CentOS7.5上配置Openstack-Rocky
一.安裝CentOS7和基礎配置
安裝過程大部分都是預設配置,只有如下兩處儲存和軟體選擇配置需要注意:
1.1儲存配置
安裝位置-->我要配置分割槽-->完成-->分割槽方案選LVM-->新增如下四個掛載點-->完成-->接受更改。其中:
ü boot通常配置1G,裝置型別選標準分割槽,檔案系統選ext3;
ü swap通常4G,裝置型別選LVM,檔案系統當然是swap;
ü Root配100G左右,裝置型別選LVM,檔案系統選ext3;
ü 剩下最大的空間當然留給home,裝置型別選
1.2軟體選擇
使用預設的最小安裝即可:
1.3網路配置
ü 對於控制節點,ens44f0地址為:10.47.181.26,閘道器10.47.181.1,DNS10.30.1.9;ens44f1暫不啟用;
ü 對於計算節點,ens44f0地址為:10.47.181.27,閘道器10.47.181.1,DNS10.30.1.9;ens44f1暫不啟用;
ü 同時控制節點的主機名改為controller,計算節點的主機名改為compute;
ü 如果後續要手工配置IP地址:[[email protected]
ü 手工修改主介面配置檔案:[[email protected] /]# vi /etc/hostname。直接檢視主介面的命令:
ü Hosts檔案修改:[[email protected] /]# vi /etc/hosts,增加一下對本實踐中控制節點和計算節點的配置:
10.47.181.26 controller
10.47.181.27 compute
ü root密碼設定為root。
1.4關閉防火牆和SELinux
(控制和計算節點都執行)
[[email protected] /]# systemctl stop firewalld
[[email protected] /]# systemctl disable firewalld
[[email protected] /]# setenforce 0
[[email protected] /]# sed -i 's/=enforcing/=disabled/' /etc/selinux/config
1.5修改yum源
(控制和計算節點都一樣配置)
ü 先備份原有*.repo;
ü 新建:[[email protected] /]# vi /etc/yum.repos.d/zte-mirror.repo,內容如下:
[base]
name=CentOS-$releasever - Base
baseurl=http://mirrors.zte.com.cn/centos/7/os/$basearch/
gpgcheck=1
enabled=1
gpgkey=http://mirrors.zte.com.cn/centos/RPM-GPG-KEY-CentOS-7
[epel]
name=CentOS-$releasever - Epel
baseurl=http://mirrors.zte.com.cn/epel/7/$basearch/
gpgcheck=0
enabled=1
[extras]
name=CentOS-$releasever - Extras
baseurl=http://mirrors.zte.com.cn/centos/7/extras/$basearch/
gpgcheck=0
enabled=1
[updates]
name=CentOS-$releasever - Updates
baseurl=http://mirrors.zte.com.cn/centos/7/updates/$basearch/
gpgcheck=0
enabled=1
[openstack-rocky]
name=CentOS-$releasever - Rocky
baseurl=http://mirrors.zte.com.cn/centos/7/cloud/x86_64/openstack-rocky/
gpgcheck=0
enabled=1
ü 儲存後依次執行:
[[email protected] /]# yum clean all
[[email protected] /]# yum makecache
[[email protected] /]# yum update
[[email protected] /]# reboot
(重啟後出現一次刪掉的*.repo又回來了,那就再刪除(只保留zte-mirror.repo),並重新clean all和makecache)
1.6安裝Chrony或NTP時鐘同步服務
1.6.1控制節點安裝Chrony
ü 安裝:[[email protected] /]# yum install chrony
ü 配置:[[email protected] /]# vi /etc/chrony.conf
註釋掉原有的server,新增兩個配置:
server controller iburst
allow 10.47.0.0/16
ü 啟動服務:
[[email protected] /]# systemctl start chronyd
[[email protected] /]# systemctl enable chronyd
1.6.2計算節點安裝Chrony
除了配置chrony.conf,其它同上:
註釋掉原有的server,新增一個配置:
server controller iburst
1.6.3控制節點安裝NTP
前面安裝Chrony後,觀察發現沒有同步時鐘,暫時先不查原因。先把已經熟練掌握的NTP搞上。同時將chronyd.service關掉(關掉方法:[[email protected] /]# systemctl stop chronyd [[email protected] /]# systemctl disable chronyd)。
ü 安裝:[[email protected] ~]# yum install ntp
ü 配置:[[email protected] ~]# vi /etc/ntp.conf
註釋掉原有的server,新增如下兩行配置:
server 127.127.1.0
fudeg 127.127.1.0 startum 10
ü 配置:[[email protected] ~]# vi /etc/sysconfig/ntpd
增加配置:SYNC_HWCLOCK=yes
ü 啟動服務:
[[email protected] /]# systemctl start ntp
[[email protected] /]# systemctl enable ntp
1.6.4計算節點安裝NTP
ü 安裝:[[email protected] ~]# yum install ntp
ü 配置:[[email protected] ~]# vi /etc/ntp.conf
註釋掉原有的server,新增如下兩行配置:
server controller
ü 配置:[[email protected] ~]# vi /etc/sysconfig/ntpd
增加配置:SYNC_HWCLOCK=yes
ü 啟動服務:
[[email protected] /]# systemctl start ntp
[[email protected] /]# systemctl enable ntp
ü 觀察同步狀態:[[email protected] /]# ntpq -p
remote refid st t when poll reach delay offset jitter
===========================================================================
*controller LOCAL(0) 6 u 25 64 77 0.160 1.140 0.741
1.7安裝openstack客戶端和selinux服務
(控制和計算節點都安裝)
[[email protected] /]# yum install python-openstackclient
[[email protected] /]# yum install openstack-selinux
二.控制節點的安裝
2.1安裝資料庫
ü 安裝:[[email protected] /]# yum install mariadb mariadb-server python2-PyMySQL
ü 新建檔案:[[email protected] /]# vi /etc/my.cnf.d/openstack.cnf
內容為:
[mysqld]
bind-address = 10.47.181.26
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
ü 啟動服務:
[[email protected] /]# systemctl enable mariadb.service
[[email protected]ntroller /]# systemctl start mariadb.service
ü 通過指令碼[[email protected] /]# mysql_secure_installation設定DB的密碼為dbrootpass,設定過程中其它都選Y即可。第一次設定需要輸入當前密碼,因為是空,所以直接回車即可。
ü 調大最大連線數:
1)檢視當前連線數(Threads):[[email protected] ~]# mysqladmin -uroot -pdbrootpass status
Uptime: 431 Threads: 214 Questions: 24884 Slow queries: 0 Opens: 67 Flush tables: 1 Open tables: 61 Queries per second avg: 57.735
2)檢視預設最大連線數:[[email protected] ~]# mysql -uroot -pdbrootpass
MariaDB [(none)]> show variables like "max_connections";
+-----------------+-------+
| Variable_name | Value |
+-----------------+-------+
| max_connections | 214 |
+-----------------+-------+
3)編輯:[[email protected] ~]# vi /etc/my.cnf
在[mysqld]下新增一行:max_connections=1000
4)編輯:[[email protected] ~]# vi /usr/lib/systemd/system/mariadb.service
在[service]下新增兩行:
LimitNOFILE=10000
LimitNPROC=10000
5)重啟資料庫:
[[email protected] ~]# systemctl --system daemon-reload
[[email protected] ~]# systemctl restart mariadb.service
6)重新驗證:
[[email protected] ~]# mysqladmin -uroot -pdbrootpass status
Uptime: 1012 Threads: 238 Questions: 55067 Slow queries: 0 Opens: 70 Flush tables: 1 Open tables: 64 Queries per second avg: 54.414
7)[[email protected] ~]# mysql -uroot -pdbrootpass
MariaDB [(none)]> show variables like "max_connections";
+-----------------+-------+
| Variable_name | Value |
+-----------------+-------+
| max_connections | 4096 |
+-----------------+-------+
2.2安裝Message queue
ü 安裝:[[email protected] /]# yum install rabbitmq-server
ü 啟動服務:
[[email protected] /]# systemctl enable rabbitmq-server.service
[[email protected] /]# systemctl start rabbitmq-server.service
ü 新增openstack使用者,密碼為rabbitpass:
[[email protected] /]# rabbitmqctl add_user openstack rabbitpass
ü 為openstack使用者最高許可權:
[[email protected] /]# rabbitmqctl set_permissions openstack “.*” “.*” “.*”
返回:Setting permissions for user "openstack" in vhost "/" ...
2.3安裝Memcached
ü 安裝:[[email protected] /]# yum install memcached python-memcached
ü 編輯:[[email protected] /]# vi /etc/sysconfig/memcached
在現有OPTIONS中增加控制節點地址,如下紅色字型:
OPTIONS="-l 127.0.0.1,::1,controller"
ü 啟動服務:
[[email protected] /]# systemctl enable memcached.service
[[email protected] /]# systemctl start memcached.service
2.4安裝Etcd
ü 安裝:[[email protected] /]# yum install etcd
ü 編輯:[[email protected] /]# vi /etc/etcd/etcd.conf
#[Member]節點下修改如下配置:
ETCD_LISTEN_PEER_URLS="http://10.47.181.26:2380"
ETCD_LISTEN_CLIENT_URLS="http://10.47.181.26:2379"
ETCD_NAME="controller"
#[Clustering]節點修改如下配置:
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.47.181.26:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://10.47.181.26:2379"
ETCD_INITIAL_CLUSTER="controller=http://10.47.181.26:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
後來將上面配置中幾個ip地址替換為localhost,也能正常啟動本服務。
ü 啟動並設定為開機自啟動:
[[email protected] /]# systemctl enable etcd
[[email protected] /]# systemctl start etcd
2.5安裝Keystone
2.5.1資料庫中建立keystone相關資料
(密碼為keystonedbpass)
ü [[email protected] /]# mysql -uroot -pdbrootpass
ü MariaDB [(none)]> CREATE DATABASE keystone;
ü MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystonedbpass';
ü MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystonedbpass';
ü MariaDB [(none)]> exit
2.5.2安裝Keystone
ü 安裝:[[email protected] /]# yum install openstack-keystone httpd mod_wsgi
ü 編輯:[[email protected] /]# vi /etc/keystone/keystone.conf
[database]節點下配置:
connection = mysql+pymysql://keystone:[email protected]/keystone
[token]節點下配置:
provider = fernet
ü 同步資料庫:[[email protected] /]# su -s /bin/sh -c "keystone-manage db_sync" keystone
ü 初始化fernet庫:
[[email protected]oller /]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[[email protected] /]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
ü 引導身份認證(admin使用者的密碼為設定為adminpass):[[email protected] /]# keystone-manage bootstrap --bootstrap-password adminpass --bootstrap-admin-url http://controller:5000/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne
2.5.3配置Apache HTTP sever
ü 編輯:[[email protected] /]# vi /etc/httpd/conf/httpd.conf
ServerName controller
ü 建立檔案連結:[[email protected] /]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
ü 啟動httpd服務:
[[email protected] /]# systemctl enable httpd.service
[[email protected] /]# systemctl start httpd.service
(啟動時遇到啟動失敗,重新執行了一下文件開頭部分執行的關閉SELinux:setenforce 0後,再次啟動httpd.service成功。)
ü 準備一個環境變數指令碼[[email protected] /]# vi admin-openrc.sh,內容如下:
export OS_USERNAME=admin
export OS_PASSWORD=adminpass
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
儲存後加載:[[email protected] /]# source admin-openrc.sh
2.5.4建立service專案
ü 建立project:[[email protected] /]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | d16834db814a423aa6354644c20b6384 |
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
ü 驗證:
[[email protected] /]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| cd365f993a51434d9443230e1faa1d44 | admin |
+----------------------------------+-------+
[[email protected] /]# openstack token issue
+------------+--------------------------------------------------------------+
| Field | Value |
+------------+--------------------------------------------------------------+
| expires | 2018-10-27T02:17:39+0000 |
| id | gAAAAABb07yzbeKvZPi_uZT0UKkqA7sLaDvJ3sZEFebqDk3Tnk...... |
| project_id | b8471b54426d4b0ba497592862054d5a |
| user_id | cd365f993a51434d9443230e1faa1d44 |
+------------+--------------------------------------------------------------+
(id太長,被我縮減了一下貼在這裡)
2.6安裝Glance
2.6.1資料庫中建立glance相關資料
(密碼為glancedbpass)
ü [[email protected] /]# mysql -uroot -pdbrootpass
ü MariaDB [(none)]> CREATE DATABASE glance;
ü MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO [email protected]'localhost' IDENTIFIED BY ‘glancedbpass';
ü MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO [email protected]'%' IDENTIFIED BY 'glancedbpass';
ü MariaDB [(none)]> exit
2.6.2建立使用者、角色和服務等
ü 載入環境變數指令碼:[[email protected] /]# source admin-openrc.sh
ü 建立glance使用者:[[email protected] ~]# openstack user create --domain default --password-prompt glance
User Password:(此處輸入user密碼為userpass)
Repeat User Password:(重複輸入userpass)
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | fee4fcb2d77b4df19d28dcf3e2163dd6 |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
ü 建立glance角色:[[email protected] ~]# openstack role add --project service --user glance admin
ü 建立glance服務:[[email protected] ~]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 9fa19cf860ac4f9c9f8a494df611a2c2 |
| name | glance |
| type | image |
+-------------+----------------------------------+
ü 建立映象公共節點:[[email protected] ~]# openstack endpoint create --region RegionOne image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 880e0f6663a34b5ab17928a8a5d5ac17 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9fa19cf860ac4f9c9f8a494df611a2c2 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
ü 建立映象內部節點:[[email protected] ~]# openstack endpoint create --region RegionOne image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 1d05c65ce1d9434f940e7d5c18ec6f32 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9fa19cf860ac4f9c9f8a494df611a2c2 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
ü 建立映象管理員節點:[[email protected] ~]# openstack endpoint create --region RegionOne image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | fca8e745877a4416b9b23f0a70407338 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9fa19cf860ac4f9c9f8a494df611a2c2 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
2.6.3安裝Glance
ü 安裝:[[email protected] ~]# yum install openstack-glance
ü 編輯:[[email protected] ~]# vi /etc/glance/glance-api.conf
[database]節點下修改如下配置:
connection = mysql+pymysql://glance:[email protected]/glance
[keystone_authtoken]節點下修改如下配置:
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000(務必小心:原檔案寫的是auth_uri,一定要改為auth_url)
memcached_servers = controller:11211
auth_type = password
以及新增如下配置:
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = userpass
[paste_deploy]節點下放開如下配置:
flavor = keystone
[glance_store]節點下放開如下配置:
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images(儲存映象檔案的路徑)
ü 編輯:[[email protected] ~]# vi /etc/glance/glance-registry.conf
[database]節點下修改如下配置:
connection = mysql+pymysql://glance:[email protected]/glance
[keystone_authtoken]節點下修改如下配置:
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000(務必小心:原檔案寫的是auth_uri,一定要改為auth_url)
memcached_servers = controller:11211
auth_type = password
以及新增如下配置:
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = userpass
[paste_deploy]節點下放開如下配置:
flavor = keystone
ü 同步資料庫:[[email protected] ~]# su -s /bin/sh -c "glance-manage db_sync" glance
......
Database is synced successfully.
ü 啟動服務:
[[email protected] ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service
[[email protected] ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service
ü 驗證:
1)本控制節點還不能上外網,那就通過能訪問外網的PC機直接通過IE瀏覽器下載,https://download.cirros-cloud.net/,下載其中的cirros-0.3.2-x86_64-disk.img即可。然後上傳的本控制節點:
[[email protected] ~]# ll
總用量 12888
-rw-r--r-- 1 root root 264 10月 27 09:36 admin-openrc.sh
-rw-------. 1 root root 2063 10月 26 16:37 anaconda-ks.cfg
-rw-r--r-- 1 root root 13167616 10月 27 10:30 cirros-0.3.2-x86_64-disk.img
2)載入環境變數:[[email protected] /]# source admin-openrc.sh
3)建立映象:[[email protected] ~]# openstack image create "cirros" --file cirros-0.3.2-x86_64-disk.img --disk-format qcow2 --container-format bare --public
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| checksum | 64d7c1cd2b6f60c92c14662941cb7913 |
| container_format | bare |
| created_at | 2018-10-27T02:43:53Z |
| disk_format | qcow2 |
| file | /v2/images/b50f92a7-f49b-4908-9144-568f98dbbb8f/file |
| id | b50f92a7-f49b-4908-9144-568f98dbbb8f |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | b8471b54426d4b0ba497592862054d5a |
| properties | os_hash_algo='sha512', os_hash_value='de74eeff61ad129d3945dead39dbdb02c942702e423628c6fbb35cf18747141d4ebdae914ffebaf6e18dcb174d4066010df8829960c6b95f8777d4f5fb5567f2', os_hidden='False' |
| protected | False |
| schema | /v2/schemas/image |
| size | 13167616 |
| status | active &n