionOne \ image admin http://controller:9292
4. Install service related packages
yum install openstack-glance -y
5. Modify profile
cp /etc/glance/glance-api.conf{,.back}
grep -Ev '^$|#' /etc/glance/glance-api.conf.back > /etc/glance/glance-api.conf
cp /etc/glance/glance-registry.conf{,.back}
grep -Ev '^$|#' /etc/glance/glance-registry.conf.back >/etc/glance/glance-registry.conf
# cat /etc/glance/glance-api.conf
[DEFAULT]
[cors]
[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[image_format]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS
[matchmaker_redis]
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
flavor = keystone
[profiler]
[store_type_location_strategy]
[task]
[taskflow_executor]
# cat /etc/glance/glance-registry.conf
[DEFAULT]
[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS
[matchmaker_redis]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_policy]
[paste_deploy]
flavor = keystone
[profiler]
6. Synchronize database and create tables
# su -s /bin/sh -c "glance-manage db_sync" glance
Start the image service and configure them to start randomly:
systemctl enable openstack-glance-api.service \ openstack-glance-registry.service systemctl start openstack-glance-api.service \ openstack-glance-registry.service
4, nova installation
1. Creative library authorization
CREATE DATABASE nova_api; CREATE DATABASE nova; CREATE DATABASE nova_cell0; GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \ IDENTIFIED BY 'NOVA_DBPASS'; GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \ IDENTIFIED BY 'NOVA_DBPASS'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \ IDENTIFIED BY 'NOVA_DBPASS'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \ IDENTIFIED BY 'NOVA_DBPASS'; GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \ IDENTIFIED BY 'NOVA_DBPASS'; GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \ IDENTIFIED BY 'NOVA_DBPASS';
2. Create users in keystone and associate roles
openstack user create --domain default --password NOVA_PASS nova openstack role add --project service --user nova admin openstack user create --domain default --password PLACEMENT_PASS placement openstack role add --project service --user placement admin
3. Register the service and api on keystone
openstack service create --name nova --description "OpenStack Compute" compute openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1/%\(tenant_id\)s openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1/%\(tenant_id\)s openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1/%\(tenant_id\)s #Solve version compatibility openstack service create --name placement --description "Placement API" placement openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778
4. Install service related packages
yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler -y
5. Modify profile
# cat /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 10.0.0.51
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
transport_url = rabbit://openstack:RABBIT_PASS@controller
[api]
[api_database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
[barbican]
[cache]
[cells]
[cinder]
[compute]
[conductor]
[console]
[consoleauth]
[cors]
[database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova
[devices]
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
api_servers = http://controller:9292
[guestfs]
[healthcheck]
[hyperv]
[ironic]
[key_manager]
[keystone]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS
[libvirt]
virt_type = qemu
cpu_mode = none
[matchmaker_redis]
[metrics]
[mks]
[neutron]
[notifications]
[osapi_v21]
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[pci]
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = PLACEMENT_PASS
[placement_database]
[powervm]
[profiler]
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[upgrade_levels]
[vault]
[vendordata_dynamic_auth]
[vmware]
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[workarounds]
[wsgi]
[xenserver]
[xvp]
[zvm]
tail /etc/httpd/conf.d/00-nova-placement-api.conf
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
Restart httpd service
systemctl restart httpd
6. Synchronize database and create tables
su -s /bin/sh -c "nova-manage api_db sync" nova su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova su -s /bin/sh -c "nova-manage db sync" nova #verification nova-manage cell_v2 list_cells
7. Start service
systemctl enable openstack-nova-api.service \ openstack-nova-consoleauth.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service systemctl start openstack-nova-api.service \ openstack-nova-consoleauth.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service
IV (2) calculation node
1. Software installation
yum install openstack-nova-compute
configuration file
# cat /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller my_ip = 10.0.0.61 use_neutron = True firewall_driver = nova.virt.firewall.NoopFirewallDriver [api] auth_strategy = keystone [api_database] [barbican] [cache] [cells] [cinder] [compute] [conductor] [console] [consoleauth] [cors] [database] [devices] [ephemeral_storage_encryption] [filter_scheduler] [glance] api_servers = http://controller:9292 [guestfs] [healthcheck] [hyperv] [ironic] [key_manager] [keystone] [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = nova password = NOVA_PASS [libvirt] virt_type = qemu cpu_mode = none [matchmaker_redis] [metrics] [mks] [neutron] [notifications] [osapi_v21] [oslo_concurrency] lock_path = /var/lib/nova/tmp [oslo_messaging_amqp] [oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_messaging_zmq] [oslo_middleware] [oslo_policy] [pci] [placement] [placement_database] [powervm] [profiler] [quota] [rdp] [remote_debug] [scheduler] [serial_console] [service_user] [spice] [upgrade_levels] [vault] [vendordata_dynamic_auth] [vmware] [vnc] enabled = True vncserver_listen = 0.0.0.0 vncserver_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html [workarounds] [wsgi] [xenserver] [xvp] [zvm] [placement] os_region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:35357/v3 username = placement password = PLACEMENT_PASS
openstack hypervisor list
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
Start service
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
5, neutron network service
Control node
1. Library creation authorization
CREATE DATABASE neutron; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \ IDENTIFIED BY 'NEUTRON_DBPASS'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \ IDENTIFIED BY 'NEUTRON_DBPASS';
2. Create users in keystone and associate roles
openstack user create --domain default --password NEUTRON_PASS neutron openstack role add --project service --user neutron admin
3. Register the service and api on keystone
openstack service create --name neutron \ --description "OpenStack Networking" network openstack endpoint create --region RegionOne \ network public http://controller:9696 openstack endpoint create --region RegionOne \ network internal http://controller:9696 openstack endpoint create --region RegionOne \ network admin http://controller:9696
4. Install service related software packages
yum install openstack-neutron openstack-neutron-ml2 \ openstack-neutron-linuxbridge ebtables -y
5. Modify the configuration file
cp /etc/neutron/neutron.conf{,.back}
grep -Ev '^$|#' /etc/neutron/neutron.conf.back > /etc/neutron/neutron.conf
cp /etc/neutron/dhcp_agent.ini{,.back}
grep -Ev '^$|#' /etc/neutron/dhcp_agent.ini.back > /etc/neutron/dhcp_agent.ini
cp /etc/neutron/metadata_agent.ini{,.back}
grep -Ev '^$|#' /etc/neutron/metadata_agent.ini.back > /etc/neutron/metadata_agent.ini
cp /etc/neutron/plugins/ml2/ml2_conf.ini{,.back}
grep -Ev '^$|#' /etc/neutron/plugins/ml2/ml2_conf.ini.back > /etc/neutron/plugins/ml2/ml2_conf.ini
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.back}
grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.back > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
#Edit / etc / Nova / nova conf
[neutron]
...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET
Table creation, database synchronization
#Network service initialization script ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
7. Start service
systemctl restart openstack-nova-api.service systemctl enable neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service systemctl start neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service
Calculation node
install
yum install openstack-neutron-linuxbridge ebtables ipset -y
Modify profile
cp /etc/neutron/neutron.conf{,.back}
grep -Ev '^$|#' /etc/neutron/neutron.conf.back > /etc/neutron/neutron.conf
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.back}
grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.back > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
Start service
systemctl restart openstack-nova-compute.service systemctl enable neutron-linuxbridge-agent.service systemctl start neutron-linuxbridge-agent.service
6, Dashboard
install
yum install openstack-dashboard -y
configuration file
egrep -v '^$|#' /etc/openstack-dashboard/local_settings
import os
from django.utils.translation import ugettext_lazy as _
from openstack_dashboard import exceptions
from openstack_dashboard.settings import HORIZON_CONFIG
DEBUG = False
TEMPLATE_DEBUG = DEBUG
WEBROOT = '/dashboard/'
ALLOWED_HOSTS = ['*', ]
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
"compute": 2,
}
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'default'
LOCAL_PATH = '/tmp'
SECRET_KEY='65941f1393ea1c265ad7'
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
},
}
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
OPENSTACK_HOST = "controller"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_KEYSTONE_BACKEND = {
'name': 'native',
'can_edit_user': True,
'can_edit_group': True,
'can_edit_project': True,
'can_edit_domain': True,
'can_edit_role': True,
}
OPENSTACK_HYPERVISOR_FEATURES = {
'can_set_mount_point': False,
'can_set_password': False,
'requires_keypair': False,
}
OPENSTACK_CINDER_FEATURES = {
'enable_backup': False,
}
OPENSTACK_NEUTRON_NETWORK = {
'enable_router': False,
'enable_quotas': False,
'enable_ipv6': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
'default_ipv4_subnet_pool_label': None,
'default_ipv6_subnet_pool_label': None,
'profile_support': None,
'supported_provider_types': ['*'],
'supported_vnic_types': ['*'],
}
OPENSTACK_HEAT_STACK = {
'enable_user_pass': True,
}
IMAGE_CUSTOM_PROPERTY_TITLES = {
"architecture": _("Architecture"),
"kernel_id": _("Kernel ID"),
"ramdisk_id": _("Ramdisk ID"),
"image_state": _("Euca2ools state"),
"project_id": _("Project ID"),
"image_type": _("Image Type"),
}
IMAGE_RESERVED_CUSTOM_PROPERTIES = []
API_RESULT_LIMIT = 1000
API_RESULT_PAGE_SIZE = 20
SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024
DROPDOWN_MAX_ITEMS = 30
TIME_ZONE = "Asia/Shanghai"
POLICY_FILES_PATH = '/etc/openstack-dashboard'
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'handlers': {
'null': {
'level': 'DEBUG',
'class': 'logging.NullHandler',
},
'console': {
'level': 'INFO',
'class': 'logging.StreamHandler',
},
},
'loggers': {
'django.db.backends': {
'handlers': ['null'],
'propagate': False,
},
'requests': {
'handlers': ['null'],
'propagate': False,
},
'horizon': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'openstack_dashboard': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'novaclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'cinderclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'keystoneclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'glanceclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'neutronclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'heatclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'ceilometerclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'swiftclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'openstack_auth': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'nose.plugins.manager': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'django': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'iso8601': {
'handlers': ['null'],
'propagate': False,
},
'scss': {
'handlers': ['null'],
'propagate': False,
},
},
}
SECURITY_GROUP_RULES = {
'all_tcp': {
'name': _('All TCP'),
'ip_protocol': 'tcp',
'from_port': '1',
'to_port': '65535',
},
'all_udp': {
'name': _('All UDP'),
'ip_protocol': 'udp',
'from_port': '1',
'to_port': '65535',
},
'all_icmp': {
'name': _('All ICMP'),
'ip_protocol': 'icmp',
'from_port': '-1',
'to_port': '-1',
},
'ssh': {
'name': 'SSH',
'ip_protocol': 'tcp',
'from_port': '22',
'to_port': '22',
},
'smtp': {
'name': 'SMTP',
'ip_protocol': 'tcp',
'from_port': '25',
'to_port': '25',
},
'dns': {
'name': 'DNS',
'ip_protocol': 'tcp',
'from_port': '53',
'to_port': '53',
},
'http': {
'name': 'HTTP',
'ip_protocol': 'tcp',
'from_port': '80',
'to_port': '80',
},
'pop3': {
'name': 'POP3',
'ip_protocol': 'tcp',
'from_port': '110',
'to_port': '110',
},
'imap': {
'name': 'IMAP',
'ip_protocol': 'tcp',
'from_port': '143',
'to_port': '143',
},
'ldap': {
'name': 'LDAP',
'ip_protocol': 'tcp',
'from_port': '389',
'to_port': '389',
},
'https': {
'name': 'HTTPS',
'ip_protocol': 'tcp',
'from_port': '443',
'to_port': '443',
},
'smtps': {
'name': 'SMTPS',
'ip_protocol': 'tcp',
'from_port': '465',
'to_port': '465',
},
'imaps': {
'name': 'IMAPS',
'ip_protocol': 'tcp',
'from_port': '993',
'to_port': '993',
},
'pop3s': {
'name': 'POP3S',
'ip_protocol': 'tcp',
'from_port': '995',
'to_port': '995',
},
'ms_sql': {
'name': 'MS SQL',
'ip_protocol': 'tcp',
'from_port': '1433',
'to_port': '1433',
},
'mysql': {
'name': 'MYSQL',
'ip_protocol': 'tcp',
'from_port': '3306',
'to_port': '3306',
},
'rdp': {
'name': 'RDP',
'ip_protocol': 'tcp',
'from_port': '3389',
'to_port': '3389',
},
}
REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
'LAUNCH_INSTANCE_DEFAULTS']
# ll /etc/openstack-dashboard/local_settings -rw-r-----. 1 root apache 26505 Apr 28 21:56 /etc/openstack-dashboard/local_settings
Modification of domain
vim /etc/httpd/conf.d/openstack-dashboard.conf
WSGIApplicationGroup %{GLOBAL}
systemctl restart httpd
7, Create an instance
1. Create network
neutron net-create --shared --provider:physical_network provider \ --provider:network_type flat ouzhenet neutron subnet-create --name ouzhe1 \ --allocation-pool start=10.0.0.101,end=10.0.0.200 \ --dns-nameserver 114.114.114.114 --gateway 10.0.0.2 \ ouzhenet 10.0.0.0/24
2. Create M1 Nano specification host
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
3. Generate and add secret key pairs
ssh-keygen -q -N "" -f ~/.ssh/id_rsa openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
4. Add security group rule
openstack security group rule create --proto icmp default openstack security group rule create --proto tcp --dst-port 22 default
5. Create host
neutron net-list neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. +--------------------------------------+----------+----------------------------------+--------------------------------------------------+ | id | name | tenant_id | subnets | +--------------------------------------+----------+----------------------------------+--------------------------------------------------+ | cae26611-d5d1-4465-a352-c35a014e6f08 | ouzhenet | fd444319c4874e908d66d1c91e07c42d | 29281230-6848-4397-bfec-241c5e8c9e65 10.0.0.0/24 | +--------------------------------------+----------+----------------------------------+--------------------------------------------------+ openstack server create --flavor m1.nano --image cirros \ --nic net-id=cae26611-d5d1-4465-a352-c35a014e6f08 --security-group default \ --key-name mykey ouzhe001
Verify the virtual machine you created
Verify whether there is an IP address and whether you can access the Internet
