Configuration of Dashboard dashboard service (Controller Node)
1. Configure Dashboard
# apt -y install openstack-dashboard
# vim /etc/openstack-dashboard/local_settings.py
OPENSTACK_HOST = "192.168.30.145" ##Configure the dashboard to use the OpenStack service
ALLOWED_HOSTS = ['*'] ##Allow all hosts to access the dashboard
##Configuring memcached session storage service
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '192.168.30.145:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3"%% OPENSTACK_HOST \ Enables Version 3 Authentication API
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True ##Enable domain support
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
} ##Configure API version
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default" ##Default domain configuration for user creation through dashboard
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user" ##User default role configuration created through the dashboard
TIME_ZONE = "Asia/Chongqing" ##Configure time zone
# cat /etc/openstack-dashboard/local_settings.py|grep -v "#"|grep -v ^$2. Change dashboard key file permissions
# chown www-data:www-data /var/lib/openstack-dashboard/secret_key # service apache2 reload ##Reload web server configuration
3. Verification of dashboard services
The browser enters http://controller/horizon to access the dashboard.
Use admin or demo user credentials and default domain credentials to verify.
Identity Management - Projects
Identity Management - Users
7. Start an example
1. Creating a Public Network
a. Get admin privileges
# . admin-openrc
b. Creating a network
# openstack network create --share \\ --provider-physical-network provider \\ --provider-network-type flat provider +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2017-03-29T11:59:09Z | | description | | | dns_domain | None | | id | ff30780d-45af-45dc-860f-59b1c091c2a2 | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | None | | mtu | 1500 | | name | provider | | port_security_enabled | True | | project_id | 2461396f6a344c21a2360a612d4f6abe | | provider:network_type | flat | | provider:physical_network | provider | | provider:segmentation_id | None | | qos_policy_id | None | | revision_number | 3 | | router:external | Internal | | segments | None | | shared | True | | status | ACTIVE | | subnets | | | updated_at | 2017-03-29T11:59:10Z | +---------------------------+--------------------------------------+
shared: Allows all projects to use virtual networks
provider: Network created by administrators for direct and physical network mapping
provider-physical-network
provider-network-type (network type, including vxlan, gre, vlan, flat, local)
c. Configuring Modular Layer 2 (ML2) plug-ins
# vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2_type_flat] flat_networks = provider
d. Configuring Linux bridge agents
# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:ens33
2. Create a subnet on the network
# openstack subnet create --network provider \\ --allocation-pool start=192.168.200.100,end=192.168.200.200 \\ --dns-nameserver 114.114.114.114 --gateway 192.168.200.1 \\ --subnet-range 192.168.200.0/24 provider +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | allocation_pools | 192.168.200.100-192.168.200.200 | | cidr | 192.168.200.0/24 | | created_at | 2017-03-29T12:04:57Z | | description | | | dns_nameservers | 114.114.114.114 | | enable_dhcp | True | | gateway_ip | 192.168.200.1 | | host_routes | | | id | 4a1899dc-581c-4ada-8ebd-ad632f0ce1ee | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | provider | | network_id | ff30780d-45af-45dc-860f-59b1c091c2a2 | | project_id | 2461396f6a344c21a2360a612d4f6abe | | revision_number | 2 | | segment_id | None | | service_types | | | subnetpool_id | None | | updated_at | 2017-03-29T12:04:58Z | +-------------------+--------------------------------------+
3. Creating Private Networks
a. Get demo privileges
# . demo-openrc
b. Creating a network
# openstack network create selfservice +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2017-03-29T12:09:05Z | | description | | | dns_domain | None | | id | afd4f998-901d-42ca-a002-b25f9b4c9e4e | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | None | | mtu | 1450 | | name | selfservice | | port_security_enabled | True | | project_id | 2ef20ce389eb499696f2d7497c6009b0 | | provider:network_type | None | | provider:physical_network | None | | provider:segmentation_id | None | | qos_policy_id | None | | revision_number | 3 | | router:external | Internal | | segments | None | | shared | False | | status | ACTIVE | | subnets | | | updated_at | 2017-03-29T12:09:05Z | +---------------------------+--------------------------------------+
c. Configuring Modular Layer 2 (ML2) plug-ins
# vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] tenant_network_types = vxlan [ml2_type_vxlan] vni_ranges = 1:1000
4. Create a subnet on the network
# openstack subnet create --network selfservice \\ --dns-nameserver 114.114.114.114 --gateway 172.16.1.1 \\ --subnet-range 172.16.1.0/24 selfservice +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | allocation_pools | 172.16.1.2-172.16.1.254 | | cidr | 172.16.1.0/24 | | created_at | 2017-03-29T12:12:39Z | | description | | | dns_nameservers | 114.114.114.114 | | enable_dhcp | True | | gateway_ip | 172.16.1.1 | | host_routes | | | id | 1420f8c3-fa03-4ab3-9329-4455a52f357c | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | selfservice | | network_id | afd4f998-901d-42ca-a002-b25f9b4c9e4e | | project_id | 2ef20ce389eb499696f2d7497c6009b0 | | revision_number | 2 | | segment_id | None | | service_types | | | subnetpool_id | None | | updated_at | 2017-03-29T12:12:39Z | +-------------------+--------------------------------------+
5. Creating Routes
Private networks connect to public networks through virtual routing, and bidirectional NAT is the most typical one.
Each route consists of at least one interface connected to a private network and one gateway connected to a public network.
a. Get admin privileges
# . admin-openrc
b. Add router:external to provider network
The public provisioning network must include the router: external option to connect routes to external networks
# neutron net-update provider --router:external Updated network: provider
c. Get demo privileges
# . demo-openrc
d. Creating Routes
# openstack router create router +-------------------------+--------------------------------------+ | Field | Value | +-------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2017-03-29T12:17:13Z | | description | | | distributed | False | | external_gateway_info | None | | flavor_id | None | | ha | False | | id | 4f42ae28-fcf1-4f72-9341-e6d8f7caaa90 | | name | router | | project_id | 2ef20ce389eb499696f2d7497c6009b0 | | revision_number | None | | routes | | | status | ACTIVE | | updated_at | 2017-03-29T12:17:13Z | +-------------------------+--------------------------------------+
e. Adding a private subnet interface to routers
# neutron router-interface-add router selfservice Added interface 9f67d7fa-520b-48b4-913f-e3d6ad944e34 to router router.
f. Setting up gateways for public networks for routers
# neutron router-gateway-set router provider Set gateway for router router
6. Verification operation
a. Get admin privileges
# . admin-openrc
b. List network namespaces
# ip netns qrouter-4f42ae28-fcf1-4f72-9341-e6d8f7caaa90 (id: 2) qdhcp-afd4f998-901d-42ca-a002-b25f9b4c9e4e (id: 1) qdhcp-ff30780d-45af-45dc-860f-59b1c091c2a2 (id: 0)
c. List the ports on the router to determine the IP address of the public network gateway
# neutron router-port-list router
+----------------+------+-----------+-------------+------------------+
| id | name | tenant_id | mac_address | fixed_ips |
+----------------+------+-----------+-------------+------------------+
| 9448a1a4-5a62- | | | fa:16:3e:9d | {"subnet_id": |
| 4c82-9b86-cd58 | | | :df:d5 | "4a1899dc-581c- |
| 24711913 | | | | 4ada-8ebd- |
| | | | | ad632f0ce1ee", |
| | | | | "ip_address": "1 |
| | | | | 92.168.200.103"} |
| 9f67d7fa-520b- | | 2ef20ce38 | fa:16:3e:f7 | {"subnet_id": "1 |
| 48b4-913f- | | 9eb499696 | :5b:6a | 420f8c3-fa03-4ab |
| e3d6ad944e34 | | f2d7497c6 | | 3-9329-4455a52f3 |
| | | 009b0 | | 57c", |
| | | | | "ip_address": |
| | | | | "172.16.1.1"} |
+----------------+------+-----------+-------------+------------------+d. Ping the IP address from the control node or any node on a public physical network
# ping -c 4 192.168.200.103 PING 192.168.200.103 (192.168.200.103) 56(84) bytes of data. 64 bytes from 192.168.200.103: icmp_seq=1 ttl=128 time=25.2 ms 64 bytes from 192.168.200.103: icmp_seq=2 ttl=128 time=2.79 ms 64 bytes from 192.168.200.103: icmp_seq=3 ttl=128 time=2.73 ms 64 bytes from 192.168.200.103: icmp_seq=4 ttl=128 time=2.46 ms --- 192.168.200.103 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 2.464/8.309/25.245/9.778 ms
7. Create host with m1.nano specification
# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano +----------------------------+---------+ | Field | Value | +----------------------------+---------+ | OS-FLV-DISABLED:disabled | False | | OS-FLV-EXT-DATA:ephemeral | 0 | | disk | 1 | | id | 0 | | name | m1.nano | | os-flavor-access:is_public | True | | properties | | | ram | 64 | | rxtx_factor | 1.0 | | swap | | | vcpus | 1 | +----------------------------+---------+
8. Generate a key-value pair
a. Vouchers for importing tenant demo:
# . demo-openrc
b. Generate and add key pairs:
# ssh-keygen -q -N "" Enter file in which to save the key (/root/.ssh/id_rsa): # openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey +-------------+-------------------------------------------------+ | Field | Value | +-------------+-------------------------------------------------+ | fingerprint | 70:6a:75:32:4e:42:ba:2b:fb:eb:20:af:75:b1:db:61 | | name | mykey | | user_id | 7cfc508fd5d44b468aac218bd4029bae | +-------------+-------------------------------------------------+
c. Authentication public key addition:
# openstack keypair list +-------+-------------------------------------------------+ | Name | Fingerprint | +-------+-------------------------------------------------+ | mykey | 70:6a:75:32:4e:42:ba:2b:fb:eb:20:af:75:b1:db:61 | +-------+-------------------------------------------------+
9. Adding Security Group Rules
By default, default security groups apply to all instances and include firewall rules that deny remote access to instances.
Add rules to default security group:
ICMP (ping):
# openstack security group rule create --proto icmp default +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2017-03-29T12:40:47Z | | description | | | direction | ingress | | ether_type | IPv4 | | id | 0c62d604-a68f-40cd-821d-90259f75f536 | | name | None | | port_range_max | None | | port_range_min | None | | project_id | 2ef20ce389eb499696f2d7497c6009b0 | | protocol | icmp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 1 | | security_group_id | 74f50594-4ce0-4c29-a987-d33d4d6a5db9 | | updated_at | 2017-03-29T12:40:47Z | +-------------------+--------------------------------------+
Allow access to secure shell (SSH):
# openstack security group rule create --proto tcp --dst-port 22 default +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2017-03-29T12:41:48Z | | description | | | direction | ingress | | ether_type | IPv4 | | id | 42f92c1f-abd7-4321-ac03-75eeb91152f9 | | name | None | | port_range_max | 22 | | port_range_min | 22 | | project_id | 2ef20ce389eb499696f2d7497c6009b0 | | protocol | tcp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 1 | | security_group_id | 74f50594-4ce0-4c29-a987-d33d4d6a5db9 | | updated_at | 2017-03-29T12:41:48Z | +-------------------+--------------------------------------+
10. Create an instance
a. Get demo privileges
# . demo-openrc
b. An example specifies the approximate allocation of virtual machine resources, including processors, memory, and storage.
List available types:
# openstack flavor list +----+---------+-----+------+-----------+-------+-----------+ | ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public | +----+---------+-----+------+-----------+-------+-----------+ | 0 | m1.nano | 64 | 1 | 0 | 1 | True | +----+---------+-----+------+-----------+-------+-----------+
c. List available mirrors:
# openstack image list +--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | 4b6ebd57-80ab-4b79-8ecc-53a026f3e898 | cirros | active | +--------------------------------------+--------+--------+
d. List available networks
# openstack network list +---------------------+-------------+---------------------+ | ID | Name | Subnets | +---------------------+-------------+---------------------+ | afd4f998-901d-42ca- | selfservice | 1420f8c3-fa03-4ab3- | | a002-b25f9b4c9e4e | | 9329-4455a52f357c | | ff30780d-45af-45dc- | provider | 4a1899dc-581c-4ada- | | 860f-59b1c091c2a2 | | 8ebd-ad632f0ce1ee | +---------------------+-------------+---------------------+
e. List available security groups
# openstack security group list +---------------------+---------+------------------------+---------+ | ID | Name | Description | Project | +---------------------+---------+------------------------+---------+ | 74f50594-4ce0-4c29- | default | Default security group | | | a987-d33d4d6a5db9 | | | | | aa0b59f9-abbc-4a8d- | default | Default security group | | | a16c-b8f9898cb965 | | | | +---------------------+---------+------------------------+---------+
11. Create instances on public networks
a. Get demo privileges
# . demo-openrc
b. Startup examples
# openstack server create --flavor m1.nano --image cirros \\ --nic net-id=ff30780d-45af-45dc-860f-59b1c091c2a2 \\ --security-group default --key-name mykey provider-instance +-----------------------------+---------------------------------------+ | Field | Value | +-----------------------------+---------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | | | OS-EXT-STS:power_state | NOSTATE | | OS-EXT-STS:task_state | scheduling | | OS-EXT-STS:vm_state | building | | OS-SRV-USG:launched_at | None | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | | | adminPass | FQeiCB8XbXk8 | | config_drive | | | created | 2017-03-30T06:04:41Z | | flavor | m1.nano (0) | | hostId | | | id | cb37563d-88fc-4b80-ad1a-380fc881db59 | | image | cirros | | | (b78aacf2-5448-4521-8e23-0f8db63d776a)| | key_name | mykey | | name | provider-instance | | progress | 0 | | project_id | 2ef20ce389eb499696f2d7497c6009b0 | | properties | | | security_groups | name='default' | | status | BUILD | | updated | 2017-03-30T06:04:41Z | | user_id | 7cfc508fd5d44b468aac218bd4029bae | | volumes_attached | | +-----------------------------+---------------------------------------+
c. Check the status of the instance
# openstack server list +-----------------+-----------+--------+--------------+------------+ | ID | Name | Status | Networks | Image Name | +-----------------+-----------+--------+--------------+------------+ | cb37563d-88fc- | provider- | ACTIVE | provider=192 | cirros | | 4b80-ad1a- | instance | | .168.200.108 | | | 380fc881db59 | | | | | +-----------------+-----------+--------+--------------+------------+
Note: When the build process is fully successful, the status changes from BUILD to ACTIVE
12. Use virtual console, remote access instance
a. Get the VNC session URL of the instance and use web browser to access it
# openstack console url show provider-instance +-------+---------------------------------------------------+ | Field | Value | +-------+---------------------------------------------------+ | type | novnc | | url | http://192.168.30.145:6080/vnc_auto.html?token=cb | | | 37563d-88fc-4b80-ad1a-380fc881db59 | +-------+---------------------------------------------------+
b. Verify whether private network gateways and the Internet can be ping ed
c. Verify whether the host on the control node or other public network can ping through an instance
d. Remote access instances using SSH for hosts on control nodes or other public networks
13. Create instances on private networks
a. Get demo privileges
# . demo-openrc
b. Startup examples
# openstack server create --flavor m1.nano --image cirros \\ --nic net-id=afd4f998-901d-42ca-a002-b25f9b4c9e4e \\ --security-group default --key-name mykey selfservice-instance
c. Check the status of the instance
# openstack server list
d. Get the VNC session URL of the instance and use web browser to access it
# openstack console url show selfservice-instance
e. Verify whether the private network gateway and Internet can be ping
14. Verify remote access to instances
a. Creating floating IP address pools on public networks
# openstack ip floating create provider
b. Assign floating IP to instances
# openstack ip floating add selfservice-instance
c. Check the status of this floating IP address
# openstack server list
d. Verify that hosts on control nodes or other public networks ping through floating IP addresses
e. Using SSH to remotely access hosts on control nodes or other public networks
Note: Because the environment used in the experiment has been withdrawn and my computer is slag, there is no actual verification.