Openstack 配置及其API的简单使用

安装除Neutron(Quantum)以外所有东西

在开始之前,假设有三个NIC

禁用selinux,并修改网络配置/etc/sysconfig/network-scripts/ifcfg-ethX

# Internal
DEVICE=eth0
TYPE=Ethernet
BOOTPROTO=static
IPADDR=192.168.1.11
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.1
DEFROUTE=yes
ONBOOT=yes
# External
DEVICE=eth1
TYPE=Ethernet
BOOTPROTO=static
IPADDR=192.168.1.12
NETMASK=255.255.255.0
DEFROUTE=yes
ONBOOT=yes
#Public Bridge
DEVICE=eth2
TYPE=Ethernet
BOOTPROTO=static
IPADDR=192.168.1.13
NETMASK=255.255.255.0
DEFROUTE=yes
ONBOOT=yes

于Feodra18中安装Openstack,可参考文档,按照这个来的话对Openstack的设计理念将会有所了解
Getting started with OpenStack on Fedora 18
或者运行

/*安装完成后管理员界面为http://localhost/dashboard用户名admin,密码secrete*/
# openstack-demo-install

以上两种方法把除了Neutron(quantum)其他的服务都配置好了,关于quantum的配置见文末

添加虚拟机实例

可参考文档
Getting started with OpenStack on Fedora 18
在终端操作之前需要设置环境变量,将它们两者之一写到一个文件,然后source一下

export OS_USERNAME=admin
export OS_PASSWORD=secrete
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://127.0.0.1:5000/v2.0/
export ADMIN_TOKEN=$(openssl rand -hex 10)
export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0/
export SERVICE_TOKEN=\$ADMIN_TOKEN
source FileA

这个libvirt支持kvm以及xen虚拟化,所以支持的镜像也比较多,这里下载一个已经安装好的f17的qcow2镜像

# axel -n 5 http://berrange.fedorapeople.org/images/2012-11-15/f17-x86_64-openstack-sda.qcow2
/*注册镜像*/
# glance add name=f17-jeos is_public=true disk_format=qcow2 container_format=bare 

然后以demo用户进入dashboard,会看到添加进来的image,根据image启动实例,打开vnc界面(非localhost访问要改ip)。

安装操蛋的Neutron(quantum)服务

这东西刚改名,nova自带的有network服务,可这个可以虚拟L2 L3 switch,那就比较有意思了

/*注册quantum*/

# keystone service-create --name quantum --type network --description 'OpenStack Networking Service'
# keystone endpoint-create --region myregion --service-id 26a55b340e254ad5bb78c0b14391e153 --publicurl "http://192.168.1.11:9696/" --adminurl "http://192.168.1.11:9696/" --internalurl "http://192.168.1.11:9696/"

/*(可选)添加quantum服务用户*/
get_id.sh:

$ function get_id () {
     echo `"$@" | awk '/ id / { print $4 }'`
}
# ADMIN_ROLE=$(get_id keystone role-create --name=admin)
# QUANTUM_USER=$(get_id keystone user-create --name=quantum --pass="servicepass" --email=demo@example.com --tenant-id service)
# keystone user-role-add --user_id $QUANTUM_USER --role_id $ADMIN_ROLE --tenant_id service

/*服务插件二选一,linuxbrideg和openvswitch,这里使用后者,先安装插件*/

# yum install openstack-quantum-openvswitch

/*启动并添加服务*/

# quantum-server-setup --plugin openvswitch
# quantum-node-setup --plugin openvswitch
# service quantum-server start
# chkconfig quantum-server on

# service openvswitch start
# chkconfig openvswitch on

# ovs-vsctl add-br br-int
# chkconfig quantum-openvswitch-agent on
# service quantum-openvswitch-agent start

# quantum-dhcp-setup --plugin openvswitch
# chkconfig quantum-dhcp-agent on
# service quantum-dhcp-agent start

# ovs-vsctl add-br br-ex
# ovs-vsctl add-port br-ex eth1
# quantum-l3-setup --plugin openvswitch
# chkconfig quantum-l3-agent on
# service quantum-l3-agent start
# chkconfig quantum-metadata-agent on
# service quantum-metadata-agent start

修改并配置网络 /etc/sysconf/network-scripts/ifcfg-eth1,/etc/sysconf/network-scripts/ifcfg-br-ex

# External
DEVICE=eth1
TYPE=Ethernet
BOOTPROTO=none
NM_CONTROLLED=no
BRIDGE=br-ex
ONBOOT=yes
#Public Bridge
DEVICE=br-ex
TYPE=Bridge
BOOTPROTO=static
IPADDR=192.168.2.11
NETMASK=255.255.255.0
NM_CONTROLLED=no
ONBOOT=yes
# ip addr del 10.0.0.9/24 dev eth1
# ip addr add 10.0.0.9/24 dev br-ex

这里类似VPN的重写HEADER

echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
sysctl -w net.ipv4.ip_forward=1 
iptables -A FORWARD -i eth0 -o br-ex -s 10.10.10.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A POSTROUTING -s 10.10.10.0/24 -t nat -j MASQUERADE

最后重启机器即可

通过curl使用openstack api

参考这篇文章
注意区分token和固定id

获取可用镜像

curl -s http://10.199.0.250:8774/v2/51ad87714b86442d9a74537d6f890060/images 
-X GET 
-H "X-Auth-Project-Id: admin" 
-H "Accept: application/json" 
-H "X-Auth-Token: 6083193874684f38865b086a8a5f4b7b" | python -mjson.tool

创建虚拟机

curl -i http://10.199.0.250:8774/v2/51ad87714b86442d9a74537d6f890060/servers 
-X POST -H "X-Auth-Project-Id: admin" 
-H "Content-Type: application/json" 
-H "Accept: application/json" 
-H "X-Auth-Token: 6083193874684f38865b086a8a5f4b7b" 
-d '{"server": {"name": "instance1", "imageRef": "992f5732-af50-40fc-987f-25951cbce943", "key_name": "damion-flybook", "flavorRef": "3", "max_count": 1, "min_count": 1}}'

发表评论

您的电子邮箱地址不会被公开。