The OpenStack project is an open source cloud computing platform that supports all types of cloud environments. The project aims for simple implementation, massive scalability, and a rich set of features. Cloud computing experts from around the world contribute to the project.
OpenStack provides an Infrastructure-as-a-Service (IaaS) solution through a variety of complementary services. Each service offers an Application Programming Interface (API) that facilitates this integration.
This guide covers step-by-step deployment of the major OpenStack services using a functional example architecture suitable for new users of OpenStack with sufficient Linux experience.
在你对基础安装,配置,操作和故障诊断熟悉之后,你应该考虑按照以下步骤使用生产架构来进行部署
确定并补充必要的核心和可选服务,以满足性能和冗余要求。
使用诸如防火墙,加密和服务策略的方式来加强安全。
使用自动化部署工具,例如Ansible, Chef, Puppet, or Salt来自动化部署,管理生产环境
为了启动一个基本 :term:`virtual machine <virtual machine (VM)>`或者实例,这个示例架构要求至少两个节点(主机)。诸如块存储和对象存储这样的可选服务需要额外的节点。
这个示例架构不同于下面这样的最小生产结构
网络代理驻留在控制节点上而不是在一个或者多个专用的网络节点上。
私有网络的覆盖流量通过管理网络而不是专用网络
For more information on production architectures, see the Architecture Design Guide, OpenStack Operations Guide, and OpenStack Networking Guide.
The controller node runs the Identity service, Image service, management portions of Compute, management portion of Networking, various Networking agents, and the dashboard. It also includes supporting services such as an SQL database, message queue, and NTP.
Optionally, the controller node runs portions of the Block Storage, Object Storage, Orchestration, and Telemetry services.
计算节点上需要至少两块网卡。
计算节点运行操作实例的 :term:`hypervisor`计算部分。默认情况下使用 :term:`KVM <kernel-based VM (KVM)>`作为hypervisor。计算节点同样运行网络服务代理,用来连接实例到虚拟网络,通过:term:`security groups <security group>`为实例提供防火墙服务。instances via .
你可以部署超过一个计算节点。每个结算节点至少需要两块网卡。
可选的块存储节点上包含了磁盘,块存储服务和共享文件系统会向实例提供这些磁盘。
为了简单起见,计算节点和本节点之间的服务流量使用管理网络。生产环境中应该部署一个单独的存储网络以增强性能和安全。
你可以部署超过一个块存储节点。每个块存储节点要求至少一块网卡。
可选的对象存储节点包含了磁盘。对象存储服务用这些磁盘来存储账号,容器和对象。
为了简单起见,计算节点和本节点之间的服务流量使用管理网络。生产环境中应该部署一个单独的存储网络以增强性能和安全。
这个服务要求两个节点。每个节点要求最少一块网卡。你可以部署超过两个对象存储节点。
从下面的虚拟网络选项中选择一种选项。
The provider networks option deploys the OpenStack Networking service in the simplest way possible with primarily layer-2 (bridging/switching) services and VLAN segmentation of networks. Essentially, it bridges virtual networks to physical networks and relies on physical network infrastructure for layer-3 (routing) services. Additionally, a DHCP service provides IP address information to instances.
注解
This option lacks support for self-service (private) networks, layer-3 (routing) services, and advanced services such as LBaaS and FWaaS. Consider the self-service networks option if you desire these features.
The self-service networks option augments the provider networks option with layer-3 (routing) services that enable self-service networks using overlay segmentation methods such as VXLAN. Essentially, it routes virtual networks to physical networks using NAT. Additionally, this option provides the foundation for advanced services such as LBaaS and FWaaS.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.