一、环境准备
1.1、服务器准备
主机名 | 系统 | 网卡 |
---|---|---|
ct(控制节点) | centos7 | 虚拟:172.16.100.254 nat:192.168.100.254 |
c2 (计算节点1) | centos7 | 虚拟:172.16.100.252 nat:192.168.100.252 |
虚拟机必须开启cpu虚拟化
1.2、关闭防火墙与selinux(两台主机都要进行操作)
目录
1.4、配置本地yum源使其用来安装基本操作命令(两台主机进行同样的操作)
1.5、安装wget命令,用以配置阿里源(两三台主机进行同样操作)
1.6、安装所需的软件,保证是最新版的(两台主机进行同样的操作)
二、安装openstack Train版(两台机器都要进行安装,保证是最新版)
systemctl stop firewalld #关闭防火墙 systemctl disable firewalld #永久关闭防火墙 setenforce 0 #关闭selinux vi /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled #改为disabled,开机自动关闭selinux # SELINUXTYPE= can take one of three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
1.3、修改主机名
控制节点
hostnamectl set-hostname ct su
计算节点1
hostnamectl set-hostname c2 su
1.4、配置本地yum源使其用来安装基本操作命令(两台主机进行同样的操作)
[root@c2 /]rm -rf /etc/yum.repos.d/* #先删除本地的网络源 [root@c2 /] [root@c2 /]vi /etc/yum.repos.d/centos.repo #编写新的本地源 [centos] name=centos baseurl=file:///mnt gpgcheck=0 enabled=1 :wq [root@c2 /]lsblk #查看磁盘镜像文件 NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 20G 0 disk ├─sda1 8:1 0 300M 0 part /boot ├─sda2 8:2 0 2G 0 part [SWAP] └─sda3 8:3 0 17.7G 0 part / sr0 11:0 1 1024M 0 rom // 镜像文件不存在,手动添加。 选择 虚拟机——>设置——>CD/DVD(IDE)——>设备状态全勾选——>连接(选择使用IOS镜像文件——>浏览找到存放在物理机上的镜像)——>确定 [root@c2 /]lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 20G 0 disk ├─sda1 8:1 0 300M 0 part /boot ├─sda2 8:2 0 2G 0 part [SWAP] └─sda3 8:3 0 17.7G 0 part / sr0 11:0 1 4.3G 0 rom [root@c2 /]mount /dev/sr0 /mnt/ mount: /dev/sr0 写保护,将以只读方式挂载 [root@c2 /]df -hT 文件系统 类型 容量 已用 可用 已用% 挂载点 /dev/sda3 xfs 18G 1.2G 17G 7% / devtmpfs devtmpfs 1.9G 0 1.9G 0% /dev tmpfs tmpfs 1.9G 0 1.9G 0% /dev/shm tmpfs tmpfs 1.9G 12M 1.9G 1% /run tmpfs tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup /dev/sda1 xfs 297M 120M 177M 41% /boot tmpfs tmpfs 378M 0 378M 0% /run/user/0 /dev/sr0 iso9660 4.3G 4.3G 0 100% /mnt //挂载成功 [root@c2 /] [root@c2 /]yum clean all // 清空yum源缓存 已加载插件:fastestmirror 正在清理软件源: centos [root@c2 /] [root@c2 /]yum repolist
// 生成新的缓存 已加载插件:fastestmirror Determining fastest mirrors centos | 3.6 kB 00:00:00 (1/2): centos/group_gz | 166 kB 00:00:00 (2/2): centos/primary_db | 3.1 MB 00:00:00 源标识 源名称 状态 centos centos 4,021 repolist: 4,021 // 出现数字代表生成缓存成功 [root@c2 /]
1.5、安装wget命令,用以配置阿里源(两三台主机进行同样操作)
[root@c2 /]yum install -y wget ………………………… ………………………… 正在安装 : wget-1.14-18.el7.x86_64 1/1 验证中 : wget-1.14-18.el7.x86_64 1/1 已安装: wget.x86_64 0:1.14-18.el7 [root@c2 /] cd /etc/yum.repos.d/ [root@c2 yum.repos.d]wget http://mirrors.aliyun.com/repo/Centos-7.repo
1.6、安装所需的软件,保证是最新版的(两台主机进行同样的操作)
[root@c2 /]yum -y install net-tools bash-completion vim gcc gcc-c++ make pcre pcre-devel expat-devel cmake bzip2 lrzsz --nogpgcheck 已加载插件:fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com 软件包 net-tools-2.0-0.25.20131004git.el7.x86_64 已安装并且是最新版本 软件包 1:bash-completion-2.1-8.el7.noarch 已安装并且是最新版本 软件包 2:vim-enhanced-7.4.629-8.el7_9.x86_64 已安装并且是最新版本 软件包 gcc-4.8.5-44.el7.x86_64 已安装并且是最新版本 软件包 gcc-c++-4.8.5-44.el7.x86_64 已安装并且是最新版本 软件包 1:make-3.82-24.el7.x86_64 已安装并且是最新版本 软件包 pcre-8.32-17.el7.x86_64 已安装并且是最新版本 软件包 pcre-devel-8.32-17.el7.x86_64 已安装并且是最新版本 软件包 expat-devel-2.1.0-14.el7_9.x86_64 已安装并且是最新版本 软件包 cmake-2.8.12.2-2.el7.x86_64 已安装并且是最新版本 软件包 bzip2-1.0.6-13.el7.x86_64 已安装并且是最新版本 软件包 lrzsz-0.12.20-36.el7.x86_64 已安装并且是最新版本 无须任何处理 [root@c2 /]yum -y install centos-release-openstack-train python-openstackclient openstack-selinux openstack-utils --nogpgcheck 已加载插件:fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * centos-ceph-nautilus: mirrors.tuna.tsinghua.edu.cn * centos-nfs-ganesha28: mirrors.aliyun.com * centos-openstack-train: mirrors.aliyun.com * centos-qemu-ev: mirrors.tuna.tsinghua.edu.cn * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com 软件包 centos-release-openstack-train-1-1.el7.centos.noarch 已安装并且是最新版本 软件包 python2-openstackclient-4.0.2-1.el7.noarch 已安装并且是最新版本 软件包 openstack-selinux-0.8.26-1.el7.noarch 已安装并且是最新版本 软件包 openstack-utils-2017.1-1.el7.noarch 已安装并且是最新版本 无须任何处理 [root@c2 /]
软件解释
net-tools:ifconfig命令行工具 bash-completion:辅助自动补全工具 vim:vim工具 gcc gcc-c++:编译环境 make:编译器 pcre pcre-devel:是一个Perl库,包括 perl 兼容的正则表达式库 expat-devel:Expat库,Expat是一个面向流的xml解析器 cmake:CMake是一个跨平台的编译工具,CMkae目前主要使用场景是作为make的上层工具,产生可移植的 makefile文件 lrzsz:可使用rz、sz命令上传、下载数据
OpenStack 的 train 版本仓库源安装包,同时安装 OpenStack 客户端和 openstack-selinux 安装包
1.7、配置主机映射(两台服务器进行同样的操作)
[root@c2 /]echo "172.16.100.252 c2" >> /etc/hosts [root@c2 /]echo "172.16.100.254 ct" >> /etc/hosts [root@c2 /]cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 172.16.100.252 ct 172.16.100.254 c2 [root@c2 /]
1.8、节点免交互(所有节点都要进行操作)
[root@c2 /]ssh-keygen -t rsa // 创建非对称密钥 Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): // 回车:默认密钥存放位置 Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): // 回车:无需密钥对密码 Enter same passphrase again: // 回车确认 Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:fO0ZiFxs4V0QVchxQmXCUB6fQFKhuJSs1H0mmHudFm8 root@c2 The key's randomart image is: +---[RSA 2048]----+ | ..*#@==| | oo*ooo=B.| | . O=+.+...| | .oo+oo= + | | .Soo.o+ E | | ....o. | | o | | | | | +----[SHA256]-----+ [root@c2 /] [root@c2 /]ssh-copy-id ct //上传公钥到ct控制节点 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host 'ct (172.16.100.252)' can't be established. ECDSA key fingerprint is SHA256:ghI++HlCm85UJ8SlEZgTONJlpZTiWWfzekzsP7Uk13I. ECDSA key fingerprint is MD5:42:c0:7f:24:9a:e3:0c:39:ce:11:30:e7:75:bd:c3:99. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@ct's password: // 密码 Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'ct'" and check to make sure that only the key(s) you wanted were added. [root@c2 /]
报错1、
[root@c2 .ssh]ssh-copy-id ct /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ ERROR: @ WARNING: POSSIBLE DNS SPOOFING DETECTED! @ ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ ERROR: The ECDSA host key for ct has changed, ERROR: and the key for the corresponding IP address 172.16.100.254 ERROR: is unknown. This could either mean that ERROR: DNS SPOOFING is happening or the IP address for the host ERROR: and its host key have changed at the same time. ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ ERROR: @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ ERROR: IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! ERROR: Someone could be eavesdropping on you right now (man-in-the-middle attack)! ERROR: It is also possible that a host key has just been changed. ERROR: The fingerprint for the ECDSA key sent by the remote host is ERROR: SHA256:i9DVGnRV1H8RZIHtt3d42oyJX2WY4G1fpocsqlZ+4CA. ERROR: Please contact your system administrator. ERROR: Add correct host key in /root/.ssh/known_hosts to get rid of this message. ERROR: Offending ECDSA key in /root/.ssh/known_hosts:1 ERROR: ECDSA host key for ct has changed and you have requested strict checking. ERROR: Host key verification failed.
输入以下指令:
[root@c2 .ssh]ssh-keygen -R 172.16.100.254 # Host 172.16.100.254 found: line 3 /root/.ssh/known_hosts updated. Original contents retained as /root/.ssh/known_hosts.old [root@c2 .ssh]ssh-copy-id ct /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host 'ct (172.16.100.254)' can't be established. ECDSA key fingerprint is SHA256:i9DVGnRV1H8RZIHtt3d42oyJX2WY4G1fpocsqlZ+4CA. ECDSA key fingerprint is MD5:aa:cc:3e:46:5c:83:3c:03:d6:1a:d0:14:00:2d:72:44. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@ct's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'ct'" and check to make sure that only the key(s) you wanted were added. [root@c2 .ssh]ssh ct Last login: Thu Jun 2 03:27:20 2022 from 192.168.100.1 -bash-4.2#
报错2、
终端提示符显示-bash-4.2#
解决方法:
因为ct端丢失文件导致的
1、.bash_profile 2、.bashrc
[root@ct ~]cp /etc/skel/.bashrc /root/ [root@ct ~] [root@ct ~] [root@ct ~]cp /etc/skel/.bash_profile /root/
再次连接就能进行正常显示了
1.9、配置DNS时间同步
以控制节点为DNS服务器,用以让其它节点来同步它的时间
[root@ct ~]echo "nameserver 114.114.114.114" >> /etc/resolv.conf // 配指DNS服務器114.114.114.114 這是全國通用的DNS地址,也是國内第一個開放DNS服務的地址 [root@ct ~]yum install -y chrony // 安装同步时间所用到的软件 [root@ct ~] vi /etc/chrony.conf # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). # server 0.centos.pool.ntp.org iburst // 注释掉 # server 1.centos.pool.ntp.org iburst // 注释掉 # server 2.centos.pool.ntp.org iburst // 注释掉 # server 3.centos.pool.ntp.org iburst // 注释掉 server ntp6.aliyun.com iburst // 配置阿里云时钟服务器源 allow 172.16.100.0/24 // 允许172.16.100.0/24网段主机来同步时间 [root@ct ~] systemctl enable chronyd [root@ct ~] systemctl restart chronyd [root@ct ~] chronyc sources // 查询时间同步信息 210 Number of sources = 1 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 203.107.6.88 2 6 17 17 +288us[+1475us] +/- 30ms [root@ct ~]
若关机在开后时间与主机对不上使用date -s “时:分:秒”
计算节点时间同步(两台计算节点进行相同配置)
[root@c2 /] yum install -y chrony [root@c2 /] vi /etc/chrony.conf # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). # server 0.centos.pool.ntp.org iburst //注释掉 # server 1.centos.pool.ntp.org iburst //注释掉 # server 2.centos.pool.ntp.org iburst //注释掉 # server 3.centos.pool.ntp.org iburst //注释掉 server ct iburst // 使其去同步控制节点的时间 // 启动并查询时间同步状态 [root@c2 /] systemctl enable chronyd [root@c2 /] systemctl restart chronyd [root@c2 /] chronyc sources 210 Number of sources = 1 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* ct 3 6 17 24 +6991ns[ +148us] +/- 31ms [root@c2 /]
防止时间的同步出现不一出现故障,对此进行为每一个节点都配置计划任务,每个一分钟同步一次(两台机器都进行计划任务的编写)
[root@ct ~] crontab -e */1 * * * * /usr/bin/chrony sources >> /var/log/chronyc.log // 保存退出后显示 no crontab for root - using an empty one crontab: installing new crontab [root@ct ~] crontab -l // 查看计划任务 */1 * * * * /usr/bin/chrony sources >> /var/log/chronyc.log [root@ct ~]
网络同步方法
网络同步时间
命令:ntpdate -u ntp.api.bz
若ntpdate命令不存在则安装即可:yum -y install ntp
解释:
ntpdate表示网络同步时间 -u 表示可以越过防火墙与主机同步。可man ntpdate查看手册 ntp.api.bz是NTP服务器(上海)。笔者亲测有效 如果仍然出现报错,那么有可能是ntp服务器停用了,可以上网百度其它ntp服务器。
在这里插入图片描述 成功设置后查看当前时间:
date -R
在这里插入图片描述 类似的ntp服务器,大家可以自行百度,这里提供给大家几个不同地区的仅供参考: 美国:time.nist.gov 复旦:ntp.fudan.edu.cn 微软公司授时主机(美国) :time.windows.com 台警大授时中心(台湾):asia.pool.ntp.org
修改时区
这里我们时区是正确的中国时区,CST代表的不一定是中国时区,所以得看是否是+0800
网络同步时间并不会帮助同步时区,同步时区的命令如下:
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
二、安装openstack Train版(两台机器都要进行安装,保证是最新版)
[root@ct ~] yum install -y centos-release-openstack-train 已加载插件:fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * centos-ceph-nautilus: mirrors.aliyun.com * centos-nfs-ganesha28: mirrors.aliyun.com * centos-openstack-train: mirrors.aliyun.com * centos-qemu-ev: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com base | 3.6 kB 00:00:00 centos-ceph-nautilus | 3.0 kB 00:00:00 centos-nfs-ganesha28 | 3.0 kB 00:00:00 centos-openstack-train | 3.0 kB 00:00:00 centos-qemu-ev | 3.0 kB 00:00:00 file:///mnt/repodata/repomd.xml: [Errno 14] curl#37 - "Couldn't open file /mnt/repodata/repomd.xml" 正在尝试其它镜像。 extras | 2.9 kB 00:00:00 updates | 2.9 kB 00:00:00 软件包 centos-release-openstack-train-1-1.el7.centos.noarch 已安装并且是最新版本 无须任何处理 您在 /var/spool/mail/root 中有新邮件 [root@ct ~]yum upgrade -y // 升级所有节点上得软件包(所有节点都要进行升级) // 为您的版本安装合适的 OpenStack 客户端。(这个命令只支持centos7) [root@ct ~]yum install python-openstackclient -y
出现问题
yum源出现:failure: repodata/repomd.xml from flink-on-cdh: [Errno 256] No more mirrors to try
使用
yum clean all yum repolist
就能继续使用yum来安装软件了
三、控制节点及部分计算节点的配置
2.1、安装、配置MariaDB数据库
大多数 OpenStack 服务使用 SQL 数据库来存储信息。数据库通常在控制器节点上运行,根据发行版使用 MariaDB。
[root@ct ~] yum -y install mariadb mariadb-server python2-PyMySQL 已加载插件