|
我们将尝试构建一个三节点的openstack集群,因为我们会对这些工具进行实验,并检查它所拥有的强大功能,独创性和创新性。所用的操作系统是CentOS 7,服务器控制器节点:MariaDB,RabbitMQ,Memcached,httpd,Keystone,Glance,Nova API,Horizon。
具有以下网络功能的Centos 7 [root@controller ~]# ip link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 52:54:00:15:00:d5 brd ff:ff:ff:ff:ff:ff
安装ntp 安装和配置用于时间同步的网络时间协议(ntp)和用于编辑文件的vim: [root@controller ~]# yum -y install ntp Loaded plugins: fastestmirror Determining fastest mirrors epel/x86_64/metalink | 59 kB 00:00:00 * base: repos-jnb.psychz.net * epel: fedora.cu.be * extras: repos-jnb.psychz.net 你可以安装vim或任何其他文本编辑器: [root@controller ~]# yum install vim 参考:在Linux系统下安装配置Chrony,使其成为NTP客户端替代品。
配置ntp [root@controller ~]# vim /etc/ntp.conf # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst server 0.africa.pool.ntp.org server 1.africa.pool.ntp.org server 2.africa.pool.ntp.org server 3.africa.pool.ntp.org [root@controller ~]# systemctl start ntpd [root@controller ~]# systemctl enable ntpd Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service. Ntp是一种协议,要求我们通过防火墙允许其服务,我们可以使用firewalld来允许它如下: [root@controller ~]# firewall-cmd --add-service=ntp --permanent success [root@controller ~]# firewall-cmd --reload success 现在让我们继续并将OpenStack Queens存储库添加到我们的控制器节点,以便能够检索其包: [root@controller ~]# yum -y install centos-release-openstack-queens</pre. Edit the repo file and ensure all are enabled with "enabled = 1" values as shown with the following examples. [root@controller ~]# vim /etc/yum.repos.d/CentOS-OpenStack-queens.repo [centos-openstack-queens] name=CentOS-7 - OpenStack queens baseurl=http://mirror.centos.org/centos/7/cloud/$basearch/openstack-queens/ gpgcheck=1 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud exclude=sip,PyQt4 [centos-openstack-queens-test] name=CentOS-7 - OpenStack queens Testing baseurl=https://buildlogs.centos.org/centos/7/cloud/$basearch/openstack-queens/ gpgcheck=0 enabled=1 exclude=sip,PyQt
安装及设置MariaDB 下一步是安装MariaDB并对其进行基本设置,让我们开始吧: [root@controller ~]# yum --enablerepo=centos-openstack-queens install mariadb-server -y [root@controller ~]# vim /etc/my.cnf [mysqld] # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 ### Within this [mysqld] section add the line below ### character-set-server=utf8 [root@controller ~]# systemctl start mariadb [root@controller ~]# systemctl enable mariadb Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service. [root@controller ~]# mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB! 最后,在防火墙上允许mysql并重新加载它以应用更改,别忘了重装: [root@controller ~]# firewall-cmd --add-service=mysql --permanent success [root@controller ~]# firewall-cmd --reload success
安装RabbitMQ和Memcahed 数据库启动并运行后,让我们继续安装软件包,让我们安装RabbitMQ和Memcahed并将openstack用户添加到rabbitmq: [root@controller ~]# yum --enablerepo=epel -y install rabbitmq-server memcached Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: repos-jnb.psychz.net * epel: fedora.cu.be * extras: repos-jnb.psychz.net * updates: repos-jnb.psychz.net Resolving Dependencies --> Running transaction check ---> Package memcached.x86_64 0:1.5.6-1.el7 will be installed --> Processing Dependency: libevent-2.0.so.5()(64bit) for package: memcached-1.5.6-1.el7.x86_64 ---> Package rabbitmq-server.noarch 0:3.6.5-1.el7 will be installed 启动并启用rabbitmq和memcached: [root@controller ~]# systemctl start rabbitmq-server memcached [root@controller ~]# systemctl enable rabbitmq-server memcached Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service. Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service. 我们相信RabbitMQ和MySQL已成功安装,如果是这样,让我们继续安装称为Keystone的身份服务,Keystone将需要使用数据库来保存其记录,因此,在安装身份服务之前,我们将在下一步中添加用户和数据库,Keystone是一种OpenStack服务,通过实现OpenStack的Identity API提供API客户端身份验证,服务发现和分布式多租户授权,它需要一个数据库,因此我们在安装它之前为它创建一个: [root@controller ~]# mysql -u root -p ## Enter the root password you set earlier Enter password: Welcome to the MariaDB monitor. Commands end with ; or g. Your MariaDB connection id is 2 Server version: 10.1.20-MariaDB MariaDB Server No entry for terminal type "xterm-termite"; using dumb terminal settings. Type 'help;' or 'h' for help. Type 'c' to clear the current input statement. ## Create database for keystone MariaDB [(none)]> create database keystone; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all privileges on keystone.* to keystone@'localhost' identified by 'password'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> grant all privileges on keystone.* to keystone@'%' identified by 'password'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> flush privileges; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> exit; Bye
安装Keystone 现在让我们安装Keystone: [root@controller ~]# yum --enablerepo=centos-openstack-queens,epel -y install openstack-keystone openstack-utils python-openstackclient httpd mod_wsgi Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile epel/x86_64/metalink | 51 kB 00:00:01 * base: repos-jnb.psychz.net * epel: mirror.de.leaseweb.net * extras: repos-jnb.psychz.net * updates: repos-jnb.psychz.net base | 3.6 kB 00:00:00 centos-ceph-luminous | 2.9 kB 00:00:00 centos-openstack-queens | 2.9 kB 00:00:00 centos-openstack-queens-debuginfo | 2.9 kB 00:00:00 centos-openstack-queens-source | 2.9 kB 00:00:00 centos-openstack-queens-test | 2.9 kB 00:00:00 centos-qemu-ev | 2.9 kB 00:00:00 epel | 3.2 kB 00:00:00 extras | 3.4 kB 00:00:00 rdo-trunk-queens-tested | 3.0 kB 00:00:00 updates | 3.4 kB 00:00:00 (1/5): centos-openstack-queens-source/primary_db Keystone配置,打开keystone配置文件并进行以下更改: [root@controller ~]# vim /etc/keystone/keystone.conf Under credential, edit as below with the IP address of your server [credential] # oslo_cache.memcache_pool backends only). (list value) 605 memcache_servers = 192.168.122.130:11211 #Under database look and edit the connection details as below with your machine details [database] 737 connection = mysql+pymysql://keystone:password@192.168.122.130/keystone # Under token add the provider line as shown below and you are good to go 2878 [token] provider = fernet 之后,输出以下命令来同步数据库,初始化密钥和定义主机: [root@controller ~]# su -s /bin/bash keystone -c "keystone-manage db_sync" [root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone [root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone export controller=192.168.122.130 按如下方式引导keystone服务,并在防火墙中添加端口5000: [root@controller ~]# keystone-manage bootstrap --bootstrap-password password --bootstrap-admin-url http://$controller:5000/v3/ --bootstrap-internal-url http://$controller:5000/v3/ --bootstrap-public-url http://$controller:5000/v3/ --bootstrap-region-id RegionOne [root@controller ~]# firewall-cmd --add-port=5000/tcp --permanent success [root@controller ~]# firewall-cmd --reload success 在httpd配置中为keystone配置创建软链接并启动httpd服务: [root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ [root@controller ~]# systemctl start httpd 如果httpd没有启动并且您收到类似于下面的错误,请检查你的selinux状态: [root@controller ~]# systemctl status httpd -l [root@controller ~]# sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 31 如果启用,有两个选择,要么禁用它,要么配置它,我个人永久禁用它,如下所示: [root@controller ~(keystone)]# vi /etc/sysconfig/selinux # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted 启动httpd并检查其状态: [root@controller ~]# systemctl status httpd [root@controller ~]# systemctl enable httpd [root@controller ~]# systemctl status httpd
添加Keystone项目 下一步是添加Keystone项目,项目是云中可以为用户分配的组织单位,项目也称为项目或帐户,用户可以是一个或多个项目的成员,角色定义用户可以执行的操作。您将角色分配给用户 - 项目对。 要创建项目,我们必须首先创建环境变量,如下所示: [root@controller ~]# vi ~/keystonerc export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=password ##Set the password that you used when creating the keystone bootstrap. export OS_AUTH_URL=http://192.168.122.130:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 export PS1='[u@h W(keystone)]$ ' 之后,通过限制读写访问来提高文件的安全性,然后获取文件: [root@controller ~]# chmod 600 ~/keystonerc [root@controller ~]# source ~/keystonerc [root@controller ~(keystone)]# ##Your terminal should change as this. [root@controller ~(keystone)]# echo "source ~/keystonerc " >> ~/.bash_profile 创建第一个项目,你可以用喜欢的任何名称来描述它: [root@controller ~]# openstack project create --domain default --description "First Project" service
[root@controller ~(keystone)]# openstack user list
为keystone添加glance用户 [root@controller ~(keystone)]# openstack user create --domain default --project service --password password glance
[root@controller ~(keystone)]# openstack user list
[root@controller ~(keystone)]# openstack role add --project service --user glance admin [root@controller ~(keystone)]# openstack service create --name glance --description "Glance Serves Images" image
[root@controller ~(keystone)]# export controller=192.168.122.130
添加端点 我们将继续添加端点,Keystone中的端点只是一个可用于访问OpenStack中的服务的URL,端点就像给定用户使用OpenStack服务的联系点,管理员URL用于管理员用户,内部URL是其他服务用于相互通信的内容,公共URL是访问服务端点的其他人使用的URL: [root@controller ~(keystone)]# openstack endpoint create --region RegionOne image public http://$controller:9292
[root@controller ~(keystone)]# openstack endpoint create --region RegionOne image internal http://$controller:9292
# openstack endpoint create --region RegionOne image admin http://$controller:9292
在完成添加浏览用户,分配角色和创建端点之后,glance需要数据库才能运行,因此在安装和配置之前,让我们继续为其创建数据库: [root@controller ~(keystone)]# mysql -u root -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or g. Your MariaDB connection id is 7 Server version: 10.1.20-MariaDB MariaDB Server No entry for terminal type "xterm-termite"; using dumb terminal settings. Type 'help;' or 'h' for help. Type 'c' to clear the current input statement. MariaDB [(none)]> create database glance; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all privileges on glance.* to glance@'localhost' identified by 'password'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> grant all privileges on glance.* to glance@'%' identified by 'password'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> flush privileges; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> exit; Bye
安装配置glance 1、安装glance [root@controller ~(keystone)]# yum --enablerepo=centos-openstack-queens,epel install openstack-glance -y Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: repos-jnb.psychz.net * epel: mirror.de.leaseweb.net * extras: repos-jnb.psychz.net * updates: repos-jnb.psychz.net Resolving Dependencies --> Running transaction check ---> Package openstack-glance.noarch 1:16.0.2-0.20180706180854.f676961.el7 will be installed --> Processing Dependency: python-glance = 1:16.0.2-0.20180706180854.f676961.el7 for package: 1:openstack-glance-16.0.2-0.20180706180854.f676961.el7.noarch 2、配置glance 首先,创建一个默认文件的备份,并创建具有简洁参数的新文件以匹配你的环境: sudo mv /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bak vim /etc/glance/glance-api.conf 增加以下内容: ###New## [DEFAULT] bind_host = 0.0.0.0 [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ [database] # MariaDB connection informotation. Do not forget the password for glance database connection = mysql+pymysql://glance:password@192.168.122.130/glance # keystone authentication details [keystone_authtoken] www_authenticate_uri = http://192.168.122.130:5000 auth_url = http://192.168.122.130:5000 memcached_servers = 192.168.122.130:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = password ##the password for service [paste_deploy] flavor = keystone 还设置Glance注册表: mv /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.bak vim /etc/glance/glance-registry.conf 添加内容: ###New## [DEFAULT] bind_host = 0.0.0.0 [database] # MariaDB connection information. Do not forget glance database password here. connection = mysql+pymysql://glance:password@10.0.0.30/glance # Keystone authentication details [keystone_authtoken] www_authenticate_uri = http://192.168.122.130:5000 auth_url = http://192.168.122.130:5000 memcached_servers = 192.168.122.130:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = password ##service password here [paste_deploy] flavor = keystone 更改配置文件的文件权限和文件所有权,如下所示: chmod 640 /etc/glance/glance-api.conf /etc/glance/glance-registry.conf chown root:glance /etc/glance/glance-api.conf /etc/glance/glance-registry.conf 进行数据库同步,如果你在此处有错误,请确认你的密码是否正确,并且文件的间距也设置得很好,应该最终看到“数据库已成功同步”: [root@controller ~(keystone)]# su -s /bin/bash glance -c "glance-manage db_sync" /usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1336: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade expire_on_commit=expire_on_commit, _conf=conf) INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. INFO [alembic.runtime.migration] Running upgrade -> liberty, liberty initial INFO [alembic.runtime.migration] Running upgrade liberty -> mitaka01, add index on created_at and updated_at columns of 'images' table INFO [alembic.runtime.migration] Running upgrade mitaka01 -> mitaka02, update metadef os_nova_server INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_expand01, add visibility to images INFO [alembic.runtime.migration] Running upgrade ocata_expand01 -> pike_expand01, empty expand for symmetry with pike_contract01 启动并启用openstack-glance-api和openstack-glance-registry,如下所示,可以选择glance服务,不要忘记启用防火墙中的端口: sudo systemctl start openstack-glance-api openstack-glance-registry sudo systemctl enable openstack-glance-api openstack-glance-registry sudo firewall-cmd --add-port={9191/tcp,9292/tcp} --permanent sudo firewall-cmd --reload
相关主题 |
