(参考文献:http://www.cnblogs.com/kevingrace/p/5707003.html 、https://docs.openstack.org/mitaka/zh_CN/install-guide-rdo/)
大规模部署方案解释:http://geek.csdn.net/news/detail/209764
注:建议更改某个服务的配置文件时,拷贝一份,防止修改错误而乱删乱改!!!
314463783ef9a336f35f
1、系统:centOS7
2、数量:暂定3台
·1、控制节点:controller1 IP:192.168.2.201 外网:124.65.181.122
·2、计算节点:nova1 IP:192.168.2.202 外网:124.65.181.122
·3、块存储节点:cinder IP:192.168.2.223 至少两块硬盘
3、域名解析和关闭iptables、selinux(所有节点)
域名解析:vi /etc/hosts
192.168.2.201 controller1
192.168.2.202 compute1
192.168.2.223 cinder1
注:可选择编辑controller1节点的hosts文件然后逐一发送至其他节点:scp /etc/hosts IP地址:/etc/hosts
关闭selinux
永久关闭:vi /etc/selinux/config
SELINUX=disabled
临时关闭:setenforce 0
关闭iptables
永久关闭:systemctl disable firewalld.service
临时关闭:systemctl stop firewalld.service
4、配置网络时间协议(NTP)
控制节点:
yum install chrony
编辑:vi /etc/chrony.conf
allow 192.168/24 #允许的服务器和自己同步时间
systemctl enable chronyd.service #开机自启
systemctl start chronyd.service
timedatectl set-timezone Asia/Shanghai #设置时区
timedatectl status #查看
其他节点:
yum install chrony
编辑:vi /etc/chrony.conf
server controller1 iburst #设置时间服务主机名/IP
systemctl enable chronyd.service #开机自启
systemctl start chronyd.service
timedatectl set-timezone Asia/Shanghai #设置时区
chronyc sources
测试是否时间同步
所有节点执行相同:chronyc sources
5、升级包、系统(所有节点)
yum install centos-release-openstack-mitaka
升级包:yum upgrade #若更新新内核,需重启来使用新内核
客户端:yum install python-openstackclient
安全策略:yum install openstack-selinux
6、数据库—mysql (控制节点)
安装软件包:yum install mariadb mariadb-server MySQL-python
拷贝配置文件:cp /usr/share/mariadb/my-medium.cnf /etc/my.cnf #或者/usr/share/mysql/my-medium.cnf /etc/my.cnf
编辑:vi /etc/my.cnf
[mysqld]
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = ‘SET NAMES utf8’
character-set-server = utf8
设置开机自启:systemctl enable mariadb.service
链接: ln -s ‘/usr/lib/systemd/system/mariadb.service’ ‘/etc/systemd/system/multi-user.target.wants/mariadb.service’
初始化数据库:mysql_install_db –datadir=”/var/lib/mysql” –user=”mysql”
开启数据库:systemctl start mariadb.service
设置密码及初始化:mysql_secure_installation
此处我们登陆数据库,分别创建核心节点的数据库然后赋予相应权限:
CREATE DATABASE keystone; #身份认证
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
CREATE DATABASE glance; #镜像服务
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
CREATE DATABASE nova; #计算服务
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
CREATE DATABASE neutron; #网络服务
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
CREATE DATABASE cinder; #块存储服务
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';刷新数据库:flush privileges;
查看:show databases;
7、消息队列—-rabbitmq (控制节点)
安装软件包:yum install rabbitmq-server
启动rabbitmq:端口为5672
systemctl enable rabbitmq-server.service
链接:
ln -s ‘/usr/lib/systemd/system/rabbitmq-server’ ‘/etc/systemd/system/multi-user.target.wants/rabbitmq-server.service’
启动:systemctl start rabbitmq-server.service
注:若验证是否开启成功执行查看端口命令:netstat -anpt
添加openstack用户及密码:rabbitmqctl add_user openstack openstack123 #openstack123表示自行定义的密码
为openstack用户设置权限:rabbitmqctl set_permissions openstack “.” “.” “.*” #允许配置、写、读访问openstack
查看支持的插件:rabbitmq-plugins list
启动插件:rabbitmq-plugins enable rabbitmq_management #rabbitmq_management表示实现WEB管理
重启rabbitmq服务: systemctl restart rabbitmq-server.service
端口:lsof -i:15672
测试访问http://192.168.2.201:15672 登陆的用户密码皆是guest。(设置的密码表示元数据的密码)
8、认证服务—-keystone (端口:5000和35357) #控制节点执行
1、安装软件包:yum install openstack-keystone httpd mod_wsgi memcached python-memcached
注:memcached表示认证服务缓存
2、首先生成随机值:openssl rand -hex 10
3、拷贝一份keystone配置文件,防止修改出错后排查:cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak
编辑文件vi /etc/keystone/keystone.conf:
[DEFAULT]
admin_token = b6f89e3f5d766bb71bf8 #此处是生成的随机值
token_format = UUID
[database]
connection = mysql+pymysql://keystone:keystone123@controller1/keystone
[memcache]
servers = controller1:11211
[token]
provider = uuid
driver = keystone.token.persistence.backends.sql.Token
注:keystone默认使用SQL数据库存储token,token默认值为1天(24h)。Openstack中每个组件执行的每次命令(请求)都需要token验证,每次访问都会创建token,增长速度非常快,token表数据也会越来越多。随着时间的推移,无效的记录越来越多,企业私有云的量就可以几万条、几十万条。这么多无效的token导致针对token表的SQL语句变慢,性能也会变差,要么手动写个定时脚本清理token表;要么把token存放在memcache缓存中,利用memcache特性,自动删除不使用的缓存。(本次使用第二种方法)
4、创建数据库表,使用命令同步:su -s /bin/sh -c “keystone-manage db_sync” keystone
数据库检查表:mysql -h 192.168.2.201 -u keystone -pkeystone123 #密码键入,直接登陆keystone库
5、启动apache和memcache
启动memcache:
systemctl enable memcached
注:执行此命令后若出现:Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.表示做了一条链接,让其开机自启。然后重新执行此命令!
systemctl start memcached #启动memcache
验证方法则是查看其默认的11211端口是否开启
6、配置httpd,编辑其/etc/httpd/conf/httpd.conf文件
ServerName controller1:80
创建文件/etc/httpd/conf.d/wsgi-keystone.conf,内容如下:
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{
GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{
GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
最低0.47元/天 解锁文章
1215
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
