source /etc/keystone/admin-openrc.sh
openstack console url show exam #无需打开dashboard获取实例exam的vnc链接glance
#创建cirros镜像
openstack image create “centos” \
--disk-format qcow2 \
--container-format bare \
--shared <./cirros-0.3.5-x86_64-disk.img #创建cirros镜像
glance image-create --name cirros \
--disk-format qcow2 --container-format bare \
--progress <./cirros-0.3.5-x86_64-disk.img #创建cirros镜像#删除镜像
openstack image delete <name>
glance image-delete <id>file <文件名> #查看某文件信息openstack image set --min-disk=1 cirros #更新镜像信息
glance image-update --min-disk=0 ad741236-5183-4751-8327-b088512c85f3 #更新镜像信息
--min-disk #镜像启动最小硬盘大小
--name #镜像名称
--disk-format #镜像格式
--min-ram #镜像启动最小内存大小
--container-format #镜像在项目中可见性
openstack image show <name>or<id> # 查看镜像详细信息
glance image-show <id> #查看镜像详细信息glance对接Swift作后端存储
crudini --set /etc/glance/glance-api.conf glance_store swift_store_container glance
crudini --set /etc/glance/glance-api.conf glance_store swift_store_create_container_on_put true
crudini --set /etc/glance/glance-api.conf glance_store swift_store_multi_tenant true
crudini --set /etc/glance/glance-api.conf glance_store swift_store_admin_tenant service
crudini --set /etc/glance/glance-api.conf glance_store swift_store_user 000000
crudini --set /etc/glance/glance-api.conf glance_store swift_store_key 000000
crudini --set /etc/glance/glance-api.conf glance_store stores swift
crudini --set /etc/glance/glance-api.conf glance_store default_store swiftglance对接cinder作后端存储
################
glance配置
vim /etc/glance/glance-api.conf
.
.
.
show_multiple_locations = true
[glance_store]
# stores = file,http
# demo_store = file
# filesystem_store_datadir = /var/lib/glance/images/
.
.
.
stores = cinder
default_store = cinder
[root@controller ~]# systemctl restart openstack-glance*
##################
cinder配置
vim /etc/cinder/cinder.conf
.
.
.
allowed_direct_url_schemes = cinder
image_upload_use_cinder_backend = true
image_upload_use_internal_tenant = true
[root@controller ~]# systemctl restart openstack-cinder*
glance对接nfs作后端存储
nfs-server配置
#############
[root@nfs-server ~]# yum install rpcbind nfs-utils -y
[root@nfs-server ~]# mkdir -p /nfs/share
[root@nfs-server ~]# vim /etc/exports
/nfs/share 192.168.200.0(rw,sync,no_root_squash,no_all_squash,anonuid=501,anongid=501)
[root@nfs-server ~]# exportfs -r
[root@nfs-server ~]# rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
[root@nfs-server ~]# systemctl restart rpcbind
[root@nfs-server ~]# rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 38286 status
100024 1 tcp 51127 status
100005 1 udp 20048 mountd
100005 1 tcp 20048 mountd
100005 2 udp 20048 mountd
100005 2 tcp 20048 mountd
100005 3 udp 20048 mountd
100005 3 tcp 20048 mountd
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100227 3 tcp 2049 nfs_acl
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100227 3 udp 2049 nfs_acl
100021 1 udp 51358 nlockmgr
100021 3 udp 51358 nlockmgr
100021 4 udp 51358 nlockmgr
100021 1 tcp 37191 nlockmgr
100021 3 tcp 37191 nlockmgr
100021 4 tcp 37191 nlockmgr
[root@nfs-server ~]# systemctl enable rpcbind nfs-server
[root@nfs-server ~]# showmount -e 192.168.200.131
Export list for 192.168.200.131:
/nfs/share 192.168.200.0/24
controller glance配置
####################
[root@controller ~]# yum install rpcbind nfs-utils -y
[root@controller ~]# df -Th
Filesystem Type Size Used Avail Use% Mounted on
devtmpfs devtmpfs 1.4G 0 1.4G 0% /dev
tmpfs tmpfs 1.4G 0 1.4G 0% /dev/shm
tmpfs tmpfs 1.4G 12M 1.4G 1% /run
tmpfs tmpfs 1.4G 0 1.4G 0% /sys/fs/cgroup
/dev/mapper/centos-root xfs 42G 8.2G 34G 20% /
/dev/sda1 xfs 497M 144M 354M 29% /boot
tmpfs tmpfs 279M 0 279M 0% /run/user/0
[root@controller ~]# mount -t nfs 192.168.200.131:/nfs/share /var/lib/glance/images/
[root@controller ~]# df -Th
Filesystem Type Size Used Avail Use% Mounted on
devtmpfs devtmpfs 1.4G 0 1.4G 0% /dev
tmpfs tmpfs 1.4G 0 1.4G 0% /dev/shm
tmpfs tmpfs 1.4G 12M 1.4G 1% /run
tmpfs tmpfs 1.4G 0 1.4G 0% /sys/fs/cgroup
/dev/mapper/centos-root xfs 42G 8.2G 34G 20% /
/dev/sda1 xfs 497M 144M 354M 29% /boot
tmpfs tmpfs 279M 0 279M 0% /run/user/0
vmhgfs-fuse fuse.vmhgfs-fuse 72G 53G 19G 74% /mnt/hgfs
192.168.200.131:/nfs/share nfs4 72G 2.3G 70G 4% /var/lib/glance/images
[root@controller ~]# chown glance:glance /var/lib/glance/images
[root@controller ~]# source admin-openrc.sh
[root@controller ~]# openstack image create test --disk-format qcow2 --container-format bare --public <./cirros-0.3.0-x86_64-disk.img
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 4872e790-ae84-42a1-b1ae-109cc3365647 | cirros | active |
| a3aa4889-522e-4e4c-a9fc-e2a4a98d7ab7 | test | active |
+--------------------------------------+--------+--------+
测试
####
[root@controller ~]# ls /var/lib/glance/images/
a3aa4889-522e-4e4c-a9fc-e2a4a98d7ab7
[root@nfs-server ~]# ls /nfs/share/
a3aa4889-522e-4e4c-a9fc-e2a4a98d7ab7nova
crudini --set /etc/nova/nova.conf libvirt virt_type qemu #在虚拟机环境下需设置
systemctl restart openstack-nova-compute #重启nova服务neutron
openstack network create ext-net \
--provider-netowrk-type vlan \
--provider-physical-network provider \
--provider-segment 200
#创建网络openstack subnet create ext-subnet \
--ext-net \
--allocation-poll start=192.168.200.X,end=192.168.200.X \
--gateway 192.168.200.1 \
--subnet-range 192.168.200.0/24
#创建子网并绑定网络openstack network list #列出所有网络
openstack subnet list #列出所有子网cinder
openstack volume create --size 2 volume #创建一个大小2G的卷volumeopenstack volume list # 列出所有卷的信息
openstack volume show volume # 列出名称为volume的卷的详细信息openstack server add volume exam volume #为exam实例挂载卷volume
openstack server remove volume exam volume #卸载exam的volume卷
openstack volume set --size 3 volume #设置volume卷的大小为3Gflavor
openstack flavor create m1 \
--disk 10 --ram 512 --vcpus 1 --id 10 #创建实例类型openstack flavor list #列出所有实例类型Security Group
openstack security group list #列出所有安全组
openstack security group rule list <id> #列出此安全组所有规则
openstack security group rule show <id> #列出此规则详细信息
openstack security group create test #创建test安全组
openstack security group delete test #删除test安全组
openstack security group rule create --protocol icmp --ingress test #添加入口ICMP全部通过规则到test安全组
openstack security group rule create --protocol icmp --egress test #添加出口ICMP全部通过规则到test安全组server
openstack server list #列出所有实例
openstack server stop <id> or<name> #实例暂停
openstack server start <id>or<name> #实例开机
openstack server reboot <id>or<name> #实例重启swift
swift stat #查看Swift组件openstack container create swift-test #创建swift-test容器
openstack container list #列出所有容器
openstack container show swift-test #查看swift-test容器详细信息#创建object前需将上传后的目录结构在本地创建,这里在本地创建名为“test”的目录“/root/test”,将/root/anaconda-ks.cfg文件复制到“/root/test”目录中
[root@controller ~]# mkdir test
[root@controller ~]# cp anaconda-ks.cfg test/
openstack object create swift-test test/anaconda-ks.cfg #创建对象
openstack object list swift-test #查看swift-test容器中所有对象
openstack object show swift-test test/anaconda-ks.cfg #查看swift-test容器中test/anaconda-ks.cfg对象详细信息
[root@controller opt]# cd /opt/
[root@controller opt]# openstack object save swift-test test/anaconda-ks.cfg
[root@controller opt]# ls test/
anaconda-ks.cfg #下载对象test/anaconda-ks.cfg到opt目录下
openstack object delete swift-test test/anaconda-ks.cfg #删除test/anaconda-ks.cfg对象
openstack container delete swift-test #删除swfit-test容器[root@controller ~]# swift post test #创建容器test
[root@controller ~]# swift stat test #查看容器test
Account: AUTH_50cec6526baa4ce58bc228f43cd84a70
Container: test
Objects: 0
Bytes: 0
Read ACL:
Write ACL:
Sync To:
Sync Key:
Accept-Ranges: bytes
X-Storage-Policy: Policy-0
Last-Modified: Sat, 12 Nov 2022 09:43:00 GMT
X-Timestamp: 1668246092.88731
X-Trans-Id: txcb18528f6f174e10ac794-00636f6aa8
Content-Type: application/json; charset=utf-8
X-Openstack-Request-Id: txcb18528f6f174e10ac794-00636f6aa8
swift upload test -S 10000000 cirros-0.3.5-x86_64-disk.img #上传cirros镜像到test容器并分片存储 每个片段大小为10M
[root@controller ~]# swift list test_segments #查看存储路径中的数据片可看到单个存储片大小为10M,镜像大小为13M左右,所以分成了两片
cirros-0.3.5-x86_64-disk.img/1647249152.000000/13267968/10000000/00000000
cirros-0.3.5-x86_64-disk.img/1647249152.000000/13267968/10000000/000000012022/11/12
Barbican
Barbican是openstack的key管理组件,定位在提供REST API 来安全存储、提供和管理“秘密”openstack secret store --name secret01 --payload secretkey #创建secret01密钥
openstack secret list #列出所有密钥
openstack secret get <secret href> #获取密钥元数据
openstack secret get http://controller:9311/v1/secrets/70df933c-6987-4ea6-b87b-fc6f81da54a1 --payload #查看secret01密钥负载
