openStack kilo 手动Manual部署随笔记录

2019年12月20日 阅读数:1071
这篇文章主要向大家介绍openStack kilo 手动Manual部署随笔记录,主要内容包括基础应用、实用技巧、原理机制等方面,希望对大家有所帮助。

一 ,基于neutron网络资源主机(控制节点,网络节点,计算节点)网络规划配置php

1, 节点css


2, network.cc节点网络配置截图vue

3, compute.cc节点网络配置截图html5


Neutron initial 网络 ip pool Ranger:node

External network ip pool: ~

Tenant network ip pool:



ntp服务器配置把ntp_server 修改成

其余节点将server 指向controller.cc便可


2,openstack package ins,to enable openstack online repository



3,SQL database

 user libvirt

  • Management of virtual machines, virtual networks and storage

  Zero-conf discovery using Avahi multicast-DNS

libvirt provides

1     Remote management using TLS encryption and x509 certificates
2     Remote management authenticating with Kerberos and SASL
3     Local access control using PolicyKit
4     Zero-conf discovery using Avahi multicast-DNS
5     Management of virtual machines, virtual networks and storage
6     Portable client API for Linux, Solaris and Windows

 ins mariaDB-server python-mysqldb
bind-address     =
default-storage-engine = innodb
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8

Message queue
ins    apt-get install rabbitmq-server
To configure the message queue service,add the openstack user
rabbitmqctl add_user openstack 321
rabbitmqctl set_permissions openstack ".*" ".*" ".*"

Install and configure openStack Identity service
service on ntp,SQL,Message queue,identity service-keystone
for performance,this configuration deploys the Apache Http server to handle requests and Memcached to store tokens instead of a SQL database


Create projects,users,and roles
The identity service provides authentication services for each openstack service,the authentication service uses a combination of domains,projects(tenants),users,and roles

create an administrator administrative project,user,and role for administrative operations in your environment

this guide uses a service project that contains a unique user for each service that you add to your environment

openstack add role --project admin --user {} role

for security reasons,disable the temporary authentication token mechanism

qinRui用户与admin 项目project及admin 角色相关联系起来

rui用户与rui 项目project 及admin 角色管联

openstack image service(glance) enables users to discover,register,and retrieve virtual machine images,offers a REST API enables you to query virtual machine image metadata and retrieve an actual image,you can store virtual machine images made available through the image service in variety of locations,from simple file systems to object-storage systems like object storage


openstack image service includes the following components:
glance-api:    image discovery,retrieval,and storage
glance-registery:    stores,processes,and retrieves metadata about images.Metadata includes items such as size and type

security note,registry is a private internal service meant for use by openstack image service,
database:    stores image metadata and you can choose your database depending on your preference
storage repository for image files: various repository types are supported

on the node,for simplicity,this configuration stores images on the local file system

git 使用测试

把新建立的glance用户关联到service项目和admin role角色

create service entity,API endpoint

default_store = file
filesystem_store_datadir = /var/lib/glance/images

从上面截图得出的教训是此处的配置文件every line 开头不能有空白.

libVirt 开发环境



Add the compute service
openStack compute
install and configure controller node
install and configure a compute node

再一个工做任务是使用FUEL部署openStack production env

compute core: nova-compute service worker daemon that creates and terminates virtual machine instances through hypervisor APIs,Processing is fairly complex,basically,the daemon accepts actions from the queue and performs a series of system command such as launching a KVM instance and updating its state in the database

nova-scheduler takes a virtual machine instance request from the queue and determines on which compute server host it runs

core compute,networking for VMs nova-network worker daemon similar to the nova-compute service,accepts networking tasks from queue and manipulates the network,performs tasks such as setting up bridging interfaces or changing iptables rules

nova-consoleauth daemon,authorizes token for users that console proxies provide,see nova-novncproxy and nova-xvpnvproxy,
nova-consoleauth daemon: authorizes tokens for users that cnsole proxies provides
nova-novncproxy and  no-xvpnvncpproxy  this service nova-consoleauth must be running for console proxies to workyou can run proxies of ethr type

nova-novncproxy daemon provides a proxy for accessing running instances through a VNC connection,supports browser-based novnc clients

novnc client,html5 client browser-based

nova-xvpvncproxy daemon provides a proxy for accessing running instances through a VNC connection,supports an openstack-specific java client

Popuklate the compute database


完整nova node 配置文件

verbose = True

rpc_backend = rabbit
auth_strategy = keystone
my_ip =
vncserver_listen =
vncserver_proxyclient_address =

connection = mysql://

rabbit_host =
rabbit_userid = openstack
rabbit_password = 321

auth_uri =
auth_rul =
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = 321

host =

lock_path = /var/lib/nova/tmp
View Code

install and configure a compute node

server component listens on all ip address and the proxy component only listens on the manaement interface ip address of the compute node the base URL indicates the location where you can use a web browser to access remote consoles of instances on this compute node

to finalize installation
determine whether your compute node supports hardware acceleration for virtual machines

configure libVirt to use QEMU instead of KVM


list service components to verify successful launch and registration of each process

This output should indicate four service components enabled on the compute node.

List API endpoint in the Identity service to verify connectivity with the Identity service