在CentOS7第1部分上安装Openstack 3节点集群
前言
那么什么是Openstack? OpenStack是一套用于构建和管理公共和私有云云计算平台的开源软件工具。对该工具进行试验,并尝试构建一个3节点的开放式堆栈集群,以证明其带来的功能,独创性和创新性。您可以在我们的网站上找到一些OpenStack自由指南。随着您的进步,本练习将分为多个部分。让我们从控制器节点开始。我希望这将是您所经历的美好体验。
“你不能轻易而安静地发展自己的性格。只有通过经历磨难和磨难,才能使自己的灵魂得到鼓舞,抱负和成功。” –海伦·凯勒(Helen Keller)
服务器1
控制器节点:MariaDB,RabbitMQ,Memcached,httpd,Keystone,Glance,Nova API,Horizon
具有以下网络功能的Centos7:
[[email protected] ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 52:54:00:15:00:d5 brd ff:ff:ff:ff:ff:ff
服务器准备
一世。 安装ntp
安装和配置网络时间协议(ntp)进行时间同步,并配置vim进行文件编辑。
[[email protected] ~]# yum -y install ntp
Loaded plugins: fastestmirror
Determining fastest mirrors
epel/x86_64/metalink | 59 kB 00:00:00
* base: repos-jnb.psychz.net
* epel: fedora.cu.be
* extras: repos-jnb.psychz.net
您可以安装vim和其他支持Nano,Emacs等的文本编辑器。
[[email protected] ~]# yum install vim
配置ntp
[[email protected] ~]# vim /etc/ntp.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server 0.africa.pool.ntp.org
server 1.africa.pool.ntp.org
server 2.africa.pool.ntp.org
server 3.africa.pool.ntp.org
重新启动ntp服务。
[roo[email protected] ~]# systemctl start ntpd
将服务设置为在启动时启动。
[[email protected] ~]# systemctl enable ntpd
Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
Ntp是协议,必须允许服务通过防火墙。您可以使用firewalld允许它,如下所示:
[[email protected] ~]# firewall-cmd --add-service=ntp --permanentsuccess
[[email protected] ~]# firewall-cmd --reloadsuccess
然后将OpenStack Queens存储库添加到控制器节点,以便获取软件包。
sudo yum -y install centos-release-openstack-queens
编辑存储库文件,并确保所有值都已启用,并且其值为“ enabled = 1”,如以下示例所示。
sudo vim /etc/yum.repos.d/CentOS-OpenStack-queens.repo
如下。
[centos-openstack-queens]name=CentOS-7 - OpenStack queensbaseurl=http://mirror.centos.org/centos/7/cloud/$basearch/openstack-queens/gpgcheck=1enabled=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloudexclude=sip,PyQt4
下一步是安装MariaDB 10.1并配置基本设置。开始吧:
sudo yum --enablerepo=centos-openstack-queens install mariadb-server -y
编辑以配置数据库服务器 /etc/my.cnf
文件。
[mysqld]
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
### Within this [mysqld] section add the line below ###
character-set-server=utf8
启动并启用mariadb服务。
sudo systemctl enable --now mariadb
安全安装MariaDB。
# mysql_secure_installation
最后,在防火墙中允许mysql并重新加载以应用更改。不要忘记重新加载。
sudo firewall-cmd --add-service=mysql --permanentsudo firewall-cmd --reload
数据库启动并运行后,让我们继续安装软件包。 安装RabbitMQ和Memcahed,并将openstack用户添加到Rabbitmq。
sudo yum --enablerepo=epel -y install rabbitmq-server memcached
启动并启用rabbitmq和memcached。
sudo systemctl enable --now rabbitmq-server memcached
添加一个openstack用户。 您可以使用任何密码作为“密码”
[[email protected] ~]# rabbitmqctl add_user openstack password Creating user "openstack" … …done. [[email protected] ~]# rabbitmqctl set_permissions openstack "." "." ".*" Setting permissions for user "openstack" in vhost "/" …
将以下端口添加到防火墙
[[email protected] ~]# firewall-cmd --add-port={11211/tcp,5672/tcp} --permanent success [[email protected] ~]# firewall-cmd --reload success
我确定RabbitMQ和MySQL已成功安装。如果是这样,请继续安装称为Keystone的身份服务。
Keystone需要使用数据库来保存记录,因此在安装身份服务之前,请在下一步中添加相同的用户和数据库。 Keystone是一项OpenStack服务,通过实现OpenStack的Identity API提供API客户端身份验证,服务发现和分布式多租户身份验证。
我们需要一个数据库,因此让我们在安装之前创建一个数据库。
[[email protected] ~]# mysql -u root -p
## Enter the root password you set earlier
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or g.
Your MariaDB connection id is 2
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
No entry for terminal type "xterm-termite";
using dumb terminal settings.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
## Create database for keystone
MariaDB [(none)]> create database keystone;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on keystone.* to [email protected]'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on keystone.* to [email protected]'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit;
Bye
安装梯形失真校正:
sudo yum --enablerepo=centos-openstack-queens,epel -y install openstack-keystone openstack-utils python-openstackclient httpd mod_wsgi
梯形校正组成。 打开Keystone配置文件并进行以下更改
sudo vim vim /etc/keystone/keystone.conf
设置如下。
# oslo_cache.memcache_pool backends only). (list value)memcache_servers = 192.168.122.130:11211# Under database look and edit the connection details as below with your machine details[database]connection = mysql+pymysql://keystone:[email protected]/keystone# Under token add the provider line as shown below and you are good to goprovider = fernet
然后发出以下命令来同步数据库,初始化密钥并定义主机。
[[email protected] ~]# su -s /bin/bash keystone -c "keystone-manage db_sync"
[[email protected] ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[[email protected] ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
[[email protected] ~]# export controller=192.168.122.130
如下所示引导梯形失真校正服务,并将端口5000添加到防火墙。
[[email protected] ~]# keystone-manage bootstrap --bootstrap-password password --bootstrap-admin-url http://$controller:5000/v3/ --bootstrap-internal-url http://$controller:5000/v3/ --bootstrap-public-url http://$controller:5000/v3/ --bootstrap-region-id RegionOne
[[email protected] ~]# firewall-cmd --add-port=5000/tcp --permanent
success
[[email protected] ~]# firewall-cmd --reload
success
使用httpd配置创建一个梯形配置软链接并启动httpd服务。
[[email protected] ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[[email protected] ~]# systemctl start httpd
如果httpd无法启动并且发生以下错误,请检查selinux的状态。
[[email protected] ~]# sestatus
如果启用,则有两个选项。禁用或配置。我个人如下将其永久禁用:
启动httpd并检查其状态
[[email protected] ~]# systemctl enable httpd
[[email protected] ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2018-08-09 11:17:51 EAT; 10min ago
Docs: man:httpd(8)
man:apachectl(8)
到目前为止,我希望一切顺利。下一步是添加Keystone项目。项目是云中可以分配用户的组织单位。项目也称为项目或帐户。
用户可以是一个或多个项目的成员。角色定义用户可以执行的操作。为用户项目对分配角色(OPenstack.org,2018)
要创建项目,首先需要创建如下环境变量:
[[email protected] ~]# vi ~/keystonerc
添加
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=password ##Set the password that you used when creating the keystone bootstrap.
export OS_AUTH_URL=http://192.168.122.130:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export PS1='[[email protected]h W(keystone)]$ '
恭喜你然后限制读写访问权限以提高文件安全性并提供文件源。
[[email protected] ~]# chmod 600 ~/keystonerc
[[email protected] ~]# source ~/keystonerc
[[email protected] ~(keystone)] # Your terminal should change as this.
[[email protected] ~(keystone)]# echo "source ~/keystonerc " >> ~/.bash_profile
创建您的第一个项目。您可以用任何喜欢的名字来解释它。
[[email protected] ~]# openstack project create --domain default --description "First Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | First Project |
| domain_id | default |
| enabled | True |
| id | 76d124ff821e4db5ad792a113b54724e |
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
您可以检查用户列表,角色列表等。
[[email protected] ~(keystone)]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 1f53dd25b3ee44218b36dd821c1d7dd9 | admin |
+----------------------------------+-------+
[[email protected] ~(keystone)]# openstack role list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 3a4ac06a15c64d73bb160de04174efb6 | admin |
+----------------------------------+-------+
我认为现在是休息的好时机。在下一部分中,我们将Glance图像服务添加到控制器节点。请期待它。
Next:安装3节点OpenStack Queens集群–第2部分