OpenStack运维通过安装部署Dashboard控制台启动实例

王先森sec

发布于 2023-04-24 17:21:42

1K0

发布于 2023-04-24 17:21:42

文章被收录于专栏：王先森

Dashboard概述

Dashboard是OpenStack中提供的一个web前端控制台，以此来展示openstack的功能。Dashboard是一个基于Django Web Framework开发的标准的Python WSGI程序。Dashboard将页面上的所有元素模块化，网页中一些常见元素（如表单，表格，标签页）全部被封装成Python类，每个组件都有自己对应的一小块HTML模板，当渲染整个页面的时候，Dashboard先查找当前页面有多少组件，然后将各个组件分别进行渲染变成一段HTML片段，最后拼装成一个完整的HTML页面，返回给浏览器。

Dashboard安装

安装服务

yum install openstack-dashboard -y

服务配置

编辑修改/etc/openstack-dashboard/local_settings

[root@node01 ~]# vim /etc/openstack-dashboard/local_settings


ALLOWED_HOSTS = ['*']

SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'master01.boysec.cn:11211',
    }
}

OPENSTACK_HOST = "master01.boysec.cn"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 3,
}

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"

OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

OPENSTACK_NEUTRON_NETWORK = {
    ...
    'enable_router': False,
    'enable_quotas': False,
    'enable_distributed_router': False,
    'enable_ha_router': False,
    'enable_lb': False,
    'enable_firewall': False,
    'enable_vpn': False,
    'enable_fip_topology_check': False,
}

TIME_ZONE = "Asia/Shanghai"

修改apache服务

[root@node01 ~]# cat /etc/httpd/conf.d/openstack-dashboard.conf 
WSGIDaemonProcess dashboard
WSGIProcessGroup dashboard
WSGISocketPrefix run/wsgi
WSGIApplicationGroup %{GLOBAL}

WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
Alias /static /usr/share/openstack-dashboard/static

<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
  Options All
  AllowOverride All
  Require all granted
</Directory>

<Directory /usr/share/openstack-dashboard/static>
  Options All
  AllowOverride All
  Require all granted
</Directory>

# 重启httpd
[root@node01 ~]# systemctl restart httpd

web页面访问

用户：admin

密码：keystone

创建实例

创建提供者网络

在启动实例之前，必须创建必须的虚拟机网络设施。在控制节点上，加载 admin 凭证来获取管理员能执行的命令访问权限：

# 创建网络，类型是flat
neutron net-create --shared --provider:physical_network provider \
  --provider:network_type flat provider
# 在网络上创建一个子网
neutron subnet-create --name provider \
  --allocation-pool start=10.1.1.10,end=10.1.1.50 \
  --dns-nameserver 114.114.114.114 --gateway 10.1.1.2 \
  provider 10.1.1.0/24

创建m1.nano规格的主机

openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano

生成一个键值对

ssh-keygen -q -N ""
openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey

另外，你可以跳过执行 ssh-keygen 命令而使用已存在的公钥。

验证公钥的添加：

[root@master01 ~]# openstack keypair list
+-------+-------------------------------------------------+
| Name  | Fingerprint                                     |
+-------+-------------------------------------------------+
| mykey | 78:13:60:bc:22:5e:f2:fe:a0:55:86:6e:b1:e5:b2:25 |
+-------+-------------------------------------------------+

增加安全组规则

默认情况下， default安全组适用于所有实例并且包括拒绝远程访问实例的防火墙规则。对诸如CirrOS这样的Linux镜像，我们推荐至少允许ICMP (ping) 和安全shell(SSH)规则。

# 允许ICMP（ping）
openstack security group rule create --proto icmp default

# 允许安全 shell (SSH) 的访问
openstack security group rule create --proto tcp --dst-port 22 default

验证实例

启动一台实例，您必须至少指定一个类型、镜像名称、网络、安全组、密钥和实例名称。

一个实例指定了虚拟机资源的大致分配，包括处理器、内存和存储。

列出可用类型：

[root@master01 ~]# openstack flavor list
+----+---------+-----+------+-----------+-------+-----------+
| ID | Name    | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+---------+-----+------+-----------+-------+-----------+
| 0  | m1.nano |  64 |    1 |         0 |     1 | True      |
+----+---------+-----+------+-----------+-------+-----------+

列出可用镜像：

[root@master01 ~]# openstack image list
+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| d4e76622-3d1f-43c7-bf0f-5262cd8a3aec | cirros | active |
+--------------------------------------+--------+--------+

列出可用网络：

[root@master01 ~]# openstack network list
+--------------------------------------+----------+--------------------------------------+
| ID                                   | Name     | Subnets                              |
+--------------------------------------+----------+--------------------------------------+
| 6d0657c7-2425-4583-bcc1-0051cee6a869 | provider | 6b17116f-a2b6-44b6-ad06-3d770b3ce187 |
+--------------------------------------+----------+--------------------------------------+

列出可用的安全组：

openstack security group list
+--------------------------------------+---------+------------------------+
| ID                                   | Name    | Description            |
+--------------------------------------+---------+------------------------+
| dd2b614c-3dad-48ed-958b-b155a3b38515 | default | Default security group |
+--------------------------------------+---------+------------------------+

创建实例

openstack server create --flavor m1.nano --image cirros   --nic net-id=6d0657c7-2425-4583-bcc1-0051cee6a869 --security-group default   --key-name mykey test

查看实例的状态

[root@master01 ~]# openstack server list
+--------------------------------------+------+--------+--------------------+--------+---------+
| ID                                   | Name | Status | Networks           | Image  | Flavor  |
+--------------------------------------+------+--------+--------------------+--------+---------+
| 36690634-53e4-45c4-bc8b-95068c3c203d | test | ACTIVE | provider=10.1.1.12 | cirros | m1.nano |
+--------------------------------------+------+--------+--------------------+--------+---------+

Dashboard管理

问题描述：

云主机创建时报错：Host ‘node01.boysec.cn’ is not mapped to any cell

问题解决办法：

控制节点以stack用户执行如下命令：

nova-manage cell_v2 discover_hosts --verbose

openstack 实例卡在引导

在计算节点node01.boysec.cn上：

vim /etc/nova/nova.conf
···
# 添加如下配置
[libvirt]
cpu_mode = none
virt_type = qemu
···
#重启openstack-nova-compute服务
systemctl restart openstack-nova-compute.service

重启实例，登录实例控制台

控制节点免密登录

[root@master01.boysec.cn ~]# ssh cirros@10.1.1.12
The authenticity of host '10.1.1.12 (10.1.1.12)' can't be established.
ECDSA key fingerprint is SHA256:yg1hCOXlL03VOgrlMuU0NFKTkKPt/nLKEuDDmHAK1WI.
ECDSA key fingerprint is MD5:51:15:e1:c6:24:56:57:fb:09:c5:27:b7:7e:63:ed:c7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.1.1.12' (ECDSA) to the list of known hosts.
$ ifconfig
eth0      Link encap:Ethernet  HWaddr FA:16:3E:21:9B:CC  
          inet addr:10.1.1.12  Bcast:10.1.1.255  Mask:255.255.255.0
          inet6 addr: fe80::f816:3eff:fe21:9bcc/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:123 errors:0 dropped:0 overruns:0 frame:0
          TX packets:155 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:15594 (15.2 KiB)  TX bytes:15822 (15.4 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

本文参与腾讯云自媒体同步曝光计划，分享自作者个人站点/博客。

原始发表：2022-01-24，如有侵权请联系 cloudcommunity@tencent.com 删除

运维