OpenStack environment configuration
1. Virtual machine resource information
1.1 Control node ct
| CPU | Dual-core dual-thread-CPU virtualization enabled | |
|---|---|---|
| RAM | 6G | |
| hard disk | 300G+1024G (CEPH block storage) | |
| Dual network card | VM1-(Local Area Network) 192.168.86.11 | NAT-192.168.238.11 |
| operating system | Centos 7.6 (1810)-Minimal installation |
1.2 Compute node c1
| CPU | Dual-core dual-thread-CPU virtualization enabled | |
|---|---|---|
| RAM | 8G | |
| hard disk | 300G+1024G (CEPH block storage) | |
| Dual network card | VM1-(Local Area Network) 192.168.86.12 | NAT-192.168.238.12 |
| operating system | Centos 7.6 (1810)-Minimal installation |
1.3 Compute node c2
| CPU | Dual-core dual-thread-CPU virtualization enabled | |
|---|---|---|
| RAM | 8G | |
| hard disk | 300G+1024G (CEPH block storage) | |
| Dual network card | VM1-(Local Area Network) 192.168.86.13 | NAT-192.168.238.13 |
| operating system | Centos 7.6 (1810)-Minimal installation |
Two, deployment ideas
1. Configure the operating system + OpenStack operating environment
2. Configure the basic services of the OpenStack platform (rabbitmq, mariadb, memcache, Apache)
3. Configure the OpenStack keystone component
4. Configure the OpenStack Glance component
5. Configure the placement service
6. Configure the OpenStack Nova component
7. Configure OpenStack Neutron components
8, configure OpenStack dashboard components
9, configure OpenStack Cinder components
10, common cloud host operations
Three, deployment environment
3.1 Basic environment configuration
Configuration items (all nodes)
1. Host name
hostnamectl set-hostname ct
su
2. Firewall, core protection
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
vim /etc/sysconfig/selinux
SELINUX=disabled
3. Control node configuration (ct)
The configuration steps for c1 and c2 are almost the same, modify by yourself
#局域网设置主机模式VMnet1
cp /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-ens36
vi /etc/sysconfig/network-scripts/ifcfg-ens36
#记得修改设备名称,UUID
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.86.11
NETMASK=255.255.255.0
#GATEWAY=192.168.86.2
#网络为NAT模式
vi /etc/sysconfig/network-scripts/ifcfg-ens33
BOOTPROTO=static
IPV4_ROUTE_METRIC=90 ###调由优先级,NAT网卡优先
ONBOOT=yes
IPADDR=192.168.238.11
NETMASK=255.255.255.0
GATEWAY=192.168.238.2
systemctl restart network #重启网卡
4. Configure Hosts
All nodes are the same
vi /etc/hosts
192.168.86.11 ct
192.168.86.12 c1
192.168.86.13 c2
#以上为局域网IP
5. No interaction
Three nodes do no interaction
Asymmetric key
ssh-keygen -t rsa
ssh-copy-id ct
ssh-copy-id c1
ssh-copy-id c2
6. Configure DNS
(All nodes)
vim /etc/resolv.conf
nameserver 114.114.114.114
7. Install the basic environment dependency package
yum -y install net-tools bash-completion vim gcc gcc-c++ make pcre pcre-devel expat-devel cmake bzip2 lrzsz
#EXPAT C语言发开库
yum -y install centos-release-openstack-train python-openstackclient openstack-selinux openstack-utils
#OpenStack 的 train 版本仓库源安装 包,同时安装 OpenStack 客户端和 openstack-selinux 安装包
8. Time synchronization + periodic scheduled tasks
Configure
ct through the control node ct time synchronization -> synchronize Alibaba Cloud clock server
c1, c2 -> synchronize ct
Node ct
yum install chrony -y
vim /etc/chrony.conf
systemctl enable chronyd
systemctl restart chronyd
vi /etc/chrony.conf
server 0.centos.pool.ntp.org iburst #注释掉
server 1.centos.pool.ntp.org iburst #注释掉
server 2.centos.pool.ntp.org iburst #注释掉
server 3.centos.pool.ntp.org iburst #注释掉
server ntp6.aliyun.com iburst #配置阿里云时钟服务器源
allow 192.168.86.0/24 #允许192.168.86.0/24网段的主机来同步时钟服务
[root@ct ~]# chronyc sources #使用 chronyc sources 命令查询时间同步信息
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 203.107.6.88 2 6 17 3 -2553us[-4933us] +/- 20ms
c1, c2 node
#控制节点c1、c2时间同步配置
[root@c1 ~]# vi /etc/chrony.conf
server 0.centos.pool.ntp.org iburst #注释掉
server 1.centos.pool.ntp.org iburst #注释掉
server 2.centos.pool.ntp.org iburst #注释掉
server 3.centos.pool.ntp.org iburst #注释掉
server ct iburst #配置阿里云时钟服务器源
[root@c1 ~]# systemctl enable chronyd.service #永久开启时间同步服务器
[root@c1 ~]# systemctl restart chronyd.service #重启时间同步服务器
[root@c2 ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? ct 0 7 0 - +0ns[ +0ns] +/- 0ns
#设置周期性任务
[root@c1 ~]# crontab -e #配置计划任务,每隔2分钟同步一次
*/2 * * * * /usr/bin/chronyc sources >> /var/log/chronyc.log
no crontab for root - using an empty one
crontab: installing new crontab
3.2 System environment configuration
Control node ct
3.2.1 Install and configure MariaDB
yum -y install mariadb mariadb-server python2-PyMySQL
#此包用于openstack的控制端连接mysql所需要的模块,如果不安装,则无法连接数据库;此包只安装在控制端
yum -y install libibverbs
● 添加MySQL子配置文件,增加如下内容
vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.86.11
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
[mysqld]
bind-address = 192.168.86.11 #控制节点局域网地址
default-storage-engine = innodb #默认存储引擎
innodb_file_per_table = on #每张表独立表空间文件
max_connections = 4096 #最大连接数
collation-server = utf8_general_ci #默认字符集
character-set-server = utf8
3.2.2 Auto-start at boot and start service
systemctl enable mariadb
Created symlink from /etc/systemd/system/mysql.service to /usr/lib/systemd/system/mariadb.service.
Created symlink from /etc/systemd/system/mysqld.service to /usr/lib/systemd/system/mariadb.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
systemctl start mariadb
3.2.3 Execute MariaDB security configuration script
mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): #回车
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n #是否不允许root用户远程登陆
... skipping.
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y #是否删除test测试库
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
3.3 Install RabbitMQ
All instructions for creating a virtual machine will be sent from the control end to rabbitmq, and the node node will monitor rabbitmq
yum -y install rabbitmq-server
#配置服务,启动RabbitMQ服务,并设置其开机启动。
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
#创建消息队列用户,用于controler和 计算节点连接rabbitmq的认证(关联)
rabbitmqctl add_user openstack RABBIT_PASS
Creating user "openstack"
#配置openstack用户的操作权限(正则,配置读写权限)
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/"
#可查看25672和5672 两个端口(5672是Rabbitmq默认端口,25672是Rabbit的测试工具CLI的端口)
● 选择配置:
#查看rabbitmq插件列表
[root@ct ~]# rabbitmq-plugins list
Configured: E = explicitly enabled; e = implicitly enabled
| Status: * = running on rabbit@c2
|/
[ ] amqp_client 3.6.16
[ ] cowboy 1.0.4
[ ] cowlib 1.0.2
[ ] rabbitmq_amqp1_0 3.6.16
[ ] rabbitmq_auth_backend_ldap 3.6.16
[ ] rabbitmq_auth_mechanism_ssl 3.6.16
[ ] rabbitmq_consistent_hash_exchange 3.6.16
[ ] rabbitmq_event_exchange 3.6.16
[ ] rabbitmq_federation 3.6.16
[ ] rabbitmq_federation_management 3.6.16
[ ] rabbitmq_jms_topic_exchange 3.6.16
[ ] rabbitmq_management 3.6.16
[ ] rabbitmq_management_agent 3.6.16
[ ] rabbitmq_management_visualiser 3.6.16
[ ] rabbitmq_mqtt 3.6.16
[ ] rabbitmq_random_exchange 3.6.16
[ ] rabbitmq_recent_history_exchange 3.6.16
[ ] rabbitmq_sharding 3.6.16
[ ] rabbitmq_shovel 3.6.16
[ ] rabbitmq_shovel_management 3.6.16
[ ] rabbitmq_stomp 3.6.16
[ ] rabbitmq_top 3.6.16
[ ] rabbitmq_tracing 3.6.16
[ ] rabbitmq_trust_store 3.6.16
[ ] rabbitmq_web_dispatch 3.6.16
[ ] rabbitmq_web_mqtt 3.6.16
[ ] rabbitmq_web_mqtt_examples 3.6.16
[ ] rabbitmq_web_stomp 3.6.16
[ ] rabbitmq_web_stomp_examples 3.6.16
[ ] sockjs 0.3.4
#开启rabbitmq的web管理界面的插件,端口为15672
rabbitmq-plugins enable rabbitmq_management
The following plugins have been enabled:
amqp_client
cowlib
cowboy
rabbitmq_web_dispatch
rabbitmq_management_agent
rabbitmq_management
Applying plugin configuration to rabbit@c2... started 6 plugins.
#检查端口(25672 5672 15672)
ss -natp | grep 5672
LISTEN 0 128 *:25672 *:* users:(("beam.smp",pid=34623,fd=46))
LISTEN 0 128 *:15672 *:* users:(("beam.smp",pid=34623,fd=57))
TIME-WAIT 0 0 192.168.86.13:42078 192.168.86.13:25672
LISTEN 0 128 :::5672 :::* users:(("beam.smp",pid=34623,fd=55))
可访问192.168.238.11:15672
默认账号密码均为guest
3.4 Install memcached
● Function:
installing memcached is used to store session information; the service authentication mechanism (keystone) uses Memcached to cache tokens when logging in to the dashboard of openstack, some session information will be generated, which will be stored in memcached
JWT
● Operation:
3.4.1 Install Memcached
yum install -y memcached python-memcached
#python-*模块在OpenStack中起到连接数据库的作用
3.4.2 Modify Memcached configuration file
cat /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1,::1"
systemctl enable memcached
systemctl start memcached
netstat -nautp | grep 11211
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 35746/memcached
tcp6 0 0 ::1:11211 :::* LISTEN 35746/memcached
3.4.3 Install etcd
yum -y install etcd
3.4.4 Modify etcd configuration file
[root@ct ~]# cd /etc/etcd/
[root@ct etcd]# ls
etcd.conf
[root@ct etcd]# vim etcd.conf #数据目录位置
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://192.168.86.11:2380" #监听其他etcd member的url(2380端口,集群之间通讯,域名为无效值)
ETCD_LISTEN_CLIENT_URLS="http://192.168.86.11:2379" #对外提供服务的地址(2379端口,集群内部的通讯端口)
ETCD_NAME="ct" #集群中节点标识(名称)
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.86.11:2380" #该节点成员的URL地址,2380端口:用于集群之间通讯。
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.86.11:2379"
ETCD_INITIAL_CLUSTER="ct=http://192.168.86.11:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01" #集群唯一标识
ETCD_INITIAL_CLUSTER_STATE="new" #初始集群状态,new为静态,若为existing,则表示此ETCD服务将尝试加入已有的集群
若为DNS,则表示此集群将作为被加入的对象
#开机自启动、开启服务,检测端口
systemctl enable etcd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.
systemctl start etcd.service
netstat -anutp |grep 2379
tcp 0 0 192.168.86.13:2379 0.0.0.0:* LISTEN 36063/etcd
tcp 0 0 192.168.86.13:2379 192.168.86.13:52808 ESTABLISHED 36063/etcd
tcp 0 0 192.168.86.13:52808 192.168.86.13:2379 ESTABLISHED 36063/etcd
netstat -anutp |grep 2380
tcp 0 0 192.168.86.13:2380 0.0.0.0:* LISTEN 36063/etcd
#C1、C2安装OpenStack组件
yum -y install centos-release-openstack-train python-openstackclient openstack-selinux openstack-utils