Openstack雲端計算平臺部署——環境篇

Openstack雲端計算平臺部署——環境篇

剛考完紅帽RHCA雲端計算課-EX210 (openstack V10),對openstack雲端計算平臺有了更深的認識,回來後又心血來潮從頭搞了一遍,把部署過程給大家整理出來,幫助openstack的初學者少踩坑,老鳥可以跳過了。

紅帽EX210的考試環境是i7cpu 32G記憶體 500G SATA (256G SSD更好),回來就沒有那麼高的配置了,看來過年該給自己升級下裝備了,其實自己搭個Openstack實驗環境滿足以下最小需求即可:

控制節點:1 處理器, 4 GB 記憶體, 及5 GB 儲存

計算節點:1 處理器, 2 GB 記憶體, 及10 GB 儲存

具體可以參考官方文件:https://docs.openstack.org/mitaka/zh_CN/install-guide-rdo/,當前官方最新版是Pike,推薦大家從Mitaka版開始,因為這個版本文件官方翻譯了中文,哈哈!

 

實驗環境如下:

物理機配置:i5 cpu 8G記憶體 256G SSD (勉強夠用,cpu和記憶體都要升級)

KVM虛擬機器配置:控制節點 1vcpu 4G記憶體 10G儲存 RHEL7.3最小化安裝

計算節點 1vcpu 2G記憶體 10G儲存 RHEL7.3最小化安裝

儲存節點可選

所有節點禁用Selinux和firewalld服務,selinux是個坑。需要具備一定的紅帽Linux作業系統能力,畢竟openstack是部署在Linux系統平臺上的,生產環境部署強烈推薦使用紅帽企業版Linux系統,ubuntu系統是個坑哦。

控制節點配置:

網路配置:

RHEL7引入了新的命名規則,網絡卡命名類似這樣:ifcfg-enp0s8,如果還是喜歡RHEL6的方式,可以在啟動虛擬機器時傳遞“net.ifnames=0”的核心引數從而修改RHEL7系統對網絡卡介面的命名方式,寫入/boot/grub2/grub.cfg檔案可以永久儲存。

 

[[email protected] network-scripts]# cat ifcfg-eth0

TYPE=Ethernet

BOOTPROTO=static

IPADDR=172.25.0.11

PREFIX=24

GATEWAY=172.25.0.250

DNS1=114.114.114.114

UUID=8f9d8331-384a-4d56-ab74-91ac001e1aa8

DEVICE=eth0

ONBOOT=yes

 

[[email protected] network-scripts]# cat ifcfg-eth1

TYPE=Ethernet

BOOTPROTO=none

DEVICE=eth1

ONBOOT=yes

 

所有節點主機名需要解析:

127.0.0.1   localhost

172.25.0.11    controller

172.25.0.12    compute1

 

啟用NTP服務:

# yum install chrony -y

 

# vim /etc/chrony.conf

server time1.aliyun.com iburst #阿里雲ntp伺服器time1-7.aliyun.com

allow 192.168.0.0/24

 

# systemctl enable chronyd

# systemctl restart chronyd

 

所有openstack節點的時間都必須一致,不然會導致無法啟動虛擬機器。

 

Openstack安裝源

# rpm -ivh rdo-release-mitaka-6.noarch.rpm

# yum upgrade # 系統更新,如果更新了核心需要重啟。

# yum install openstack-selinux # 系統啟動selinux的話需要安裝,自動管理 OpenStack 服務的安全策略 (也不是絕對可以解決,踩過坑)

# yum install python-openstackclient -y # openstack的客戶端

 

# yum install mariadb mariadb-server python2-PyMySQL -y

 

# vim /etc/my.cnf.d/openstack.cnf

[mysqld]

bind-address = 172.25.0.11 # 控制節點的管理網路IP地址

 

default-storage-engine = innodb

innodb_file_per_table # 獨享表空間

max_connections = 4096 # 最大連線數,預設1024

collation-server = utf8_general_ci

character-set-server = utf8

 

# systemctl enable mariadb.service

# systemctl start mariadb.service

# mysql_secure_installation

 

建立資料庫並授權:

 

MariaDB [(none)]> CREATE DATABASE keystone;

Query OK, 1 row affected (0.00 sec)

 

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@’localhost’ IDENTIFIED BY ‘keystone’;

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@’%’ IDENTIFIED BY ‘keystone’;

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [(none)]> CREATE DATABASE glance;

Query OK, 1 row affected (0.00 sec)

 

MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO ‘glance’@’localhost’ IDENTIFIED BY ‘glance’;

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO ‘glance’@’%’ IDENTIFIED BY ‘glance’;

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [(none)]> CREATE DATABASE nova_api;

Query OK, 1 row affected (0.00 sec)

 

MariaDB [(none)]> CREATE DATABASE nova;

Query OK, 1 row affected (0.00 sec)

 

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova’@’localhost’ IDENTIFIED BY ‘nova’;

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova’@’%’ IDENTIFIED BY ‘nova’;

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO ‘nova’@’localhost’ IDENTIFIED BY ‘nova’;

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO ‘nova’@’%’ IDENTIFIED BY ‘nova’;

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [(none)]> CREATE DATABASE neutron;

Query OK, 1 row affected (0.00 sec)

 

MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron’@’localhost’ IDENTIFIED BY ‘neutron’;

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron’@’%’ IDENTIFIED BY ‘neutron’;

 

訊息佇列RabbiMQ:

[[email protected] ~]# yum install rabbitmq-server -y

 

[[email protected] ~]# systemctl enable rabbitmq-server.service

[[email protected] ~]# systemctl start rabbitmq-server.service

 

[[email protected] ~]# netstat -antlp |grep :5672

tcp6       0      0 :::5672                 :::*                    LISTEN      873/beam    

 

新增openstack使用者,密碼openstack:

[[email protected] ~]# rabbitmqctl add_user openstack openstack

Creating user “openstack” …

 

給openstack使用者授權:

[[email protected] ~]# rabbitmqctl set_permissions openstack “.*” “.*” “.*”

Setting permissions for user “openstack” in vhost “/” …

 

列出可用外掛:

[[email protected] ~]# rabbitmq-plugins list

 Configured: E = explicitly enabled; e = implicitly enabled

 | Status:   * = running on [email protected]

 |/

[  ] amqp_client                       3.6.5

[  ] cowboy                            1.0.3

[  ] cowlib                            1.0.1

[  ] mochiweb                          2.13.1

[  ] rabbitmq_amqp1_0                  3.6.5

[  ] rabbitmq_auth_backend_ldap        3.6.5

[  ] rabbitmq_auth_mechanism_ssl       3.6.5

[  ] rabbitmq_consistent_hash_exchange 3.6.5

[  ] rabbitmq_event_exchange           3.6.5

[  ] rabbitmq_federation               3.6.5

[  ] rabbitmq_federation_management    3.6.5

[  ] rabbitmq_jms_topic_exchange       3.6.5

[  ] rabbitmq_management               3.6.5

[  ] rabbitmq_management_agent         3.6.5

[  ] rabbitmq_management_visualiser    3.6.5

[  ] rabbitmq_mqtt                     3.6.5

[  ] rabbitmq_recent_history_exchange  1.2.1

[  ] rabbitmq_sharding                 0.1.0

[  ] rabbitmq_shovel                   3.6.5

[  ] ra6bbitmq_shovel_management        3.6.5

[  ] rabbitmq_stomp                    3.6.5

[  ] rabbitmq_top                      3.6.5

[  ] rabbitmq_tracing                  3.6.5

[  ] rabbitmq_trust_store              3.6.5

[  ] rabbitmq_web_dispatch             3.6.5

[  ] rabbitmq_web_stomp                3.6.5

[  ] rabbitmq_web_stomp_examples       3.6.5

[  ] sockjs                            0.3.4

[  ] webmachine                        1.10.3

 

啟動外掛:

[[email protected] ~]# rabbitmq-plugins enable rabbitmq_management

The following plugins have been enabled:

  mochiweb

  webmachine

  rabbitmq_web_dispatch

  amqp_client

  rabbitmq_management_agent

  rabbitmq_management

 

Applying plugin configuration to [email protected]… started 6 plugins.

 

預設管理外掛監聽埠是15672:

 

 

配置memcached服務:

 

認證服務認證快取使用Memcached快取令牌。快取服務memecached執行在控制節點。在生產部署中,我們推薦聯合啟用防火牆、認證和加密保證它的安全。

 

# yum install -y memcached python-memcached

 

rhel7下memcached預設監聽127.0.0.1:11211,配置監聽本機所有介面:

 

# vim /etc/sysconfig/memcached

PORT=”11211″

USER=”memcached”

MAXCONN=”1024″

CACHESIZE=”64″

#OPTIONS=”-l 127.0.0.1,::1″

OPTIONS=””

 

# systemctl enable memcached.service

# systemctl start memcached.service