OpenStack 환경 구성
1. 가상 머신 리소스 정보
1.1 제어 노드 ct
| CPU | 듀얼 코어 듀얼 스레드 CPU 가상화 지원 | |
|---|---|---|
| 램 | 6G | |
| 하드 디스크 | 300G + 1024G (CEPH 블록 스토리지) | |
| 듀얼 네트워크 카드 | VM1- (근거리 통신망) 192.168.86.11 | NAT-192.168.238.11 |
| 운영 체제 | Centos 7.6 (1810)-최소 설치 |
1.2 컴퓨팅 노드 c1
| CPU | 듀얼 코어 듀얼 스레드 CPU 가상화 지원 | |
|---|---|---|
| 램 | 8G | |
| 하드 디스크 | 300G + 1024G (CEPH 블록 스토리지) | |
| 듀얼 네트워크 카드 | VM1- (근거리 통신망) 192.168.86.12 | NAT-192.168.238.12 |
| 운영 체제 | Centos 7.6 (1810)-최소 설치 |
1.3 계산 노드 c2
| CPU | 듀얼 코어 듀얼 스레드 CPU 가상화 지원 | |
|---|---|---|
| 램 | 8G | |
| 하드 디스크 | 300G + 1024G (CEPH 블록 스토리지) | |
| 듀얼 네트워크 카드 | VM1- (근거리 통신망) 192.168.86.13 | NAT-192.168.238.13 |
| 운영 체제 | Centos 7.6 (1810)-최소 설치 |
둘째, 배포 아이디어
1. 운영 체제 + OpenStack 운영 환경
구성 2. OpenStack 플랫폼의 기본 서비스 (rabbitmq, mariadb, memcache, Apache)
구성 3. OpenStack keystone 구성 요소 구성
4. OpenStack Glance 구성 요소 구성
5. 배치 서비스 구성
6 OpenStack Nova 구성 요소 구성
7. OpenStack Neutron 구성 요소 구성
8, OpenStack 대시 보드 구성 요소 구성
9, OpenStack Cinder 구성 요소 구성
10, 일반적인 클라우드 호스트 작업
세, 배포 환경
3.1 기본 환경 구성
구성 항목 (모든 노드)
1. 호스트 이름
hostnamectl set-hostname ct
su
2. 방화벽, 핵심 보호
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
vim /etc/sysconfig/selinux
SELINUX=disabled
3. 제어 노드 구성 (ct)
c1 및 c2의 구성 단계는 거의 동일하므로 직접 수정하십시오.
#局域网设置主机模式VMnet1
cp /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-ens36
vi /etc/sysconfig/network-scripts/ifcfg-ens36
#记得修改设备名称,UUID
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.86.11
NETMASK=255.255.255.0
#GATEWAY=192.168.86.2
#网络为NAT模式
vi /etc/sysconfig/network-scripts/ifcfg-ens33
BOOTPROTO=static
IPV4_ROUTE_METRIC=90 ###调由优先级,NAT网卡优先
ONBOOT=yes
IPADDR=192.168.238.11
NETMASK=255.255.255.0
GATEWAY=192.168.238.2
systemctl restart network #重启网卡
4. 호스트 구성
모든 노드가 동일합니다.
vi /etc/hosts
192.168.86.11 ct
192.168.86.12 c1
192.168.86.13 c2
#以上为局域网IP
5. 상호 작용 없음
3 개의 노드가 상호 작용하지 않음
비대칭 키
ssh-keygen -t rsa
ssh-copy-id ct
ssh-copy-id c1
ssh-copy-id c2
6. DNS 구성
(모든 노드)
vim /etc/resolv.conf
nameserver 114.114.114.114
7. 기본 환경 종속성 패키지 설치
yum -y install net-tools bash-completion vim gcc gcc-c++ make pcre pcre-devel expat-devel cmake bzip2 lrzsz
#EXPAT C语言发开库
yum -y install centos-release-openstack-train python-openstackclient openstack-selinux openstack-utils
#OpenStack 的 train 版本仓库源安装 包,同时安装 OpenStack 客户端和 openstack-selinux 安装包
8. 시간 동기화 + 정기 예약 작업
제어 노드를 통해
ct 구성 ct 시간 동기화 -> Alibaba Cloud 클록 서버
c1, c2 동기화-> ct 동기화
노드 CT
yum install chrony -y
vim /etc/chrony.conf
systemctl enable chronyd
systemctl restart chronyd
vi /etc/chrony.conf
server 0.centos.pool.ntp.org iburst #注释掉
server 1.centos.pool.ntp.org iburst #注释掉
server 2.centos.pool.ntp.org iburst #注释掉
server 3.centos.pool.ntp.org iburst #注释掉
server ntp6.aliyun.com iburst #配置阿里云时钟服务器源
allow 192.168.86.0/24 #允许192.168.86.0/24网段的主机来同步时钟服务
[root@ct ~]# chronyc sources #使用 chronyc sources 命令查询时间同步信息
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 203.107.6.88 2 6 17 3 -2553us[-4933us] +/- 20ms
c1, c2 노드
#控制节点c1、c2时间同步配置
[root@c1 ~]# vi /etc/chrony.conf
server 0.centos.pool.ntp.org iburst #注释掉
server 1.centos.pool.ntp.org iburst #注释掉
server 2.centos.pool.ntp.org iburst #注释掉
server 3.centos.pool.ntp.org iburst #注释掉
server ct iburst #配置阿里云时钟服务器源
[root@c1 ~]# systemctl enable chronyd.service #永久开启时间同步服务器
[root@c1 ~]# systemctl restart chronyd.service #重启时间同步服务器
[root@c2 ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? ct 0 7 0 - +0ns[ +0ns] +/- 0ns
#设置周期性任务
[root@c1 ~]# crontab -e #配置计划任务,每隔2分钟同步一次
*/2 * * * * /usr/bin/chronyc sources >> /var/log/chronyc.log
no crontab for root - using an empty one
crontab: installing new crontab
3.2 시스템 환경 구성
제어 노드 ct
3.2.1 MariaDB 설치 및 구성
yum -y install mariadb mariadb-server python2-PyMySQL
#此包用于openstack的控制端连接mysql所需要的模块,如果不安装,则无法连接数据库;此包只安装在控制端
yum -y install libibverbs
● 添加MySQL子配置文件,增加如下内容
vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.86.11
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
[mysqld]
bind-address = 192.168.86.11 #控制节点局域网地址
default-storage-engine = innodb #默认存储引擎
innodb_file_per_table = on #每张表独立表空间文件
max_connections = 4096 #最大连接数
collation-server = utf8_general_ci #默认字符集
character-set-server = utf8
3.2.2 부팅시 자동 시작 및 서비스 시작
systemctl enable mariadb
Created symlink from /etc/systemd/system/mysql.service to /usr/lib/systemd/system/mariadb.service.
Created symlink from /etc/systemd/system/mysqld.service to /usr/lib/systemd/system/mariadb.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
systemctl start mariadb
3.2.3 MariaDB 보안 구성 스크립트 실행
mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): #回车
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n #是否不允许root用户远程登陆
... skipping.
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y #是否删除test测试库
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
3.3 RabbitMQ 설치
가상 머신 생성에 대한 모든 지침은 제어 끝에서 rabbitmq로 전송되고 노드 노드는 rabbitmq를 모니터링합니다.
yum -y install rabbitmq-server
#配置服务,启动RabbitMQ服务,并设置其开机启动。
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
#创建消息队列用户,用于controler和 计算节点连接rabbitmq的认证(关联)
rabbitmqctl add_user openstack RABBIT_PASS
Creating user "openstack"
#配置openstack用户的操作权限(正则,配置读写权限)
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/"
#可查看25672和5672 两个端口(5672是Rabbitmq默认端口,25672是Rabbit的测试工具CLI的端口)
● 选择配置:
#查看rabbitmq插件列表
[root@ct ~]# rabbitmq-plugins list
Configured: E = explicitly enabled; e = implicitly enabled
| Status: * = running on rabbit@c2
|/
[ ] amqp_client 3.6.16
[ ] cowboy 1.0.4
[ ] cowlib 1.0.2
[ ] rabbitmq_amqp1_0 3.6.16
[ ] rabbitmq_auth_backend_ldap 3.6.16
[ ] rabbitmq_auth_mechanism_ssl 3.6.16
[ ] rabbitmq_consistent_hash_exchange 3.6.16
[ ] rabbitmq_event_exchange 3.6.16
[ ] rabbitmq_federation 3.6.16
[ ] rabbitmq_federation_management 3.6.16
[ ] rabbitmq_jms_topic_exchange 3.6.16
[ ] rabbitmq_management 3.6.16
[ ] rabbitmq_management_agent 3.6.16
[ ] rabbitmq_management_visualiser 3.6.16
[ ] rabbitmq_mqtt 3.6.16
[ ] rabbitmq_random_exchange 3.6.16
[ ] rabbitmq_recent_history_exchange 3.6.16
[ ] rabbitmq_sharding 3.6.16
[ ] rabbitmq_shovel 3.6.16
[ ] rabbitmq_shovel_management 3.6.16
[ ] rabbitmq_stomp 3.6.16
[ ] rabbitmq_top 3.6.16
[ ] rabbitmq_tracing 3.6.16
[ ] rabbitmq_trust_store 3.6.16
[ ] rabbitmq_web_dispatch 3.6.16
[ ] rabbitmq_web_mqtt 3.6.16
[ ] rabbitmq_web_mqtt_examples 3.6.16
[ ] rabbitmq_web_stomp 3.6.16
[ ] rabbitmq_web_stomp_examples 3.6.16
[ ] sockjs 0.3.4
#开启rabbitmq的web管理界面的插件,端口为15672
rabbitmq-plugins enable rabbitmq_management
The following plugins have been enabled:
amqp_client
cowlib
cowboy
rabbitmq_web_dispatch
rabbitmq_management_agent
rabbitmq_management
Applying plugin configuration to rabbit@c2... started 6 plugins.
#检查端口(25672 5672 15672)
ss -natp | grep 5672
LISTEN 0 128 *:25672 *:* users:(("beam.smp",pid=34623,fd=46))
LISTEN 0 128 *:15672 *:* users:(("beam.smp",pid=34623,fd=57))
TIME-WAIT 0 0 192.168.86.13:42078 192.168.86.13:25672
LISTEN 0 128 :::5672 :::* users:(("beam.smp",pid=34623,fd=55))
可访问192.168.238.11:15672
默认账号密码均为guest
3.4 memcached 설치
● 기능 :
memcached 설치는 세션 정보를 저장하는 데 사용됩니다. 서비스 인증 메커니즘 (keystone)은 openstack의 대시 보드에 로그인 할 때 토큰을 캐시하기 위해 Memcached를 사용합니다. 일부 세션 정보가 생성되어 memcached
JWT에 저장됩니다
. ● 작업 :
3.4.1 Memcached 설치
yum install -y memcached python-memcached
#python-*模块在OpenStack中起到连接数据库的作用
3.4.2 Memcached 구성 파일 수정
cat /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1,::1"
systemctl enable memcached
systemctl start memcached
netstat -nautp | grep 11211
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 35746/memcached
tcp6 0 0 ::1:11211 :::* LISTEN 35746/memcached
3.4.3 etcd 설치
yum -y install etcd
3.4.4 etcd 구성 파일 수정
[root@ct ~]# cd /etc/etcd/
[root@ct etcd]# ls
etcd.conf
[root@ct etcd]# vim etcd.conf #数据目录位置
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://192.168.86.11:2380" #监听其他etcd member的url(2380端口,集群之间通讯,域名为无效值)
ETCD_LISTEN_CLIENT_URLS="http://192.168.86.11:2379" #对外提供服务的地址(2379端口,集群内部的通讯端口)
ETCD_NAME="ct" #集群中节点标识(名称)
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.86.11:2380" #该节点成员的URL地址,2380端口:用于集群之间通讯。
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.86.11:2379"
ETCD_INITIAL_CLUSTER="ct=http://192.168.86.11:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01" #集群唯一标识
ETCD_INITIAL_CLUSTER_STATE="new" #初始集群状态,new为静态,若为existing,则表示此ETCD服务将尝试加入已有的集群
若为DNS,则表示此集群将作为被加入的对象
#开机自启动、开启服务,检测端口
systemctl enable etcd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.
systemctl start etcd.service
netstat -anutp |grep 2379
tcp 0 0 192.168.86.13:2379 0.0.0.0:* LISTEN 36063/etcd
tcp 0 0 192.168.86.13:2379 192.168.86.13:52808 ESTABLISHED 36063/etcd
tcp 0 0 192.168.86.13:52808 192.168.86.13:2379 ESTABLISHED 36063/etcd
netstat -anutp |grep 2380
tcp 0 0 192.168.86.13:2380 0.0.0.0:* LISTEN 36063/etcd
#C1、C2安装OpenStack组件
yum -y install centos-release-openstack-train python-openstackclient openstack-selinux openstack-utils