OpenStack运维通过安装部署Dashboard控制台启动实例

Dashboard概述

Dashboard是OpenStack中提供的一个web前端控制台,以此来展示openstack的功能。Dashboard是一个基于Django Web Framework开发的标准的Python WSGI程序。Dashboard将页面上的所有元素模块化,网页中一些常见元素(如表单,表格,标签页)全部被封装成Python类,每个组件都有自己对应的一小块HTML模板,当渲染整个页面的时候,Dashboard先查找当前页面有多少组件,然后将各个组件分别进行渲染变成一段HTML片段,最后拼装成一个完整的HTML页面,返回给浏览器。

Dashboard安装

安装服务

1
yum install openstack-dashboard -y

服务配置

编辑修改/etc/openstack-dashboard/local_settings

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
[root@node01 ~]# vim /etc/openstack-dashboard/local_settings


ALLOWED_HOSTS = ['*']

SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'master01.boysec.cn:11211',
    }
}

OPENSTACK_HOST = "master01.boysec.cn"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 3,
}

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"

OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

OPENSTACK_NEUTRON_NETWORK = {
    ...
    'enable_router': False,
    'enable_quotas': False,
    'enable_distributed_router': False,
    'enable_ha_router': False,
    'enable_lb': False,
    'enable_firewall': False,
    'enable_vpn': False,
    'enable_fip_topology_check': False,
}

TIME_ZONE = "Asia/Shanghai"

修改apache服务

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
[root@node01 ~]# cat /etc/httpd/conf.d/openstack-dashboard.conf 
WSGIDaemonProcess dashboard
WSGIProcessGroup dashboard
WSGISocketPrefix run/wsgi
WSGIApplicationGroup %{GLOBAL}

WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
Alias /static /usr/share/openstack-dashboard/static

<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
  Options All
  AllowOverride All
  Require all granted
</Directory>

<Directory /usr/share/openstack-dashboard/static>
  Options All
  AllowOverride All
  Require all granted
</Directory>

# 重启httpd
[root@node01 ~]# systemctl restart httpd

web页面访问

用户:admin

密码:keystone

创建实例

创建提供者网络

在启动实例之前,必须创建必须的虚拟机网络设施。在控制节点上,加载 admin 凭证来获取管理员能执行的命令访问权限:

1
2
3
4
5
6
7
8
# 创建网络,类型是flat
neutron net-create --shared --provider:physical_network provider \
  --provider:network_type flat provider
# 在网络上创建一个子网
neutron subnet-create --name provider \
  --allocation-pool start=10.1.1.10,end=10.1.1.50 \
  --dns-nameserver 114.114.114.114 --gateway 10.1.1.2 \
  provider 10.1.1.0/24

创建m1.nano规格的主机

1
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano

生成一个键值对

1
2
ssh-keygen -q -N ""
openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey

另外,你可以跳过执行 ssh-keygen 命令而使用已存在的公钥。

验证公钥的添加:

1
2
3
4
5
6
[root@master01 ~]# openstack keypair list
+-------+-------------------------------------------------+
| Name  | Fingerprint                                     |
+-------+-------------------------------------------------+
| mykey | 78:13:60:bc:22:5e:f2:fe:a0:55:86:6e:b1:e5:b2:25 |
+-------+-------------------------------------------------+

增加安全组规则

默认情况下, default安全组适用于所有实例并且包括拒绝远程访问实例的防火墙规则。对诸如CirrOS这样的Linux镜像,我们推荐至少允许ICMP (ping) 和安全shell(SSH)规则。

1
2
3
4
5
# 允许ICMP(ping)
openstack security group rule create --proto icmp default

# 允许安全 shell (SSH) 的访问
openstack security group rule create --proto tcp --dst-port 22 default

验证实例

启动一台实例,您必须至少指定一个类型、镜像名称、网络、安全组、密钥和实例名称。

  1. 一个实例指定了虚拟机资源的大致分配,包括处理器、内存和存储。

    列出可用类型:

    1
    2
    3
    4
    5
    6
    [root@master01 ~]# openstack flavor list
    +----+---------+-----+------+-----------+-------+-----------+
    | ID | Name    | RAM | Disk | Ephemeral | VCPUs | Is Public |
    +----+---------+-----+------+-----------+-------+-----------+
    | 0  | m1.nano |  64 |    1 |         0 |     1 | True      |
    +----+---------+-----+------+-----------+-------+-----------+

  2. 列出可用镜像:

    1
    2
    3
    4
    5
    6
    [root@master01 ~]# openstack image list
    +--------------------------------------+--------+--------+
    | ID                                   | Name   | Status |
    +--------------------------------------+--------+--------+
    | d4e76622-3d1f-43c7-bf0f-5262cd8a3aec | cirros | active |
    +--------------------------------------+--------+--------+

  3. 列出可用网络:

    1
    2
    3
    4
    5
    6
    [root@master01 ~]# openstack network list
    +--------------------------------------+----------+--------------------------------------+
    | ID                                   | Name     | Subnets                              |
    +--------------------------------------+----------+--------------------------------------+
    | 6d0657c7-2425-4583-bcc1-0051cee6a869 | provider | 6b17116f-a2b6-44b6-ad06-3d770b3ce187 |
    +--------------------------------------+----------+--------------------------------------+

  4. 列出可用的安全组:

    1
    2
    3
    4
    5
    6
    openstack security group list
    +--------------------------------------+---------+------------------------+
    | ID                                   | Name    | Description            |
    +--------------------------------------+---------+------------------------+
    | dd2b614c-3dad-48ed-958b-b155a3b38515 | default | Default security group |
    +--------------------------------------+---------+------------------------+

创建实例

1
openstack server create --flavor m1.nano --image cirros   --nic net-id=6d0657c7-2425-4583-bcc1-0051cee6a869 --security-group default   --key-name mykey test

查看实例的状态

1
2
3
4
5
6
[root@master01 ~]# openstack server list
+--------------------------------------+------+--------+--------------------+--------+---------+
| ID                                   | Name | Status | Networks           | Image  | Flavor  |
+--------------------------------------+------+--------+--------------------+--------+---------+
| 36690634-53e4-45c4-bc8b-95068c3c203d | test | ACTIVE | provider=10.1.1.12 | cirros | m1.nano |
+--------------------------------------+------+--------+--------------------+--------+---------+

Dashboard管理

问题描述:

云主机创建时报错:Host ‘node01.boysec.cn’ is not mapped to any cell

问题解决办法:

控制节点以stack用户执行如下命令:

1
nova-manage cell_v2 discover_hosts --verbose

openstack 实例卡在引导

在计算节点node01.boysec.cn上:

1
2
3
4
5
6
7
8
9
vim /etc/nova/nova.conf
···
# 添加如下配置
[libvirt]
cpu_mode = none
virt_type = qemu
···
#重启openstack-nova-compute服务
systemctl restart openstack-nova-compute.service

重启实例,登录实例控制台

控制节点免密登录

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
[root@master01.boysec.cn ~]# ssh cirros@10.1.1.12
The authenticity of host '10.1.1.12 (10.1.1.12)' can't be established.
ECDSA key fingerprint is SHA256:yg1hCOXlL03VOgrlMuU0NFKTkKPt/nLKEuDDmHAK1WI.
ECDSA key fingerprint is MD5:51:15:e1:c6:24:56:57:fb:09:c5:27:b7:7e:63:ed:c7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.1.1.12' (ECDSA) to the list of known hosts.
$ ifconfig
eth0      Link encap:Ethernet  HWaddr FA:16:3E:21:9B:CC  
          inet addr:10.1.1.12  Bcast:10.1.1.255  Mask:255.255.255.0
          inet6 addr: fe80::f816:3eff:fe21:9bcc/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:123 errors:0 dropped:0 overruns:0 frame:0
          TX packets:155 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:15594 (15.2 KiB)  TX bytes:15822 (15.4 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)