openstack
私有云搭建
实验环境:rhel7.2
禁用或移除所有自动更新的服务,因为它们会影响到您的 OpenStack 环境。
systemctl stop NetworkManager
systemctl disable NetworkManager
独立节点的配置
1.添加网卡
2.更改配置文件
DEVICE="ens9"
ONBOOT=yes
BOOTPROTO=none
3.重启服务
vim /boot/grub2/grub.cfg
在内核引导文件中添加这个net.ifnames=0(99行)就可以添加网卡之后默认显示的是eth*
一、网络时间的同步;
物理机同步其他时间,虚拟机同步物理机时间
[root@foundation39 images]# vim /etc/chrony.conf
7 server 172.25.254.251 iburst
24 allow 172.25/16
[root@foundation39 images]# chronyc sources -v
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 172.25.254.251 3 6 7 1 -81us[ +27.0s] +/- 30ms
虚拟机同步物理机时间:
[root@open1 yum.repos.d]# vim /etc/chrony.conf
3 server 172.25.39.250 iburst
[root@open1 yum.repos.d]# systemctl restart chronyd
[root@open1 yum.repos.d]# chronyc sources -v——同步成功
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 172.25.39.250 4 6 17 32 -1473ns[ -27us] +/- 32ms
二、yum源的配置
(将openstack的包放到yum仓库中【/var/www/html】)
[root@open1 yum.repos.d]# vim yum.repo
事先准备好自己所要的包,放到http的默认发布目录下:
[openstack]
name=mitaka
baseurl=http://172.25.39.250/mitaka
gpgcheck=0
enabled=1
三、openstack环境的部署
控制节点的部署:
1)openstack包的安装
所有节点上执行这些程序
yum upgrade—在主机上升级包(如果更新了一个新内核,重启主机来使用新内核)
yum install python-openstackclient -y—安装 OpenStack 客户端
2)SQL数据库
大多数 OpenStack 服务使用 SQL 数据库来存储信息。 典型地,数据库运行在控制节点上。
yum install mariadb mariadb-server python2-PyMySQL—安装软件包
创建并编辑 /etc/my.cnf.d/openstack.cnf,然后完成如下动作:
在[mysqld]部分,设置 bind-address
值为控制节点的管理网络IP地址以使得其它节点可以通过管理网络访问数据库:
在[mysqld]部分,设置如下键值来启用一起有用的选项和 UTF-8 字符集:
[root@open1 yum.repos.d]# vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 172.25.39.1
default-storage-engine = innodb-指定存储引擎
innodb_file_per_table----独立表空间
max_connections = 4096----最大连接数
collation-server = utf8_general_ci
character-set-server = utf8
启动数据库服务,并将其配置为开机自启
[root@open1 yum.repos.d]# systemctl enable mariadb.service
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@open1 yum.repos.d]# systemctl start mariadb.service
初始化:
[root@open1 yum.repos.d]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n]
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n]
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n]
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n]
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n]
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
[root@open1 yum.repos.d]# mysql -pwestos
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE keystone;(认证服务、先决条件)
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
-> IDENTIFIED BY 'westos';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'westos';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE nova_api;(计算服务、先决条件)
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE nova;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
-> IDENTIFIED BY 'westos';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'westos';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'westos';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'westos';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE neutron;(Networking 服务、安装和配置计算节点)
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
-> IDENTIFIED BY 'westos';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'westos';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE glance;(Networking 服务、先决条件)
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
-> IDENTIFIED BY 'westos';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
-> IDENTIFIED BY 'westos';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| keystone |
| mysql |
| neutron |
| nova |
| nova_api |
| glance |
| performance_schema |
+--------------------+
7 rows in set (0.00 sec)
MariaDB [(none)]>
3)消息队列
OpenStack 使用 message queue 协调操作和各服务的状态信息。消息队列服务一般运行在控制节点上。OpenStack支持好几种消息队列服务包括 RabbitMQ, Qpid, 和 ZeroMQ。
yum install rabbitmq-server
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
添加 openstack 用户:
rabbitmqctl add_user openstack westos
给openstack用户配置写和读权限:
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
[root@open1 network-scripts]# rabbitmq-plugins enable rabbitmq_management--------管理工具的开启
The following plugins have been enabled:
mochiweb
webmachine
rabbitmq_web_dispatch
amqp_client
rabbitmq_management_agent
rabbitmq_management
Applying plugin configuration to rabbit@open1... started 6 plugins
根据上述显示,与之依赖的也会被打开
netstat -antlp(发现15672打开)
tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 2293/beam
这个时候在浏览器,会出现RabbitMQ界面
http://172.25.39.1:15672/
登陆:用户、密码均为guest
[root@open1 network-scripts]# cat /etc/hosts—一定要解析
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.39.1 open1
172.25.39.2 open2
用户的查看: rabbitmqctl list_users
[root@open1 network-scripts]# rabbitmqctl list_users
Listing users ...
openstack []
guest [administrator]
openstack的权限的查看
[root@open1 network-scripts]# rabbitmqctl list_user_permissions openstack
Listing permissions for user "openstack" ...
/ .* .* .*
用户的认证
[root@open1 network-scripts]# rabbitmqctl authenticate_user openstack openstack
Authenticating user "openstack" ...
Error: failed to authenticate user "openstack"
[root@open1 network-scripts]# rabbitmqctl authenticate_user openstack westos
Authenticating user "openstack" ...
Success
4)memcached
认证服务认证缓存使用Memcached缓存令牌。缓存服务memecached运行在控制节点。
yum install memcached python-memcached
systemctl enable memcached.service
systemctl start memcached.service
[root@open1 network-scripts]# netstat -antlp
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 3847/memcached
监听地址的更改:
vim /etc/sysconfig/memcached
1 PORT="11211"
2 USER="memcached"
3 MAXCONN="1024"
4 CACHESIZE="64"
5 OPTIONS="-l 127.0.0.1,::1,172.25.39.1"
这个时候就会发现监听了设置ip的主机
[root@open1 network-scripts]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 2293/beam
tcp 0 0 172.25.39.1:3306 0.0.0.0:* LISTEN 1024/mysqld
tcp 0 0 172.25.39.1:11211 0.0.0.0:* LISTEN 3890/memcached
tcp