2、02-什么是soa架构
openstack实现的是云计算IAAS,开源的云计算平台,apache 2.0开源协议,阿里云(飞天云平台)
openstack ( soa架构)
云平台(keystone认证服务,glance镜像服务,nova计算服务,neutron网络服务,cinder存储服务,horizon,web界面)
每个服务:数据库,消息队列,memcached缓存,时间同步
MVC model view control
SOA(拆业务,把每个功能拆成一个独立的web服务)千万用户同时访问
3、03-openstack的基础服务安装
1.0、openstack基础服务
172.31.0.11-controller 172.31.0.31-compute1
---------------------------------------------
7:虚拟机规划
controller: 内存3G,cpu开启虚拟化,ip: 172.31.0.11
computel: 内存1G,cpu开启虚拟化(必开),ip: 172.31.0.31
# vim .bashrc
alias hset='hostnamectl set-hostname'
# hset controller
# hset compete1
添加host解析
# vim /etc/hosts
172.31.0.11 controller
172.31.0.31 compete1
挂载光盘
# mount /dev/cdrom /mnt
开机自动挂载
# echo 'mount /dev/cdrom /mnt' >> /etc/rc.local && chmod +x /etc/rc.d/rc.local
查看结果
# lsblk
安装openstack的yum源
curl -o /etc/yum.repos.d/Cent0S-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
D:\和彩云同步文件夹\Service optimization file\Openstack\centos-release-openstack-ocata-1-2.el7.noarch.rpm
更新源
# yum list | grep openstack
# yum install centos-release-openstack-ocata-1-2.el7.noarch.rpm
# yum install centos-release-openstack-queens.noarch -y
# cd /etc/yum.repos.d/
# yum repolist && yum makecache
172.31.0.11
------------
配置时间服务
# rpm -qa chrony
# vim /etc/chrony.conf
server ntp.aliyun.com iburst
server time1.cloud.tencent.com iburst
server s1b.time.edu.cn iburst
allow 172.31.0.0/21
启动服务
# systemctl restart chronyd
172.31.0.31
------------
# vim /etc/chrony.conf
server 172.31.0.11 iburst
server ntp.aliyun.com iburst
server time1.cloud.tencent.com iburst
server s1b.time.edu.cn iburst
#allow 172.31.0.11/21
启动服务
# systemctl restart chronyd
查看开启结果
udp 0 0 0.0.0.0:123 #服务端口
udp 0 0 127.0.0.1:323 #客户端端口
172.31.0.11 172.31.0.31
-----------------------
安装openstack客户端和openstack-selinux
# yum install python-openstackclient openstack-selinux -y
172.31.0.11
---------------
仅控制节点执行:
安装配置mariadb
# yum install mariadb mariadb-server python2-PyMySQL -y
创建数据库配置文件
# vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 172.31.0.11
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
启动数据库
# systemctl restart mariadb && systemctl enable mariadb
# mysql_secure_installation
回车
n
y
y
y
y
消息队列
秒杀,排队写入数据库
服务与服务之间就需要调用的问题就需要消息队列
安装rabbitmq
# yum install rabbitmq-server -y
# systemctl restart rabbitmq-server.service && systemctl enable rabbitmq-server.service
创建用户
# rabbitmqctl add_user openstack RABBIT_PASS
设置权限
# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
启动web界面服务
# rabbitmq-plugins enable rabbitmq_management
查看端口
# ss -tnl
LISTEN 0 128 *:25672 #集群端口
LISTEN 0 128 [::]:5672 #客户端端口
LISTEN 0 1024 *:15672 #web服务端口
安装memcached缓存token
# yum install memcached python-memcached -y
# sed -i 's#127.0.0.1#172.31.0.11#g' /etc/sysconfig/memcached
# systemctl restart memcached.service && systemctl enable memcached.service
查看服务启动结果
# netstat -luntp
tcp 0 0 172.31.0.11:11211 #memcache监听端口
精确搜索
openstack哪个版本最稳定 site:cnblogs.com/
访问:
172.31.0.11:15672
1.1、openstack架构图
glance 镜像服务 172.31.0.11:9292
nova 计算服务 172.31.0.11:8774
neutron 网络服务 172.31.0.11:9696
cinder 块存储服务 172.31.0.11:8776
4、04-安装keystone认证服务上
keystone: 认证管理,授权管理和服务目录
认证管理: 提供一套账号密码的机制,创建用户
授权管理: 授权服务账号能够登录
服务目录: 记录信息,相当于注册中心,可以在其服务上查到各个服务的地址
openstack服务安装的通用步骤
1:创库授权
2:在keystrone创建用户,关联角色_root
3: 在keystrone上创建服务,注册API
4: 安装服务相关的软件包
5:修改配置
数据库连接
rabbitmq连接信息
keystrone认证授权信息
其他配置
6:同步数据库,创建表
7:启动服务
172.31.0.11
=============
1、创库授权
-----------
create database keystone;
grant all privileges on keystone.* to 'keystone'@'localhost' identified by 'keystone_datapass';
grant all privileges on keystone.* to 'keystone'@'%' identified by 'keystone_datapass';
2、安装keystone相关软件包
------------------------
nginx--->fastcgi----> php
nginx--->uwsgi----> python
# yum install openstack-keystone httpd mod_wsgi -y #安装的mod_wsgi为apache的拓展模块
配置httpd
# echo "ServerName controller" >> /etc/httpd/conf/httpd.conf
配置 Apache HTTP 服务器
# vim /etc/httpd/conf.d/wsgi-keystone.conf #执行echo
echo 'Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>' >/etc/httpd/conf.d/wsgi-keystone.conf
3、修改配置文件
---------------
# grep -Ev '^$|#' /etc/keystone/keystone.conf #查看配置文件未注释的行
# cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak
# grep -Ev '^$|#' /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf
# vim /etc/keystone/keystone.conf
[DEFAULT]
admin_token = ADMIN_TOKEN #定义初始管理令牌的值
[application_credential]
[assignment]
[auth]
[cache]
[catalog]
[cors]
[credential]
[database]
connection = mysql+pymysql://keystone:keystone_datapass@controller/keystone #数据库的连接信息/协议/连接数据库账号密码/解析主机名/这台主机上的keystone的库
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[federation]
[fernet_tokens]
[healthcheck]
[identity]
[identity_mapping]
[ldap]
[matchmaker_redis]
[memcache]
[oauth1]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
[policy]
[profiler]
[resource]
[revoke]
[role]
[saml]
[security_compliance]
[shadow_users]
[signing]
[token]
provider = fernet #配置Fernet UUID令牌的提供者,分配给其他服务,fernet生成随机字符串
[tokenless_auth]
[trust]
[unified_limit]
还原修改
# md5sum /etc/keystone/keystone.conf
2560c23e97fc61cccf1f2558cb66f532 /etc/keystone/keystone.conf
# grep -Ev '^$|#' /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf
自动修改配置文件
# yum install openstack-utils -y
# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token ADMIN_TOKEN
# openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:keystone_datapass@controller/keystone
# openstack-config --set /etc/keystone/keystone.conf token provider fernet
测试结果
# md5sum /etc/keystone/keystone.conf
ece5b7540d17d5a631e408285cc488a3 /etc/keystone/keystone.conf
4、同步数据库
------------
# su -s /bin/sh -c "keystone-manage db_sync" keystone
查看同步数据库信息
# mysql keystone -e 'show tables;'
初始化fernet
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
生成目录文件
# ll /etc/keystone/ #fernet-keys
5、启动服务
# systemctl enable httpd.service
# systemctl start httpd.service
查看启动端口
# netstat -luntp
tcp6 0 0 :::35357
tcp6 0 0 :::5000
5、05-安装keystone服务下
172.31.0.11
=============
创建服务和注册api:
export OS_TOKEN=ADMIN_TOKEN
export OS_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
查看环境变量
# env|grep OS
创建openstack认证服务
# openstack service create --name keystone --description "OpenStack Identity" identity #创建认证服务
# openstack endpoint create --region RegionOne identity public http://controller:5000/v3 #创建访问接口,公共
# openstack endpoint create --region RegionOne identity internal http://controller:5000/v3 #创建访问接口,内部
# openstack endpoint create --region RegionOne identity admin http://controller:35357/v3 #管理员通道
创建域、项目、用户和角色
创建域:地域
项目(租户):一个团队为一个项目
用户:租户下的子账号为用户
角色:给用户授权
# openstack domain create --description "Default Domain" default #domain域,创建默认的域
# openstack project create --domain default --description "Admin Project" admin #创建项admin目
# openstack user create --domain default --password ADMIN_PASS admin #创建admin用户,给admin用户设置密码
# openstack role create admin #创建一个admin角色
关联项目,用户,角色
# openstack role add --project admin --user admin admin #在admin项目上给admin用户授予admin角色
创建service项目
给openstack服务用,glance,nova,neutron
# openstack project create --domain default --description "Service Project" service
取消环境变量
# unset OS_TOKEN #或者退出会话框
设置环境变量
# vim /etc/profile
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
分配token值
# openstack token issue
查看角色列表
# openstack role list
查看当前创建的用户
# openstack user list
查看项目列表
# openstack project list
查看服务列表
# openstack service list
查看访问接口列表
# openstack endpoint list
查看表信息
# mysql keystone -e "show tables;"|grep user
# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2021-06-14T20:01:02+0000 |
| id | gAAAAABgx6du2h0_7p3s7tdKvl-_bo2IyM7AOkYlP3R0G9dH-d02HIIJVcCz9bmyIXErC_MhX3IrzMAKxnRzUEHu3yMQL_XcTAy9P4h-96EjhbSABfN9ylOYeGSC-gcPGCVtomu9HF-KcfdiA3HsWK2yQkuLN7a2JBPf0aah9rpy3JaTAs6bUzg |
| project_id | 820318cdc2cf4051b3923ba4e3138ab1 |
| user_id | 0a84e3eb6b5c43faaa26b4ded2b69e5f
6、06-安装glance镜像服务
172.31.0.11
=============
glance: 镜像服务,允许用户上传下载,查看列表
glance-api: 响应外接的API调用请求,接收镜像API的调用,诸如镜像发现、恢复、存储
glance-registry: 修改镜像的个各种属性,镜像中需要多大CPU或者是/的大小
安装glance镜像服务
1、创库授权
-------------
创建数据库
# mysql
CREATE DATABASE glance;
数据库授予恰当的权限
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'controller' IDENTIFIED BY 'GLANCE_DBPASS';
2、在keystone创建glance用户关联角色
------------------------------------
# openstack user create --domain default --password GLANCE_PASS glance
添加 admin 角色到 glance 用户和 service 项目上
# openstack role add --project service --user glance admin
测试授权结果
# openstack role assignment list
3、在keystone上创建服务和注册api
--------------------------------
创建glance服务实体
# openstack service create --name glance \
--description "OpenStack Image" image
创建镜像服务的 API 端点
# openstack endpoint create --region RegionOne \
image public http://controller:9292
# openstack endpoint create --region RegionOne \
image internal http://controller:9292
# openstack endpoint create --region RegionOne \
image admin http://controller:9292
4、安装服务相关软件包
---------------------
# yum install openstack-glance -y
5、修改配置文件
---------------
cp /etc/glance/glance-api.conf{,.bak}
grep '^[a-Z\[]' /etc/glance/glance-api.conf.bak > /etc/glance/glance-api.conf
openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http
openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password GLANCE_PASS
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
####
cp /etc/glance/glance-registry.conf{,.bak}
grep '^[a-Z\[]' /etc/glance/glance-registry.conf.bak > /etc/glance/glance-registry.conf
openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password GLANCE_PASS
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
验证
# md5sum /etc/glance/glance-api.conf
40c56a7c604899fdbdc784d2eeb7c3b0 /etc/glance/glance-api.conf
# md5sum /etc/glance/glance-registry.conf
33f4c482a1e3c127741480ead93c3ac4 /etc/glance/glance-registry.conf
6、同步数据库
--------------
# su -s /bin/sh -c "glance-manage db_sync" glance
mysql glance -e "show tables;"
7、启动服务
systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
systemctl start openstack-glance-api.service \
openstack-glance-registry.service
查看启动端口
# netstat -luntp
LISTEN 0 4096 *:9191
LISTEN 0 4096 *:9292 #注册API的时候为9292端口
上传测试镜像
D:\和彩云同步文件夹\Service optimization file\Openstack\cirros-0.3.4-x86_64-disk.img
bare: 表示普通虚拟机的进行,不是容器的镜像
qcow2: 格式
public: 公共的镜像
openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
查看镜像存放目录
# ll /var/lib/glance/images #不为空则镜像导入成功
校验结果
# md5sum /var/lib/glance/images/ac4fc7d0-03fa-43b1-a836-13d69ee3a2f6
ee1eca47dc88f4879d8a229cc70a07c6 /var/lib/glance/images/ac4fc7d0-03fa-43b1-a836-13d69ee3a2f6
# md5sum cirros-0.3.4-x86_64-disk.img
ee1eca47dc88f4879d8a229cc70a07c6 cirros-0.3.4-x86_64-disk.img
查看镜像列表
# openstack image list
查看镜像对应数据库的表
# mysql glance -e "show tables;"|grep image
7、01-nova计算服务控制节点
172.31.0.11
=============
nova: 用来创建云主机
nova-api: 接受并响应所有的计算服务请求,管理虚拟机(云主机)生命周期
nova-compute(多个): 真正管理创建虚拟机(nova-compute调用libvirt,后者管理虚拟机)
nova-scheduler: nova调度器(挑选出最合适的nova-compute来创建虚机> , 合理分配创建虚拟机资源
nova-conductor: 帮助nova-compute代理修改数据库中虚拟机的状态,通过消息队列实现实时的通讯
nova-network 早期openstack版本管理虚拟机的网络(已弃用,neutron )
nova-consoleauth和nova-novncproxy: web版的vnc来直接操作云主机,consoleauth提供授权服务
novncproxy: web版vnc客户端
nova api metadata: 接受来自虚拟机发送的元数据请求(配合neutron-metadata-agent,来虚拟机定制化)
在控制节点上:
1、创库授权
------------
create database nova_api;
create database nova;
grant all privileges on nova_api.* to 'nova'@'localhost' identified by 'NOVA_DBPASS';
grant all privileges on nova_api.* to 'nova'@'%' identified by 'NOVA_DBPASS';
grant all privileges on nova.* to 'nova'@'localhost' identified by 'NOVA_DBPASS';
grant all privileges on nova.* to 'nova'@'%' identified by 'NOVA_DBPASS';
2、在keystone创建系统用户(glance,nova,neutron)管理角色
----------------------------------------------------
openstack user create --domain default --password NOVA_PASSS nova
openstack role add --project service --user nova admin
3、在keystone上创建服务和注册api(服务目录)
--------------------------------
openstack service create --name nova \
--description "OpenStack Compute" compute
openstack endpoint create --region RegionOne \
compute public http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
compute internal http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
compute admin http://controller:8774/v2.1/%\(tenant_id\)s
4、安装服务包
---------------
yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler -y
*********************************