OpenStack--T版部署(内容较多,需要细品(❁´◡`❁))!

Posted handsomeboy-东

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了OpenStack--T版部署(内容较多,需要细品(❁´◡`❁))!相关的知识,希望对你有一定的参考价值。

OpenStack部署

OpenStack环境部署

设备准备

三台CentOS,内存8G,双网卡
控制节点ct:设置网卡

ens33(NAT网卡):
BOOTPROTO=static
IPV4_ROUTE_METRIC=90	#添加调由优先级,有2条默认,使NAT优先,
ONBOOT=yes
IPADDR=192.168.118.44
NETMASK=255.255.255.0
GATEWAY=192.168.118.2

ens36(内网)BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.140.10
NETMASK=255.255.255.0
#GATEWAY=192.168.140.2	#注释网卡

计算节点ct1:

ens33(NAT网卡):
BOOTPROTO=static
IPV4_ROUTE_METRIC=90	#添加调由优先级,有2条默认,使NAT优先,
ONBOOT=yes
IPADDR=192.168.118.55
NETMASK=255.255.255.0
GATEWAY=192.168.118.2

ens36(内网)BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.140.20
NETMASK=255.255.255.0
#GATEWAY=192.168.140.2	

计算节点ct2

ens33(NAT网卡):
BOOTPROTO=static
IPV4_ROUTE_METRIC=90	#添加调由优先级,有2条默认,使NAT优先,
ONBOOT=yes
IPADDR=192.168.118.66
NETMASK=255.255.255.0
GATEWAY=192.168.118.2

ens34(内网)BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.140.30
NETMASK=255.255.255.0
#GATEWAY=192.168.140.2	

部署OpenStack依赖环境

三个节点同时设置,这里只显示ct节点

[root@ct ~]# vi /etc/hosts
192.168.140.10  ct
192.168.140.20  ct1
192.168.140.30  ct2
[root@ct ~]# ssh-keygen -t rsa				#免交互
[root@ct ~]# ssh-copy-id ct
[root@ct ~]# ssh-copy-id ct1
[root@ct ~]# ssh-copy-id ct2
[root@ct ~]# vi /etc/yum.conf 				#配置YUM能保存下载的安装软件
keepcache=1

##下载安装依赖包
[root@ct ~]# yum -y install net-tools bash-completion vim gcc gcc-c++ make pcre  pcre-devel expat-devel cmake  bzip2 lrzsz


##EXPAT C语言发开库,这里最好多安装几次
[root@ct ~]# yum -y install centos-release-openstack-train python-openstackclient openstack-selinux openstack-utils
  • 设置时间同步
[root@ct ~]# yum install chrony -y
[root@ct ~]#  vim /etc/chrony.conf 

ct节点:

ct1-2节点

[root@ct ~]#  systemctl enable chronyd.service
[root@ct ~]# systemctl restart chronyd.service			#三个节点都开启时间同步
[root@ct ~]# crontab -e									#配置计划任务,两分钟同步一次

控制节点配置MariaDB

  • 安装、配置mariadb
[root@ct ~]# yum -y install mariadb mariadb-server python2-Pymysql  
#python2-PyMySQL是OpenStack控制端连接MySQL的模块  
[root@ct ~]# yum -y install libibverbs			#添加MySQL子配置文件
[root@ct ~]# vim /etc/my.cnf.d/openstack.cnf		#设置配置文件,添加以下内容
[mysqld]
bind-address = 192.168.140.10						#设置控制节点局域网地址
default-storage-engine = innodb						#设置默认存储引擎
innodb_file_per_table = on							#每张表独立表空间文件
max_connections = 4096								#最大连接数
collation-server = utf8_general_ci					#最大字符集
character-set-server = utf8
[root@ct ~]# systemctl enable mariadb
Created symlink from /etc/systemd/system/mysql.service to /usr/lib/systemd/system/mariadb.service.
Created symlink from /etc/systemd/system/mysqld.service to /usr/lib/systemd/system/mariadb.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@ct ~]# systemctl start mariadb				#开启mariadb
[root@ct ~]# cd /etc/my.cnf.d/
[root@ct my.cnf.d]# mysql_secure_installation		#执行mariadb安全配置脚本
…………………………
Disallow root login remotely? [Y/n] N				#交互过程只有这一步选择n允许root登录
…………………………

部署RabbitMQ

[root@ct my.cnf.d]# yum -y install rabbitmq-server
[root@ct my.cnf.d]# systemctl enable rabbitmq-server.service
Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.
[root@ct my.cnf.d]# systemctl start rabbitmq-server.service
[root@ct my.cnf.d]# rabbitmqctl add_user openstack RABBIT_PASS 	#创建消息队列用户openstack,给予密码为RABBIT_PASS
Creating user "openstack"
[root@ct my.cnf.d]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
##配置openstack用户的操作权限(正则,配置读写权限)
Setting permissions for user "openstack" in vhost "/"
[root@ct my.cnf.d]# netstat -antp | grep 5672		#查看rabbitmq默认端口		
tcp        0      0 0.0.0.0:25672           0.0.0.0:*               LISTEN      40164/beam.smp      
tcp        0      0 127.0.0.1:33644         127.0.0.1:25672         TIME_WAIT   -                   
tcp6       0      0 :::5672                 :::*                    LISTEN      40164/beam.smp      
[root@ct my.cnf.d]# netstat -antp | grep 25672		#查看rabbit测试工具CLI的端口
tcp        0      0 0.0.0.0:25672           0.0.0.0:*               LISTEN      40164/beam.smp 
[root@ct my.cnf.d]# rabbitmq-plugins list			#查看rabbitmq插件列表
 Configured: E = explicitly enabled; e = implicitly enabled
 | Status:   * = running on rabbit@localhost
 |/
[  ] amqp_client                       3.6.16
[  ] cowboy                            1.0.4
[  ] cowlib                            1.0.2
[  ] rabbitmq_amqp1_0                  3.6.16
[  ] rabbitmq_auth_backend_ldap        3.6.16
[  ] rabbitmq_auth_mechanism_ssl       3.6.16
[  ] rabbitmq_consistent_hash_exchange 3.6.16
[  ] rabbitmq_event_exchange           3.6.16
[  ] rabbitmq_federation               3.6.16
[  ] rabbitmq_federation_management    3.6.16
[  ] rabbitmq_jms_topic_exchange       3.6.16
……………………………………

[root@ct my.cnf.d]# rabbitmq-plugins enable rabbitmq_management		#开启rabbitmq的web管理界面的插件
The following plugins have been enabled:
  amqp_client
  cowlib
  cowboy
  rabbitmq_web_dispatch
  rabbitmq_management_agent
  rabbitmq_management

Applying plugin configuration to rabbit@localhost... started 6 plugins.

部署memcached

memcached用于存储session信息,服务身份验证机制(keystone)使用memcached来缓冲令牌在登陆openstack的dashboard时,会产生session信息,这些session信息会存放到memcached中

[root@ct my.cnf.d]#  yum install -y memcached python-memcached
[root@ct my.cnf.d]# vi /etc/sysconfig/memcached 		#修改memcached配置文件PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1,::1,ct"
[root@ct my.cnf.d]# systemctl enable memcached
Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.
[root@ct my.cnf.d]# systemctl start memcached
[root@ct my.cnf.d]# netstat -antp | grep 11211
tcp        0      0 192.168.140.10:11211    0.0.0.0:*               LISTEN      42358/memcached     
tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      42358/memcached     
tcp6       0      0 ::1:11211               :::*                    LISTEN      42358/memcached 
  • 安装etcd(由go语言开发的开源,去中心化的数据库)
[root@ct my.cnf.d]# yum install -y etcd			
[root@ct my.cnf.d]# vi /etc/etcd/etcd.conf 		#修改配置文件


[root@ct my.cnf.d]# systemctl enable etcd.service
[root@ct my.cnf.d]# systemctl start etcd.service
[root@ct my.cnf.d]#  netstat -anutp |grep 2379
tcp        0      0 192.168.140.10:2379     0.0.0.0:*               LISTEN      45160/etcd          
tcp        0      0 192.168.140.10:2379     192.168.140.10:50826    ESTABLISHED 45160/etcd          
tcp        0      0 192.168.140.10:50826    192.168.140.10:2379     ESTABLISHED 45160/etcd          
[root@ct my.cnf.d]#  netstat -anutp |grep 2380
tcp        0      0 192.168.140.10:2380     0.0.0.0:*               LISTEN      45160/etcd 

Keystone组件部署

部署openstack组件需要安装Apache运行认证服务keystone(需要安装),然后安装镜像服务glance,计算服务nova,网络服务neutron

  • 创建数据库实例和数据库用户
[root@ct ~]# mysql -uroot -p
MariaDB [(none)]> create database keystone;				#创建库
Query OK, 1 row affected (0.001 sec)

##给予权限
MariaDB [(none)]> grant all privileges on keystone.* to 'keystone'@'localhost' identified by 'KEYSTONE_DBPASS';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> grant all privileges on keystone.* to 'keystone'@'%' identified by 'KEYSTONE_DBPASS';
Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> flush privileges;						#刷新权限表	
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> exit
Bye
  • 安装配置keystone、httpd、mod_wsgi(用来让apache能够代理python程序的组件)
[root@ct ~]# yum install -y openstack-keystone httpd mod_wsgi
[root@ct ~]# cp -a /etc/keystone/keystone.conf,.bak			
[root@ct ~]# grep -Ev "^$|#" /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf
		#过滤空格或#开头内容,并将内容覆盖到配置文件中
[root@ct ~]# cat /etc/keystone/keystone.conf
[DEFAULT]
[application_credential]
[assignment]
[auth]
[cache]
[catalog]
[cors]
[credential]
[database]
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[federation]
[fernet_receipts]
[fernet_tokens]
[healthcheck]
[identity]
[identity_mapping]
[jwt_tokens]
[ldap]
[memcache]
[oauth1]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[policy]
[profiler]
[receipt]
[resource]
[revoke]
[role]
[saml]
[security_compliance]
[shadow_users]
[token]
[tokenless_auth]
[totp]
[trust]
[unified_limit]
[wsgi]
##通过pymysql模块访问mysql,知道用户名密码,数据库和域名
[root@ct ~]# openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:KEYSTONE_DBPASS@ct/keystone
##知道token的提供者为keystone自身
[root@ct ~]# openstack-config --set /etc/keystone/keystone.conf token provider fernet

##初始化认证服务数据库
[root@ct ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone

##初始fernet密钥存储库,生成两个密钥,生成的密钥放于/etc/keystone/目录下,用于加密数据
[root@ct ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@ct ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
  • 配置bootstrap身份认证服务
[root@ct ~]# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\
> --bootstrap-admin-url http://ct:5000/v3/ \\			#管理网
> --bootstrap-internal-url http://ct:5000/v3/ \\			#内部网络
> --bootstrap-public-url http://ct:5000/v3/ \\			#公共网络
> --bootstrap-region-id RegionOne
  • 配置Apache服务
[root@ct ~]# echo "ServerNmae controller" >> /etc/httpd/conf/httpd.conf 
[root@ct ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[root@ct ~]# systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@ct ~]# systemctl start httpd
[root@ct ~]# netstat -antp | grep httpd
tcp6       0      0 :::5000                 :::*                    LISTEN      60926/httpd         
tcp6       0      0 :::80                   :::*                    LISTEN      60926/httpd  
  • 配置管理员账户的环境变量
[root@ct ~]# cat >> ~/.bashrc << EOF
> export OS_USERNAME=admin						#设置管理员登录用户名
> export OS_PASSWORD=ADMIN_PASS					#设置密码 
> export OS_PROJECT_NAME=admin
> export OS_USER_DOMAIN_NAME=Default
> export OS_PROJECT_DOMAIN_NAME=Default
> export OS_AUTH_URL=http://ct:5000/v3
> export OS_IDENTITY_API_VERSION=3
> export OS_IMAGE_API_VERSION=2
> EOF
[root@ct ~]# source ~/.bashrc
[root@ct ~]# openstack user list				
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| d1553b14431c4f7d8397e6ffb15cee30 | admin |
+----------------------------------+-------+
  • 创建OpenStack域、项目、用户和角色
##创建一个项目(project),在知道的domain中,project名称为service
[root@ct ~]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 0683dd857dec4bc68b2d4d84806b5e23 |
| is_domain   | False                            |
| name        | service                          |
| options     |                                |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+

##创建角色
[root@ct ~]# openstack role create user
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | None                             |
| domain_id   | None                             |
| id          | eb2fe06b20824e5d8b16a582f382f4c4 |
| name        | user                             |
| options     |                                |
+-------------+----------------------------------+
[root@ct ~]# openstack role list		#查看创建的角色						
+----------------------------------+--------+列表
| ID                               | Name   |
+----------------------------------+--------+
| 622ba83b60dc40aa8c44e4858ee44a02 | admin  |
| 73aa0b3a87f142a5803c133d12a8c4ee | member |
| ba33f04a1c964d849b8b827470ba0dc0 | reader |
| eb2fe06b20824e5d8b16a582f382f4c4 | user   |
+----------------------------------+--------+

##
[root@ct ~]# openstack token issue		#查看是否可以不知道密码就可以获取到token信息(验证认证服务)
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                                                   |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2021-08-23T07:13:14+0000                                                                                                                                                                |
| id         | gAAAAABhIzx6NUyyRnDfYio2YyKpzozx2Es1kVV26v0WOhi5YrxHq3Zwj1RKByVfR7K4rVRFmAGGcuD5ElKco0vYgqS47FCSSqGOJdyM4Cn0KVH3wZKXbvN6L-cozznyHqDV8ovz82TscssKowYzYIcwKg-SO4Tv1xxD8bi6PpQy4AXxhCgPm-Y |
| project_id | 933a6997e78d4927847c2f2a32c7a358                                                                                                                                                        |
| user_id    | d1553b14431c4f7d8397e6ffb15cee30                                                                                                                                                        |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

Glance组件部署

  • 创建数据库实例和数据库用户
[root@ct ~]# mysql -uroot -p
MariaDB [(none)]> create database glance;
Query OK, 1 row affected (0.000 sec)

MariaDB [(none)]> grant all privileges on glance.* to 'glance'@'localhost' identified by 'GLANCE_DBPASS';
Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> grant all privileges on glance.* to 'glance'@'%' identified by 'GLANCE_DBPASS';
Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> exit
Bye
  • 创建用户,修改配置文件
[root@ct ~]# openstack user create --domain default --password GLANCE_PASS glance
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | db20009e0b1f441899ac9aeb26fce300 |
| name                | glance                           |
| options             |                                |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@ct ~]# openstack role add --project service --user glance admin
##将glance用户添加到service项目中,并针对这个项目拥有admin权限

[root@ct ~]# openstack service create --name glance --description "OpenStack Image" image
##创建service服务,名称为glance。类型为image
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Image                  |
| enabled     | True                             |
| id          | 3d9adf0d2c68457294effa2b293ad02e |
| name        | glance                           |
| type        | image                            |
+-------------+----------------------------------+
[root@ct ~]# openstack service list			#查看service项目用户列表
+----------------------------------+----------+----------+
| ID                               | Name     | Type     |
+----------------------------------+----------+----------+
| 097835c29bca44d29534dd6beb75cc10 | keystone | identity |
| 3d9adf0d2c68457294effa2b293ad02e | glance   | image    |
+----------------------------------+----------+----------+
  • 创建镜像服务API端点,OpenStack使用三种API端点
[root@ct ~]# openstack endpoint create --region RegionOne image public http://ct:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | c3f4bd393a004bdb9f32785449870674 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 3d9adf0d2c68457294effa2b293ad02e |
| service_name | glance                           |
| service_type | image                            |
| url          | http://ct:9292                   |
+--------------+----------------------------------+
[root@ct ~]# openstack endpoint create --region RegionOne image internal http://ct:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | d70014945d4644b7991ce5d6e6e8e8c5 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 3d9adf0d2c68457294effa2b293ad02e |
| service_name | glance                           |
| service_type | image                            |
| url          | http://ct:9292                   |
+--------------+----------------------------------+
[root@ct ~]# openstack endpoint create --region RegionOne image admin http://ct:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 9957f757cfae46f5a4004511933fe95c |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 3d9adf0d2c68457294effa2b293ad02e |
| service_name | glance                           |
| service_type | image                            |
| url          | http://ct:9292                   |
+--------------+----------------------------------+
  • 安装openstack-glance软件包,修改配置文件
[root@ct ~]# yum install -y openstack-glance
[root@ct ~]#  cp -a /etc/glance/glance-api.conf,.bak
[root@ct glance]# grep -Ev '^$|#' /etc/glance/glance-api.conf.bak > /etc/glance/glance-api.conf
[root@ct glance]# cat /etc/glance/glance-api.conf
[DEFAULT]
[cinder]
[cors]
[database]
[file]
[glance.store.http.store]
[glance.store.rbd.store]
[glance.store.sheepdog.store]
[glance.store.swift.store]
[glance.store.vmware_datastore.store]
[glance_store]
[image_format]
[keystone_authtoken]
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
[profiler]
[store_type_location_strategy]
[task]
[taskflow_executor]
  • 输入以下命令修改/etc/glance/glance-appi.conf配置文件
openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@传统公司部署OpenStack(t版)简易介绍——Keystone组件部署

传统公司部署OpenStack(t版)简易介绍——placement模块部署

传统公司部署OpenStack(t版)简易介绍——placement模块部署

传统公司部署OpenStack(t版)简易介绍——Glance组件部署

传统公司部署OpenStack(t版)简易介绍——Glance组件部署

传统公司部署OpenStack(t版)简易介绍——cinder模块部署