3 定制OpenStack镜像
参考官方镜像指南:https://docs.openstack.org/image-guide/
3.1 命令行上传镜像
# 命令行上传镜像
glance image-create --name "centos7" --file CentOS-7-x86_64-GenericCloud-2009.qcow2 --disk-format qcow2 --container-format bare --visibility=public
openstack image create centos7.9 --file CentOS-7-x86_64-GenericCloud-2009.qcow2 --disk-format qcow2 --container-format bare --public
[root@controller ~]# glance image-create --name "centos7" --file CentOS-7-x86_64-GenericCloud-2009.qcow2 --disk-format qcow2 --container-format bare --visibility=public
+------------------+----------------------------------------------------------------------------------+
| Property | Value |
+------------------+----------------------------------------------------------------------------------+
| checksum | 8b9411110b8cc5596eb17c60c991ef03 |
| container_format | bare |
| created_at | 2025-08-23T22:25:43Z |
| disk_format | qcow2 |
| id | e8e15797-5f02-4d69-ba21-8c4a76d00ab0 |
| min_disk | 0 |
| min_ram | 0 |
| name | centos7 |
| os_hash_algo | sha512 |
| os_hash_value | dd5b931546a313528173e943dd5d7a66786c32685546caeb2a8de8fbcb5c0330ebfc7554e59e2b57 |
| | ba80e915e8e10cceea93c8b991cda20e12d5d456a5c20b8f |
| os_hidden | False |
| owner | cb2917da03a84783878fba63cb7efe99 |
| protected | False |
| size | 888995840 |
| status | active |
| tags | [] |
| updated_at | 2025-08-23T22:25:48Z |
| virtual_size | Not available |
| visibility | public |
+------------------+----------------------------------------------------------------------------------+
# openstack命令上传
[root@controller ~]# openstack image create centos7.9 --file CentOS-7-x86_64-GenericCloud-2009.qcow2 --disk-format qcow2 --container-format bare --public
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| checksum | 8b9411110b8cc5596eb17c60c991ef03 |
| container_format | bare |
| created_at | 2025-08-23T22:27:45Z |
| disk_format | qcow2 |
| file | /v2/images/761ead7e-051d-4851-bfa1-21a38b41b005/file |
| id | 761ead7e-051d-4851-bfa1-21a38b41b005 |
| min_disk | 0 |
| min_ram | 0 |
| name | centos7.9 |
| owner | cb2917da03a84783878fba63cb7efe99 |
| properties | os_hash_algo='sha512', os_hash_value='dd5b931546a313528173e943dd5d7a66786c32685546caeb2a8de8fbcb5c0330ebfc7554e59e2b57ba80e915e8e10cceea93c8b991cda20e12d5d456a5c20b8f', os_hidden='False' |
| protected | False |
| schema | /v2/schemas/image |
| size | 888995840 |
| status | active |
| tags | |
| updated_at | 2025-08-23T22:27:51Z |
| virtual_size | None |
| visibility | public |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
# 查看镜像列表
[root@controller ~]# openstack image list
+--------------------------------------+-----------+--------+
| ID | Name | Status |
+--------------------------------------+-----------+--------+
| e8e15797-5f02-4d69-ba21-8c4a76d00ab0 | centos7 | active |
| 761ead7e-051d-4851-bfa1-21a38b41b005 | centos7.9 | active |
| 94656044-8340-42f0-8420-70b5dfc9d1fb | cirros | active |
+--------------------------------------+-----------+--------+
[root@controller ~]# ls /var/lib/glance/images/ -hl
total 1.7G
-rw-r----- 1 glance glance 848M Aug 24 06:27 761ead7e-051d-4851-bfa1-21a38b41b005
-rw-r----- 1 glance glance 13M Aug 18 13:54 94656044-8340-42f0-8420-70b5dfc9d1fb
-rw-r----- 1 glance glance 848M Aug 24 06:25 e8e15797-5f02-4d69-ba21-8c4a76d00ab0
3.2 Web界面方式上传镜像
指定规格最小8G磁盘,内存512M
至此发现镜像上传成功
3.3 创建虚拟机
3.3.1 创建实例
3.3.2 选择镜像
3.3.3 选择实例规格,1c0.5g
3.3.4 选择网络
3.3.5 创建实例,IP:11.0.1.198
3.3.6 打开控制台,我们无账号密码
附加:虚拟机无法使用ssh远程报错
# 因官方提供的虚拟机为内部定制的,采用账号+密钥对的方式,默认不支持root远程登录
[root@controller ~]# ssh centos@11.0.1.198
The authenticity of host '11.0.1.198 (11.0.1.198)' can't be established.
ECDSA key fingerprint is SHA256:p9fzgidVrNWcsGMbVuVi3lnilIlEGaAfMuZ0e++cPAo.
ECDSA key fingerprint is MD5:68:7b:a6:bb:97:a5:c2:b9:8c:cc:4e:c1:55:e5:e7:6a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '11.0.1.198' (ECDSA) to the list of known hosts.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
[root@controller ~]#
解决方案
第一种:修改配置开启ssh远程登录,在创建虚拟机时指定
在配置中加入以下内容:
#!/bin/sh
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
systemctl restart sshd
passwd root<<EOF
123456
123456
EOF
创建之后使用控制台查看,发现可以正常登录:
![CentOS 7实例控制台输出,显示`[root@centos7-1 ~]# ip a`命令结果,eth0接口获取到IP 11.0.1.258/24](https://static1.yunpan.plus/attachment/8121659fc1b8239d.webp)
3.4 基于虚拟机定制模版
OpenStack官方镜像是基于cloud-init工具实现的:
[root@centos7-1 ~]# rpm -qa |grep cloud
cloud-init-19.4-7.el7.centos.x86_64
cloud-utils-growpart-0.29-5.el7.noarch
系统初始化,根据需求定制相关内容
#!/bin/bash
# 修改安装源
cat > /etc/yum.repos.d/base.repo <<EOF
[base]
name=CentOS-\$releasever - Base
baseurl=http://mirrors.aliyun.com/centos/\$releasever/os/\$basearch/
gpgcheck=0
[updates]
name=CentOS-\$releasever - Updates
baseurl=http://mirrors.aliyun.com/centos/\$releasever/updates/\$basearch/
gpgcheck=0
[extras]
name=CentOS-\$releasever - Extras
baseurl=http://mirrors.aliyun.com/centos/\$releasever/extras/\$basearch/
gpgcheck=0
EOF
# 关闭防火墙
systemctl stop firewalld.service && systemctl disable firewalld.service
# 关闭selinux
sed -i '^SELINUX=/c SELINUX=disabled' /etc/selinux/config
# 安装常用软件包
yum install wget curl vim lrzsz bash-complecation -y
3.5 实现定制centos7模版
3.5.1 基于原始镜像创建虚拟机
默认无法远程root:
# 初始化镜像的规格
[root@centos7-1 ~]# vim /etc/cloud/cloud.cfg
users:
- default
disable_root: 0 # 此项1改为0
ssh_pwauth: 1 # 此项0改为1
mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service', '0', '2']
resize_rootfs_tmp: /dev
ssh_deletekeys: 1
ssh_genkeytypes: ~
syslog_fix_perms: ~
disable_vmware_customization: false
cloud_init_modules:
- disk_setup
- migrator
- bootcmd
- write-files
- growpart
- resizefs
- set_hostname
- update_hostname
- update_etc_hosts
- rsyslog
- users-groups
- ssh
cloud_config_modules:
- mounts
- locale
- set-passwords
- rh_subscription
- yum-add-repo
- package-update-upgrade-install
- timezone
- puppet
- chef
- salt-minion
- mcollective
- disable-ec2-metadata
- runcmd
cloud_final_modules:
- rightscale_userdata
- scripts-per-once
- scripts-per-boot
- scripts-per-instance
- scripts-user
- ssh-authkey-fingerprints
- keys-to-console
- phone-home
- final-message
- power-state-change
system_info:
default_user:
name: centos
lock_passwd: true
gecos: Cloud User
groups: [adm, systemd-journal]
sudo: ["ALL=(ALL) NOPASSWD:ALL"]
shell: /bin/bash
distro: rhel
paths:
cloud_dir: /var/lib/cloud
templates_dir: /etc/cloud/templates
ssh_svcname: sshd
# vim:syntax=yaml
3.5.2 关闭虚拟机,并创建快照
# 查看镜像
[root@controller ~]# openstack image list
+--------------------------------------+------------------+--------+
| ID | Name | Status |
+--------------------------------------+------------------+--------+
| e8e15797-5f02-4d69-ba21-8c4a76d00ab0 | centos7 | active |
| e6a82449-63d4-4875-83ab-278c7af4f068 | centos7-template | active |
| 94656044-8340-42f0-8420-70b5dfc9d1fb | cirros | active |
+--------------------------------------+------------------+--------+
[root@controller ~]# ls /var/lib/glance/images/ -hl
total 2.3G
-rw-r----- 1 glance glance 13M Aug 18 13:54 94656044-8340-42f0-8420-70b5dfc9d1fb
-rw-r----- 1 glance glance 1.4G Aug 24 12:46 e6a82449-63d4-4875-83ab-278c7af4f068
-rw-r----- 1 glance glance 848M Aug 24 06:25 e8e15797-5f02-4d69-ba21-8c4a76d00ab0
# 查看生成的磁盘镜像
[root@controller images]# qemu-img info e6a82449-63d4-4875-83ab-278c7af4f068
image: e6a82449-63d4-4875-83ab-278c7af4f068
file format: qcow2
virtual size: 10G (10737418240 bytes)
disk size: 1.4G
cluster_size: 65536
Format specific information:
compat: 1.1
lazy refcounts: false
refcount bits: 16
corrupt: false
# 磁盘格式转换
[root@controller images]# qemu-img convert -f qcow2 -O qcow2 e6a82449-63d4-4875-83ab-278c7af4f068 centos7-template.qcow2
[root@controller images]# ll
total 3785224
-rw-r----- 1 glance glance 12716032 Aug 18 13:54 94656044-8340-42f0-8420-70b5dfc9d1fb
-rw-r--r-- 1 root root 1487208448 Aug 24 12:54 centos7-template.qcow2
-rw-r----- 1 glance glance 1487208448 Aug 24 12:46 e6a82449-63d4-4875-83ab-278c7af4f068
-rw-r----- 1 glance glance 888995840 Aug 24 06:25 e8e15797-5f02-4d69-ba21-8c4a76d00ab0
[root@controller images]# qemu-img info centos7-template.qcow2
image: centos7-template.qcow2
file format: qcow2
virtual size: 10G (10737418240 bytes)
disk size: 1.4G
cluster_size: 65536
Format specific information:
compat: 1.1
lazy refcounts: false
refcount bits: 16
corrupt: false
[root@controller images]# qemu-img check centos7-template.qcow2
No errors were found on the image.
22683/163840 = 13.84% allocated, 0.00% fragmented, 0.00% compressed clusters
Image end offset: 1487208448
# 上传生成的镜像文件
[root@controller images]# openstack image create centos7-template --file centos7-template.qcow2 --disk-format qcow2 --container-format bare --public
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| checksum | 0978afd7e48918f063228ef7ce7e8d20 |
| container_format | bare |
| created_at | 2025-08-24T04:59:42Z |
| disk_format | qcow2 |
| file | /v2/images/37aa9e3e-d92a-40ac-8810-b57934325dbb/file |
| id | 37aa9e3e-d92a-40ac-8810-b57934325dbb |
| min_disk | 0 |
| min_ram | 0 |
| name | centos7-template |
| owner | cb2917da03a84783878fba63cb7efe99 |
| properties | os_hash_algo='sha512', os_hash_value='be90871925fbd6be04cd5fdf5e9ed878a65dcdccbf84b98ace234d7bd2691b971718c450e9e8b042fae61823e3d59b3b9696c3a7fb3a24283638d38f420aa341', os_hidden='False' |
| protected | False |
| schema | /v2/schemas/image |
| size | 1487208448 |
| status | active |
| tags | |
| updated_at | 2025-08-24T04:59:52Z |
| virtual_size | None |
| visibility | public |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller images]# openstack
37aa9e3e-d92a-40ac-8810-b57934325dbb centos7-template.qcow2 e8e15797-5f02-4d69-ba21-8c4a76d00ab0
94656044-8340-42f0-8420-70b5dfc9d1fb e6a82449-63d4-4875-83ab-278c7af4f068
[root@controller images]# openstack image list
+--------------------------------------+------------------+--------+
| ID | Name | Status |
+--------------------------------------+------------------+--------+
| e8e15797-5f02-4d69-ba21-8c4a76d00ab0 | centos7 | active |
| 37aa9e3e-d92a-40ac-8810-b57934325dbb | centos7-template | active |
| e6a82449-63d4-4875-83ab-278c7af4f068 | centos7-template | active |
| 94656044-8340-42f0-8420-70b5dfc9d1fb | cirros | active |
+--------------------------------------+------------------+--------+
至此镜像模版制作成功
3.5.3 测试基于模版机创建虚拟机
4 OpenStack网络管理
4.1 增加一个flat网络
4.1.1 前期准备:主机增加实体网卡、网络配置
注:所有计算节点都需要加新网卡
4.1.2 计算节点配置
# 主机配置,控制节点及计算节点
[root@controller network-scripts]# cat ifcfg-eth1
TYPE="Ethernet"
BOOTPROTO="static"
NAME="eth1"
DEVICE="eth1"
ONBOOT="yes"
IPADDR=11.0.0.7 # 改成相应的ip
NETMASK=255.255.255.0
# 控制节点配置
[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[DEFAULT]
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider,net_11_0_0 # 添加新网段
[securitygroup]
enable_ipset = true
[root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT]
[linux_bridge]
physical_interface_mappings = provider:eth0,net_11_0_0:eth1 # 添加新网段及网卡信息
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
# 计算节点配置
[root@compute1 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT]
[linux_bridge]
physical_interface_mappings = provider:eth0,net_11_0_0:eth1 # 添加新网段及网卡信息
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
## 每个计算节点同步配置
[root@controller ~]# scp -rp /etc/neutron/plugins/ml2/linuxbridge_agent.ini 11.0.1.17:/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[root@controller ~]# scp -rp /etc/neutron/plugins/ml2/linuxbridge_agent.ini 11.0.1.27:/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[root@controller ~]# scp -rp /etc/neutron/plugins/ml2/linuxbridge_agent.ini 11.0.1.37:/etc/neutron/plugins/ml2/linuxbridge_agent.ini
# 重启服务
# 控制节点
systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
# 计算节点
systemctl restart neutron-linuxbridge-agent.service
4.1.3 创建网络
4.1.4 基于net_11_0_0网络创建实例
4.2 配置三层网络Vxlan和VPC
vlan 4096-2
vxlan 4096*4096-2
4.2.1 配置网络选项2需先配置网络选项2
- 网络选项 1:提供商网络
- 网络选项 2:自助服务网络
4.2.2 增加一块网卡并配置网络
[root@controller ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth2
TYPE="Ethernet"
BOOTPROTO="static"
NAME="eth2"
DEVICE="eth2"
ONBOOT="yes"
IPADDR=172.16.0.11
NETMASK=255.255.255.0
[root@compute1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth2
TYPE="Ethernet"
BOOTPROTO="static"
NAME="eth2"
DEVICE="eth2"
ONBOOT="yes"
IPADDR=172.16.0.22
NETMASK=255.255.255.0
[root@compute2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth2
TYPE="Ethernet"
BOOTPROTO="static"
NAME="eth2"
DEVICE="eth2"
ONBOOT="yes"
IPADDR=172.16.0.33
NETMASK=255.255.255.0
4.2.3 安装组件
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch openstack-neutron-linuxbridge ebtables
4.2.4 修改配置文件
[root@controller ~]# cat /etc/neutron/neutron.conf
[DEFAULT]
# ...
core_plugin = ml2
service_plugins = router # 打开router类型
allow_overlapping_ips = True # 允许ip地址重叠,适用于多租户
[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[DEFAULT]
[ml2]
type_drivers = flat,vlan,vxlan # 启用vxlan
tenant_network_types = vxlan # 启用vxlan
mechanism_drivers = linuxbridge,l2population # 优化vxlan的性能
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan] # 启动Vxlan范围
vni_ranges = 1:10000
[securitygroup]
enable_ipset = true
[root@controller ~]# cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT]
[linux_bridge]
physical_interface_mappings = provider:eth0
[vxlan] # 启用vxlan
enable_vxlan = true
local_ip = 172.16.0.11 # 配置vxlan接口地址
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[root@controller ~]# sed -i '1a interface_driver = linuxbridge' /etc/neutron/l3_agent.ini
# 计算节点
[root@compute1 ~]# cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT]
[linux_bridge]
physical_interface_mappings = provider:eth0
[vxlan] # 启动vxlan
enable_vxlan = true
local_ip = 172.16.0.22
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
sed -i '/^enable_vxlan/c\
enable_vxlan = true\
local_ip = 172.16.0.33\
l2_population = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
# 重启服务
# 控制节点
systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
# 计算节点
systemctl restart neutron-linuxbridge-agent.service
4.2.5 修改dashboard启动路由功能
[root@controller ~]# echo "'enable_router': False,' /etc/openstack-dashboard/local_settings
sed -i '/enable_router': False/c enable_router': True' /etc/openstack-dashboard/local_settings
[root@controller ~]# systemctl restart httpd
# 查看用户角色的列表
[root@controller ~]# openstack role assignment list --user dinginx --project dinginx
+----------------------------------+----------------------------------+-------+----------------------------------+--------+--------+-----------+
| Role | User | Group | Project | Domain | System | Inherited |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+--------+-----------+
| 2f567f9dbb684ae38a1d06dd90f86e61 | 187bc943ac1647ae9b18261c64797a38 | | 0e3d70a811044daca9b03dcc1a6e075d | | | False |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+--------+-----------+
4.2.6 创建路由(需要有admin角色,普通user角色无法创建)并修改修改role策略
[root@controller ~]# cat /etc/neutron/policy.json
{
"admin_required":"role:admin",
"user_required":"role:user",
"network_owner_required":"role:network_owner",
"create_network":"role:admin",
"create_subnet":"role:admin",
"create_router":"role:user",
"delete_router":"role:user",
"update_router":"role:user",
"add_router_interface":"role:user",
"remove_router_interface":"role:user",
"create_security_group":"role:admin",
"create_security_group_rule":"role:admin",
"update_security_group_rule":"role:admin",
"create_floatingip":"role:admin",
"delete_floatingip":"role:admin",
"create_port":"role:admin",
"delete_port":"role:admin",
"add_interface_to_router":"role:admin",
"remove_interface_from_router":"role:admin"
}
[root@controller ~]# systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
项目→网络→网络拓扑→新建路由,需要有外部网络:
4.3 OpenStack配置负载均衡即服务
基于HAProxy的LBaaS服务安装配置流程,包括命令行操作和仪表板操作,深入解析了LBaaS v2的实现机制。
neutron-lbaas从 Stein 版本后就不再维护,不建议在新环境中使用。(我们这里使用Tarin版本,需要添加S版本的安装源)
[root@controller ~]# cat /etc/yum.repos.d/stein.repo
[STEIN]
name=STEIN
baseurl=https://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-stein/
gpgcheck=0
4.3.1 安装部署
# 查看lbaas相关包
[root@compute2 ~]# neutron --help|grep lb
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
lb-agent-hosting-pool Get loadbalancer agent hosting a pool.
lb-healthmonitor-associate Create a mapping between a health monitor and a pool.
lb-healthmonitor-create Create a health monitor.
lb-healthmonitor-delete Delete a given health monitor.
lb-healthmonitor-disassociate Remove a mapping from a health monitor to a pool.
lb-healthmonitor-list List health monitors that belong to a given tenant.
lb-healthmonitor-show Show information of a given health monitor.
lb-healthmonitor-update Update a given health monitor.
lb-member-create Create a member.
lb-member-delete Delete a given member.
lb-member-list List members that belong to a given tenant.
lb-member-show Show information of a given member.
lb-member-update Update a given member.
lb-pool-create Create a pool.
lb-pool-delete Delete a given pool.
lb-pool-list List pools that belong to a given tenant.
lb-pool-list-on-agent List the pools on a loadbalancer agent.
lb-pool-show Show information of a given pool.
lb-pool-stats Retrieve stats for a given pool.
lb-pool-update Update a given pool.
lb-vip-create Create a vip.
lb-vip-delete Delete a given vip.
lb-vip-list List vips that belong to a given tenant.
lb-vip-show Show information of a given vip.
lb-vip-update Update a given vip.
lbaas-agent-hosting-loadbalancer Get lbaas v2 agent hosting a loadbalancer.
lbaas-healthmonitor-create LBaaS v2 Create a healthmonitor.
lbaas-healthmonitor-delete LBaaS v2 Delete a given healthmonitor.
lbaas-healthmonitor-list LBaaS v2 List healthmonitors that belong to a given tenant.
lbaas-healthmonitor-show LBaaS v2 Show information of a given healthmonitor.
lbaas-healthmonitor-update LBaaS v2 Update a given healthmonitor.
lbaas-l7policy-create LBaaS v2 Create L7 policy.
lbaas-l7policy-delete LBaaS v2 Delete a given L7 policy.
lbaas-l7policy-list LBaaS v2 List L7 policies that belong to a given listener.
lbaas-l7policy-show LBaaS v2 Show information of a given L7 policy.
lbaas-l7policy-update LBaaS v2 Update a given L7 policy.
lbaas-l7rule-create LBaaS v2 Create L7 rule.
lbaas-l7rule-delete LBaaS v2 Delete a given L7 rule.
lbaas-l7rule-list LBaaS v2 List L7 rules that belong to a given L7 policy.
lbaas-l7rule-show LBaaS v2 Show information of a given rule.
lbaas-l7rule-update LBaaS v2 Update a given L7 rule.
lbaas-listener-create LBaaS v2 Create a listener.
lbaas-listener-delete LBaaS v2 Delete a given listener.
lbaas-listener-list LBaaS v2 List listeners that belong to a given tenant.
lbaas-listener-show LBaaS v2 Show information of a given listener.
lbaas-listener-update LBaaS v2 Update a given listener.
lbaas-loadbalancer-create LBaaS v2 Create a loadbalancer.
lbaas-loadbalancer-delete LBaaS v2 Delete a given loadbalancer.
lbaas-loadbalancer-list LBaaS v2 List loadbalancers that belong to a given tenant.
lbaas-loadbalancer-list-on-agent List the loadbalancers on a loadbalancer v2 agent.
lbaas-loadbalancer-show LBaaS v2 Show information of a given loadbalancer.
lbaas-loadbalancer-stats Retrieve stats for a given loadbalancer.
lbaas-loadbalancer-status Retrieve status for a given loadbalancer.
lbaas-loadbalancer-update LBaaS v2 Update a given loadbalancer.
lbaas-member-create LBaaS v2 Create a member.
lbaas-member-delete LBaaS v2 Delete a given member.
lbaas-member-list LBaaS v2 List members that belong to a given pool.
lbaas-member-show LBaaS v2 Show information of a given member.
lbaas-member-update LBaaS v2 Update a given member.
lbaas-pool-create LBaaS v2 Create a pool.
lbaas-pool-delete LBaaS v2 Delete a given pool.
lbaas-pool-list LBaaS v2 List pools that belong to a given tenant.
lbaas-pool-show LBaaS v2 Show information of a given pool.
lbaas-pool-update LBaaS v2 Update a given pool.
4.3.2 安装及配置
# 安装lbaas包
[root@controller ~]# yum search openstack-neutron-lbaas
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
========================================================================== N/S matched: openstack-neutron-lbaas ==========================================================================
openstack-neutron-lbaas.noarch : Openstack Networking LBaaS plugin
openstack-neutron-lbaas-ui.noarch : Horizon UI support for Neutron LBaaS
openstack-neutron-lbaas-ui-doc.noarch : Documentation for Neutron LBaaS dashboard
Name and summary matches only, use "search all" for everything.
[root@controller ~]# yum install -y openstack-neutron-lbaas*
# 修改/etc/neutron/neutron.conf配置文件
[root@controller ~]# sed -i '/^service_plugins/c service_plugins = router,neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2' /etc/neutron/neutron.conf
[root@controller ~]# cat /etc/neutron/neutron.conf |grep service_plugins
service_plugins = router,neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2
# 查看驱动,发现支持此版本
[root@controller ~]# ls -hl /usr/lib/python2.7/site-packages/neutron_lbaas/services/loadbalancer/plugin.py
-rw-r--r-- 1 root root 59K Nov 14 2019 /usr/lib/python2.7/site-packages/neutron_lbaas/services/loadbalancer/plugin.py
[root@controller ~]# grep LoadBalancerPluginv2 /usr/lib/python2.7/site-packages/neutron_lbaas/services/loadbalancer/plugin.py
class LoadBalancerPluginv2(loadbalancerv2.LoadBalancerPluginBaseV
# 修改lbaas配置文件
[root@controller ~]# cat /etc/neutron/neutron_lbaas.conf
[DEFAULT]
[service_providers]
service_provider=LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
# 查找相关驱动
[root@controller ~]# grep HaproxyOnHostPluginDriver /usr/lib/python2.7/site-packages/neutron_lbaas/drivers/haproxy/plugin_driver.py
class HaproxyOnHostPluginDriver(agent_driver_base.AgentDriverBase):
# 升级数据库
[root@controller ~]# neutron-db-manage --subproject neutron-lbaas upgrade head
# 重启neutron-server
[root@controller ~]# systemctl restart neutron-server.service
# 修改/etc/neutron/lbaas_agent.ini,增加一行
[root@controller ~]# sed -i '/^\[DEFAULT/a interface_driver=neutron.agent.linux.interface.BridgeInterfaceDriver' /etc/neutron/lbaas_agent.ini
# 启动neutron-lbaasv2-agent
[root@controller ~]# systemctl start neutron-lbaasv2-agent.service && systemctl enable neutron-lbaasv2-agent.service
# 修改配置文件
[root@controller ~]# sed -i "s/'enable_lb': False/'enable_lb': True/" /etc/openstack-dashboard/local_settings
[root@controller ~]# grep "enable_lb': True" /etc/openstack-dashboard/local_settings
'enable_lb': True,
# 重启服务
systemctl restart httpd.service
# 访问测试
http://controller/dashboard/auth/login/?next=/dashboard/project/instances/2124dbce-3485-4a74-949a-e94a5de69bcb/
4.3.3 测试
4.3.3.1 创建两个web虚拟机
# 安装软件包
[root@centos7-1 ~]# yum install -y epel-release
[root@centos7-1 ~]# yum install -y nginx
# 启动服务
[root@centos7-1 ~]# systemctl enable --now nginx.service
# 生成访问资源
[root@centos7-1 ~]# echo 'welcome to dinginx websit01' > /usr/share/nginx/html/index.html
# 测试
[root@centos7-1 ~]# curl 11.0.1.116
welcome to dinginx websit01
web02执行同样的操作
4.3.3.2 web界面创建操作
4.3.3.2.1 项目→网络→Neutron Load Balancers→Create Load Balancer
4.3.3.2.2 选择协议及port
4.3.3.2.3 选择负载均衡算法
4.3.3.2.4 添加后端服务器
4.3.3.2.5 设置健康检测机制
4.3.3.3 访问测试
http://11.0.1.133/
[root@controller ~]# for i in {1..10};do curl 11.0.1.133;done
welcome to dinginx websit02
welcome to dinginx websit01
welcome to dinginx websit02
welcome to dinginx websit01
welcome to dinginx websit02
welcome to dinginx websit01
welcome to dinginx websit02
welcome to dinginx websit01
welcome to dinginx websit02
welcome to dinginx websit01
5 安装第三方WEB界面skyline
安装和配置 Skyline APIServer 服务。在开始之前,您必须有一个准备好的 OpenStack 环境。至少它包括 keystone, glance, nova and neutron service,并且在主机上安装docker服务。
5.1 创库授权
# 创库授权
[root@controller ~]# mysql -uroot -p <<EOF
CREATE DATABASE skyline DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON skyline.* TO 'skyline'@'localhost' IDENTIFIED BY 'SKYLINE_DBPASS';
GRANT ALL PRIVILEGES ON skyline.* TO 'skyline'@'%' IDENTIFIED BY 'SKYLINE_DBPASS';
EOF
# 创建服务凭证
[root@controller ~]# openstack user create --domain default --password SKYLINE_PASS skyline
[root@controller ~]# openstack role add --project service --user skyline admin
5.2 安装和配置组件
5.2.1 配置docker环境
# step 1: 安装必要的一些系统工具
sudo apt update && apt install ca-certificates curl gnupg -y
# step 2: 信任 Docker 的 GPG 公钥
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
# Step 3: 写入软件源信息
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://mirrors.aliyun.com/docker-ce/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
# Step 4: 安装Docker
sudo apt-get install docker-ce docker-ce-cli docker-buildx-plugin docker-compose-plugin
5.2.2 下载skyline的docker镜像
# 下载skyline的docker镜像
docker pull 99cloud/skyline:latest
docker pull registry.cn-hangzhou.aliyuncs.com/cloudcs/skyline:latest
mkdir -p /etc/skyline /var/log/skyline /var/lib/skyline /var/log/nginx /etc/skyline/policy
cat <<EOF |tee /etc/skyline/skyline.yaml
default:
access_token_expire: 3600
access_token_renew: 1800
cafile: ''
cors_allow_origins: []
database_url: mysql://skyline:SKYLINE_DBPASS@controller:3306/skyline
debug: false
log_dir: /var/log/skyline
log_file: skyline.log
policy_file_path: /etc/skyline/policy
policy_file_suffix: policy.yaml
prometheus_basic_auth_password: ''
prometheus_basic_auth_user: ''
prometheus_enable_basic_auth: false
prometheus_endpoint: http://localhost:9091
secret_key: aCtmgbcUqYUy_HNVg5BDXCaeJgJQzHJXwqbXr0Nmb2o
session_name: session
ssl_enabled: true
openstack:
base_domains:
- heat_user_domain
default_region: RegionOne
enforce_new_defaults: true
extension_mapping:
floating-ip-port-forwarding: neutron_port_forwarding
fwaas_v2: neutron_firewall
qos: neutron_qos
vpnaas: neutron_vpn
interface_type: public
keystone_url: http://controller:5000/v3/
nginx_prefix: /api/openstack
reclaim_instance_interval: 604800
service_mapping:
baremetal: ironic
block-storage: cinder
compute: nova
container: zun
container-infra: magnum
database: trove
dns: designate
identity: keystone
image: glance
instance-ha: masakari
key-manager: barbican
load-balancer: octavia
network: neutron
object-store: swift
orchestration: heat
placement: placement
sharev2: manilav2
sso_enabled: false
sso_protocols:
- openid
sso_region: RegionOne
system_admin_roles:
- admin
- system_admin
system_project: service
system_project_domain: Default
system_reader_roles:
- system_reader
system_user_domain: Default
system_user_name: skyline
system_user_password: 'SKYLINE_PASS' # openstack的keystone密码
setting:
base_settings:
- flavor_families
- gpu_models
- usb_models
flavor_families:
- architecture: x86_architecture
categories:
- name: general_purpose
properties: []
- name: compute_optimized
properties: []
- name: memory_optimized
properties: []
- name: high_clock_speed
properties: []
- architecture: heterogeneous_computing
categories:
- name: compute_optimized_type_with_gpu
properties: []
- name: visualization_compute_optimized_type_with_gpu
properties: []
gpu_models:
- nvidia_t4
usb_models:
- usb_c
EOF
5.3 测试
# 运行引导服务器
root@skyline:~# sudo docker run -d --name skyline_bootstrap -e KOLLA_BOOTSTRAP="" -v /etc/skyline/skyline.yaml:/etc/skyline/skyline.yaml -v /var/log:/var/log --net=host 99cloud/skyline:latest
06399fbcc19114cfcf2883cc68a6d7b20a614579c42d2abc969596a40966a0f5
root@skyline:~# docker logs skyline_bootstrap
+ echo '/usr/local/bin/gunicorn -c /etc/skyline/gunicorn.py skyline_apiserver.main:app'
+ mapfile -t CMD
++ tail /run_command
++ xargs -n 1
+ [[ -n 0 ]]
+ cd /opt/skyline_apiserver/
+ make db_sync
alembic -c skyline_apiserver/db/alembic/alembic.ini upgrade head
2025-09-12 14:18:20.949 | INFO | alembic.runtime.migration:__init__:211 - Context impl MySQLImpl.
2025-09-12 14:18:20.950 | INFO | alembic.runtime.migration:__init__:214 - Will assume non-transactional DDL.
2025-09-12 14:18:20.971 | INFO | alembic.runtime.migration:run_migrations:622 - Running upgrade -> 000, init
+ exit 0
# 清理引导服务器
sudo docker rm -f skyline_bootstrap
# 使用sqllite运行引导
docker run -d --name skyline_bootstrap \
-e KOLLA_BOOTSTRAP="" \
-v /etc/skyline/skyline.yaml:/etc/skyline/skyline.yaml \
-v /tmp/skyline:/tmp --net=host 99cloud/skyline:latest
# 运行 skyline-apiserver
sudo docker run -d --name skyline --restart=always \
-v /etc/skyline/skyline.yaml:/etc/skyline/skyline.yaml \
-v /tmp/skyline:/tmp \
-v /var/log:/var/log \
--net=host 99cloud/skyline:latest
# 或者指定端口
docker run -d --name skyline --restart=always \
-v /etc/skyline/skyline.yaml:/etc/skyline/skyline.yaml \
-v /var/log:/var/log \
-e LISTEN_ADDRESS=11.0.1.10:9942 \
--net=host 99cloud/skyline:latest
# 报错可通过controller端测试
openstack --os-auth-url http://controller:5000/v3 \
--os-username skyline --os-password SKYLINE_PASS \
--os-project-name service --os-user-domain-name Default \
--os-project-domain-name Default token issue
访问默认端口http://11.0.1.10:9999/
主界面
愿你日志无报错,服务不宕机,集群永远健康
🌙 我们下篇文章见。
发表于 11 小时前
|
查看: 1|
回复: 0
