Shulou(Shulou.com)06/01 Report--

Three reasons why companies deploy OpenStack: higher operational efficiency, innovation and cost savings

Environment: rhel7.2

Salt-master: 172.25.33.250

Salt-slavle: 172.25.33.10 Management Node, controller

Salt-slave:172.25.33.11

The first step is to install it on the official website of saltstack

Rpm-- import https://repo.saltstack.com/yum/redhat/7/x86_64/latest/SALTSTACK-GPG-KEY.pub

Modify the Yum source:

[saltstack-repo]

Name=SaltStack repo for RHEL/CentOS $releasever

Baseurl= https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest

Enabled=1

Gpgcheck=1

Gpgkey= https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub

Modify / etc/yum.conf to turn on the cache cache so that you can use computers that can access the Internet to load yum sources for computers that can't. Yum is cached under / var/cache/yum/.

Download and install directly after modification

Yum install-y salt-master

Yum install-y salt-minion

Store the cached software directly as a yum source for other hosts.

Modify the configuration file on master: / etc/salt/master

Interface: 0.0.0.0 * * Note the format

Base:

-/ srv/salt/

Modify the configuration file on minion: / etc/salt/minion

Master: 172.25.33.250

Start the service:

# systemctl start salt-master.service

# systemctl start salt-minion

# salt-key-L

Accepted Keys:

Denied Keys:

Unaccepted Keys:

Server10.example

Rejected Keys:

# salt-key-A

The following keys are going to be accepted:

Unaccepted Keys:

Server10.example

Proceed? [n/Y] Y

Key for minion server10.example accepted.

Accept minion and test:

# salt "*" test.ping

Server10.example:

True

Normal!

Deploy openstack

Before you deploy, make sure that:

1. The firewalls of master and minion are turned off

2. The selinux of both is closed. Although officials say that seliunx can be turned on, it is likely to cause trouble to the deployment.

3. The time should be synchronized, and the synchronization time should be carried out using chrony.

Modify 172.25.33.250 / etc/chrony.conf

Server 172.25.33.10 iburst

Allow 172.25.33.0/24

Modify server10.example.com / etc/chrony.conf

Add: server 172.25.33.250 iburst synchronization server IP, you can also directly synchronize the time of Ali Cloud.

Start the chrony service.

# chronyc sources-v

210 Number of sources = 1

Source mode'^'= server,'='= peer,'#'= local clock.

/.-Source state'*'= current synced,'+'= combined,'-'= not combined

| /'?'= unreachable,'x' = time may be in error,'~'= time too variable.

| |.-xxxx [yyyy] + /-zzzz |

| | Reachability register (octal) -. | | xxxx = adjusted offset |

| | Log2 (Polling interval)--. | | yyyy = measured offset |

| |\ | | zzzz = estimated error.

| |\ |

MS Name/IP address Stratum Poll Reach LastRx Last sample

=

^ * 172.25.33.250 0 8 0 10y + 0ns [+ 0ns] + /-0ns

In order to facilitate operation, it is recommended to modify the hosts file.

For convenience, the real computer 172.25.33.250 that can be connected to the Internet will be called master.

172.25.33.10 is minion1

172.25.33.11 is minion2

__

The operation on master is to download the package. After downloading the package, mount it to the yum source and let minion install it.

Perform the installation on master:

# yum install https://rdoproject.org/repos/rdo-release.rpm

# yum upgrade

There is a new yum source on your default yum source.

Use the following table to describe the components and functions of the current openstack.

Service

Project name

Description

Dashboard

Horizon

The interaction of web services is implemented by providing openstack services, such as creating instances, configuring IP, and configuring access control.

Compute

Nova

Manage the calculation of the entire biosphere in the system environment. It undertakes a series of responsibilities such as hatching, scheduling and recycling virtual machines after request. it is the core component and can be said to be the real role.

Networking

Neutron

Network services are provided and other services are connected. Provide users with API to define networks and connect them. Support a variety of network providers and emerging network technologies, such as vxlan and so on.

Object Storage

Swift

RESTful API is used to store and retrieve unstructured data objects for tasks, which has high fault tolerance for data synchronization and scale-out. Instead of mounting file directories, it writes objects and files to multiple drivers to ensure the integrity of the data in the server cluster.

Block

Cinder

Block storage and persistence are provided, and a pluggable architecture simplifies the creation and management of storage devices.

Identity

Keystone

Provides authentication and authorization capabilities for openstack services. Provides an access interface for all services.

Image service

Glance

Provides mirroring and retrieval services for virtual disk devices for use when calculating instances.

Telemetry

Ceilometer

Scalable services, providing monitoring, measurement, billing, statistics and other functions.

Orchestration

Heat

A service that is performed by combining templates.

Database service

Trove

Provide scalable and reliable cloud database services for relational and non-relational databases.

Data processing service

Sahara

Belongs to the big data project of openstack. It's the integration of openstack and hadoop.

Install the openstack client:

Yum install python-openstackclient-y-downloadonly

* * do not download the selinux package if the system shuts down sellinux.

Yum install openstack-selinux-downloadonly

Put the downloaded installation package into a yum source to generate repo

# createrepo.

On minion:

] # cat openstack.repo

[openstack-ocata]

Name=openstack-ocata

Baseurl= ftp://172.25.33.250/openstack/openstack-ocata/

Gpgcheck=0

[epel]

Name=epel

Baseurl= ftp://172.25.33.250/openstack/epel/

Gpgcheck=0

# yum install python-openstackclient-y

On master

Yum install mariadb mariadb-server python2-PyMySQL-downloadonly

Then go to the cache directory and make it different from the yum source.

# rsync * 172.25.33.250:/var/ftp/openstack/openstack-ocata/

# createrepo / var/ftp/openstack/openstack-ocata/

No longer write operations on master, all directory software will come from this.

The following operations are done on minon1.

Most OpenStack services use SQL databases to store information. Typically, the database runs on the control node

Yum install mariadb mariadb-server python2-PyMySQL

Create and add:

# cat / etc/my.cnf.d/openstack.cnf

[mysqld]

Bind-address = 172.25.33.10

# set the ``bind- address`` value to the management network IP address of the control node so that other nodes can access the database through the management network

Default-storage-engine = innodb

Innodb_file_per_table

Max_connections = 4096

Collation-server = utf8_general_ci

Character-set-server = utf8

# set the following keys to enable useful options and the UTF-8 character set

Start the database service:

# systemctl enable mariadb.service

# systemctl start mariadb.service

To ensure the security of the database service, run the ``mysql_secure_ installation`` script. In particular, set an appropriate password for the root user of the database

Mysql_secure_installation

Among them, authentication service, mirror service, computing service and Networking all have prerequisites, so you can write sql statements and import them at once.

# cat osp.sql

CREATE DATABASE keystone

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'172.25.33.250'\

IDENTIFIED BY 'keystone'

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'\

IDENTIFIED BY 'keystone'

CREATE DATABASE glance

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'172.25.33.250'\

IDENTIFIED BY 'glance'

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%'\

IDENTIFIED BY 'glance'

CREATE DATABASE nova_api

CREATE DATABASE nova

GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'172.25.33.250'\

IDENTIFIED BY 'nova'

GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%'\

IDENTIFIED BY 'nova'

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'172.25.33.250'\

IDENTIFIED BY 'nova'

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%'\

IDENTIFIED BY 'nova'

CREATE DATABASE neutron

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'172.25.33.250'\

IDENTIFIED BY 'neutron'

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%'\

IDENTIFIED BY 'neutron'

# mysql-p show databases

+-+

| | Database |

+-+

| | information_schema |

| | glance |

| | keystone |

| | mysql |

| | neutron |

| | nova |

| | nova_api |

| | performance_schema |

+-+

8 rows in set (0.00 sec)

Import succeeded!

The Telemetry service uses a NoSQL database to store information, which typically runs on the control node

# yum install mongodb-server mongodb

Edit the file / etc/mongod.conf and complete the following actions:

Bind_ip = 172.25.33.10

# configure bind_ip to use the control node to manage the IP address of the network card

Smallfiles = true

# by default, MongoDB creates several log files of 1 GB size in the ``/ var/lib/mongodb/ journal`` directory. If you want to reduce the size of each log file to 128MB and limit the total space occupied by log files to 512MB, configure the value of smallfiles

Start MongoDB and configure it to start with the system

# systemctl enable mongod.service

# systemctl start mongod.service

OpenStack uses message queue to coordinate operations and status information for each service. The message queuing service generally runs on the control node. OpenStack supports several message queuing services including RabbitMQ, Qpid, and ZeroMQ. However, most distributions of OpenStack packages support specific message queuing services

# yum install rabbitmq-server

# systemctl enable rabbitmq-server.service

# systemctl start rabbitmq-server.service

# netstat-antlp | grep 5672

Tcp 0 0 0.0.0.0 25672 0.0.0. 0 LISTEN 3158/beam

Tcp6 0 0: 5672: * LISTEN 3158/beam

Add openstack user

Rabbitmqctl add_user openstack rabbit

Configure write and read permissions for ``openstack`` users:

# rabbitmqctl set_permissions openstack ". *"

# rabbitmqctl add_user openstack rabbit

Creating user "openstack"...

# rabbitmqctl set_permissions openstack ". *"

Setting permissions for user "openstack" in vhost "/".

The authentication service authentication cache uses Memcached cache tokens. The cache service memecached runs on the control node. In production deployment, we recommend jointly enabling firewall, authentication and encryption to ensure its security

# yum install memcached python-memcached

Modify the configuration file: * * if the port is not modified, the monitoring port may not be monitored.

# cat / etc/sysconfig/memcached

PORT= "11211"

USER= "memcached"

MAXCONN= "1024"

CACHESIZE= "64"

# OPTIONS= "- l 127.0.0.1" dazzle 1 "

OPTIONS= "172.0.0. 0. 0. 0. 0. 0. 0. 0. 0. 1"

# systemctl enable memcached.service

# systemctl start memcached.service

Grab Port:

# netstat-antlp | grep 1121

Tcp 0 0 0.0.0.0 11211 0.0.0.015 * LISTEN 2999/memcached

Tcp6 0 0: 11211: * LISTEN 2999/memcached

Install the image service:

A package python-zope-interface may be missing and you need to download and install it yourself.

# yum install openstack-keystone httpd mod_wsgi

Generate a random value as the administrator's token in the initial configuration.

# openssl rand-hex 10

# openssl rand-hex 10

Ec8b4ce2292ca6c24cd2

Edit the file / etc/keystone/keystone.conf and complete the following actions:

# vim / etc/keystone/keystone.conf

[DEFAULT]

...

Admin_token = ec8b4ce2292ca6c24cd2

[database]

Connection = mysql+pymysql://keystone:keystone@172.25.33.10/keystone

The second keystone is the password of the club when creating the database, and the IP after @ is the IP of the control node.

[token]

...

Provider = fernet

# configure the provider of the Fernet UUID token

After installing memcache, use memcache as the driver. Modify / etc/keystone/keystone.conf:

2842 driver = memcache

1500 servers = 172.25.33.10 purl 11211

Initialize the database for the authentication service

Su-s / bin/sh-c "keystone-manage db_sync" keystone

After initialization, you can use the View command to view the tables in keystone.

# mysql-ukeystone-pkeystone keystone-e "show tables;"

The three keystone are username, password, and database name, respectively.

Configure the Apache HTTP server

Edit the ``/ etc/httpd/conf/ httpd.conf`` file, and configure the ``ServerName`` option as the control node:

ServerName 172.25.33.10:80

Create a file / etc/httpd/conf.d/wsgi-keystone.conf

# cat / etc/httpd/conf.d/wsgi-keystone.conf

Listen 5000

Listen 35357

WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=% {GROUP}

WSGIProcessGroup keystone-public

WSGIScriptAlias / / usr/bin/keystone-wsgi-public

WSGIApplicationGroup% {GLOBAL}

WSGIPassAuthorization On

ErrorLogFormat "{cu} t M"

ErrorLog / var/log/httpd/keystone-error.log

CustomLog / var/log/httpd/keystone-access.log combined

Require all granted

WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=% {GROUP}

WSGIProcessGroup keystone-admin

WSGIScriptAlias / / usr/bin/keystone-wsgi-admin

WSGIApplicationGroup% {GLOBAL}

WSGIPassAuthorization On

ErrorLogFormat "{cu} t M"

ErrorLog / var/log/httpd/keystone-error.log

CustomLog / var/log/httpd/keystone-access.log combined

Require all granted

Create service entities and API endpoints:

By default, the authentication service database does not contain information that supports traditional authentication and directory services. You must use: the contents of keystone-install to create temporary authentication tokens for authentication services to initialize service entities and API endpoints.

You must use the parameter ``- os- token`` to pass the value of the authentication token to the: command:openstack command. Similarly, you must use the parameter ``- os- url`` to pass the URL of the authentication service to the openstack command or set the OS_URL environment variable

Configure authentication tokens:

# export OS_TOKEN=ec8b4ce2292ca6c24cd2

* * identity tokens are useful in configuring configuration files in the authentication service.

Configure the endpoint URL:

# export OS_URL= http://172.25.33.10:35357/v3

Configure the certified API version:

# export OS_IDENTITY_API_VERSION=3

Create service entities and API endpoints

1. In your Openstack environment, the authentication service manages the service directory. Services use this directory to determine which services are available in your environment.

Create service entities and authentication services:

$openstack service create\

-name keystone-description "OpenStack Identity" identity

+-- +

| | Field | Value |

+-- +

| | description | OpenStack Identity |

| | enabled | True |

| | id | 557ac19a848547e59df8792cec5f3598 |

| | name | keystone |

| | type | identity |

The authentication service manages a directory of API endpoints related to your environment. Services use this directory to determine how to communicate with other services in your environment.

OpenStack uses three API endpoint variants to represent each service: admin,internal and public. By default, administrative API endpoints allow users and tenants to be modified, while public and internal APIs do not allow these operations. In a production environment, for security reasons, variants may reside on separate networks to serve different types of users. For example, public API networks are visible on the Internet in order to allow customers to manage their own clouds. Managing API networks is also limited in organizations that manage cloud infrastructure. The internal API network may be limited to hosts that contain OpenStack services. In addition, OpenStack supports scalable multiple areas. For simplicity, this guide uses the management network for all endpoint variants and the default `RegionOne`` area.

Create an API endpoint for the authentication service:

# openstack service create\

>-name keystone-description "OpenStack Identity" identity

+-- +

| | Field | Value |

+-- +

| | description | OpenStack Identity |

| | enabled | True |

| | id | 557ac19a848547e59df8792cec5f3598 |

| | name | keystone |

| | type | identity |

# openstack endpoint create-- region RegionOne\

Identity public http://172.25.33.10:5000/v3

+-- +

| | Field | Value |

+-- +

| | enabled | True |

| | id | 71042a337b0c41afab0dc64017fe897c |

| | interface | public |

| | region | RegionOne |

| | region_id | RegionOne |

| | service_id | 557ac19a848547e59df8792cec5f3598 |

| | service_name | keystone |

| | service_type | identity |

| | url | http://172.25.33.10:5000/v3 |

+-- +

# openstack endpoint create-- region RegionOne\

Identity internal http://172.25.33.10:5000/v3

+-- +

| | Field | Value |

+-- +

| | enabled | True |

| | id | f73b5f587b0d4f748db51d19dc0064c1 |

| | interface | internal |

| | region | RegionOne |

| | region_id | RegionOne |

| | service_id | 557ac19a848547e59df8792cec5f3598 |

| | service_name | keystone |

| | service_type | identity |

| | url | http://172.25.33.10:5000/v3 |

+-- +

# openstack endpoint create-- region RegionOne\

Identity admin http://172.25.33.10:35357/v3

+-- +

| | Field | Value |

+-- +

| | enabled | True |

| | id | 093b3ff515ed4228aaea142db68f9ebe |

| | interface | admin |

| | region | RegionOne |

| | region_id | RegionOne |

| | service_id | 557ac19a848547e59df8792cec5f3598 |

| | service_name | keystone |

| | service_type | identity |

| | url | http://172.25.33.10:35357/v3 |

+-- +

Create domains, projects, users, and roles:

The authentication service provides authentication services for each OpenStack service. The authentication service uses a combination of T domains, projects (tenants),: term: `users` and: term: `roles`.

1. Create a domain ``default``:

# openstack domain create-- description "Default Domain" default

+-- +

| | Field | Value |

+-- +

| | description | Default Domain |

| | enabled | True |

| | id | 2ed7d4d390914a55b19ca76df7d78be5 |

| | name | default |

+-- +

2. In your environment, create managed projects, users, and roles for administrative operations:

Create an admin project:

# openstack project create-- domain default\

>-- description "Admin Project" admin

+-- +

| | Field | Value |

+-- +

| | description | Admin Project |

| | domain_id | 2ed7d4d390914a55b19ca76df7d78be5 |

| | enabled | True |

| | id | 7f1f3eae73dc439da7f53c15c634c4e7 |

| | is_domain | False |

| | name | admin |

| | parent_id | 2ed7d4d390914a55b19ca76df7d78be5 |

+-- +

To create an admin user:

# openstack user create-- domain default\

>-- password admin admin

+-- +

| | Field | Value |

+-- +

| | domain_id | 2ed7d4d390914a55b19ca76df7d78be5 |

| | enabled | True |

| | id | d18bdef0fe114b089a09f1fc21fefd88 |

| | name | admin |

| | options | {} | |

| | password_expires_at | None |

+-- +

Create an admin role:

# openstack role create admin

+-- +

| | Field | Value |

+-- +

| | domain_id | None |

| | id | e664a32afabb4701992287ab341fc642 |

| | name | admin |

+-- +

Add the role ``admin`` to admin projects and users

# openstack role add-project admin-user admin admin

Any roles created must be mapped to the ``policy.json`` file under each OpenStack service profile directory. The default policy is to give the "admin" role administrative access to most services

3. Create ``service`` project:

# openstack project create-- domain default\

>-- description "Service Project" service

+-- +

| | Field | Value |

+-- +

| | description | Service Project |

| | domain_id | 2ed7d4d390914a55b19ca76df7d78be5 |

| | enabled | True |

| | id | fb85ea3cb36a4ba38fcb607ce085e15e |

| | is_domain | False |

| | name | service |

| | parent_id | 2ed7d4d390914a55b19ca76df7d78be5 |

+-- +

4. Regular (non-administrative) tasks should use unprivileged projects and users. As an example, create demo projects and users.

Create a demo project

# openstack project create-- domain default\

>-- description "Demo Project" demo

+-- +

| | Field | Value |

+-- +

| | description | Demo Project |

| | domain_id | 2ed7d4d390914a55b19ca76df7d78be5 |

| | enabled | True |

| | id | 45a1b89bc5de479e8d3e04eae314ee88 |

| | is_domain | False |

| | name | demo |

| | parent_id | 2ed7d4d390914a55b19ca76df7d78be5 |

+-- +

**

Do not repeat this step when creating additional users for this project.

Create ``demo`` user

# openstack user create-- domain default\

>-- password demo demo

+-- +

| | Field | Value |

+-- +

| | domain_id | 2ed7d4d390914a55b19ca76df7d78be5 |

| | enabled | True |

| | id | 251ad20a4d754dc4a104a3f5b8159142 |

| | name | demo |

| | options | {} | |

| | password_expires_at | None |

+-- +

Create a user role:

# openstack role create user

+-- +

| | Field | Value |

+-- +

| | domain_id | None |

| | id | ab0c8bfe852b46adaae9d8a7015f98cd |

| | name | user |

+-- +

Add user`` role to ``demo project and user:

Openstack role add-project demo-user demo user

Verify the action:

1. Reset the ``OS_ token`` and ``OS_ URL`` environment variables:

# unset OS_TOKEN OS_URL

2. As an admin user, request an authentication token:

# openstack-os-auth-url http://172.25.33.10:35357/v3-os-project-domain-name default-os-user-domain-name default-os-project-name admin-os-username admin token issue

Password:

* * Management port 35357

+-+

| | Field | Value |

+-+

| | expires | 2017-04-04T08:55:18+0000 |

| | id | gAAAAABY41FmAHBHvYUHWOpciT4HGmm4W3EfdKxwBuBBK17ypEY4yMU6COj1c |

| | ANOBBsfBFb76BCSdGVLUm7Bp8528kcYbx93jLVdTL92_-gY-e_pLAFfVyEyw2 |

| | mKoG64Q4C34fwxQqKLlwAMwSPd5Jm03NRF6aPhO52E_A552CNij47pdVQrJ14 |

| | project_id | 7f1f3eae73dc439da7f53c15c634c4e7 |

| | user_id | d18bdef0fe114b089a09f1fc21fefd88 |

+-+

3. As the ``demo`` user, request an authentication token:

# openstack-os-auth-url http://172.25.33.10:5000/v3-os-project-domain-name default-os-user-domain-name default\

>-os-project-name demo-os-username demo token issue

Password:

* * General access port 5000

+-+

| | Field | Value |

+-+

| | expires | 2017-04-04T08:57:08+0000 |

| | id | gAAAAABY41HVHfiJahMmQBUuvkxVlAOKeKEjGfqaOc7AQdo4oJ_cov9rW88QH |

| | 744pp3Pte29NfnKi3IFEeXNfEm0RxlAkjahRez2d3eFykPN-gAnpjc3e0ClTF |

| | lbFNgoIbfNpEoYZNhTH88FmRKfDAVoTMDHFyypiIMLdOdUxQOEth8_wLzlgcs |

| | project_id | 45a1b89bc5de479e8d3e04eae314ee88 |

| | user_id | 251ad20a4d754dc4a104a3f5b8159142 |

This command uses the password of the ``demo`` user and API port 5000, which only allows regular (non-administrative) access to the authentication service API.

Use a combination of environment variables and command options to interact with the authentication service through the ``openstack`` client. In order to improve the efficiency of client-side operations, OpenStack supports simple client-side environment variable scripts, namely OpenRC files. These scripts usually contain all the common options on the client side and, of course, support unique options.

Create a script:

Edit the file admin-openrc and add the following:

# cat admin-openrc

Export OS_PROJECT_DOMAIN_NAME=default

Export OS_USER_DOMAIN_NAME=default

Export OS_PROJECT_NAME=admin

Export OS_USERNAME=admin

Export OS_PASSWORD=admin

Export OS_AUTH_URL= http://172.25.33.10:35357/v3

Export OS_IDENTITY_API_VERSION=3

Export OS_IMAGE_API_VERSION=2

# cat demo-openrc

Export OS_PROJECT_DOMAIN_NAME=default

Export OS_USER_DOMAIN_NAME=default

Export OS_PROJECT_NAME=demo

Export OS_USERNAME=demo

Export OS_PASSWORD=demo

Export OS_AUTH_URL= http://172.25.33.10:5000/v3

Export OS_IDENTITY_API_VERSION=3

Export OS_IMAGE_API_VERSION=2

Use script

By running the client with specific tenants and users, you can simply load the relevant client script before running it. For example:

Load the ``admin- openrc`` file to the location of the environment variables of the authentication service and the ``admin`` project and user certificate:

There are two ways to load admin-openrc:

Source admin-openrc or. Admin-openrc

#. Admin-openrc

# openstack token issue

+-+

| | Field | Value |

+-+

| | expires | 2017-04-04T09:02:28+0000 |

| | id | gAAAAABY41MUmOusa28o-Y8ihK-TKEMcbV1nkTa0rgQXyzn5kF-u_Pz8MgXhn |

| | WTmS5R36L4t6lBEpBrzMSD74zoRZFjnXBg6gDsuMl8Cc0ORfoa_YChV5_zjTT |

| | nf6kDFPGE074WN3Oy43Aj4FQ8uAnU0bvSSKcT6Lj4UoBbPIrzgYkALec04CkU |

| | project_id | 7f1f3eae73dc439da7f53c15c634c4e7 |

| | user_id | d18bdef0fe114b089a09f1fc21fefd88 |

+-

Mirror service:

1. Obtain admin credentials to gain access to commands that only administrators can execute:

#. Admin-openrc

2. To create a service certificate, complete these steps:

To create a glance user:

# openstack user create-domain default-password glance glance

+-- +

| | Field | Value |

+-- +

| | domain_id | 2ed7d4d390914a55b19ca76df7d78be5 |

| | enabled | True |

| | id | 20bca1402e4b46438c1cbe3aa47ee9c2 |

| | name | glance |

| | options | {} | |

| | password_expires_at | None |

+-- +

Add admin roles to glance users and service projects.

Openstack role add-project service-user glance admin

3. Create a ``glance`` service entity:

# openstack service create-- name glance\

>-- description "OpenStack Image" p_w_picpath

+-- +

| | Field | Value |

+-- +

| | description | OpenStack Image |

| | enabled | True |

| | id | b1def3cde6cb4c1a89afb44791997fd9 |

| | name | glance |

| | type | p_w_picpath |

+-- +

4. Create the API endpoint of the image service:

# openstack endpoint create-- region RegionOne\

P_w_picpath public http://172.25.33.10:9292

+-- +

| | Field | Value |

+-- +

| | enabled | True |

| | id | 919b3be7a4934426ab8bbeadd11c055f |

| | interface | public |

| | region | RegionOne |

| | region_id | RegionOne |

| | service_id | b1def3cde6cb4c1a89afb44791997fd9 |

| | service_name | glance |

| | service_type | p_w_picpath |

| | url | http://172.25.33.10:9292 |

+-- +

# openstack endpoint create-- region RegionOne p_w_picpath internal http://172.25.33.10:9292

# openstack endpoint create-- region RegionOne p_w_picpath admin http://172.25.33.10:9292

1. Install the software package:

# yum install openstack-glance

2 Edit the file / etc/glance/glance-api.conf and complete the following actions:

In the [database] section, configure database access:

[database]

...

Connection = mysql+pymysql://glance:glance@172.25.33.10/glance

In the [keystone_authtoken] and [paste_deploy] sections, configure authentication service access:

[keystone_authtoken]

Auth_uri = http://controller:5000

Auth_url = http://controller:35357

Memcached_servers = controller:11211

Auth_type = password

Project_domain_name = default

User_domain_name = default

Project_name = service

Username = glance

Password = glance

[paste_deploy]

Flavor = keystone

In the [glance_store] section, configure the local file system storage and mirror file location:

[glance_store]

Stores = file,http

Default_store = file

Filesystem_store_datadir = / var/lib/glance/p_w_picpaths/

3. Edit the file ``/ etc/glance/glance- registry.conf`` and complete the following actions:

In the [database] section, configure database access:

[database]

Connection = mysql+pymysql://glance:glance@172.25.33.10/glance

In the [keystone_authtoken] and [paste_deploy] sections, configure authentication service access

[keystone_authtoken]

Auth_uri = http://172.25.33.10:5000

Auth_url = http://172.25.33.10:35357

Memcached_servers = 172.25.33.10 11211

Auth_type = password

Project_domain_name = default

User_domain_name = default

Project_name = service

Username = glance

Password = glance

[paste_deploy]

Flavor = keystone

In the [glance_store] section, configure the local file system storage and mirror file location:

[glance_store]

Stores = file,http

Default_store = file

Filesystem_store_datadir = / var/lib/glance/p_w_picpaths/

3. Edit the file ``/ etc/glance/glance- registry.conf`` and complete the following actions:

In the [database] section, configure database access:

[database]

Connection = mysql+pymysql://glance:glance@172.25.33.10/glance

In the [keystone_authtoken] and [paste_deploy] sections, configure authentication service access:

[keystone_authtoken]

Auth_uri = http://172.25.33.10:5000

Auth_url = http://172.25.33.10:35357

Memcached_servers = 172.25.33.10 11211

Auth_type = password

Project_domain_name = default

User_domain_name = default

Project_name = service

Username = glance

Password = glance

[paste_deploy]

Flavor = keystone

4. Write to the mirror service database:

# su-s / bin/sh-c "glance-manage db_sync" glance

Complete the installation:

# systemctl enable openstack-glance-api.service\

Openstack-glance-registry.service

# systemctl start openstack-glance-api.service\

Openstack-glance-registry.service

Verify the action:

1. Obtain admin credentials to gain access to commands that only administrators can execute:

#. Admin-openrc

2. Download the source image

# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img

3. Use QCOW2 disk format and bare container format to upload the image to the image service and set it to be publicly visible, so that all projects can access it:

# openstack p_w_picpath create "cirros"-file cirros-0.3.4-x86_64-disk.img-disk-format qcow2-container-format bare-public

+-+

| | Field | Value |

+-+

| | checksum | ee1eca47dc88f4879d8a229cc70a07c6 |

| | container_format | bare |

| | created_at | 2017-04-04T08:47:17Z |

| | disk_format | qcow2 |

| | file | / v2/p_w_picpaths/2ed41322-bbd2-45b0-8560-35af76041798/file | |

| | id | 2ed41322-bbd2-45b0-8560-35af76041798 |

| | min_disk | 0 | |

| | min_ram | 0 | |

| | name | cirros |

| | owner | 7f1f3eae73dc439da7f53c15c634c4e7 |

| | protected | False |

| | schema | / v2/schemas/p_w_picpath |

| | size | 13287936 | |

| | status | active |

| | tags |

| | updated_at | 2017-04-04T08:47:17Z |

| | virtual_size | None |

| | visibility | public |

+-

It's not finished. Please read the next article.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.