在CentOS7第1部分上安裝Openstack 3節點集群

前言

那麼什麼是Openstack? OpenStack是一套用於構建和管理公共和私有云云計算平台的開源軟件工具。對該工具進行試驗,並嘗試構建一個3節點的開放式堆棧集群,以證明其帶來的功能,獨創性和創新性。您可以在我們的網站上找到一些OpenStack自由指南。隨着您的進步,本練習將分為多個部分。讓我們從控制器節點開始。我希望這將是您所經歷的美好體驗。

“你不能輕易而安靜地發展自己的性格。只有通過經歷磨難和磨難,才能使自己的靈魂得到鼓舞,抱負和成功。” –海倫·凱勒(Helen Keller)

服務器1

控制器節點:MariaDB,RabbitMQ,Memcached,httpd,Keystone,Glance,Nova API,Horizo​​n

具有以下網絡功能的Centos7:

[[email protected] ~]# ip  link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 52:54:00:15:00:d5 brd ff:ff:ff:ff:ff:ff

服務器準備

一世。 安裝ntp

安裝和配置網絡時間協議(ntp)進行時間同步,並配置vim進行文件編輯。

[[email protected] ~]#  yum -y install ntp
Loaded plugins: fastestmirror
Determining fastest mirrors
epel/x86_64/metalink                                                                      |  59 kB  00:00:00     
 * base: repos-jnb.psychz.net
 * epel: fedora.cu.be
 * extras: repos-jnb.psychz.net

您可以安裝vim和其他支持Nano,Emacs等的文本編輯器。

 [[email protected] ~]# yum install vim

配置ntp

[[email protected] ~]# vim /etc/ntp.conf

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst

server 0.africa.pool.ntp.org
server 1.africa.pool.ntp.org
server 2.africa.pool.ntp.org
server 3.africa.pool.ntp.org

重新啟動ntp服務。

[[email protected] ~]# systemctl start ntpd

將服務設置為在啟動時啟動。

[[email protected] ~]# systemctl enable ntpd
Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.

Ntp是協議,必須允許服務通過防火牆。您可以使用firewalld允許它,如下所示:

[[email protected] ~]# firewall-cmd --add-service=ntp --permanentsuccess 
[[email protected] ~]# firewall-cmd --reloadsuccess

然後將OpenStack Queens存儲庫添加到控制器節點,以便獲取軟件包。

sudo yum -y install centos-release-openstack-queens

編輯存儲庫文件,並確保所有值都已啟用,並且其值為“ enabled = 1”,如以下示例所示。

sudo vim /etc/yum.repos.d/CentOS-OpenStack-queens.repo

如下。

[centos-openstack-queens]name=CentOS-7 - OpenStack queensbaseurl=http://mirror.centos.org/centos/7/cloud/$basearch/openstack-queens/gpgcheck=1enabled=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloudexclude=sip,PyQt4

下一步是安裝MariaDB 10.1並配置基本設置。開始吧:

sudo yum --enablerepo=centos-openstack-queens install mariadb-server -y

編輯以配置數據庫服務器 /etc/my.cnf 文件。

[mysqld]
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
### Within this [mysqld] section add the line below ###
character-set-server=utf8

啟動並啟用mariadb服務。

sudo systemctl enable --now mariadb

安全安裝MariaDB。

# mysql_secure_installation

最後,在防火牆中允許mysql並重新加載以應用更改。不要忘記重新加載。

sudo firewall-cmd --add-service=mysql --permanentsudo firewall-cmd --reload 

數據庫啟動並運行後,讓我們繼續安裝軟件包。 安裝RabbitMQ和Memcahed,並將openstack用戶添加到Rabbitmq。

sudo yum --enablerepo=epel -y install rabbitmq-server memcached

啟動並啟用rabbitmq和memcached。

sudo systemctl enable --now rabbitmq-server memcached

添加一個openstack用戶。 您可以使用任何密碼作為“密碼”

[[email protected] ~]# rabbitmqctl add_user openstack password Creating user "openstack" … …done. [[email protected] ~]# rabbitmqctl set_permissions openstack "." "." ".*"  Setting permissions for user "openstack" in vhost "/" …

將以下端口添加到防火牆

[[email protected] ~]# firewall-cmd --add-port={11211/tcp,5672/tcp} --permanent success [[email protected] ~]# firewall-cmd --reload success

我確定RabbitMQ和MySQL已成功安裝。如果是這樣,請繼續安裝稱為Keystone的身份服務。

Keystone需要使用數據庫來保存記錄,因此在安裝身份服務之前,請在下一步中添加相同的用戶和數據庫。 Keystone是一項OpenStack服務,通過實現OpenStack的Identity API提供API客戶端身份驗證,服務發現和分布式多租戶身份驗證。

我們需要一個數據庫,因此讓我們在安裝之前創建一個數據庫。

[[email protected] ~]# mysql -u root -p
## Enter the root password you set earlier
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or g.
Your MariaDB connection id is 2
Server version: 10.1.20-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

No entry for terminal type "xterm-termite";
using dumb terminal settings.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

## Create database for keystone
MariaDB [(none)]> create database keystone;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on keystone.* to [email protected]'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on keystone.* to [email protected]'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit;
Bye

安裝梯形失真校正:

sudo yum --enablerepo=centos-openstack-queens,epel -y install openstack-keystone openstack-utils python-openstackclient httpd mod_wsgi

梯形校正組成。 打開Keystone配置文件並進行以下更改

sudo vim vim /etc/keystone/keystone.conf

設置如下。

# oslo_cache.memcache_pool backends only). (list value)memcache_servers = 192.168.122.130:11211# Under database look and edit the connection details as below with your machine details[database]connection = mysql+pymysql://keystone:[email protected]/keystone# Under token add the provider line as shown below and you are good to goprovider = fernet

然後發出以下命令來同步數據庫,初始化密鑰並定義主機。

[[email protected] ~]#  su -s /bin/bash keystone -c "keystone-manage db_sync"
[[email protected] ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone 
[[email protected] ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
[[email protected] ~]# export controller=192.168.122.130

如下所示引導梯形失真校正服務,並將端口5000添加到防火牆。

[[email protected] ~]# keystone-manage bootstrap --bootstrap-password password --bootstrap-admin-url http://$controller:5000/v3/ --bootstrap-internal-url http://$controller:5000/v3/ --bootstrap-public-url http://$controller:5000/v3/ --bootstrap-region-id RegionOne

[[email protected] ~]# firewall-cmd --add-port=5000/tcp --permanent
success
[[email protected] ~]# firewall-cmd --reload
success

使用httpd配置創建一個梯形配置軟鏈接並啟動httpd服務。

 [[email protected] ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[[email protected] ~]# systemctl start httpd

如果httpd無法啟動並且發生以下錯誤,請檢查selinux的狀態。

[[email protected] ~]# sestatus

如果啟用,則有兩個選項。禁用或配置。我個人如下將其永久禁用:

啟動httpd並檢查其狀態

[[email protected] ~]# systemctl enable httpd
[[email protected] ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2018-08-09 11:17:51 EAT; 10min ago
     Docs: man:httpd(8)
           man:apachectl(8)

到目前為止,我希望一切順利。下一步是添加Keystone項目。項目是雲中可以分配用戶的組織單位。項目也稱為項目或帳戶。

用戶可以是一個或多個項目的成員。角色定義用戶可以執行的操作。為用戶項目對分配角色(OPenstack.org,2018)

要創建項目,首先需要創建如下環境變量:

[[email protected] ~]# vi ~/keystonerc

添加

export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=password ##Set the password that you used when creating the keystone bootstrap.
export OS_AUTH_URL=http://192.168.122.130:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export PS1='[[email protected]h W(keystone)]$ '

恭喜你然後限制讀寫訪問權限以提高文件安全性並提供文件源。

[[email protected] ~]# chmod 600 ~/keystonerc
[[email protected] ~]# source ~/keystonerc   
[[email protected] ~(keystone)] # Your terminal should change as this.
[[email protected] ~(keystone)]#  echo "source ~/keystonerc " >> ~/.bash_profile

創建您的第一個項目。您可以用任何喜歡的名字來解釋它。

[[email protected] ~]# openstack project create --domain default --description "First Project" service 
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | First Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 76d124ff821e4db5ad792a113b54724e |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+

您可以檢查用戶列表,角色列表等。

[[email protected] ~(keystone)]# openstack user list
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 1f53dd25b3ee44218b36dd821c1d7dd9 | admin |
+----------------------------------+-------+
[[email protected] ~(keystone)]# openstack role list
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 3a4ac06a15c64d73bb160de04174efb6 | admin |
+----------------------------------+-------+

我認為現在是休息的好時機。在下一部分中,我們將Glance圖像服務添加到控制器節點。請期待它。

Next:安裝3節點OpenStack Queens集群–第2部分

Sidebar