云网牛站
所在位置:首页 > Linux云服务器 > 在CentOS 7系统上安装Openstack三节点集群的方法

在CentOS 7系统上安装Openstack三节点集群的方法

2019-02-19 16:18:43作者:戴进稿源:云网牛站

我们将尝试构建一个三节点的openstack集群,因为我们会对这些工具进行实验,并检查它所拥有的强大功能,独创性和创新性。所用的操作系统是CentOS 7,服务器控制器节点:MariaDB,RabbitMQ,Memcached,httpd,Keystone,Glance,Nova API,Horizo​​n。

 

具有以下网络功能的Centos 7

[root@controller ~]# ip  link show

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000

link/ether 52:54:00:15:00:d5 brd ff:ff:ff:ff:ff:ff

 

安装ntp

安装和配置用于时间同步的网络时间协议(ntp)和用于编辑文件的vim:

[root@controller ~]#  yum -y install ntp

Loaded plugins: fastestmirror

Determining fastest mirrors

epel/x86_64/metalink     |  59 kB  00:00:00

* base: repos-jnb.psychz.net

* epel: fedora.cu.be

* extras: repos-jnb.psychz.net

你可以安装vim或任何其他文本编辑器:

[root@controller ~]# yum install vim

参考:在Linux系统下安装配置Chrony,使其成为NTP客户端替代品

 

配置ntp

[root@controller ~]# vim /etc/ntp.conf

# Use public servers from the pool.ntp.org project.

# Please consider joining the pool (http://www.pool.ntp.org/join.html).

#server 0.centos.pool.ntp.org iburst

#server 1.centos.pool.ntp.org iburst

#server 2.centos.pool.ntp.org iburst

#server 3.centos.pool.ntp.org iburst

server 0.africa.pool.ntp.org

server 1.africa.pool.ntp.org

server 2.africa.pool.ntp.org

server 3.africa.pool.ntp.org

[root@controller ~]# systemctl start ntpd

[root@controller ~]# systemctl enable ntpd

Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.

Ntp是一种协议,要求我们通过防火墙允许其服务,我们可以使用firewalld来允许它如下:

[root@controller ~]# firewall-cmd --add-service=ntp --permanent

success

[root@controller ~]# firewall-cmd --reload

success

现在让我们继续并将OpenStack Queens存储库添加到我们的控制器节点,以便能够检索其包:

[root@controller ~]# yum -y install centos-release-openstack-queens</pre.

Edit the repo file and ensure all are enabled with "enabled = 1" values as shown with the following examples.

[root@controller ~]# vim /etc/yum.repos.d/CentOS-OpenStack-queens.repo

[centos-openstack-queens]

name=CentOS-7 - OpenStack queens

baseurl=http://mirror.centos.org/centos/7/cloud/$basearch/openstack-queens/

gpgcheck=1

enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud exclude=sip,PyQt4 [centos-openstack-queens-test] name=CentOS-7 - OpenStack queens Testing baseurl=https://buildlogs.centos.org/centos/7/cloud/$basearch/openstack-queens/ gpgcheck=0 enabled=1 exclude=sip,PyQt

 

安装及设置MariaDB

下一步是安装MariaDB并对其进行基本设置,让我们开始吧:

[root@controller ~]#  yum --enablerepo=centos-openstack-queens install mariadb-server -y

[root@controller ~]# vim /etc/my.cnf

[mysqld]

# Disabling symbolic-links is recommended to prevent assorted security risks

symbolic-links=0

### Within this [mysqld] section add the line below ###

character-set-server=utf8

[root@controller ~]# systemctl start mariadb

[root@controller ~]# systemctl enable mariadb

Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.

[root@controller ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB

SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current

password for the root user.  If you've just installed MariaDB, and

you haven't set the root password yet, the password will be blank,

so you should just press enter here.

Enter current password for root (enter for none): 

OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB

root user without the proper authorisation.

Set root password? [Y/n] y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB!

最后,在防火墙上允许mysql并重新加载它以应用更改,别忘了重装:

[root@controller ~]# firewall-cmd --add-service=mysql --permanent 

success

[root@controller ~]# firewall-cmd --reload 

success

 

安装RabbitMQ和Memcahed

数据库启动并运行后,让我们继续安装软件包,让我们安装RabbitMQ和Memcahed并将openstack用户添加到rabbitmq:

[root@controller ~]#  yum --enablerepo=epel -y install rabbitmq-server memcached

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

* base: repos-jnb.psychz.net

* epel: fedora.cu.be

* extras: repos-jnb.psychz.net

* updates: repos-jnb.psychz.net

Resolving Dependencies

--> Running transaction check

---> Package memcached.x86_64 0:1.5.6-1.el7 will be installed

--> Processing Dependency: libevent-2.0.so.5()(64bit) for package: memcached-1.5.6-1.el7.x86_64

---> Package rabbitmq-server.noarch 0:3.6.5-1.el7 will be installed

启动并启用rabbitmq和memcached:

[root@controller ~]#  systemctl start rabbitmq-server memcached

[root@controller ~]#  systemctl enable rabbitmq-server memcached

Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.

Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.

我们相信RabbitMQ和MySQL已成功安装,如果是这样,让我们​​继续安装称为Keystone的身份服务,Keystone将需要使用数据库来保存其记录,因此,在安装身份服务之前,我们将在下一步中添加用户和数据库,Keystone是一种OpenStack服务,通过实现OpenStack的Identity API提供API客户端身份验证,服务发现和分布式多租户授权,它需要一个数据库,因此我们在安装它之前为它创建一个:

[root@controller ~]# mysql -u root -p

## Enter the root password you set earlier

Enter password: 

Welcome to the MariaDB monitor.  Commands end with ; or g.

Your MariaDB connection id is 2

Server version: 10.1.20-MariaDB MariaDB Server

No entry for terminal type "xterm-termite";

using dumb terminal settings.

Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

## Create database for keystone

MariaDB [(none)]> create database keystone;

Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on keystone.* to keystone@'localhost' identified by 'password';

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on keystone.* to keystone@'%' identified by 'password';

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit;

Bye

 

安装Keystone

现在让我们安装Keystone:

[root@controller ~]# yum --enablerepo=centos-openstack-queens,epel -y install openstack-keystone openstack-utils python-openstackclient httpd mod_wsgi

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

epel/x86_64/metalink                         |  51 kB  00:00:01

* base: repos-jnb.psychz.net

* epel: mirror.de.leaseweb.net

* extras: repos-jnb.psychz.net

* updates: repos-jnb.psychz.net

base                        | 3.6 kB  00:00:00

centos-ceph-luminous                          | 2.9 kB  00:00:00

centos-openstack-queens                                 | 2.9 kB  00:00:00

centos-openstack-queens-debuginfo                      | 2.9 kB  00:00:00

centos-openstack-queens-source                       | 2.9 kB  00:00:00

centos-openstack-queens-test                         | 2.9 kB  00:00:00

centos-qemu-ev                                | 2.9 kB  00:00:00

epel                                         | 3.2 kB  00:00:00

extras                           | 3.4 kB  00:00:00

rdo-trunk-queens-tested               | 3.0 kB  00:00:00

updates                              | 3.4 kB  00:00:00 (1/5): centos-openstack-queens-source/primary_db

Keystone配置,打开keystone配置文件并进行以下更改:

[root@controller ~]# vim /etc/keystone/keystone.conf

Under credential, edit as below with the IP address of your server

[credential]

# oslo_cache.memcache_pool backends only). (list value)

605 memcache_servers = 192.168.122.130:11211

#Under database look and edit the connection details as below with your machine details

[database]

737 connection = mysql+pymysql://keystone:password@192.168.122.130/keystone

# Under token add the provider line as shown below and you are good to go

2878 [token]

provider = fernet

之后,输出以下命令来同步数据库,初始化密钥和定义主机:

[root@controller ~]#  su -s /bin/bash keystone -c "keystone-manage db_sync"

[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone 

[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

export controller=192.168.122.130

按如下方式引导keystone服务,并在防火墙中添加端口5000:

[root@controller ~]# keystone-manage bootstrap --bootstrap-password password --bootstrap-admin-url http://$controller:5000/v3/ --bootstrap-internal-url http://$controller:5000/v3/ --bootstrap-public-url http://$controller:5000/v3/ --bootstrap-region-id RegionOne

[root@controller ~]# firewall-cmd --add-port=5000/tcp --permanent

success

[root@controller ~]# firewall-cmd --reload

success

在httpd配置中为keystone配置创建软链接并启动httpd服务:

[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

[root@controller ~]# systemctl start httpd

如果httpd没有启动并且您收到类似于下面的错误,请检查你的selinux状态:

[root@controller ~]# systemctl status httpd -l

[root@controller ~]# sestatus

SELinux status:                 enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 31

如果启用,有两个选择,要么禁用它,要么配置它,我个人永久禁用它,如下所示:

[root@controller ~(keystone)]# vi /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

#     enforcing - SELinux security policy is enforced.

#     permissive - SELinux prints warnings instead of enforcing.

#     disabled - No SELinux policy is loaded.

SELINUX=disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted

启动httpd并检查其状态:

[root@controller ~]# systemctl status httpd

[root@controller ~]# systemctl enable httpd

[root@controller ~]# systemctl status httpd

 

添加Keystone项目

下一步是添加Keystone项目,项目是云中可以为用户分配的组织单位,项目也称为项目或帐户,用户可以是一个或多个项目的成员,角色定义用户可以执行的操作。您将角色分配给用户 - 项目对。

要创建项目,我们必须首先创建环境变量,如下所示:

[root@controller ~]# vi ~/keystonerc

export OS_PROJECT_DOMAIN_NAME=default

export OS_USER_DOMAIN_NAME=default

export OS_PROJECT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=password ##Set the password that you used when creating the keystone bootstrap.

export OS_AUTH_URL=http://192.168.122.130:5000/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

export PS1='[u@h W(keystone)]$ '

之后,通过限制读写访问来提高文件的安全性,然后获取文件:

[root@controller ~]# chmod 600 ~/keystonerc

[root@controller ~]# source ~/keystonerc   

[root@controller ~(keystone)]# ##Your terminal should change as this.

[root@controller ~(keystone)]#  echo "source ~/keystonerc " >> ~/.bash_profile

创建第一个项目,你可以用喜欢的任何名称来描述它:

[root@controller ~]# openstack project create --domain default --description "First Project" service

在CentOS 7系统上安装Openstack三节点集群的方法

[root@controller ~(keystone)]# openstack user list

在CentOS 7系统上安装Openstack三节点集群的方法

 

为keystone添加glance用户

[root@controller ~(keystone)]# openstack user create --domain default --project service --password password glance

在CentOS 7系统上安装Openstack三节点集群的方法

[root@controller ~(keystone)]# openstack user list

在CentOS 7系统上安装Openstack三节点集群的方法

[root@controller ~(keystone)]# openstack role add --project service --user glance admin

[root@controller ~(keystone)]# openstack service create --name glance --description "Glance Serves Images" image

在CentOS 7系统上安装Openstack三节点集群的方法

[root@controller ~(keystone)]# export controller=192.168.122.130

 

添加端点

我们将继续添加端点,Keystone中的端点只是一个可用于访问OpenStack中的服务的URL,端点就像给定用户使用OpenStack服务的联系点,管理员URL用于管理员用户,内部URL是其他服务用于相互通信的内容,公共URL是访问服务端点的其他人使用的URL:

[root@controller ~(keystone)]# openstack endpoint create --region RegionOne image public http://$controller:9292

在CentOS 7系统上安装Openstack三节点集群的方法

[root@controller ~(keystone)]# openstack endpoint create --region RegionOne image internal http://$controller:9292

在CentOS 7系统上安装Openstack三节点集群的方法

# openstack endpoint create --region RegionOne image admin http://$controller:9292 

在CentOS 7系统上安装Openstack三节点集群的方法

在完成添加浏览用户,分配角色和创建端点之后,glance需要数据库才能运行,因此在安装和配置之前,让我们继续为其创建数据库:

[root@controller ~(keystone)]# mysql -u root -p 

Enter password: 

Welcome to the MariaDB monitor.  Commands end with ; or g.

Your MariaDB connection id is 7

Server version: 10.1.20-MariaDB MariaDB Server

No entry for terminal type "xterm-termite";

using dumb terminal settings.

Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

MariaDB [(none)]> create database glance;

Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on glance.* to glance@'localhost' identified by 'password';

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on glance.* to glance@'%' identified by 'password';

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit;

Bye

 

安装配置glance

1、安装glance

[root@controller ~(keystone)]#  yum --enablerepo=centos-openstack-queens,epel install openstack-glance -y

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

* base: repos-jnb.psychz.net

* epel: mirror.de.leaseweb.net

* extras: repos-jnb.psychz.net

* updates: repos-jnb.psychz.net

Resolving Dependencies

--> Running transaction check

---> Package openstack-glance.noarch 1:16.0.2-0.20180706180854.f676961.el7 will be installed

--> Processing Dependency: python-glance = 1:16.0.2-0.20180706180854.f676961.el7 for package: 1:openstack-glance-16.0.2-0.20180706180854.f676961.el7.noarch

2、配置glance

首先,创建一个默认文件的备份,并创建具有简洁参数的新文件以匹配你的环境:

sudo mv /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bak

vim /etc/glance/glance-api.conf

增加以下内容:

###New##

[DEFAULT]

bind_host = 0.0.0.0

[glance_store]

stores = file,http

default_store = file

filesystem_store_datadir = /var/lib/glance/images/

[database]

# MariaDB connection informotation. Do not forget the password for glance database

connection = mysql+pymysql://glance:password@192.168.122.130/glance

# keystone authentication details

[keystone_authtoken]

www_authenticate_uri = http://192.168.122.130:5000

auth_url = http://192.168.122.130:5000

memcached_servers = 192.168.122.130:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = glance

password = password ##the password for service

[paste_deploy]

flavor = keystone

还设置Glance注册表:

mv /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.bak

vim /etc/glance/glance-registry.conf

添加内容:

###New##

[DEFAULT]

bind_host = 0.0.0.0

[database]

# MariaDB connection information. Do not forget glance database password here.

connection = mysql+pymysql://glance:password@10.0.0.30/glance

# Keystone authentication details

[keystone_authtoken]

www_authenticate_uri = http://192.168.122.130:5000

auth_url = http://192.168.122.130:5000

memcached_servers = 192.168.122.130:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = glance

password = password ##service password here

[paste_deploy]

flavor = keystone

更改配置文件的文件权限和文件所有权,如下所示:

chmod 640 /etc/glance/glance-api.conf /etc/glance/glance-registry.conf

chown root:glance /etc/glance/glance-api.conf /etc/glance/glance-registry.conf

进行数据库同步,如果你在此处有错误,请确认你的密码是否正确,并且文件的间距也设置得很好,应该最终看到“数据库已成功同步”:

[root@controller ~(keystone)]# su -s /bin/bash glance -c "glance-manage db_sync"

/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1336: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade

expire_on_commit=expire_on_commit, _conf=conf)

INFO  [alembic.runtime.migration] Context impl MySQLImpl.

INFO  [alembic.runtime.migration] Will assume non-transactional DDL.

INFO  [alembic.runtime.migration] Running upgrade  -> liberty, liberty initial

INFO  [alembic.runtime.migration] Running upgrade liberty -> mitaka01, add index on created_at and updated_at columns of 'images' table

INFO  [alembic.runtime.migration] Running upgrade mitaka01 -> mitaka02, update metadef os_nova_server

INFO  [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_expand01, add visibility to images

INFO  [alembic.runtime.migration] Running upgrade ocata_expand01 -> pike_expand01, empty expand for symmetry with pike_contract01

启动并启用openstack-glance-api和openstack-glance-registry,如下所示,可以选择glance服务,不要忘记启用防火墙中的端口:

sudo systemctl start openstack-glance-api openstack-glance-registry

sudo systemctl enable openstack-glance-api openstack-glance-registry 

sudo firewall-cmd --add-port={9191/tcp,9292/tcp} --permanent

sudo firewall-cmd --reload

 

相关主题

第22章 使用openstack部署云计算服务环境(1)

精选文章
热门文章