12、验证服务
tcp 0 0 192.168.75.52:3306 0.0.0.0:* LISTEN 3139/mysqld tcp 0 0 192.168.75.52:2379 0.0.0.0:* LISTEN 4269/etcd tcp 0 0 192.168.75.52:11211 0.0.0.0:* LISTEN 4085/memcached tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 4085/memcached tcp 0 0 192.168.75.52:2380 0.0.0.0:* LISTEN 4269/etcd tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 1/systemd tcp6 0 0 :::22 :::* LISTEN 1041/sshd tcp6 0 0 ::1:25 :::* LISTEN 1180/master tcp6 0 0 :::5672 :::* LISTEN 3316/beam.smp tcp6 0 0 ::1:11211 :::* LISTEN 4085/memcached
创建keystone用户、数据库
[root@controller ~]# mysql MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \ IDENTIFIED BY '000000'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \ IDENTIFIED BY '000000'; |
2、安装keystone
[root@controller ~]# yum -y install openstack-keystone httpd mod_wsgi
3、安装openstack-utils
[root@controller ~]# yum install openstack-utils -y
4、配置keystone配置文件
[root@controller ~]# openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:000000@controller/keystone [root@controller ~]# openstack-config --set /etc/keystone/keystone.conf token provider fernet [root@controller ~]# grep "^"[a-Z] /etc/keystone/keystone.conf connection = mysql+pymysql://keystone:000000@controller/keystone provider = fernet |
5、导入keystone数据库
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
6、建立fernet
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone -- keystone-group keystone [root@controller ~]# keystone-manage credential_setup --keystone-user keystone - -keystone-group keystone
7、建立bootstrap
[root@controller ~]# keystone-manage bootstrap --bootstrap-password 000000 \ --bootstrap-admin-url http://controller:5000/v3/ \ --bootstrap-internal-url http://controller:5000/v3/ \ --bootstrap-public-url http://controller:5000/v3/ \ --bootstrap-region-id RegionOne |
8、配置httpd
# 修改httpd配置文件 [root@controller ~]# vi /etc/httpd/conf/httpd.conf ServerName controller 95行
# 创建软连接 [root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
# 启动服务 [root@controller ~]# systemctl enable httpd [root@controller ~]# systemctl start httpd |
9、配置认证环境
[root@controller ~]# cat > admin-openrc << 'EOF' export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=000000 export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF |
10、创建service项目
# 加载认证文件 [root@controller ~]# source admin-openrc
# 创建service项目 [root@controller ~]# openstack project create --domain default --description "Service Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | default | | enabled | True | | id | 94feafee3f074b81a05f86e11d8e2c32 | | is_domain | False | | name | service | | options | {} | | parent_id | default | | tags | [] | +-------------+----------------------------------+
# 列出项目列表 [root@controller ~]# openstack project list +----------------------------------+---------+ | ID | Name | +----------------------------------+---------+ | 94feafee3f074b81a05f86e11d8e2c32 | service | | 97cc8982ba9640eb985ec1261da998dd | admin | +----------------------------------+---------+ |
1、创建glance数据库
[root@controller ~]# mysql -u root -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 22 Server version: 10.3.20-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE glance; Query OK, 1 row affected (0.000 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.000 sec)
2、获取admin凭证
[root@controller ~]# source admin-openrc
3、创建glance服务用户
# 创建一个名为glance的用户 [root@controller ~]# openstack user create --domain default --password-prompt glance User Password: Repeat User Password: +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | default | | enabled | True | | id | d027b9b9cf6f4ed6a4b461c96da6f8a1 | | name | glance | | options | {} | | password_expires_at | None | +---------------------+----------------------------------+
# 将角色添加到用户和项目 [root@controller ~]# openstack role add --project service --user glance admin # 创建glance服务实体: [root@controller ~]# openstack service create --name glance --description "OpenStack Image" image +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ |
|
| description | OpenStack Image | enabled | True | id | ed76ac7295904d49a88005cae9793c94 | name | glance | type | image |
| | | | | |
+-------------+----------------------------------+ |
|
4、创建影像服务 API 端点
[root@controller ~]# openstack endpoint create --region RegionOne image public http://controller:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | bc5f7da48bdb48e38c9c1a0aec03e1f1 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | ed76ac7295904d49a88005cae9793c94 | | service_name | glance | | service_type | image | url | http://controller:9292 | | +--------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne image internal http://controller:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | e277a601f202414a812f067cf7b318d6 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | ed76ac7295904d49a88005cae9793c94 | | service_name | glance | | service_type | image | | url | http://controller:9292 | +--------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne image admin http://controller:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 0fb3857849e141cc9f1eae3a7cf5a049 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | ed76ac7295904d49a88005cae9793c94 | | service_name | glance | | service_type | image | | url | http://controller:9292 | +--------------+----------------------------------+
5、安装glance服务
[root@controller ~]# yum install openstack-glance -y |
6、修改glance配置文件
# 编辑文件/etc/glance/glance-api.conf并完成以下操作:
在 [database]本节中,配置数据库访问:
[database] connection = mysql+pymysql://glance:000000@controller/glance # 使用下面的命令可直接修改 openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:000000@controller/glance
在 [keystone_authtoken] 和``[paste_deploy]部分中, 配置身份服务访问:
[keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = 000000 [paste_deploy] flavor = keystone # 使用下面的命令可直接修改 openstack-config --set /etc/glance/glance-api.conf keystone_authtoken www_authenticate_uri http://controller:5000 openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:5000 openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211 openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name Default openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name Default openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password 000000 openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
在 [glance_store]部分中,配置本地文件系统存储和映像文件的位置:
[glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/
# 使用下面的命令可直接修改 openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http openstack-config --set /etc/glance/glance-api.conf glance_store default_store file openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/ |
7、同步glance数据库
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance # 忽略输出的废弃消息
8、安装完成
# 启动服务和添加到开机自启 [root@controller ~]# systemctl [root@controller ~]# systemctl |
start openstack-glance-api.service enable openstack-glance-api.service |
9、上传镜像
[root@controller ~]# glance image-create --name "cirros" \ --file cirros-0.4.0-x86_64-disk.img \ --disk-format qcow2 --container-format bare \ --visibility public |
