在CentOS 7上安装Openstack三节点集群
时间:2020-02-23 14:31:24 来源:igfitidea点击:
CentOS云计算KVMLinuxLinux教程Openstack
介绍
那么什么是Openstack? OpenStack是一套开源软件工具,用于构建和管理用于公共和私有云的云计算平台。我们将尝试在工具上进行试验,并检验其所具有的功能,独创性和创新性,以构建一个三节点的开放式堆栈集群。我们的站点上有一些关于openstack自由的指南,我们可以在这里找到它们。我们将继续进行本练习。我们将从控制器节点开始,希望它会像我们以前一样是一次美妙的体验。
品格不能轻易而安静地发展。只有通过经历磨难和磨难的经验,才能使灵魂得到加强,激发雄心并取得成功。
海伦·凯勒
服务器1
控制器节点:
MariaDB,RabbitMQ,Memcached,httpd,Keystone,Glance,Nova API,Horizon
具有以下网络功能的Centos 7:
[theitroad@localhost ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 52:54:00:15:00:d5 brd ff:ff:ff:ff:ff:ff
准备服务器
一世。安装ntp
安装并配置网络时间协议(ntp)进行时间同步,并配置vim进行文件编辑。
[theitroad@localhost ~]# yum -y install ntp Loaded plugins: fastestmirror Determining fastest mirrors epel/x86_64/metalink | 59 kB 00:00:00 * base: repos-jnb.psychz.net * epel: fedora.cu.be * extras: repos-jnb.psychz.net
我们可以安装vim或者碰巧是Nano,Emacs等的任何其他文本编辑器。
[theitroad@localhost ~]# yum install vim
配置ntp
[theitroad@localhost ~]# vim /etc/ntp.conf # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst server 0.africa.pool.ntp.org server 1.africa.pool.ntp.org server 2.africa.pool.ntp.org server 3.africa.pool.ntp.org
重新启动ntp服务。
[theitroad@localhost ~]# systemctl start ntpd
将服务设置为在启动时启动。
[theitroad@localhost ~]# systemctl enable ntpd Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
Ntp是一种协议,要求我们允许它通过防火墙提供服务。我们可以使用firewalld允许它如下:
[theitroad@localhost ~]# firewall-cmd --add-service=ntp --permanent success
[theitroad@localhost ~]# firewall-cmd --reload success
现在让我们继续并将OpenStack Queens存储库添加到我们的控制器节点,以便能够检索其软件包。
sudo yum -y install centos-release-openstack-queens
编辑存储库文件,并确保全部使用enabled = 1值启用,如以下示例所示。
sudo vim /etc/yum.repos.d/CentOS-OpenStack-queens.repo
它看起来应与下面类似。
[centos-openstack-queens] name=CentOS-7 - OpenStack queens baseurl=http://mirror.centos.org/centos/7/cloud/$basearch/openstack-queens/ gpgcheck=1 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud exclude=sip,PyQt4
下一步是安装MariaDB 10.1并对其进行基本设置。让我们开始吧:
sudo yum --enablerepo=centos-openstack-queens install mariadb-server -y
通过编辑/etc/my.cnf文件来配置数据库服务器。
[mysqld] # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 ### Within this [mysqld] section add the line below ### character-set-server=utf8
启动并启用mariadb服务。
sudo systemctl enable --now mariadb
安全安装MariaDB。
# mysql_secure_installation
最后,允许mysql在防火墙上并重新加载使更改生效。不要忘记重新加载。
sudo firewall-cmd --add-service=mysql --permanent sudo firewall-cmd --reload
数据库启动并运行后,让我们继续安装软件包。让我们安装RabbitMQ和Memcahed并将openstack用户添加到Rabbitmq。
sudo yum --enablerepo=epel -y install rabbitmq-server memcached
启动并启用rabbitmq和memcached。
sudo systemctl enable --now rabbitmq-server memcached
添加openstack用户。我们可以使用任何密码作为密码
[theitroad@localhost ~]# rabbitmqctl add_user openstack password Creating user "openstack" … …done. [theitroad@localhost ~]# rabbitmqctl set_permissions openstack "." "." ".*" Setting permissions for user "openstack" in vhost "/" …
将以下端口添加到防火墙
[theitroad@localhost ~]# firewall-cmd --add-port={11211/tcp,5672/tcp} --permanent
success
[theitroad@localhost ~]# firewall-cmd --reload
success
我们相信RabbitMQ和MySQL已成功安装。如果是这样,让我们继续安装称为Keystone的身份服务。
Keystone将要求使用数据库来保存其记录,因此,我们将在下一步中为安装身份服务的用户添加相同的用户和数据库。 Keystone是一项OpenStack服务,通过实现OpenStacks Identity API提供API客户端身份验证,服务发现和分布式多租户授权。
它需要一个数据库,因此让我们在安装数据库之前为其创建一个数据库。
[theitroad@localhost ~]# mysql -u root -p ## Enter the root password you set earlier Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 2 Server version: 10.1.20-MariaDB MariaDB Server Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others. No entry for terminal type "xterm-termite"; using dumb terminal settings. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. ## Create database for keystone MariaDB [(none)]> create database keystone; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all privileges on keystone.* to theitroad@localhost'localhost' identified by 'password'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> grant all privileges on keystone.* to theitroad@localhost'%' identified by 'password'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> flush privileges; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> exit; Bye
现在让我们安装Keystone:
sudo yum --enablerepo=centos-openstack-queens,epel -y install openstack-keystone openstack-utils python-openstackclient httpd mod_wsgi
梯形失真校正配置。打开梯形失真校正配置文件并进行以下更改
sudo vim vim /etc/keystone/keystone.conf
设置如下。
# oslo_cache.memcache_pool backends only). (list value) memcache_servers = 192.168.122.130:11211 # Under database look and edit the connection details as below with your machine details [database] connection = mysql+pymysql://keystone:theitroad@localhost/keystone # Under token add the provider line as shown below and you are good to go provider = fernet
之后,发出以下命令来同步数据库,初始化密钥并定义主机。
[theitroad@localhost ~]# su -s /bin/bash keystone -c "keystone-manage db_sync" [theitroad@localhost ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone [theitroad@localhost ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone [theitroad@localhost ~]# export controller=192.168.122.130
如下所示引导梯形失真校正服务,并将端口5000添加到防火墙中。
[theitroad@localhost ~]# keystone-manage bootstrap --bootstrap-password password --bootstrap-admin-url http://$controller:5000/v3/--bootstrap-internal-url http://$controller:5000/v3/--bootstrap-public-url http://$controller:5000/v3/--bootstrap-region-id RegionOne [theitroad@localhost ~]# firewall-cmd --add-port=5000/tcp --permanent success [theitroad@localhost ~]# firewall-cmd --reload success
在httpd配置中为梯形校正配置创建一个软链接,然后启动httpd服务。
[theitroad@localhost ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ [theitroad@localhost ~]# systemctl start httpd
如果httpd无法启动,并且我们收到与以下错误类似的错误,请检查selinux状态
[theitroad@localhost ~]# sestatus
如果启用,则有两个选择;禁用或者配置它。我永久性地禁用了它,如下所示。
启动httpd并检查其状态
[theitroad@localhost ~]# systemctl enable httpd
[theitroad@localhost ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2016-08-09 11:17:51 EAT; 10min ago
Docs: man:httpd(8)
man:apachectl(8)
我们希望到目前为止一切顺利。下一步是添加Keystone项目。项目是我们可以向其分配用户的云中的组织单位。项目也称为项目或者帐户。
用户可以是一个或者多个项目的成员。角色定义用户可以执行的操作。我们可以为用户项目对分配角色。(OPenstack.org,2016)
要创建项目,我们必须首先创建环境变量,如下所示
[theitroad@localhost ~]# vi ~/keystonerc
加
export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=password ##Set the password that you used when creating the keystone bootstrap. export OS_AUTH_URL=http://192.168.122.130:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 export PS1='[\theitroad@localhost\h \W(keystone)]$'
恭喜大家之后,通过限制读取和写入访问权限然后再提供文件来提高文件的安全性。
[theitroad@localhost ~]# chmod 600 ~/keystonerc [theitroad@localhost ~]# source ~/keystonerc [theitroad@localhost ~(keystone)] # Your terminal should change as this. [theitroad@localhost ~(keystone)]# echo "source ~/keystonerc " >> ~/.bash_profile
创建第一个项目,我们可以使用任何喜欢的名称来描述它。
[theitroad@localhost ~]# openstack project create --domain default --description "First Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | First Project | | domain_id | default | | enabled | True | | id | 76d124ff821e4db5ad792a113b54724e | | is_domain | False | | name | service | | parent_id | default | | tags | [] | +-------------+----------------------------------+
我们可以检查用户列表,角色列表等。
[theitroad@localhost ~(keystone)]# openstack user list +----------------------------------+-------+ | ID | Name | +----------------------------------+-------+ | 1f53dd25b3ee44218b36dd821c1d7dd9 | admin | +----------------------------------+-------+ [theitroad@localhost ~(keystone)]# openstack role list +----------------------------------+-------+ | ID | Name | +----------------------------------+-------+ | 3a4ac06a15c64d73bb160de04174efb6 | admin | +----------------------------------+-------+
