OpenStack--T版部署(内容较多,需要细品(❁´◡`❁))!
Posted handsomeboy-东
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了OpenStack--T版部署(内容较多,需要细品(❁´◡`❁))!相关的知识,希望对你有一定的参考价值。
OpenStack部署
OpenStack环境部署
设备准备
三台CentOS,内存8G,双网卡
控制节点ct:设置网卡
ens33(NAT网卡):
BOOTPROTO=static
IPV4_ROUTE_METRIC=90 #添加调由优先级,有2条默认,使NAT优先,
ONBOOT=yes
IPADDR=192.168.118.44
NETMASK=255.255.255.0
GATEWAY=192.168.118.2
ens36(内网):
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.140.10
NETMASK=255.255.255.0
#GATEWAY=192.168.140.2 #注释网卡
计算节点ct1:
ens33(NAT网卡):
BOOTPROTO=static
IPV4_ROUTE_METRIC=90 #添加调由优先级,有2条默认,使NAT优先,
ONBOOT=yes
IPADDR=192.168.118.55
NETMASK=255.255.255.0
GATEWAY=192.168.118.2
ens36(内网):
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.140.20
NETMASK=255.255.255.0
#GATEWAY=192.168.140.2
计算节点ct2
ens33(NAT网卡):
BOOTPROTO=static
IPV4_ROUTE_METRIC=90 #添加调由优先级,有2条默认,使NAT优先,
ONBOOT=yes
IPADDR=192.168.118.66
NETMASK=255.255.255.0
GATEWAY=192.168.118.2
ens34(内网):
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.140.30
NETMASK=255.255.255.0
#GATEWAY=192.168.140.2
部署OpenStack依赖环境
三个节点同时设置,这里只显示ct节点
[root@ct ~]# vi /etc/hosts
192.168.140.10 ct
192.168.140.20 ct1
192.168.140.30 ct2
[root@ct ~]# ssh-keygen -t rsa #免交互
[root@ct ~]# ssh-copy-id ct
[root@ct ~]# ssh-copy-id ct1
[root@ct ~]# ssh-copy-id ct2
[root@ct ~]# vi /etc/yum.conf #配置YUM能保存下载的安装软件
keepcache=1
##下载安装依赖包
[root@ct ~]# yum -y install net-tools bash-completion vim gcc gcc-c++ make pcre pcre-devel expat-devel cmake bzip2 lrzsz
##EXPAT C语言发开库,这里最好多安装几次
[root@ct ~]# yum -y install centos-release-openstack-train python-openstackclient openstack-selinux openstack-utils
- 设置时间同步
[root@ct ~]# yum install chrony -y
[root@ct ~]# vim /etc/chrony.conf
ct节点:
ct1-2节点
[root@ct ~]# systemctl enable chronyd.service
[root@ct ~]# systemctl restart chronyd.service #三个节点都开启时间同步
[root@ct ~]# crontab -e #配置计划任务,两分钟同步一次
控制节点配置MariaDB
- 安装、配置mariadb
[root@ct ~]# yum -y install mariadb mariadb-server python2-Pymysql
#python2-PyMySQL是OpenStack控制端连接MySQL的模块
[root@ct ~]# yum -y install libibverbs #添加MySQL子配置文件
[root@ct ~]# vim /etc/my.cnf.d/openstack.cnf #设置配置文件,添加以下内容
[mysqld]
bind-address = 192.168.140.10 #设置控制节点局域网地址
default-storage-engine = innodb #设置默认存储引擎
innodb_file_per_table = on #每张表独立表空间文件
max_connections = 4096 #最大连接数
collation-server = utf8_general_ci #最大字符集
character-set-server = utf8
[root@ct ~]# systemctl enable mariadb
Created symlink from /etc/systemd/system/mysql.service to /usr/lib/systemd/system/mariadb.service.
Created symlink from /etc/systemd/system/mysqld.service to /usr/lib/systemd/system/mariadb.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@ct ~]# systemctl start mariadb #开启mariadb
[root@ct ~]# cd /etc/my.cnf.d/
[root@ct my.cnf.d]# mysql_secure_installation #执行mariadb安全配置脚本
…………………………
Disallow root login remotely? [Y/n] N #交互过程只有这一步选择n允许root登录
…………………………
部署RabbitMQ
[root@ct my.cnf.d]# yum -y install rabbitmq-server
[root@ct my.cnf.d]# systemctl enable rabbitmq-server.service
Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.
[root@ct my.cnf.d]# systemctl start rabbitmq-server.service
[root@ct my.cnf.d]# rabbitmqctl add_user openstack RABBIT_PASS #创建消息队列用户openstack,给予密码为RABBIT_PASS
Creating user "openstack"
[root@ct my.cnf.d]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
##配置openstack用户的操作权限(正则,配置读写权限)
Setting permissions for user "openstack" in vhost "/"
[root@ct my.cnf.d]# netstat -antp | grep 5672 #查看rabbitmq默认端口
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 40164/beam.smp
tcp 0 0 127.0.0.1:33644 127.0.0.1:25672 TIME_WAIT -
tcp6 0 0 :::5672 :::* LISTEN 40164/beam.smp
[root@ct my.cnf.d]# netstat -antp | grep 25672 #查看rabbit测试工具CLI的端口
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 40164/beam.smp
[root@ct my.cnf.d]# rabbitmq-plugins list #查看rabbitmq插件列表
Configured: E = explicitly enabled; e = implicitly enabled
| Status: * = running on rabbit@localhost
|/
[ ] amqp_client 3.6.16
[ ] cowboy 1.0.4
[ ] cowlib 1.0.2
[ ] rabbitmq_amqp1_0 3.6.16
[ ] rabbitmq_auth_backend_ldap 3.6.16
[ ] rabbitmq_auth_mechanism_ssl 3.6.16
[ ] rabbitmq_consistent_hash_exchange 3.6.16
[ ] rabbitmq_event_exchange 3.6.16
[ ] rabbitmq_federation 3.6.16
[ ] rabbitmq_federation_management 3.6.16
[ ] rabbitmq_jms_topic_exchange 3.6.16
……………………………………
[root@ct my.cnf.d]# rabbitmq-plugins enable rabbitmq_management #开启rabbitmq的web管理界面的插件
The following plugins have been enabled:
amqp_client
cowlib
cowboy
rabbitmq_web_dispatch
rabbitmq_management_agent
rabbitmq_management
Applying plugin configuration to rabbit@localhost... started 6 plugins.
部署memcached
memcached用于存储session信息,服务身份验证机制(keystone)使用memcached来缓冲令牌在登陆openstack的dashboard时,会产生session信息,这些session信息会存放到memcached中
[root@ct my.cnf.d]# yum install -y memcached python-memcached
[root@ct my.cnf.d]# vi /etc/sysconfig/memcached #修改memcached配置文件PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1,::1,ct"
[root@ct my.cnf.d]# systemctl enable memcached
Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.
[root@ct my.cnf.d]# systemctl start memcached
[root@ct my.cnf.d]# netstat -antp | grep 11211
tcp 0 0 192.168.140.10:11211 0.0.0.0:* LISTEN 42358/memcached
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 42358/memcached
tcp6 0 0 ::1:11211 :::* LISTEN 42358/memcached
- 安装etcd(由go语言开发的开源,去中心化的数据库)
[root@ct my.cnf.d]# yum install -y etcd
[root@ct my.cnf.d]# vi /etc/etcd/etcd.conf #修改配置文件
[root@ct my.cnf.d]# systemctl enable etcd.service
[root@ct my.cnf.d]# systemctl start etcd.service
[root@ct my.cnf.d]# netstat -anutp |grep 2379
tcp 0 0 192.168.140.10:2379 0.0.0.0:* LISTEN 45160/etcd
tcp 0 0 192.168.140.10:2379 192.168.140.10:50826 ESTABLISHED 45160/etcd
tcp 0 0 192.168.140.10:50826 192.168.140.10:2379 ESTABLISHED 45160/etcd
[root@ct my.cnf.d]# netstat -anutp |grep 2380
tcp 0 0 192.168.140.10:2380 0.0.0.0:* LISTEN 45160/etcd
Keystone组件部署
部署openstack组件需要安装Apache运行认证服务keystone(需要安装),然后安装镜像服务glance,计算服务nova,网络服务neutron
- 创建数据库实例和数据库用户
[root@ct ~]# mysql -uroot -p
MariaDB [(none)]> create database keystone; #创建库
Query OK, 1 row affected (0.001 sec)
##给予权限
MariaDB [(none)]> grant all privileges on keystone.* to 'keystone'@'localhost' identified by 'KEYSTONE_DBPASS';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> grant all privileges on keystone.* to 'keystone'@'%' identified by 'KEYSTONE_DBPASS';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> flush privileges; #刷新权限表
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> exit
Bye
- 安装配置keystone、httpd、mod_wsgi(用来让apache能够代理python程序的组件)
[root@ct ~]# yum install -y openstack-keystone httpd mod_wsgi
[root@ct ~]# cp -a /etc/keystone/keystone.conf,.bak
[root@ct ~]# grep -Ev "^$|#" /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf
#过滤空格或#开头内容,并将内容覆盖到配置文件中
[root@ct ~]# cat /etc/keystone/keystone.conf
[DEFAULT]
[application_credential]
[assignment]
[auth]
[cache]
[catalog]
[cors]
[credential]
[database]
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[federation]
[fernet_receipts]
[fernet_tokens]
[healthcheck]
[identity]
[identity_mapping]
[jwt_tokens]
[ldap]
[memcache]
[oauth1]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[policy]
[profiler]
[receipt]
[resource]
[revoke]
[role]
[saml]
[security_compliance]
[shadow_users]
[token]
[tokenless_auth]
[totp]
[trust]
[unified_limit]
[wsgi]
##通过pymysql模块访问mysql,知道用户名密码,数据库和域名
[root@ct ~]# openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:KEYSTONE_DBPASS@ct/keystone
##知道token的提供者为keystone自身
[root@ct ~]# openstack-config --set /etc/keystone/keystone.conf token provider fernet
##初始化认证服务数据库
[root@ct ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
##初始fernet密钥存储库,生成两个密钥,生成的密钥放于/etc/keystone/目录下,用于加密数据
[root@ct ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@ct ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
- 配置bootstrap身份认证服务
[root@ct ~]# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \\
> --bootstrap-admin-url http://ct:5000/v3/ \\ #管理网
> --bootstrap-internal-url http://ct:5000/v3/ \\ #内部网络
> --bootstrap-public-url http://ct:5000/v3/ \\ #公共网络
> --bootstrap-region-id RegionOne
- 配置Apache服务
[root@ct ~]# echo "ServerNmae controller" >> /etc/httpd/conf/httpd.conf
[root@ct ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[root@ct ~]# systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@ct ~]# systemctl start httpd
[root@ct ~]# netstat -antp | grep httpd
tcp6 0 0 :::5000 :::* LISTEN 60926/httpd
tcp6 0 0 :::80 :::* LISTEN 60926/httpd
- 配置管理员账户的环境变量
[root@ct ~]# cat >> ~/.bashrc << EOF
> export OS_USERNAME=admin #设置管理员登录用户名
> export OS_PASSWORD=ADMIN_PASS #设置密码
> export OS_PROJECT_NAME=admin
> export OS_USER_DOMAIN_NAME=Default
> export OS_PROJECT_DOMAIN_NAME=Default
> export OS_AUTH_URL=http://ct:5000/v3
> export OS_IDENTITY_API_VERSION=3
> export OS_IMAGE_API_VERSION=2
> EOF
[root@ct ~]# source ~/.bashrc
[root@ct ~]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| d1553b14431c4f7d8397e6ffb15cee30 | admin |
+----------------------------------+-------+
- 创建OpenStack域、项目、用户和角色
##创建一个项目(project),在知道的domain中,project名称为service
[root@ct ~]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 0683dd857dec4bc68b2d4d84806b5e23 |
| is_domain | False |
| name | service |
| options | |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
##创建角色
[root@ct ~]# openstack role create user
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| domain_id | None |
| id | eb2fe06b20824e5d8b16a582f382f4c4 |
| name | user |
| options | |
+-------------+----------------------------------+
[root@ct ~]# openstack role list #查看创建的角色
+----------------------------------+--------+列表
| ID | Name |
+----------------------------------+--------+
| 622ba83b60dc40aa8c44e4858ee44a02 | admin |
| 73aa0b3a87f142a5803c133d12a8c4ee | member |
| ba33f04a1c964d849b8b827470ba0dc0 | reader |
| eb2fe06b20824e5d8b16a582f382f4c4 | user |
+----------------------------------+--------+
##
[root@ct ~]# openstack token issue #查看是否可以不知道密码就可以获取到token信息(验证认证服务)
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2021-08-23T07:13:14+0000 |
| id | gAAAAABhIzx6NUyyRnDfYio2YyKpzozx2Es1kVV26v0WOhi5YrxHq3Zwj1RKByVfR7K4rVRFmAGGcuD5ElKco0vYgqS47FCSSqGOJdyM4Cn0KVH3wZKXbvN6L-cozznyHqDV8ovz82TscssKowYzYIcwKg-SO4Tv1xxD8bi6PpQy4AXxhCgPm-Y |
| project_id | 933a6997e78d4927847c2f2a32c7a358 |
| user_id | d1553b14431c4f7d8397e6ffb15cee30 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Glance组件部署
- 创建数据库实例和数据库用户
[root@ct ~]# mysql -uroot -p
MariaDB [(none)]> create database glance;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> grant all privileges on glance.* to 'glance'@'localhost' identified by 'GLANCE_DBPASS';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> grant all privileges on glance.* to 'glance'@'%' identified by 'GLANCE_DBPASS';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> exit
Bye
- 创建用户,修改配置文件
[root@ct ~]# openstack user create --domain default --password GLANCE_PASS glance
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | db20009e0b1f441899ac9aeb26fce300 |
| name | glance |
| options | |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@ct ~]# openstack role add --project service --user glance admin
##将glance用户添加到service项目中,并针对这个项目拥有admin权限
[root@ct ~]# openstack service create --name glance --description "OpenStack Image" image
##创建service服务,名称为glance。类型为image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 3d9adf0d2c68457294effa2b293ad02e |
| name | glance |
| type | image |
+-------------+----------------------------------+
[root@ct ~]# openstack service list #查看service项目用户列表
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| 097835c29bca44d29534dd6beb75cc10 | keystone | identity |
| 3d9adf0d2c68457294effa2b293ad02e | glance | image |
+----------------------------------+----------+----------+
- 创建镜像服务API端点,OpenStack使用三种API端点
[root@ct ~]# openstack endpoint create --region RegionOne image public http://ct:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | c3f4bd393a004bdb9f32785449870674 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3d9adf0d2c68457294effa2b293ad02e |
| service_name | glance |
| service_type | image |
| url | http://ct:9292 |
+--------------+----------------------------------+
[root@ct ~]# openstack endpoint create --region RegionOne image internal http://ct:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | d70014945d4644b7991ce5d6e6e8e8c5 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3d9adf0d2c68457294effa2b293ad02e |
| service_name | glance |
| service_type | image |
| url | http://ct:9292 |
+--------------+----------------------------------+
[root@ct ~]# openstack endpoint create --region RegionOne image admin http://ct:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 9957f757cfae46f5a4004511933fe95c |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3d9adf0d2c68457294effa2b293ad02e |
| service_name | glance |
| service_type | image |
| url | http://ct:9292 |
+--------------+----------------------------------+
- 安装openstack-glance软件包,修改配置文件
[root@ct ~]# yum install -y openstack-glance
[root@ct ~]# cp -a /etc/glance/glance-api.conf,.bak
[root@ct glance]# grep -Ev '^$|#' /etc/glance/glance-api.conf.bak > /etc/glance/glance-api.conf
[root@ct glance]# cat /etc/glance/glance-api.conf
[DEFAULT]
[cinder]
[cors]
[database]
[file]
[glance.store.http.store]
[glance.store.rbd.store]
[glance.store.sheepdog.store]
[glance.store.swift.store]
[glance.store.vmware_datastore.store]
[glance_store]
[image_format]
[keystone_authtoken]
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
[profiler]
[store_type_location_strategy]
[task]
[taskflow_executor]
- 输入以下命令修改/etc/glance/glance-appi.conf配置文件
openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@传统公司部署OpenStack(t版)简易介绍——Keystone组件部署
传统公司部署OpenStack(t版)简易介绍——placement模块部署
传统公司部署OpenStack(t版)简易介绍——placement模块部署
传统公司部署OpenStack(t版)简易介绍——Glance组件部署