基础环境配置:
OS: CentOS 7.4
controller: 2c 4G 60G 两块网卡(host+nat)
compute: 2c 2G 40G 两块网卡(host+nat)
IP地址规划:
host网卡:管理网络+API网络(节点上不同服务之间通信)
nat网卡:VM网络+外部网络
VM网络:虚拟机通信网络(内部网络)
外部网络:虚拟机访问公网服务
++ 业务网络:业务之间网络通信
Openstack其他网络:
存储网络
PXE网络
…
目的:网络流量分流,减少网络带宽瓶颈
1. IP配置:
controler:
| 仅host | 192.168.56.10 |
|---|---|
| nat | 192.168.74.155 |
compute:
| 仅host | 192.168.56.10 |
|---|---|
| nat | 192.168.74.155 |
2. 修改主机名和添加主机名解析(并测试)
控制节点:hostnamectl set-hostname controllercat >> /etc/hosts << EOF192.168.100.10 controller192.168.100.20 computeEOF
计算节点:hostnamectl set-hostname computecat >> /etc/hosts << EOF192.168.56.10 controller192.168.56.20 computeEOF
测试:
ping controller
ping compute
3. 关闭防火墙和selinux
systemctl stop firewalld && systemctl disable firewalldsetenforce 0 && sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
4. 配置yum源
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backupcurl -o /etc/yum.repos.d/CentOS-Base.repohttps://mirrors.aliyun.com/repo/Centos-7.repo.
yum makecache
NTP服务配置:
- 安装chrony
yum install chrony
(控制节点)修改配置文件
- 同步NTP服务器时间
- 允许其他节点同步控制节点时间,注意注释掉server内容
cat >> /etc/chrony.conf << EOFserver time1.aliyun.com iburstserver 210.72.145.44 iburstserver s1a.time.edu.cn iburstallow 192.168.56.0/24EOF
-自启服务:
systemctl enable chronyd && systemctl restart chronyd
- 同步NTP服务器时间
(计算节点)修改配置文件
- 同步控制节点
cat >> /etc/chrony.conf << EOFserver controller iburstEOF
-自启服务:
systemctl enable chronyd && systemctl restart chronyd
- 同步控制节点
所有节点启动chronyd服务,并做测试
- 查看是否同步<br />chronyc sources<br /> - 时区修改命令:<br />timedatectl set-timezone 'Asia/Shanghai'<br />ps:controller节点远程同步某台公网上的NTP服务器;<br />compute节点同步controller节点
安装Openstack(Q版本):所有节点
yum install centos-release-openstack-queensyum install python-openstackclient安装数据库:(控制节点)
- 安装相关包:
yum install -y mariadb mariadb-server python2-PyMySQL
2. 创建编辑/etc/my.cnf.d/openstack.cnf文件
[root@controller yum.repos.d]# cat /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.56.10 // 绑定IP地址选择管理网络IP地址
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
3. 启动数据库
systemctl enable mariadb && systemctl start mariadb
4. 执行mysql_secure_installation创建root账户密码
root:123456
5. 测试验证
mysql -uroot -h-p000000
安装消息队列:(控制节点)
- 安装包:
yum install rabbitmq-server
2. 启动服务
systemctl enable rabbitmq-server.service && systemctl start rabbitmq-server.service
3. 添加openstack用户(密码为openstack)
rabbitmqctl add_user openstack openstack
4. 对openstack进行授权(rwx)
rabbitmqctl set_permissions openstack “.“ “.“ “.*”
5. 检查项:检查默认监听的5672端口
ss -tanl | grep 5672
ps:rabbitmq消息队列有web控制台
- 安装包:
安装缓存服务:控制节点
去缓存我们的一些token,服务之间通过API调用,他们会携带账户和密码回生成一个token
1.安装包:
yum install -y memcached python-memcached
2.编辑/etc/sysconfig/memcached配置文件,启用其他节点的访问。
cat >>/etc/sysconfig/memcached << EOFOPTIONS="-l 127.0.0.1,::1,controller"EOF
3.启动缓存服务
systemctl enable memcached.service && systemctl start memcached.service
4. 检查项:检查默认监听的11211端口
安装ETCD服务:控制节点
key-value分布式存储,非关系型数据库,存储配置和服务探针。能够动态的更新配置文件,而不需要重启服务。
1. 安装包:etcd
yum install -y etcd
2. 编辑/etc/etcd/etcd.conf配置文件,启用其他节点的访问
[root@controller yum.repos.d]# cat /etc/etcd/etcd.conf | grep -Ev “^$|^#”
ETCD_DATA_DIR=”/var/lib/etcd/default.etcd”
ETCD_LISTEN_PEER_URLS=”http://192.168.56.10:2380“
ETCD_LISTEN_CLIENT_URLS=”http://192.168.56.10:2379“
ETCD_NAME=”controller”
ETCD_INITIAL_ADVERTISE_PEER_URLS=”http://192.168.56.10:2380“
ETCD_ADVERTISE_CLIENT_URLS=”http://192.168.56.10:2379“
ETCD_INITIAL_CLUSTER=”controller=http://192.168.56.10:2380“
ETCD_INITIAL_CLUSTER_TOKEN=”etcd-cluster”
ETCD_INITIAL_CLUSTER_STATE=”new”
3. 启动etcd服务
systemctl enable etcd && systemctl start etcd
4. 检查项:默认的2379和2380端口
ss -tanl | grep 23
———————————————————————— Keystone认证服务部署 ————————————————————————
安装Keystone认证服务:控制节点
初始化时:
默认域:default 创建组:demo
默认组:admin 创建用户:demo
默认用户:admin 用户角色:usr
默认角色:admin
1.创建keystone数据库,创建keystone用户并授权<br /> mysql -uroot -p123456<br /> create database keystone<br /> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123456';<br /> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123456';<br /> 2.安装包:openstack-keystone httpd mod_wsgi<br /> yum install openstack-keystone httpd mod_wsgi<br /> 3.编辑/etc/keystone/keystone.conf配置文件<br /> [database]<br /> connection = mysql+pymysql://keystone:123456@controller/keystone<br /> [token]<br /> provider = fernet<br /> 4.同步数据库<br /> su -s /bin/sh -c "keystone-manage db_sync" keystone<br /> 5.初始化Fernet密钥存储库<br /> keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone<br /> keystone-manage credential_setup --keystone-user keystone --keystone-group keystone<br /> 6.引导身份服务(设置admin的密码)<br /> keystone-manage bootstrap --bootstrap-password 123456 \<br /> --bootstrap-admin-url http://controller:5000/v3/ \<br /> --bootstrap-internal-url http://controller:5000/v3/ \<br /> --bootstrap-public-url http://controller:5000/v3/ \<br /> --bootstrap-region-id RegionOne<br /> <br /> 7.配置HTTP服务,启动服务<br />vi /etc/httpd/conf/httpd.conf<br /> ServerName controller<br /> ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/<br /> systemctl enable httpd.service && systemctl start httpd.service<br /> 8.配置管理账户admin<br /> export OS_USERNAME=admin<br /> export OS_PASSWORD=123456<br /> export OS_PROJECT_NAME=admin<br /> export OS_USER_DOMAIN_NAME=Default<br /> export OS_PROJECT_DOMAIN_NAME=Default<br /> export OS_AUTH_URL=http://controller:5000/v3<br /> export OS_IDENTITY_API_VERSION=3<br /> (可选)创建example域<br /> openstack domain create --description "An Example Domain" example9.创建service project(将服务放进去)<br /> openstack project create --domain default --description "Service Project" service<br /> <br /> 10.创建demo project<br /> openstack project create --domain default --description "Demo Project" demo<br /> 11.创建demo user(属于default域,demo组)<br /> openstack user create --domain default --password-prompt demo (输入密码)<br /> 12.创建 user role<br /> openstack role create user<br /> 13.赋予demo用户user角色<br /> openstack role add --project demo --user demo user<br /> <br /> 14.创建admin用户的客户端环境脚本<br /> [root@controller ~]# cat admin-openrc <br /> export OS_PROJECT_DOMAIN_NAME=Default<br /> export OS_USER_DOMAIN_NAME=Default<br /> export OS_PROJECT_NAME=admin<br /> export OS_USERNAME=admin<br /> export OS_PASSWORD=123456<br /> export OS_AUTH_URL=http://controller:5000/v3<br /> export OS_IDENTITY_API_VERSION=3<br /> export OS_IMAGE_API_VERSION=2<br /> <br /> 15.创建demo用户的客户端环境脚本<br /> [root@controller ~]# cat demo-openrc <br /> export OS_PROJECT_DOMAIN_NAME=Default<br /> export OS_USER_DOMAIN_NAME=Default<br /> export OS_PROJECT_NAME=demo<br /> export OS_USERNAME=demo<br /> export OS_PASSWORD=123456<br /> export OS_AUTH_URL=http://controller:5000/v3<br /> export OS_IDENTITY_API_VERSION=3<br /> export OS_IMAGE_API_VERSION=2<br /> <br /> 16.测试验证<br /> [root@controller ~]# source admin-openrc && openstack token issue<br /> [root@controller ~]# source demo-openrc && openstack token issue<br /> <br />------------------------------------------------ Glance服务部署 --------------------------------------------------------<br />安装glance镜像服务:<br /> 1. 创建glance数据库,创建glance用户,并授权<br /> mysql -u root -p123456<br /> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123456';<br /> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123456';<br /> <br /> 2. 创建glance用户并赋予admin角色(切换到domain)<br /> openstack user create --domain default --password-prompt glance<br /> openstack role add --project service --user glance admin<br /> <br /> 3. 创建glance服务,并创建endpoint(public,internal,admin)<br /> openstack service create --name glance --description "OpenStack Image" image<br /> openstack endpoint create --region RegionOne image public http://controller:9292<br /> openstack endpoint create --region RegionOne image internal http://controller:9292<br /> openstack endpoint create --region RegionOne image internal http://controller:9292<br /> 4. 安装包:<br />yum install -y openstack-glance<br /> 5. 编辑/etc/glance/glance-api.conf文件<br /> [database]<br /> connection = mysql+pymysql://glance:123456@controller/glance<br /> [keystone_authtoken]<br /> auth_uri = http://controller:5000<br /> auth_url = http://controller:5000<br /> memcached_servers = controller:11211<br /> auth_type = password<br /> project_domain_name = Default<br /> user_domain_name = Default<br /> project_name = service<br /> username = glance<br /> password =123456<br /> [paste_deploy]<br /> flavor = keystone<br /> [glance_store]<br /> stores = file,http<br /> default_store = file<br /> filesystem_store_datadir = /var/lib/glance/images/<br /> 6. 编辑/etc/glance/glance-registry.conf文件<br /> [database]<br /> connection = mysql+pymysql://glance:123456@controller/glance<br /> [keystone_authtoken]<br /> auth_uri = http://controller:5000<br /> auth_url = http://controller:5000<br /> memcached_servers = controller:11211<br /> auth_type = password<br /> project_domain_name = Default<br /> user_domain_name = Default<br /> project_name = service<br /> username = glance<br /> password = 123456<br /> [paste_deploy]<br /> flavor = keystone<br /> 7. 同步数据库<br /> su -s /bin/sh -c "glance-manage db_sync" glance<br /> 8. 启动glance-api和glance-registry服务<br /> systemctl enable openstack-glance-api.service \<br /> openstack-glance-registry.service<br /> systemctl start openstack-glance-api.service \<br /> openstack-glance-registry.service<br /> <br /> 9. 下载一个基础镜像cirror<br /> 10. 上传镜像<br /> openstack image create "cirros" \<br /> --file cirros-0.3.5-x86_64-disk.img \<br /> --disk-format qcow2 --container-format bare \<br /> --public<br /> 11. 查看镜像<br /> openstack image list
若有收获,就点个赞吧
0 人点赞
