1. 程式人生 > >CentOS7.5上配置Openstack-Rocky

CentOS7.5上配置Openstack-Rocky

一.安裝CentOS7和基礎配置

安裝過程大部分都是預設配置,只有如下兩處儲存和軟體選擇配置需要注意:

1.1儲存配置

 

 

安裝位置-->我要配置分割槽-->完成-->分割槽方案選LVM-->新增如下四個掛載點-->完成-->接受更改。其中:

ü boot通常配置1G,裝置型別選標準分割槽,檔案系統選ext3

ü swap通常4G,裝置型別選LVM,檔案系統當然是swap

ü Root100G左右,裝置型別選LVM,檔案系統選ext3

ü 剩下最大的空間當然留給home,裝置型別選

LVM,檔案系統選ext3

 

1.2軟體選擇

使用預設的最小安裝即可:

 

 

1.3網路配置

ü 對於控制節點,ens44f0地址為:10.47.181.26,閘道器10.47.181.1DNS10.30.1.9ens44f1暫不啟用;

ü 對於計算節點,ens44f0地址為:10.47.181.27,閘道器10.47.181.1DNS10.30.1.9ens44f1暫不啟用;

ü 同時控制節點的主機名改為controller,計算節點的主機名改為compute

ü 如果後續要手工配置IP地址:[[email protected]

/]# vi /etc/sysconfig/network-scripts/ifcfg-ens44f0。(特別注意:配置檔案中的ONBOOT要配置為yesBOOTPROTO要從dhcp改為nonestatic,其它只需配置IPADDR0=10.47.181.26PREFIX0=24GATEWAY0=10.47.181.1DNS1=10.30.1.9即可)。修改配置後,重啟網絡卡的命令是[[email protected] /]# service network restart

ü 手工修改主介面配置檔案:[[email protected] /]# vi /etc/hostname。直接檢視主介面的命令:

[[email protected] /]# hostname

ü Hosts檔案修改[[email protected] /]# vi /etc/hosts,增加一下對本實踐中控制節點和計算節點的配置:

10.47.181.26 controller

10.47.181.27 compute

ü root密碼設定為root

1.4關閉防火牆和SELinux

(控制和計算節點都執行)

[[email protected] /]# systemctl stop firewalld

[[email protected] /]# systemctl disable firewalld

[[email protected] /]# setenforce 0

[[email protected] /]# sed -i 's/=enforcing/=disabled/' /etc/selinux/config

1.5修改yum

(控制和計算節點都一樣配置)

ü 先備份原有*.repo;

ü 新建:[[email protected] /]# vi /etc/yum.repos.d/zte-mirror.repo,內容如下:

[base]
name=CentOS-$releasever - Base
baseurl=http://mirrors.zte.com.cn/centos/7/os/$basearch/
gpgcheck=1

enabled=1

gpgkey=http://mirrors.zte.com.cn/centos/RPM-GPG-KEY-CentOS-7
[epel]
name=CentOS-$releasever - Epel
baseurl=http://mirrors.zte.com.cn/epel/7/$basearch/
gpgcheck=0

enabled=1
[extras]
name=CentOS-$releasever - Extras
baseurl=http://mirrors.zte.com.cn/centos/7/extras/$basearch/
gpgcheck=0

enabled=1
[updates]
name=CentOS-$releasever - Updates
baseurl=http://mirrors.zte.com.cn/centos/7/updates/$basearch/

gpgcheck=0
enabled=1

[openstack-rocky]

name=CentOS-$releasever - Rocky

baseurl=http://mirrors.zte.com.cn/centos/7/cloud/x86_64/openstack-rocky/

gpgcheck=0

enabled=1

ü 儲存後依次執行:

[[email protected] /]# yum clean all

[[email protected] /]# yum makecache

[[email protected] /]# yum update

[[email protected] /]# reboot

(重啟後出現一次刪掉的*.repo又回來了,那就再刪除(只保留zte-mirror.repo),並重新clean allmakecache

1.6安裝ChronyNTP時鐘同步服務

1.6.1控制節點安裝Chrony

ü 安裝:[[email protected] /]# yum install chrony

ü 配置:[[email protected] /]# vi /etc/chrony.conf 

註釋掉原有的server,新增兩個配置:

server controller iburst

allow 10.47.0.0/16

ü 啟動服務:

[[email protected] /]# systemctl start chronyd

[[email protected] /]# systemctl enable chronyd

1.6.2計算節點安裝Chrony

除了配置chrony.conf,其它同上:

註釋掉原有的server,新增一個配置:

server controller iburst

1.6.3控制節點安裝NTP

前面安裝Chrony後,觀察發現沒有同步時鐘,暫時先不查原因。先把已經熟練掌握的NTP搞上。同時將chronyd.service關掉(關掉方法:[[email protected] /]# systemctl stop chronyd [[email protected] /]# systemctl disable chronyd)。

ü 安裝:[[email protected] ~]# yum install ntp

ü 配置:[[email protected] ~]# vi /etc/ntp.conf

註釋掉原有的server,新增如下兩行配置:

server 127.127.1.0

fudeg  127.127.1.0 startum 10

ü 配置:[[email protected] ~]# vi /etc/sysconfig/ntpd

增加配置:SYNC_HWCLOCK=yes

ü 啟動服務:

[[email protected] /]# systemctl start ntp

[[email protected] /]# systemctl enable ntp

1.6.4計算節點安裝NTP

ü 安裝:[[email protected] ~]# yum install ntp

ü 配置:[[email protected] ~]# vi /etc/ntp.conf

註釋掉原有的server,新增如下兩行配置:

server controller

ü 配置:[[email protected] ~]# vi /etc/sysconfig/ntpd

增加配置:SYNC_HWCLOCK=yes

ü 啟動服務:

[[email protected] /]# systemctl start ntp

[[email protected] /]# systemctl enable ntp

ü 觀察同步狀態:[[email protected] /]# ntpq -p

remote     refid      st  t  when poll   reach   delay   offset  jitter

===========================================================================

*controller  LOCAL(0)    6  u   25   64   77    0.160   1.140   0.741

 

1.7安裝openstack客戶端selinux服務

(控制和計算節點都安裝)

[[email protected] /]# yum install python-openstackclient

[[email protected] /]# yum install openstack-selinux

二.控制節點的安裝

2.1安裝資料庫

ü 安裝:[[email protected] /]# yum install mariadb mariadb-server python2-PyMySQL

ü 新建檔案:[[email protected] /]# vi /etc/my.cnf.d/openstack.cnf

內容為:

[mysqld]

bind-address = 10.47.181.26

default-storage-engine = innodb

innodb_file_per_table = on

max_connections = 4096

collation-server = utf8_general_ci

character-set-server = utf8

ü 啟動服務

[[email protected] /]# systemctl enable mariadb.service

[[email protected]ntroller /]# systemctl start mariadb.service

ü 通過指令碼[[email protected] /]# mysql_secure_installation設定DB的密碼為dbrootpass設定過程中其它都選Y即可。第一次設定需要輸入當前密碼,因為是空,所以直接回車即可。

ü 調大最大連線數:

1)檢視當前連線數(Threads):[[email protected] ~]# mysqladmin -uroot -pdbrootpass status

Uptime: 431  Threads: 214  Questions: 24884  Slow queries: 0  Opens: 67  Flush tables: 1  Open tables: 61  Queries per second avg: 57.735

2)檢視預設最大連線數:[[email protected] ~]# mysql -uroot -pdbrootpass

MariaDB [(none)]> show variables like "max_connections";

+-----------------+-------+

| Variable_name   | Value |

+-----------------+-------+

| max_connections | 214   |

+-----------------+-------+

3)編輯:[[email protected] ~]# vi /etc/my.cnf

[mysqld]下新增一行:max_connections=1000

4)編輯:[[email protected] ~]# vi /usr/lib/systemd/system/mariadb.service

[service]下新增兩行:

LimitNOFILE=10000

LimitNPROC=10000

5)重啟資料庫:

[[email protected] ~]# systemctl --system daemon-reload

[[email protected] ~]# systemctl restart mariadb.service

6)重新驗證:

[[email protected] ~]# mysqladmin -uroot -pdbrootpass status

Uptime: 1012  Threads: 238  Questions: 55067  Slow queries: 0  Opens: 70  Flush tables: 1  Open tables: 64  Queries per second avg: 54.414

7)[[email protected] ~]# mysql -uroot -pdbrootpass

MariaDB [(none)]> show variables like "max_connections";

+-----------------+-------+

| Variable_name   | Value |

+-----------------+-------+

| max_connections | 4096  |

+-----------------+-------+

2.2安裝Message queue

ü 安裝:[[email protected] /]# yum install rabbitmq-server

ü 啟動服務

[[email protected] /]# systemctl enable rabbitmq-server.service

[[email protected] /]# systemctl start rabbitmq-server.service

ü 新增openstack使用者,密碼為rabbitpass

[[email protected] /]# rabbitmqctl add_user openstack rabbitpass

ü openstack使用者最高許可權:

[[email protected] /]# rabbitmqctl set_permissions openstack “.*” “.*” “.*”

返回:Setting permissions for user "openstack" in vhost "/" ...

2.3安裝Memcached

ü 安裝:[[email protected] /]# yum install memcached python-memcached

ü 編輯:[[email protected] /]# vi /etc/sysconfig/memcached

在現有OPTIONS中增加控制節點地址,如下紅色字型:

OPTIONS="-l 127.0.0.1,::1,controller"

ü 啟動服務

[[email protected] /]# systemctl enable memcached.service

[[email protected] /]# systemctl start memcached.service

2.4安裝Etcd

ü 安裝:[[email protected] /]# yum install etcd

ü 編輯:[[email protected] /]# vi /etc/etcd/etcd.conf

#[Member]節點下修改如下配置:

ETCD_LISTEN_PEER_URLS="http://10.47.181.26:2380"

ETCD_LISTEN_CLIENT_URLS="http://10.47.181.26:2379"

ETCD_NAME="controller"

#[Clustering]節點修改如下配置:

ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.47.181.26:2380"

ETCD_ADVERTISE_CLIENT_URLS="http://10.47.181.26:2379"

ETCD_INITIAL_CLUSTER="controller=http://10.47.181.26:2380"

ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"

ETCD_INITIAL_CLUSTER_STATE="new"

後來將上面配置中幾個ip地址替換為localhost,也能正常啟動本服務。

ü 啟動並設定為開機自啟動:

[[email protected] /]# systemctl enable etcd

[[email protected] /]# systemctl start etcd

2.5安裝Keystone

2.5.1資料庫中建立keystone相關資料

(密碼為keystonedbpass

ü [[email protected] /]# mysql -uroot -pdbrootpass

ü MariaDB [(none)]> CREATE DATABASE keystone;

ü MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystonedbpass';

ü MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystonedbpass';

ü MariaDB [(none)]> exit

2.5.2安裝Keystone

ü 安裝:[[email protected] /]# yum install openstack-keystone httpd mod_wsgi

ü 編輯:[[email protected] /]# vi /etc/keystone/keystone.conf

[database]節點下配置:

connection = mysql+pymysql://keystone:[email protected]/keystone

[token]節點下配置:

provider = fernet

ü 同步資料庫[[email protected] /]# su -s /bin/sh -c "keystone-manage db_sync" keystone

ü 初始化fernet

[[email protected]oller /]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

[[email protected] /]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

ü 引導身份認證admin使用者的密碼為設定為adminpass):[[email protected] /]# keystone-manage bootstrap --bootstrap-password adminpass --bootstrap-admin-url http://controller:5000/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne

2.5.3配置Apache HTTP sever

ü 編輯:[[email protected] /]# vi /etc/httpd/conf/httpd.conf

ServerName controller

ü 建立檔案連結:[[email protected] /]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

ü 啟動httpd服務:

[[email protected] /]# systemctl enable httpd.service

[[email protected] /]# systemctl start httpd.service

啟動時遇到啟動失敗,重新執行了一下文件開頭部分執行的關閉SELinuxsetenforce 0後,再次啟動httpd.service成功。

ü 準備一個環境變數指令碼[[email protected] /]# vi admin-openrc.sh,內容如下:

export OS_USERNAME=admin

export OS_PASSWORD=adminpass

export OS_PROJECT_NAME=admin

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_DOMAIN_NAME=Default

export OS_AUTH_URL=http://controller:5000/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

儲存後加載:[[email protected] /]# source admin-openrc.sh

2.5.4建立service專案

ü 建立project[[email protected] /]# openstack project create --domain default --description "Service Project" service

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | Service Project                  |

| domain_id   | default                          |

| enabled     | True                             |

| id          | d16834db814a423aa6354644c20b6384 |

| is_domain   | False                            |

| name        | service                          |

| parent_id   | default                          |

| tags        | []                               |

+-------------+----------------------------------+

ü 驗證:

[[email protected] /]# openstack user list

+----------------------------------+-------+

| ID                               | Name  |

+----------------------------------+-------+

| cd365f993a51434d9443230e1faa1d44 | admin |

+----------------------------------+-------+

[[email protected] /]# openstack token issue

+------------+--------------------------------------------------------------+

| Field      | Value                                                        |

+------------+--------------------------------------------------------------+

| expires    | 2018-10-27T02:17:39+0000                                     |

| id         | gAAAAABb07yzbeKvZPi_uZT0UKkqA7sLaDvJ3sZEFebqDk3Tnk......     |

| project_id | b8471b54426d4b0ba497592862054d5a                             |

| user_id    | cd365f993a51434d9443230e1faa1d44                             |

+------------+--------------------------------------------------------------+

id太長,被我縮減了一下貼在這裡)

2.6安裝Glance

2.6.1資料庫中建立glance相關資料

(密碼為glancedbpass

ü [[email protected] /]# mysql -uroot -pdbrootpass

ü MariaDB [(none)]> CREATE DATABASE glance;

ü MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO [email protected]'localhost' IDENTIFIED BY ‘glancedbpass';

ü MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO [email protected]'%' IDENTIFIED BY 'glancedbpass';

ü MariaDB [(none)]> exit

2.6.2建立使用者、角色和服務等

ü 載入環境變數指令碼:[[email protected] /]# source admin-openrc.sh

ü 建立glance使用者:[[email protected] ~]# openstack user create --domain default --password-prompt glance

User Password:(此處輸入user密碼為userpass

Repeat User Password:(重複輸入userpass

+---------------------+----------------------------------+

| Field               | Value                            |

+---------------------+----------------------------------+

| domain_id           | default                          |

| enabled             | True                             |

| id                  | fee4fcb2d77b4df19d28dcf3e2163dd6 |

| name                | glance                           |

| options             | {}                               |

| password_expires_at | None                             |

+---------------------+----------------------------------+

ü 建立glance角色:[[email protected] ~]# openstack role add --project service --user glance admin

ü 建立glance服務:[[email protected] ~]# openstack service create --name glance --description "OpenStack Image" image

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | OpenStack Image                  |

| enabled     | True                             |

| id          | 9fa19cf860ac4f9c9f8a494df611a2c2 |

| name        | glance                           |

| type        | image                            |

+-------------+----------------------------------+

ü 建立映象公共節點:[[email protected] ~]# openstack endpoint create --region RegionOne image public http://controller:9292

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | 880e0f6663a34b5ab17928a8a5d5ac17 |

| interface    | public                           |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | 9fa19cf860ac4f9c9f8a494df611a2c2 |

| service_name | glance                           |

| service_type | image                            |

| url          | http://controller:9292           |

+--------------+----------------------------------+

ü 建立映象內部節點:[[email protected] ~]# openstack endpoint create --region RegionOne image internal http://controller:9292

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | 1d05c65ce1d9434f940e7d5c18ec6f32 |

| interface    | internal                         |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | 9fa19cf860ac4f9c9f8a494df611a2c2 |

| service_name | glance                           |

| service_type | image                            |

| url          | http://controller:9292           |

+--------------+----------------------------------+

ü 建立映象管理員節點:[[email protected] ~]# openstack endpoint create --region RegionOne image admin http://controller:9292

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | fca8e745877a4416b9b23f0a70407338 |

| interface    | admin                            |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | 9fa19cf860ac4f9c9f8a494df611a2c2 |

| service_name | glance                           |

| service_type | image                            |

| url          | http://controller:9292           |

+--------------+----------------------------------+

2.6.3安裝Glance

ü 安裝:[[email protected] ~]# yum install openstack-glance

ü 編輯:[[email protected] ~]# vi /etc/glance/glance-api.conf

[database]節點下修改如下配置:

connection = mysql+pymysql://glance:[email protected]/glance

[keystone_authtoken]節點下修改如下配置:

www_authenticate_uri = http://controller:5000

auth_url = http://controller:5000(務必小心:原檔案寫的是auth_uri,一定要改為auth_url

memcached_servers = controller:11211

auth_type = password

以及新增如下配置:

project_domain_name = Default

user_domain_name = Default

project_name = service

username = glance

password = userpass

[paste_deploy]節點下放開如下配置:

flavor = keystone

[glance_store]節點下放開如下配置:

stores = file,http

default_store = file

filesystem_store_datadir = /var/lib/glance/images(儲存映象檔案的路徑)

ü 編輯:[[email protected] ~]# vi /etc/glance/glance-registry.conf

[database]節點下修改如下配置:

connection = mysql+pymysql://glance:[email protected]/glance

[keystone_authtoken]節點下修改如下配置:

www_authenticate_uri = http://controller:5000

auth_url = http://controller:5000(務必小心:原檔案寫的是auth_uri,一定要改為auth_url

memcached_servers = controller:11211

auth_type = password

以及新增如下配置:

project_domain_name = Default

user_domain_name = Default

project_name = service

username = glance

password = userpass

[paste_deploy]節點下放開如下配置:

flavor = keystone

ü 同步資料庫:[[email protected] ~]# su -s /bin/sh -c "glance-manage db_sync" glance

......

Database is synced successfully.

ü 啟動服務:

[[email protected] ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service

[[email protected] ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service

ü 驗證:

1)本控制節點還不能上外網,那就通過能訪問外網的PC機直接通過IE瀏覽器下載,https://download.cirros-cloud.net/,下載其中的cirros-0.3.2-x86_64-disk.img即可。然後上傳的本控制節點:

[[email protected] ~]# ll

總用量 12888

-rw-r--r--  1 root root      264 10月 27 09:36 admin-openrc.sh

-rw-------. 1 root root     2063 10月 26 16:37 anaconda-ks.cfg

-rw-r--r--  1 root root 13167616 10月 27 10:30 cirros-0.3.2-x86_64-disk.img

2)載入環境變數:[[email protected] /]# source admin-openrc.sh

3)建立映象:[[email protected] ~]# openstack image create "cirros" --file cirros-0.3.2-x86_64-disk.img --disk-format qcow2 --container-format bare --public

+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

| Field            | Value                                                                                                                                                                                      |

+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

| checksum         | 64d7c1cd2b6f60c92c14662941cb7913                                                                                                                                                           |

| container_format | bare                                                                                                                                                                                       |

| created_at       | 2018-10-27T02:43:53Z                                                                                                                                                                       |

| disk_format      | qcow2                                                                                                                                                                                      |

| file             | /v2/images/b50f92a7-f49b-4908-9144-568f98dbbb8f/file                                                                                                                                       |

| id               | b50f92a7-f49b-4908-9144-568f98dbbb8f                                                                                                                                                       |

| min_disk         | 0                                                                                                                                                                                          |

| min_ram          | 0                                                                                                                                                                                          |

| name             | cirros                                                                                                                                                                                     |

| owner            | b8471b54426d4b0ba497592862054d5a                                                                                                                                                           |

| properties       | os_hash_algo='sha512', os_hash_value='de74eeff61ad129d3945dead39dbdb02c942702e423628c6fbb35cf18747141d4ebdae914ffebaf6e18dcb174d4066010df8829960c6b95f8777d4f5fb5567f2', os_hidden='False' |

| protected        | False                                                                                                                                                                                      |

| schema           | /v2/schemas/image                                                                                                                                                                          |

| size             | 13167616                                                                                                                                                                                   |

| status           | active                                                                                                                                &n