iaas的平台搭建

1.1安装CentOS7说明

【空白分区划分】
CentOS7的安装与CentOS6.5的安装有明显的区别。在CentOS7安装过程中，设置分区都需要一个挂载点，这样一来就无法创建两个空白的磁盘分区作为cinder服务和swift服务的存储磁盘了。
所以我们应该在系统安装过程中留下足够的磁盘大小，系统安装完成后，使用命令parted划分新分区，然后使用mkfs.xfs进行文件系统格式化，完成空白分区的划分。具体命令如下：
[root@compute ~]# parted /dev/md126
(parted) mkpart swift 702G 803G //创建swift分区，从702G到803G
[root@compute ~]# mkfs.xfs /dev/md126p5
1.2配置网络、主机名
修改和添加/etc/sysconfig/network-scripts/ifcfg-enp*（具体的网口）文件。
（1）controller节点
配置网络：
enp8s0: 192.168.100.10
DEVICE=enp8s0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.100.10
PREFIX=24
GATEWAY=192.168.100.1

enp9s0: 192.168.200.10
DEVICE=enp9s0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.200.10
PREFIX=24
配置主机名：
重启网卡命令 service network restart

hostnamectl set-hostname controller

按ctrl+d 退出重新登陆
（2）compute 节点
配置网络：
enp8s0: 192.168.100.20
DEVICE=enp8s0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.100.20
PREFIX=24
GATEWAY=192.168.100.1

enp9s0: 192.168.200.20
DEVICE=enp9s0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.200.20
PREFIX=24

配置主机名：

hostnamectl set-hostname compute

按ctrl+d 退出重新登陆

1.3配置yum源
#Controller和compute节点
（1）yum源备份
#mv /etc/yum.repos.d/* /opt/
（2）创建repo文件
【controller】
在/etc/yum.repos.d创建centos.repo源文件
[centos]
name=centos
baseurl=file:///opt/centos
gpgcheck=0
enabled=1
[iaas]
name=iaas
baseurl=file:///opt/iaas-repo
gpgcheck=0
enabled=1

【compute】
在/etc/yum.repos.d创建centos.repo源文件
[centos]
name=centos
baseurl=ftp://192.168.100.10/centos
gpgcheck=0
enabled=1
[iaas]
name=iaas
baseurl=ftp://192.168.100.10/iaas-repo
gpgcheck=0
enabled=1

（3）挂载iso文件
【挂载CentOS-7-x86_64-DVD-1511.iso】
[root@controller ~]# mount -o loop CentOS-7-x86_64-DVD-1511.iso /mnt/
[root@controller ~]# mkdir /opt/centos
[root@controller ~]# cp -rvf /mnt/* /opt/centos/
[root@controller ~]# umount /mnt/

【挂载XianDian-IaaS-v2.0-1228.iso】
[root@controller ~]# mount -o loop XianDian-IaaS-v2.0-1228.iso /mnt/
[root@controller ~]# cp -rvf /mnt/* /opt/
[root@controller ~]# umount /mnt/

（4）搭建ftp服务器，开启并设置自启
[root@controller ~]# yum install vsftpd –y
[root@controller ~]# vi /etc/vsftpd/vsftpd.conf
添加anon_root=/opt/
保存退出

[root@controller ~]# systemctl start vsftpd
[root@controller ~]# systemctl enable vsftpd

（5）关闭防火墙并设置开机不自启
【controller/compute】
systemctl stop firewalld
systemctl disable firewalld

（6）清除缓存，验证yum源
【controller/compute】

yum clean all

yum list

1.4编辑环境变量

controller和compute节点

yum install iaas-xiandian -y

编辑文件/etc/xiandian/openrc.sh,此文件是安装过程中的各项参数，根据每项参数上一行的说明及服务器实际情况进行配置。
HOST_IP=192.168.100.10
HOST_NAME=controller
HOST_IP_NODE=192.168.100.20
HOST_NAME_NODE=compute
RABBIT_USER=openstack
RABBIT_PASS=000000
DB_PASS=000000
DOMAIN_NAME=demo（自定义）
ADMIN_PASS=000000
DEMO_PASS=000000
KEYSTONE_DBPASS=000000
GLANCE_DBPASS=000000
GLANCE_PASS=000000
NOVA_DBPASS=000000
NOVA_PASS=000000
NEUTRON_DBPASS=000000
NEUTRON_PASS=000000
METADATA_SECRET=000000
INTERFACE_NAME=enp9s0（外网网卡名）
CINDER_DBPASS=000000
CINDER_PASS=000000
TROVE_DBPASS=000000
TROVE_PASS=000000
BLOCK_DISK=md126p4（空白分区名）
SWIFT_PASS=000000
OBJECT_DISK=md126p5（空白分区名）
STORAGE_LOCAL_NET_IP=192.168.100.20
HEAT_DBPASS=000000
HEAT_PASS=000000
CEILOMETER_DBPASS=000000
CEILOMETER_PASS=000000
AODH_DBPASS=000000
AODH_PASS=000000

1.5通过脚本安装服务
1.6-1.9的基础配置操作命令已经编写成shell脚本，通过脚本进行一键安装。如下：

Controller节点和Compute节点

执行脚本iaas-pre-host.sh进行安装

安装完成后同时重启

[root@controller ~]# reboot

1.6安装Openstack包

controller和compute节点

yum -y install openstack-utils openstack-selinux python-openstackclient

yum upgrade

1.7配置域名解析
修改/etc/hosts添加一下内容
（1）controller 节点
20.0.0.10 controller
20.0.0.20 compute
（2）compute 节点
20.0.0.10 controller
20.0.0.20 compute
1.8配置防火墙和Selinux
编辑selinux文件

vi /etc/selinux/config

SELINUX=permissive
关闭防火墙并设置开机不自启

systemctl stop firewalld.service

systemctl disable firewalld.service

yum remove -y NetworkManager firewalld

yum -y install iptables-services

systemctl enable iptables

systemctl restart iptables

iptables -F

iptables -X

service iptables save

1.9安装ntp服务
（1）controller和compute节点

yum -y install ntp

（2）配置controller节点
编辑/etc/ntp.conf文件
添加以下内容（删除默认sever规则）
server 127.127.1.0
fudge 127.127.1.0 stratum 10
启动ntp服务器

service ntpd start

chkconfig ntpd on

（3）配置compute节点

ntpdate controller

chkconfig ntpdate on

1.10通过脚本安装服务
1.11-1.14基础服务的操作命令已经编写成shell脚本，通过脚本进行一键安装。如下：

Controller节点

执行脚本iaas-install-mysql.sh进行安装

1.11安装Mysql数据库服务

yum install mysql mysql-server MySQL-python

修改 /etc/my.cnf文件[mysqld]中添加
max_connections=10000
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = ‘SET NAMES utf8’
character-set-server = utf8
启动服务
#systemctl enable mariadb.service
#systemctl start mariadb.service
配置Mysql
#mysql_secure_installation
修改/usr/lib/systemd/system/mariadb.service
[Service]
新添加两行如下参数：
LimitNOFILE=10000
LimitNPROC=10000
重新加载系统服务，并重启mariadb服务

systemctl daemon-reload

service mariadb restart

按enter确认后设置数据库root密码
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] n
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
（2）compute节点
#yum -y install MySQL-python
1.12安装Mongo数据库服务
#yum install -y mongodb-server mongodb
编辑 /etc/mongod.conf文件
删除bind_ip行
修改 smallfiles = true
#systemctl enable mongod.service
#systemctl start mongod.service
1.13安装RabbitMQ服务

yum install -y rabbitmq-server

systemctl enable rabbitmq-server.service
systemctl restart rabbitmq-server.service
rabbitmqctl add_user openstack 000000
rabbitmqctl set_permissions openstack “." ".” “.*”
1.14安装memcahce
#yum install memcached python-memcached
systemctl enable memcached.service
systemctl restart memcached.service
2 安装Keystone认证服务
#Controller
2.1 通过脚本安装keystone服务
2.2-2.9的认证服务的操作命令已经编写成shell脚本，通过脚本进行一键安装。如下：

Controller节点

执行脚本iaas-install-keystone.sh进行安装。

2.2安装keystone服务软件包
yum install -y openstack-keystone httpd mod_wsgi
2.3创建Keystone数据库

mysql –u root -p（此处数据库密码为之前安装Mysql设置的密码）

mysql> CREATE DATABASE keystone;
mysql> GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@‘localhost’ IDENTIFIED BY ‘KEYSTONE_DBPASS’;
mysql> GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@’%’ IDENTIFIED BY ‘KEYSTONE_DBPASS’;
mysql> exit
2.4配置数据库连接
#openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
2.5为keystone服务创建数据库表
#su -s /bin/sh -c “keystone-manage db_sync” keystone
2.6创建令牌
#ADMIN_TOKEN=$(openssl rand -hex 10)
#openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
#openstack-config --set /etc/keystone/keystone.conf token provider fernet
2.7创建签名密钥和证书
#keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
修改/etc/httpd/conf/httpd.conf配置文件将ServerName www.example.com:80 替换为ServerName controller
创建/etc/httpd/conf.d/wsgi-keystone.conf文件，内容如下：
Listen 5000
Listen 35357

WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat “%{cu}t %M”
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined


    Require all granted

WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat “%{cu}t %M”
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined


    Require all granted

#systemctl enable httpd.service #systemctl start httpd.service 2.8定义用户、租户和角色（1）设置环境变量 export OS_TOKEN=$ADMIN_TOKEN export OS_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 （2）创建keystone相关内容 openstack service create --name keystone --description "OpenStack Identity" identity openstack endpoint create --region RegionOne identity public http://controller:5000/v3 openstack endpoint create --region RegionOne identity internal http://controller:5000/v3 openstack endpoint create --region RegionOne identity admin http://controller:35357/v3 openstack domain create --description "Default Domain" default openstack project create --domain default --description "Admin Project" admin openstack user create --domain default --password 000000 admin openstack role create admin openstack role add --project admin --user admin admin openstack project create --domain default --description "Service Project" service openstack project create --domain default --description "Demo Project" demo openstack user create --domain default --password 000000 demo openstack role create user openstack role add --project demo --user demo user （3）清除环境变量 #unset OS_TOKEN OS_URL 2.9创建admin-openrc.sh 创建admin环境变量admin-openrc.sh export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=000000 export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 生效环境变量 #source admin-openrc.sh 3 安装Glance镜像服务 #Controller 3.1 通过脚本安装glance服务 3.2-3.9的镜像服务的操作命令已经编写成shell脚本，通过脚本进行一键安装。如下： # Controller 节点执行脚本iaas-install-glance.sh进行安装

3.2 安装Glance镜像服务软件包

yum install -y openstack-glance

3.3创建Glance数据库
#mysql -u root -p
mysql> CREATE DATABASE glance;
mysql> GRANT ALL PRIVILEGES ON glance.* TO ‘glance’@‘localhost’ IDENTIFIED BY ‘GLANCE_DBPASS’;
mysql> GRANT ALL PRIVILEGES ON glance.* TO ‘glance’@’%’ IDENTIFIED BY ‘GLANCE_DBPASS’;
3.4配置文件创建数据库连接

openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance

#openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
3.5为镜像服务创建数据库表

su -s /bin/sh -c “glance-manage db_sync” glance

3.6创建用户
openstack user create --domain default --password 000000 glance
openstack role add --project service --user glance admin
3.7配置镜像服务
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password 000000
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-api.conf paste_deploy config_file /usr/share/glance/glance-api-dist-paste.ini
openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http
openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password 000000
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-registry.conf paste_deploy config_file /usr/share/glance/glance-registry-dist-paste.ini
3.8创建Endpoint和API端点
openstack service create --name glance --description “OpenStack Image” image
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
3.9启动服务
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl restart openstack-glance-api.service openstack-glance-registry.service
3.10上传镜像
首先下载（Wget）提供的系统镜像到本地，本次以上传CentOS6.5x86_64镜像为例。
可以安装Wget，从Ftp服务器上下载镜像到本地。

source admin-openrc.sh

glance image-create --name “CentOS7.0” --disk-format qcow2 --container-format bare --progress < /opt/images/centos_7-x86_64_xiandian.qcow2

4 安装Nova计算服务
#Controller
4.1通过脚本安装nova服务
4.2-4.14计算服务的操作命令已经编写成shell脚本，通过脚本进行一键安装。如下：
#Controller节点
执行脚本iaas-install-nova-controller.sh进行安装
#Compute节点
执行脚本iaas-install-nova-compute.sh进行安装

4.2安装Nova 计算服务软件包

yum install -y openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler

4.3创建Nova数据库

mysql -u root -p

mysql> CREATE DATABASE nova;
mysql> GRANT ALL PRIVILEGES ON nova.* TO ‘nova’@‘localhost’ IDENTIFIED BY ‘NOVA_DBPASS’;
mysql> GRANT ALL PRIVILEGES ON nova.* TO ‘nova’@’%’ IDENTIFIED BY ‘NOVA_DBPASS’;
mysql> create database IF NOT EXISTS nova_api;
mysql> GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova’@‘localhost’ IDENTIFIED BY ‘NOVA_DBPASS’ ;
mysql> GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova’@’%’ IDENTIFIED BY ‘NOVA_DBPASS’ ;
修改数据库连接
openstack-config --set /etc/nova/nova.conf database connection mysql+pymysql://nova:NOVA_DBPASS@controller/nova
openstack-config --set /etc/nova/nova.conf api_database connection mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
4.4创建计算服务表
su -s /bin/sh -c “nova-manage db sync” nova
su -s /bin/sh -c “nova-manage api_db sync” nova
4.5创建用户
openstack user create --domain default --password 000000 nova
openstack role add --project service --user nova admin
4.6配置计算服务
openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 20.0.0.10
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron True
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf DEFAULT metadata_listen 0.0.0.0
openstack-config --set /etc/nova/nova.conf DEFAULT metadata_listen_port 8775
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password 000000
openstack-config --set /etc/nova/nova.conf vnc vncserver_listen 20.0.0.10
openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address 20.0.0.10
openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
4.7创建Endpoint和API端点
openstack service create --name nova --description “OpenStack Compute” compute
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1/%(tenant_id)s
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1/%(tenant_id)s
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1/%(tenant_id)s
4.8启动服务
systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
4.9验证Nova
#nova image-list

#Compute
4.10安装Nova计算服务软件包
yum install lvm2 -y
yum install openstack-nova-compute -y
4.11配置Nova服务
openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password 000000
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 20.0.0.20
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron True
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf vnc enabled True
openstack-config --set /etc/nova/nova.conf vnc vncserver_listen 0.0.0.0
openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address 20.0.0.20
openstack-config --set /etc/nova/nova.conf vnc novncproxy_base_url http://20.0.0.10:6080/vnc_auto.html
openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
openstack-config --set /etc/nova/nova.conf libvirt inject_key True
4.12检查系统处理器是否支持虚拟机的硬件加速
执行命令
#egrep -c ‘(vmx|svm)’ /proc/cpuinfo
（1）如果该命令返回一个1或更大的值,说明你的系统支持硬件加速，通常不需要额外的配置。
（2）如果这个指令返回一个0值，说明你的系统不支持硬件加速，你必须配置libvirt取代KVM来使用QEMU。

openstack-config --set /etc/nova/nova.conf libvirt virt_type qemu

4.13启动
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
4.14 清除防火墙
controller和compute节点
iptables -F
iptables -X
iptables -Z
/usr/libexec/iptables/iptables.init save
5 安装Neutron网络服务
#Controller节点
5.1通过脚本安装neutron服务
5.3-5.14网络服务的操作命令已经编写成shell脚本，通过脚本进行一键安装。如下：
#Controller节点
执行脚本iaas-install-neutron-controller.sh进行安装
#Compute节点
执行脚本iaas-install-neutron-compute.sh进行安装

5.2通过脚本创建neutron网络
5.15网络服务的操作命令已经编写成shell脚本，通过脚本进行一键安装。如下：

创建flat网络
#Controller节点
执行脚本iaas-install-neutron-controller-flat.sh进行安装
#Compute节点
执行脚本iaas-install-neutron-compute-flat.sh进行安装

创建gre网络
#Controller节点
执行脚本iaas-install-neutron-controller-gre.sh进行安装
#Compute节点
执行脚本iaas-install-neutron-compute-gre.sh进行安装

创建vlan网络
#Controller节点
执行脚本iaas-install-neutron-controller-vlan.sh进行安装
#Compute节点
执行脚本iaas-install-neutron-compute-vlan.sh进行安装

5.3创建Neutron数据库
#mysql -u root -p
mysql> CREATE DATABASE neutron;
mysql> GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron’@‘localhost’ IDENTIFIED BY ‘000000’;
mysql> GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron’@’%’ IDENTIFIED BY ‘000000’;
5.4创建用户
openstack user create --domain default --password 000000 neutron
openstack role add --project service --user neutron admin
5.5创建Endpoint和API端点
openstack service create --name neutron --description “OpenStack Networking” network
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
5.6安装neutron网络服务软件包

yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables openstack-neutron-openvswitch

5.7配置Neutron服务
openstack-config --set /etc/neutron/neutron.conf database connection mysql://neutron:000000@controller/neutron
openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router
openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password 000000
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True
openstack-config --set /etc/neutron/neutron.conf nova auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf nova auth_type password
openstack-config --set /etc/neutron/neutron.conf nova project_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova user_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne
openstack-config --set /etc/neutron/neutron.conf nova project_name service
openstack-config --set /etc/neutron/neutron.conf nova username nova
openstack-config --set /etc/neutron/neutron.conf nova password 000000
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan,gre,vxlan,local
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch,l2population
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_security_group true
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver iptables_hybrid
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata True
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini agent l2_population True
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini agent prevent_arp_spoofing True
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs integration_bridge br-int
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini securitygroup firewall_driver iptables_hybrid
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_ip 20.0.0.10
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret 000000
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_port 8775
openstack-config --set /etc/nova/nova.conf DEFAULT auto_assign_floating_ip True
openstack-config --set /etc/nova/nova.conf DEFAULT metadata_listen 0.0.0.0
openstack-config --set /etc/nova/nova.conf DEFAULT metadata_listen_port 8775
openstack-config --set /etc/nova/nova.conf DEFAULT scheduler_default_filters ‘AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter’
openstack-config --set /etc/nova/nova.conf DEFAULT compute_driver libvirt.LibvirtDriver
openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf neutron auth_type password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name default
openstack-config --set /etc/nova/nova.conf neutron user_domain_name default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password 20.0.0.10
openstack-config --set /etc/nova/nova.conf neutron service_metadata_proxy True
openstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret 000000
5.8 编辑内核
编辑文件/etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0
生效配置
sysctl –p
5.9 创建数据库
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c “neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head” neutron
5.10 启动服务和创建网桥
systemctl restart openvswitch
systemctl enable openvswitch
ovs-vsctl add-br br-int
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service neutron-openvswitch-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl restart neutron-server.service neutron-openvswitch-agent neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service
systemctl restart neutron-l3-agent.service

#Compute节点
5.11 安装软件包
yum install openstack-neutron-linuxbridge ebtables ipset openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch –y
5.12 配置Neutron服务
openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router
openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password 000000
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan,gre,vxlan,local
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch,l2population
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_security_group true
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver iptables_hybrid
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini agent l2_population True
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini agent prevent_arp_spoofing True
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs integration_bridge br-int
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini securitygroup firewall_driver iptables_hybrid
openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf neutron auth_type password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name default
openstack-config --set /etc/nova/nova.conf neutron user_domain_name default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password 000000
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron True
openstack-config --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf DEFAULT vif_plugging_is_fatal True
openstack-config --set /etc/nova/nova.conf DEFAULT vif_plugging_timeout 300
5.13 编辑内核
编辑文件/etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0
生效配置
sysctl –p
5.14 启动服务进而创建网桥
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
systemctl restart openvswitch
systemctl enable openvswitch
ovs-vsctl add-br br-int
systemctl restart openstack-nova-compute.service
systemctl restart openstack-nova-compute neutron-metadata-agent
systemctl restart neutron-openvswitch-agent
systemctl enable neutron-openvswitch-agent neutron-metadata-agent
5.15 选择Neutron网络模式
以下任意选择一种方式进行安装
5.15.1 Flat
#Controller节点
# source /etc/xiandian/openrc.sh

source /etc/keystone/admin-openrc.sh

ovs-vsctl add-br br-ex

修改/etc/sysconfig/network-scripts/ifcfg-enp9s0配置如下：
DEVICE=enp9s0
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
修改完成后执行以下命令

ovs-vsctl add-port br-ex enp9s0

systemctl restart network

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks physnet1

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types flat

openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs bridge_mappings physnet1:br-ex

systemctl restart neutron-openvswitch-agent

#Compute节点

ovs-vsctl add-br br-ex

修改/etc/sysconfig/network-scripts/ifcfg-enp9s0配置如下：
DEVICE=enp9s0
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
修改完成后执行以下命令

ovs-vsctl add-port br-ex enp9s0

systemctl restart network

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks physnet1

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types flat

openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs bridge_mappings physnet1:br-ex

systemctl restart neutron-openvswitch-agent

创建FLAT网络

Controller节点

tenantID=openstack project list | grep service | awk '{print $2}'
neutron net-create --tenant-id $KaTeX parse error: Expected 'EOF', got '#' at position 108: \dotst1 5.15.2 Gre #̲Controller节点 op\dots$ minvlan: $KaTeX parse error: Expected 'EOF', got '#' at position 655: \dotstron-l3-agent #̲Compute节点 opens\dots$ minvlan:$maxvlan(最小vlan号：最大vlanID号)
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini securitygroup firewall_driver iptables_hybrid
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge br-ex
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs bridge_mappings physnet1:br-ex
ovs-vsctl add-br br-ex
修改/etc/sysconfig/network-scripts/ifcfg-enp9s0配置如下：
DEVICE=enp9s0
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
修改完成后执行以下命令
ovs-vsctl add-port br-ex enp9s0
systemctl restart network
systemctl restart neutron-openvswitch-agent
创建Vlan网络

Controller节点

neutron net-create ext-net --router:external True --provider:physical_network physnet1 --provider:network_type flat
neutron net-create demo-net --tenant-id openstack project list |grep -w admin |awk '{print $2}' --provider:network_type vlan
6 安装Dashboard服务
6.1通过脚本安装dashboard服务
6.2-6.4dashboard的操作命令已经编写成shell脚本，通过脚本进行一键安装。如下：
#Controller
执行脚本iaas-install-dashboard.sh进行安装

6.2安装Dashboard服务软件包

yum install openstack-dashboard –y

6.3配置
修改/etc/openstack-dashboard/local_settings内容如下
修改
import os
from django.utils.translation import ugettext_lazy as _
from openstack_dashboard import exceptions
from openstack_dashboard.settings import HORIZON_CONFIG
DEBUG = False
TEMPLATE_DEBUG = DEBUG
WEBROOT = ‘/dashboard/’
ALLOWED_HOSTS = [’’,‘localhost’]
OPENSTACK_API_VERSIONS = {
“identity”: 3,
“volume”: 2,
“compute”: 2,
}
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = ‘default’
LOCAL_PATH = ‘/tmp’
SECRET_KEY=‘e2cf67af77d15971b311’
SESSION_ENGINE = ‘django.contrib.sessions.backends.cache’
CACHES = {
‘default’: {
‘BACKEND’: ‘django.core.cache.backends.memcached.MemcachedCache’,
‘LOCATION’: ‘127.0.0.1:11211’,
},
}
EMAIL_BACKEND = ‘django.core.mail.backends.console.EmailBackend’
OPENSTACK_HOST = “controller”
OPENSTACK_KEYSTONE_URL = “http://%s:5000/v3” % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = “user”
OPENSTACK_KEYSTONE_BACKEND = {
‘name’: ‘native’,
‘can_edit_user’: True,
‘can_edit_group’: True,
‘can_edit_project’: True,
‘can_edit_domain’: True,
‘can_edit_role’: True,
}
OPENSTACK_HYPERVISOR_FEATURES = {
‘can_set_mount_point’: False,
‘can_set_password’: False,
‘requires_keypair’: False,
}
OPENSTACK_CINDER_FEATURES = {
‘enable_backup’: False,
}
OPENSTACK_NEUTRON_NETWORK = {
‘enable_router’: True,
‘enable_quotas’: True,
‘enable_ipv6’: True,
‘enable_distributed_router’: False,
‘enable_ha_router’: False,
‘enable_lb’: True,
‘enable_firewall’: True,
‘enable_’: True,
‘enable_fip_topology_check’: True,
‘default_ipv4_subnet_pool_label’: None,
‘default_ipv6_subnet_pool_label’: None,
‘profile_support’: None,
‘supported_provider_types’: [’’],
‘supported_vnic_types’: [’*’],
}
OPENSTACK_HEAT_STACK = {
‘enable_user_pass’: True,
}
IMAGE_CUSTOM_PROPERTY_TITLES = {
“architecture”: _(“Architecture”),
“kernel_id”: _(“Kernel ID”),
“ramdisk_id”: _(“Ramdisk ID”),
“image_state”: _(“Euca2ools state”),
“project_id”: _(“Project ID”),
“image_type”: _(“Image Type”),
}
IMAGE_RESERVED_CUSTOM_PROPERTIES = []
API_RESULT_LIMIT = 1000
API_RESULT_PAGE_SIZE = 20
SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024
DROPDOWN_MAX_ITEMS = 30
TIME_ZONE = “UTC”
POLICY_FILES_PATH = ‘/etc/openstack-dashboard’
LOGGING = {
…
}
SECURITY_GROUP_RULES = {
…
}
REST_API_REQUIRED_SETTINGS = [‘OPENSTACK_HYPERVISOR_FEATURES’,
‘LAUNCH_INSTANCE_DEFAULTS’]
6.4启动服务

systemctl restart httpd.service memcached.service

6.5访问
打开浏览器访问Dashboard
http://controller（或本机内网ip）/dashboard
注：检查防火墙规则，确保允许http服务相关端口通行，或者关闭防火墙。

6.6创建云主机（gre/vlan）
（1）管理员 → 网络 → 创建网络（内外网） → 创建子网（外网填服务器的外网网段）

（2）项目 → 网络 → 路由 → 新建路由 → 添加网关和内网接口

（3）项目 → 计算 → 访问安全 → 管理规则 → 添加规则（ICMP、TCP、UDP）

（4）项目 → 计算 → 云主机 → 创建云主机 → 绑定浮动IP

7 安装Cinder块存储服务
7.1 通过脚本安装Cinder服务
7.2-7.13块存储服务的操作命令已经编写成shell脚本，通过脚本进行一键安装。如下：
#Controller
执行脚本iaas-install-cinder-controller.sh进行安装
#Compute节点
执行脚本iaas-install-cinder-compute.sh进行安装

7.2 安装Cinder块存储服务软件包

yum install openstack-cinder

修改权限配置文件，修改文件/etc/cinder/policy.json，将consistencygroup权限修改为空，修改如下：
“consistencygroup:create” : “”,
“consistencygroup:delete”: “”,
“consistencygroup:update”: “”,
“consistencygroup:get”: “”,
“consistencygroup:get_all”: “”,
“consistencygroup:create_cgsnapshot” : “”,
“consistencygroup:delete_cgsnapshot”: “”,
“consistencygroup:get_cgsnapshot”: “”,
“consistencygroup:get_all_cgsnapshots”: “”,
7.3 创建数据库

mysql -u root -p

mysql> CREATE DATABASE cinder;
mysql> GRANT ALL PRIVILEGES ON cinder.* TO ‘cinder’@‘localhost’ IDENTIFIED BY ‘000000’;
mysql> GRANT ALL PRIVILEGES ON cinder.* TO ‘cinder’@’%’ IDENTIFIED BY ‘000000’;
7.4 创建用户
openstack user create --domain default --password 000000 cinder
openstack role add --project service --user cinder admin
7.5 创建Endpoint和API端点
openstack service create --name cinder --description “OpenStack Block Storage” volume
openstack service create --name cinderv2 --description “OpenStack Block Storage” volumev2
openstack endpoint create --region RegionOne volume public http://controller:8776/v1/%(tenant_id)s
openstack endpoint create --region RegionOne volume internal http://controller:8776/v1/%(tenant_id)s
openstack endpoint create --region RegionOne volume admin http://controller:8776/v1/%(tenant_id)s
openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%(tenant_id)s
openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%(tenant_id)s
openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%(tenant_id)s
7.6 配置Cinder服务
openstack-config --set /etc/cinder/cinder.conf database connection mysql+pymysql://cinder:000000@controller/cinder
openstack-config --set /etc/cinder/cinder.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/cinder/cinder.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_type password
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_name service
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken username cinder
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken password 000000
openstack-config --set /etc/cinder/cinder.conf DEFAULT my_ip 20.0.0.10
openstack-config --set /etc/cinder/cinder.conf oslo_concurrency lock_path /var/lib/cinder/tmp
openstack-config --set /etc/nova/nova.conf cinder os_region_name RegionOne
7.7 创建数据库

su -s /bin/sh -c “cinder-manage db sync” cinder

7.8 启动服务

systemctl restart openstack-nova-api.service

systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service

systemctl restart openstack-cinder-api.service openstack-cinder-scheduler.service

7.9 安装块存储软件
yum install lvm2 targetcli python-keystone openstack-cinder -y
7.10 创建LVM物理和逻辑卷
以磁盘/dev/sda为例

pvcreate /dev/sda

vgcreate cinder-volumes /dev/sda

7.11 修改Cinder配置文件
openstack-config --set /etc/cinder/cinder.conf database connection mysql+pymysql://cinder:000000@controller/cinder
openstack-config --set /etc/cinder/cinder.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/cinder/cinder.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/cinder/cinder.conf DEFAULT enabled_backends lvm
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_type password
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_name service
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken username cinder
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken password 000000
openstack-config --set /etc/cinder/cinder.conf DEFAULT my_ip 20.0.0.20
openstack-config --set /etc/cinder/cinder.conf lvm volume_driver cinder.volume.drivers.lvm.LVMVolumeDriver
openstack-config --set /etc/cinder/cinder.conf lvm volume_group cinder-volumes
openstack-config --set /etc/cinder/cinder.conf lvm iscsi_protocol iscsi
openstack-config --set /etc/cinder/cinder.conf lvm iscsi_helper lioadm
openstack-config --set /etc/cinder/cinder.conf DEFAULT glance_api_servers http://controller:9292
openstack-config --set /etc/cinder/cinder.conf oslo_concurrency lock_path /var/lib/cinder/tmp
7.12 重启服务
systemctl enable openstack-cinder-volume.service target.service
systemctl restart openstack-cinder-volume.service target.service
7.13 验证
#Controller
使用cinder create 创建一个新的卷

cinder create --display-name myVolume 1

通过cinder list 命令查看是否正确创建

cinder list

8 安装Swift对象存储服务
#Controller节点

source admin-openrc.sh

8.1通过脚本安装Swift服务
8.2-8.12对象存储服务的操作命令已经编写成shell脚本，通过脚本进行一键安装。如下：
#Controller
执行脚本iaas-install-swift-controller.sh进行安装
#Compute节点
执行脚本iaas-install-swift-compute.sh进行安装
执行过程中需要确认登录controller节点和输入controller节点root用户密码。
8.2创建用户
openstack user create --domain default --password 000000 swift
openstack role add --project service --user swift admin
8.3创建Endpoint和API端点
openstack service create --name swift --description “OpenStack Object Storage” object-store
openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%(tenant_id)s
openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%(tenant_id)s
openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1
8.4 编辑/etc/swift/proxy-server.conf
编辑配置文件如下
[DEFAULT]
bind_port = 8080
swift_dir = /etc/swift
user = swift
[pipeline:main]
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server
[app:proxy-server]
use = egg:swift#proxy
account_autocreate = True
[filter:tempauth]
use = egg:swift#tempauth
user_admin_admin = admin .admin .reseller_admin
user_test_tester = testing .admin
user_test2_tester2 = testing2 .admin
user_test_tester3 = testing3
user_test5_tester5 = testing5 service
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = swift
password = 000000
delay_auth_decision = True
[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = admin,user
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:cache]
memcache_servers = controller:11211
use = egg:swift#memcache
[filter:ratelimit]
use = egg:swift#ratelimit
[filter:domain_remap]
use = egg:swift#domain_remap
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:cname_lookup]
use = egg:swift#cname_lookup
[filter:staticweb]
use = egg:swift#staticweb
[filter:tempurl]
use = egg:swift#tempurl
[filter:formpost]
use = egg:swift#formpost
[filter:name_check]
use = egg:swift#name_check
[filter:list-endpoints]
use = egg:swift#list_endpoints
[filter:proxy-logging]
use = egg:swift#proxy_logging
[filter:bulk]
use = egg:swift#bulk
[filter:slo]
use = egg:swift#slo
[filter:dlo]
use = egg:swift#dlo
[filter:container-quotas]
use = egg:swift#container_quotas
[filter:account-quotas]
use = egg:swift#account_quotas
[filter:gatekeeper]
use = egg:swift#gatekeeper
[filter:container_sync]
use = egg:swift#container_sync
[filter:xprofile]
use = egg:swift#xprofile
[filter:versioned_writes]
use = egg:swift#versioned_writes
8.5 创建账号、容器、对象
存储节点存储磁盘名称以sdb为例
swift-ring-builder account.builder create 18 1 1
swift-ring-builder account.builder add --region 1 --zone 1 --ip 20.0.0.20 --port 6002 --device sdb --weight 100
swift-ring-builder account.builder
swift-ring-builder account.builder rebalance
swift-ring-builder container.builder create 10 1 1
swift-ring-builder container.builder add --region 1 --zone 1 --ip 20.0.0.20 --port 6001 --device sdb --weight 100
swift-ring-builder container.builder
swift-ring-builder container.builder rebalance
swift-ring-builder object.builder create 10 1 1
swift-ring-builder object.builder add --region 1 --zone 1 --ip 20.0.0.20 --port 6000 --device sdb --weight 100
swift-ring-builder object.builder
swift-ring-builder object.builder rebalance
8.6 编辑/etc/swift/swift.conf文件
编辑如下
[swift-hash]
swift_hash_path_suffix = changeme
swift_hash_path_prefix = changeme
[storage-policy:0]
name = Policy-0
default = yes
aliases = yellow, orange
[swift-constraints]
8.7 启动服务和赋予权限
chown -R root:swift /etc/swift
systemctl enable openstack-swift-proxy.service memcached.service
systemctl restart openstack-swift-proxy.service memcached.service
#Compute节点
8.8 安装软件包
存储节点存储磁盘名称以sdb为例

yum install xfsprogs rsync openstack-swift-account openstack-swift-container openstack-swift-object –y

mkfs.xfs -i size=1024 -f /dev/sdb

echo “/dev/sdb /swift/node xfs loop,noatime,nodiratime,nobarrier,logbufs=8 0 0” >> /etc/fstab

mkdir -p /swift/node

mount /dev/sdb /swift/node

scp controller:/etc/swift/*.ring.gz /etc/swift/

8.9 配置rsync
（1）编辑/etc/rsyncd.conf文件如下
pid file = /var/run/rsyncd.pid
log file = /var/log/rsyncd.log
uid = swift
gid = swift
address = 127.0.0.1
[account]
path = /swift/node
read only = false
write only = no
list = yes
incoming chmod = 0644
outgoing chmod = 0644
max connections = 25
lock file = /var/lock/account.lock
[container]
path = /swift/node
read only = false
write only = no
list = yes
incoming chmod = 0644
outgoing chmod = 0644
max connections = 25
lock file = /var/lock/container.lock
[object]
path = /swift/node
read only = false
write only = no
list = yes
incoming chmod = 0644
outgoing chmod = 0644
max connections = 25
lock file = /var/lock/object.lock
[swift_server]
path = /etc/swift
read only = true
write only = no
list = yes
incoming chmod = 0644
outgoing chmod = 0644
max connections = 5
lock file = /var/lock/swift_server.lock
（2）启动服务
systemctl enable rsyncd.service
systemctl restart rsyncd.service
8.10 配置账号、容器和对象
（1）修改/etc/swift/account-server.conf配置文件
[DEFAULT]
bind_port = 6002
user = swift
swift_dir = /etc/swift
devices = /swift/node
mount_check = false
[pipeline:main]
pipeline = healthcheck recon account-server
[app:account-server]
use = egg:swift#account
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
[account-replicator]
[account-auditor]
[account-reaper]
[filter:xprofile]
use = egg:swift#xprofile
（2）修改/etc/swift/container-server.conf配置文件
[DEFAULT]
bind_port = 6001
user = swift
swift_dir = /etc/swift
devices = /swift/node
mount_check = false
[pipeline:main]
pipeline = healthcheck recon container-server
[app:container-server]
use = egg:swift#container
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
[container-replicator]
[container-updater]
[container-auditor]
[container-sync]
[filter:xprofile]
use = egg:swift#xprofile
（3）修改/etc/swift/object-server.conf配置文件
[DEFAULT]
bind_port = 6000
user = swift
swift_dir = /etc/swift
devices = /swift/node
mount_check = false
[pipeline:main]
pipeline = healthcheck recon object-server
[app:object-server]
use = egg:swift#object
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
recon_lock_path = /var/lock
[object-replicator]
[object-reconstructor]
[object-updater]
[object-auditor]
[filter:xprofile]
use = egg:swift#xprofile
8.11 修改Swift配置文件
修改/etc/swift/swift.conf
[swift-hash]
swift_hash_path_suffix = changeme
swift_hash_path_prefix = changeme
[storage-policy:0]
name = Policy-0
default = yes
aliases = yellow, orange
[swift-constraints]
8.12 重启服务和赋予权限
chown -R swift:swift /swift/node
mkdir -p /var/cache/swift
chown -R root:swift /var/cache/swift
chmod -R 775 /var/cache/swift
chown -R root:swift /etc/swift

systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service
systemctl restart openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service
systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service
systemctl restart openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service
systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service
systemctl restart openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service
9 安装Trove服务
9.1 执行脚本进行安装
9.2-9.11编配服务的操作命令已经编写成shell脚本，通过脚本进行一键安装。如下：
#Controller节点
执行脚本iaas-install-trove.sh进行安装
需注意安装Trove服务之前需要配置好网络（flat或gre）,创建好子网，并确认系统已经安装swift和cinder两个服务，否则安装会失败。
9.2 安装Trove数据库服务的软件包

yum install openstack-trove-guestagent openstack-trove python-troveclient openstack-trove-ui –y

9.3 创建数据库

mysql -u root -p

mysql> CREATE DATABASE trove;
mysql> GRANT ALL PRIVILEGES ON trove.* TO trove@‘localhost’ IDENTIFIED BY ‘000000’;
mysql> GRANT ALL PRIVILEGES ON trove.* TO trove@’%’ IDENTIFIED BY ‘000000’;
9.4 创建用户

openstack user create --domain $DOMAIN_NAME --password 000000 trove

openstack role add --project service --user trove admin

openstack service create --name trove --description “Database” database

9.5 创建Endpoint和API端点

openstack endpoint create --region RegionOne database public http:// controller:8779/v1.0/%(tenant_id)s

openstack endpoint create --region RegionOne database internal http:// controller:8779/v1.0/%(tenant_id)s

openstack endpoint create --region RegionOne database admin http:// controller:8779/v1.0/%(tenant_id)s

9.6 配置trove.conf文件
openstack-config --set /etc/trove/trove.conf DEFAULT log_dir /var/log/trove
openstack-config --set /etc/trove/trove.conf DEFAULT log_file trove-api.log
openstack-config --set /etc/trove/trove.conf DEFAULT trove_auth_url http://controller:35357/v2.0
openstack-config --set /etc/trove/trove.conf DEFAULT notifier_queue_hostname controller
openstack-config --set /etc/trove/trove.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/trove/trove.conf DEFAULT nova_proxy_admin_user admin
openstack-config --set /etc/trove/trove.conf DEFAULT nova_proxy_admin_pass 000000
openstack-config --set /etc/trove/trove.conf DEFAULT nova_proxy_admin_tenant_name admin
openstack-config --set /etc/trove/trove.conf DEFAULT nova_compute_service_type compute
openstack-config --set /etc/trove/trove.conf DEFAULT cinder_service_type volumev2
openstack-config --set /etc/trove/trove.conf DEFAULT network_driver trove.network.neutron.NeutronDriver
openstack-config --set /etc/trove/trove.conf DEFAULT default_neutron_networks (网络的ID)
openstack-config --set /etc/trove/trove.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/trove/trove.conf DEFAULT add_addresses True
openstack-config --set /etc/trove/trove.conf DEFAULT network_label_regex .*
openstack-config --set /etc/trove/trove.conf DEFAULT api_paste_config api-paste.ini
openstack-config --set /etc/trove/trove.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/trove/trove.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/trove/trove.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/trove/trove.conf database connection mysql://trove:000000@controller/trove
openstack-config --set /etc/trove/trove.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/trove/trove.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/trove/trove.conf keystone_authtoken auth_type password
openstack-config --set /etc/trove/trove.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/trove/trove.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/trove/trove.conf keystone_authtoken project_name service
openstack-config --set /etc/trove/trove.conf keystone_authtoken username trove
openstack-config --set /etc/trove/trove.conf keystone_authtoken password 000000
9.7 配置trove-taskmanager.conf
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT log_dir /var/log/trove
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT log_file trove-taskmanager.log
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT trove_auth_url http://controller:5000/v2.0
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT nova_compute_url http://controller:8774/v2.1
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT notifier_queue_hostname controller
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT nova_proxy_admin_user admin
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT nova_proxy_admin_pass 000000
openstack-config crudini --set /etc/trove/trove-taskmanager.conf DEFAULT nova_proxy_admin_tenant_id $(openstack project list |grep -w ‘admin’ |awk ‘{print $2}’)
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT taskmanager_manager trove.taskmanager.manager.Manager
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT notification_driver messagingv2
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT network_driver trove.network.neutron.NeutronDriver
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT default_neutron_networks （网络ID）
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT network_label_regex .*
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT guest_config /etc/trove/trove-guestagent.conf
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT guest_info guest_info.conf
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT injected_config_location /etc/trove/conf.d
openstack-config --set /etc/trove/trove-taskmanager.conf DEFAULT cloudinit_location /etc/trove/cloudinit
sed -i ‘/^{exists_notification/s/}/#/’ /etc/trove/trove-taskmanager.conf
openstack-config --set /etc/trove/trove-taskmanager.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/trove/trove-taskmanager.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/trove/trove-taskmanager.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/trove/trove-taskmanager.conf database connection mysql://trove:000000@controller/trove
9.8 配置trove-conductor.conf文件
openstack-config --set /etc/trove/trove-conductor.conf DEFAULT log_dir /var/log/trove
openstack-config --set /etc/trove/trove-conductor.conf DEFAULT log_file trove-conductor.log
openstack-config --set /etc/trove/trove-conductor.conf DEFAULT trove_auth_url http://controller:5000/v2.0
openstack-config --set /etc/trove/trove-conductor.conf DEFAULT notifier_queue_hostname controller
openstack-config --set /etc/trove/trove-conductor.conf DEFAULT nova_proxy_admin_user admin
openstack-config --set /etc/trove/trove-conductor.conf DEFAULT nova_proxy_admin_pass 000000
openstack-config --set /etc/trove/trove-conductor.conf DEFAULT nova_proxy_admin_tenant_name admin
openstack-config --set /etc/trove/trove-conductor.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/trove/trove-conductor.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/trove/trove-conductor.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/trove/trove-conductor.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/trove/trove-conductor.conf database connection mysql://trove:000000@controller/trove
9.9 配置trove-guestagent.conf文件
openstack-config --set /etc/trove/trove-guestagent.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/trove/trove-guestagent.conf DEFAULT nova_proxy_admin_user admin
openstack-config --set /etc/trove/trove-guestagent.conf DEFAULT nova_proxy_admin_pass 000000
openstack-config --set /etc/trove/trove-guestagent.conf DEFAULT nova_proxy_admin_user admin
openstack-config --set /etc/trove/trove-guestagent.conf DEFAULT nova_proxy_admin_tenant_id $(openstack project list |grep -w ‘admin’ |awk ‘{print $2}’)
openstack-config --set /etc/trove/trove-guestagent.conf DEFAULT trove_auth_url http://192.168.100.10:35357/v2.0
openstack-config --set /etc/trove/trove-guestagent.conf DEFAULT swift_url http://192.168.100.10:8080/v1/AUTH_
openstack-config --set /etc/trove/trove-guestagent.conf DEFAULT os_region_name RegionOne
openstack-config --set /etc/trove/trove-guestagent.conf DEFAULT swift_service_type object-store
openstack-config --set /etc/trove/trove-guestagent.conf DEFAULT log_file trove-guestagent.log
openstack-config --set /etc/trove/trove-guestagent.conf DEFAULT rabbit_password 000000
openstack-config --set /etc/trove/trove-guestagent.conf DEFAULT rabbit_host 192.168.100.10
openstack-config --set /etc/trove/trove-guestagent.conf DEFAULT rabbit_userid openstack
openstack-config --set /etc/trove/trove-guestagent.conf DEFAULT rabbit_port 5672
openstack-config --set /etc/trove/trove-guestagent.conf oslo_messaging_rabbit rabbit_host 192.168.100.10
openstack-config --set /etc/trove/trove-guestagent.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/trove/trove-guestagent.conf oslo_messaging_rabbit rabbit_password 000000
9.10 同步数据库

su -s /bin/sh -c “trove-manage db_sync” trove

9.11 启动服务

service httpd restart

systemctl enable openstack-trove-api.service openstack-trove-taskmanager.service openstack-trove-conductor.service

systemctl restart openstack-trove-api.service openstack-trove-taskmanager.service openstack-trove-conductor.service

9.12 上传镜像
将提供的MySQL_5.6_xiandian.qcow2 上传到系统内

glance image-create --name “mysql-5.6” --disk-format qcow2 --container-format bare --progress < MySQL_5.6_XD.qcow2

9.13 创建数据库存储

trove-manage datastore_update mysql ‘’

9.14 使用上传的镜像更新数据库

glance_id=$(glance image-list | awk ‘/ mysql-5.6 / { print $2 }’)

trove-manage datastore_version_update mysql mysql-5.6 mysql ${glance_id} ‘’ 1

9.15 启动数据库实例
使用m1.small类型启动名称为mysql-1、大小为5G、创建数据库名称为myDB，用户为user，密码为r00tme，创建过程一般需要3-4分钟。

FLAVOR_ID=$(openstack flavor list | awk ‘/ m1.small / { print $2 }’)

trove create mysql-1 ${FLAVOR_ID} --size 5 --databases myDB --users user:r00tme --datastore_version mysql-5.6 --datastore mysql

Controller节点

10.1通过脚本安装heat服务
10.2-10.8编配服务的操作命令已经编写成shell脚本，通过脚本进行一键安装。如下：
#Controller节点
执行脚本iaas-install-heat.sh进行安装

10.2安装heat编配服务软件包

yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine –y

10.3创建数据库

mysql -u root -p

mysql> CREATE DATABASE heat;
mysql> GRANT ALL PRIVILEGES ON heat.* TO ‘heat’@‘localhost’ IDENTIFIED BY ‘000000’;
mysql> GRANT ALL PRIVILEGES ON heat.* TO ‘heat’@’%’ IDENTIFIED BY ‘000000’;
10.4创建用户
openstack user create --domain default --password 000000 heat
openstack role add --project service --user heat admin
openstack domain create --description “Stack projects and users” heat
openstack user create --domain heat --password 000000 heat_domain_admin
openstack role add --domain heat --user-domain heat --user heat_domain_admin admin
openstack role create heat_stack_owner
openstack role add --project demo --user demo heat_stack_owner
openstack role create heat_stack_user
10.5创建Endpoint和API端点
openstack service create --name heat --description “Orchestration” orchestration
openstack service create --name heat-cfn --description “Orchestration” cloudformation
openstack endpoint create --region RegionOne orchestration public http://controller:8004/v1/%(tenant_id)s
openstack endpoint create --region RegionOne orchestration internal http://controller:8004/v1/%(tenant_id)s
openstack endpoint create --region RegionOne orchestration admin http://controller:8004/v1/%(tenant_id)s
openstack endpoint create --region RegionOne cloudformation public http://controller:8000/v1
openstack endpoint create --region RegionOne cloudformation internal http://controller:8000/v1
openstack endpoint create --region RegionOne cloudformation admin http://controller:8000/v1
10.6配置Heat服务
openstack-config --set /etc/heat/heat.conf database connection mysql+pymysql://heat:000000@controller/heat
openstack-config --set /etc/heat/heat.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/heat/heat.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/heat/heat.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/heat/heat.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/heat/heat.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/heat/heat.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/heat/heat.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/heat/heat.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/heat/heat.conf keystone_authtoken auth_type password
openstack-config --set /etc/heat/heat.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/heat/heat.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/heat/heat.conf keystone_authtoken project_name service
openstack-config --set /etc/heat/heat.conf keystone_authtoken username heat
openstack-config --set /etc/heat/heat.conf keystone_authtoken password 000000
openstack-config --set /etc/heat/heat.conf trustee auth_plugin password
openstack-config --set /etc/heat/heat.conf trustee auth_url http://controller:35357
openstack-config --set /etc/heat/heat.conf trustee username heat
openstack-config --set /etc/heat/heat.conf trustee password 000000
openstack-config --set /etc/heat/heat.conf trustee user_domain_name default
openstack-config --set /etc/heat/heat.conf clients_keystone auth_uri http://controller:35357
openstack-config --set /etc/heat/heat.conf trustee ec2authtoken auth_uri http://controller:5000
openstack-config --set /etc/heat/heat.conf DEFAULT heat_metadata_server_url http://controller:8000
openstack-config --set /etc/heat/heat.conf DEFAULT heat_waitcondition_server_url http://controller:8000/v1/waitcondition
openstack-config --set /etc/heat/heat.conf DEFAULT stack_domain_admin heat_domain_admin
openstack-config --set /etc/heat/heat.conf DEFAULT stack_domain_admin_password 000000
openstack-config --set /etc/heat/heat.conf DEFAULT stack_user_domain_name heat
10.7创建数据库
su -s /bin/sh -c “heat-manage db_sync” heat
10.8启动服务
systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service
systemctl restart openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service
11 安装Ceilometer监控服务
11.1通过脚本安装Ceilometer服务
11.2-11.10ceilometer监控服务的操作命令已经编写成shell脚本，通过脚本进行一键安装。如下：
#Controller节点
执行脚本iaas-install-ceilometer-controller.sh进行安装
#Compute节点
执行脚本iaas-install-ceilometer-compute.sh进行安装

11.2 安装Ceilometer监控服务软件包

yum install -y openstack-ceilometer-api openstack-ceilometer-collector openstack-ceilometer-notification openstack-ceilometer-central python-ceilometerclient python-ceilometermiddleware

11.3 创建数据库
数据库启动之后需要等待几秒后开始创建，否则会出现报错。

mongo --host controller --eval ’ db = db.getSiblingDB(“ceilometer”); db.addUser({user: “ceilometer”, pwd: “000000”, roles: [ “readWrite”, “dbAdmin” ]})’

11.4 创建用户

openstack user create --domain default --password 000000 ceilometer

openstack role add --project service --user ceilometer admin

openstack role create ResellerAdmin

openstack role add --project service --user ceilometer ResellerAdmin

11.5 创建Endpoint和API端点

openstack service create --name ceilometer --description “Telemetry” metering

openstack endpoint create --region RegionOne metering public http://controller:8777

openstack endpoint create --region RegionOne metering internal http://controller:8777

openstack endpoint create --region RegionOne metering admin http://controller:8777

11.6 配置Ceilometer

openstack-config --set /etc/ceilometer/ceilometer.conf database connection mongodb://ceilometer:000000@controller:27017/ceilometer

openstack-config --set /etc/ceilometer/ceilometer.conf DEFAULT rpc_backend rabbit

openstack-config --set /etc/ceilometer/ceilometer.conf oslo_messaging_rabbit rabbit_host controller

openstack-config --set /etc/ceilometer/ceilometer.conf oslo_messaging_rabbit rabbit_userid openstack

openstack-config --set /etc/ceilometer/ceilometer.conf oslo_messaging_rabbit rabbit_password 000000

openstack-config --set /etc/ceilometer/ceilometer.conf DEFAULT auth_strategy keystone

openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken auth_uri http://controller:5000

openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken auth_url http://controller:35357

openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken memcached_servers controller:11211

openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken auth_type password

openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken project_domain_name default

openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken user_domain_name default

openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken project_name service

openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken username ceilometer

openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken password 000000

openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials auth_type password

openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials auth_url http://controller:5000/v3

openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials project_domain_name default

openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials user_domain_name default

openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials project_name service

openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials username ceilometer

openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials password 000000

openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials interface internalURL

openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials region_name RegionOne

11.7 启动服务
systemctl enable openstack-ceilometer-api.service openstack-ceilometer-notification.service openstack-ceilometer-central.service openstack-ceilometer-collector.service
systemctl restart openstack-ceilometer-api.service openstack-ceilometer-notification.service openstack-ceilometer-central.service openstack-ceilometer-collector.service
11.8 监控组件
openstack-config --set /etc/glance/glance-api.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/glance/glance-api.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/glance/glance-api.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/glance/glance-api.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/glance/glance-api.conf oslo_messaging_notifications driver messagingv2
openstack-config --set /etc/glance/glance-registry.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/glance/glance-registry.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/glance/glance-registry.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/glance/glance-registry.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/glance/glance-registry.conf oslo_messaging_notifications driver messagingv2
systemctl restart openstack-glance-api.service openstack-glance-registry.service
openstack-config --set /etc/cinder/cinder.conf oslo_messaging_notifications driver messagingv2
systemctl restart openstack-cinder-api.service openstack-cinder-scheduler.service
openstack-config --set /etc/swift/proxy-server.conf filter:keystoneauth operator_roles “admin, user, ResellerAdmin”
openstack-config --set /etc/swift/proxy-server.conf pipeline:main pipeline “ceilometer catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server”
openstack-config --set /etc/swift/proxy-server.conf filter:ceilometer paste.filter_factory ceilometermiddleware.swift:filter_factory
openstack-config --set /etc/swift/proxy-server.conf filter:ceilometer url rabbit://openstack:000000@controller:5672/
openstack-config --set /etc/swift/proxy-server.conf filter:ceilometer driver messagingv2
openstack-config --set /etc/swift/proxy-server.conf filter:ceilometer topic notifications
openstack-config --set /etc/swift/proxy-server.conf filter:ceilometer log_level WARN
systemctl restart openstack-swift-proxy.service

compute 节点

11.9 安装软件包
yum install openstack-ceilometer-compute python-ceilometerclient python-pecan –y
11.10 配置Ceilometer
openstack-config --set /etc/ceilometer/ceilometer.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/ceilometer/ceilometer.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/ceilometer/ceilometer.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/ceilometer/ceilometer.conf oslo_messaging_rabbit rabbit_password 000000

openstack-config --set /etc/ceilometer/ceilometer.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken auth_type password
openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken project_name service
openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken username ceilometer
openstack-config --set /etc/ceilometer/ceilometer.conf keystone_authtoken password 000000

openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials auth_type password
openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials auth_url http://controller:5000/v3
openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials project_domain_name default
openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials user_domain_name default
openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials project_name service
openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials username ceilometer
openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials password 000000
openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials interface internalURL
openstack-config --set /etc/ceilometer/ceilometer.conf service_credentials region_name RegionOne

openstack-config --set /etc/nova/nova.conf DEFAULT instance_usage_audit True
openstack-config --set /etc/nova/nova.conf DEFAULT instance_usage_audit_period hour
openstack-config --set /etc/nova/nova.conf DEFAULT notify_on_state_change vm_and_task_state
openstack-config --set /etc/nova/nova.conf DEFAULT notification_driver messagingv2
12 安装Alarm监控服务
12.1通过脚本安装alarm服务
12.2-12.8 Alarm监控服务的操作命令已经编写成shell脚本，通过脚本进行一键安装。如下：
#Controller节点
执行脚本iaas-install-alarm.sh进行安装

12.2 创建数据库

mysql -u root -p

mysql> CREATE DATABASE aodh;
mysql> GRANT ALL PRIVILEGES ON aodh.* TO aodh@‘localhost’ IDENTIFIED BY ‘000000’;
mysql> GRANT ALL PRIVILEGES ON aodh.* TO aodh@’%’ IDENTIFIED BY ‘000000’;
12.3 创建keystone用户
openstack user create --domain default --password 000000 aodh
openstack role add --project service --user aodh admin
12.4 创建Endpoint和API
openstack service create --name aodh --description “Telemetry” alarming
openstack endpoint create --region RegionOne alarming public http://controller:8042
openstack endpoint create --region RegionOne alarming internal http://controller:8042
openstack endpoint create --region RegionOne alarming admin http://controller:8042
12.5 安装软件包
yum install -y openstack-aodh-api openstack-aodh-evaluator openstack-aodh-notifier openstack-aodh-listener openstack-aodh-expirer python-ceilometerclient
12.6 配置aodh
openstack-config --set /etc/aodh/aodh.conf database connection mysql+pymysql://aodh:000000@controller/aodh
openstack-config --set /etc/aodh/aodh.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/aodh/aodh.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/aodh/aodh.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/aodh/aodh.conf oslo_messaging_rabbit rabbit_password 000000

openstack-config --set /etc/aodh/aodh.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/aodh/aodh.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/aodh/aodh.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/aodh/aodh.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/aodh/aodh.conf keystone_authtoken auth_type password
openstack-config --set /etc/aodh/aodh.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/aodh/aodh.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/aodh/aodh.conf keystone_authtoken project_name service
openstack-config --set /etc/aodh/aodh.conf keystone_authtoken username aodh
openstack-config --set /etc/aodh/aodh.conf keystone_authtoken password 000000
openstack-config --set /etc/aodh/aodh.conf service_credentials auth_type password
openstack-config --set /etc/aodh/aodh.conf service_credentials auth_url http://controller:5000/v3
openstack-config --set /etc/aodh/aodh.conf service_credentials project_domain_name default
openstack-config --set /etc/aodh/aodh.conf service_credentials user_domain_name default
openstack-config --set /etc/aodh/aodh.conf service_credentials project_name service
openstack-config --set /etc/aodh/aodh.conf service_credentials username aodh
openstack-config --set /etc/aodh/aodh.conf service_credentials password 000000
openstack-config --set /etc/aodh/aodh.conf service_credentials interface internalURL
openstack-config --set /etc/aodh/aodh.conf service_credentials region_name RegionOne
openstack-config --set /etc/aodh/api_paste.ini filter:authtoken oslo_config_project aodh
12.7 同步数据库
su -s /bin/sh -c “aodh-dbsync” aodh
12.8 启动服务
systemctl enable openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service
systemctl restart openstack-aodh-api.service openstack-aodh-evaluator.service openstack-aodh-notifier.service openstack-aodh-listener.service

13.添加控制节点资源到云平台
13.1 修改openrc.sh
把compute节点的IP和主机名改为controller节点的IP和主机名

13.2 运行iaas-install-nova-compute.sh
在控制节点运行iaas-install-nova-compute.sh
14 系统卸载
系统提供一键卸载脚本，节点运行iaas-uninstall-all.sh脚本，脚本卸载当前节点的所有云平台数据，如果卸载节点为controller节点则会清除所有的数据（此时云平台也被清空），如果卸载节点为compute节点则会删除compute节点的数据。
15 Xindian-IaaS-2.0版本升级说明：
Xiandian-IaaS-2.0基于Openstack Mitaka版本开发，与Xandian-IaaS-1.4版版本是基于OpenStack Icehouse版本开发的区别。
1）操作系统从CentOS6.5升级到了cenots7，系统内核版本从2.x版本到了3.0本以上。
2）OpenStack的版本从I版本升级到了M版本，相比较I版本，具体来说，M版本重点提升了云部署者和管理者日常使用的便携性。M版本对OpenStack的命令做了集成，使之集成在OpenStack下，形成一个统一的整体，便于工程师理解记忆运维命令。
3）Xindian-IaaS-2.0版本消息服务从qpid服务升级到了轻量级的rabbitMQ服务，减少了系统的负载。
4）Xindian-IaaS-2.0版本新增了Alarm监控服务，提供了数字化监控平台，减少系统的安全隐患。
5）在网络安装部分，Dashboard界面有改动，更结构化，部分功能有改动，更趋向于软件定义网络的思想

你可能感兴趣的:(运维,大数据,linux)

Flink中的SQL Client和SQL Gateway BigDataMLApplication flink flink sql gateway
Flink中的SQLClient和SQLGateway对比目录定义基本原理适用场景主要区别常用运维命令示例官方链接正文1.定义SQLClient：FlinkSQLClient是一种用于提交和执行FlinkSQL语句的命令行界面或图形界面工具。SQLGateway：FlinkSQLGateway是一个独立的服务，它允许客户端通过RESTfulAPI将SQL查询提交到Flink集群。2.基本原理SQL
浪潮 M5系列服务器IPMI无法监控存储RAID卡问题. Songxwn 硬件服务器服务器运维
简介浪潮的M5代服务器，可能有WebBMC无法查看存储RAID/SAS卡状态的情况，可以通过以下方式修改。修改完成后重启BMC即可生效。ESXiIPMITools使用：https://songxwn.com/ESXi8_IPMI/（Linux也可以直接使用）Linux/ESXiIPMITool下载：https://songxwn.com/file/ipmitoolWindows下载：https:/
unblock with ‘mysqladmin flush-hosts‘ 解决方法祈祷平安,加油数据库常见问题 oracle 数据库
MySqlHostisblockedbecauseofmanyconnectionerrors;unblockwith'mysqladminflush-hosts'解决方法环境：linux，mysql5.5.21错误：Hostisblockedbecauseofmanyconnectionerrors;unblockwith'mysqladminflush-hosts'原因：同一个ip在短时间内产
数据分析：低代码平台助力大数据时代的飞跃发展快乐非自愿数据分析低代码大数据
随着信息技术的突飞猛进，我们身处于一个数据量空前增长的时代——大数据时代。在这个时代背景下，数据分析已经成为企业决策、政策制定、科学研究等众多领域不可或缺的重要工具。然而，面对海量的数据和日益复杂多变的分析需求，传统的数据分析方法往往捉襟见肘，难以应对。幸运的是，低代码平台的兴起为大数据分析注入了新的活力，成为推动大数据时代发展的重要力量。低代码平台，顾名思义，是一种通过少量甚至无需编写代码，就能
1.计算机处理器架构+嵌入式处理器架构及知识 vv 啊 arm-linux学习 linux 系统架构
目录一：x86-64处理器架构二：Intel80386处理器（i386）1.i3862.i686三：嵌入式Linux知识：1.MinGW2.GNU计划2.1GNU工具链概述此次只分享英特尔和ADM处理器有关于x86的架构，至于嵌入式处理器架构请查看https://en.wikipedia.org/wiki/List_of_ARM_processors一：x86-64处理器架构x86-64，也称为x
springboot集成logback-spring.xml文件 RT_0114 SpringBoot spring boot spring logback
彩色日志日志分debug和error文件输出，方便开发人员运维日志限制最大保管天数日志限制总量大小占用量GB日志限制单个文件大小MB日志显示最大保留天数屏蔽没用的日志${CONSOLE_LOG_PATTERN}${log.path}/debug.log${log.path}/%d{yyyy-MM-dd,aux}/debug.%d{yyyy-MM-dd}.%i.log.gz1024MB50GB365
linux基础命令（一）运维搬运工 linux linux 服务器 centos
Linux基础命令1、设置主机名1.1、hostname查看主机名[root@ansible~]#cat/etc/hostnameansible或[root@ansible~]#hostnameansible注意：主机名中不允许使用下划线“_”，可以用短横线“-”1.2、hostname临时修改主机名#临时修改直接修改的是内存中的，重启会失效[root@ansible~]#hostnameansi
docker基础（一）运维搬运工容器-docker docker 容器运维
相关概念介绍Docker是一个开源的应用容器引擎，让开发者可以打包他们的应用以及依赖到一个可移植的容器中，然后发布到任何流行的linux机器上，也可以实现虚拟化，容器是完全使用沙箱机制，互相之间不会有任何接口。Docker有几个重要概念：dockerfile，配置文件，用来生成dockerimagedockerimage，交付部署的最小单元docker命令与API，定义命令与接口，支持第三方系统集
网络安全（黑客）——自学2024 小言同学喜欢挖漏洞 web安全安全网络学习网络安全信息安全渗透测试
01什么是网络安全网络安全可以基于攻击和防御视角来分类，我们经常听到的“红队”、“渗透测试”等就是研究攻击技术，而“蓝队”、“安全运营”、“安全运维”则研究防御技术。无论网络、Web、移动、桌面、云等哪个领域，都有攻与防两面性，例如Web安全技术，既有Web渗透，也有Web防御技术（WAF）。作为一个合格的网络安全工程师，应该做到攻守兼备，毕竟知己知彼，才能百战百胜。02怎样规划网络安全如果你是一
黑客（网络安全）技术自学30天一个迷人的黑客 web安全安全网络笔记网络安全信息安全渗透测试
01什么是网络安全网络安全可以基于攻击和防御视角来分类，我们经常听到的“红队”、“渗透测试”等就是研究攻击技术，而“蓝队”、“安全运营”、“安全运维”则研究防御技术。无论网络、Web、移动、桌面、云等哪个领域，都有攻与防两面性，例如Web安全技术，既有Web渗透，也有Web防御技术（WAF）。作为一个合格的网络安全工程师，应该做到攻守兼备，毕竟知己知彼，才能百战百胜。02怎样规划网络安全如果你是一
linux安装docker及docker-compose 部署spring boot项目时而有事儿 docker linux docker linux spring boot
linux系统环境：centos5.14本篇描述的是在centos系统版本下安装docker，如果是ubuntu版本，请看这篇文章：linuxubuntu20安装docker和docker-compose-CSDN博客正文：安装docker和docker-compose安装docker---------运行命名等待安装完成遇到选择直接输入yyuminstall-yyum-utilsdevice-m
检测usb口HotPlug-netlink cany1000 linux
为了完成内核空间与用户空间通信，Linux提供了基于Socket的NetLink通信机制。SELinux，Linux系统的防火墙分为内核态的netfilter和用户态的iptables，netfilter与iptables的数据交换就是通过Netlink机制完成。下面看一个检测usb口的例子：s32InitUsbHotPlug(void){s32nSockFd=0;//套接字地址structsoc
Linux学习系列之vim编辑器（一） llibertyll linux 学习
vi编辑器的操作模式输入模式—aio等—>命令模式<—：键—末行模式从输入/末行模式切换到命令模式都是需要按ESC键注:a光标后输入，i光标前输入，o直接向下加一行输入，O向上加一行输入在vi编辑器中光标的移动（命令行模式下）键组合（命令）光标的移动$光标移动到当前行的结尾0（零）光标移动到当前行的开始GG光标移动到最后一行gg光标移动到第一行在命令行模式下删除与复制的操作键组合（命令）含义dd删
Apache Kafka的伸缩性探究：实现高性能、弹性扩展的关键 i289292951 kafka kafka
引言ApacheKafka作为当今最流行的消息中间件之一，以其强大的伸缩性著称。在大数据处理、流处理和实时数据集成等领域，Kafka的伸缩性为其在面临急剧增长的数据流量和多样化业务需求时提供了无与伦比的扩展能力。本文将深入探讨Kafka如何通过其独特的架构设计实现高水平的伸缩性，以及在实际部署中如何优化和利用这一特性。一、Kafka伸缩性的核心设计分区（Partitioning）与水平扩展Kafk
自学黑客（网络安全）技术——2024最新九九归二 web安全安全学习笔记网络网络安全信息安全
01什么是网络安全网络安全可以基于攻击和防御视角来分类，我们经常听到的“红队”、“渗透测试”等就是研究攻击技术，而“蓝队”、“安全运营”、“安全运维”则研究防御技术。无论网络、Web、移动、桌面、云等哪个领域，都有攻与防两面性，例如Web安全技术，既有Web渗透，也有Web防御技术（WAF）。作为一个合格的网络安全工程师，应该做到攻守兼备，毕竟知己知彼，才能百战百胜。02怎样规划网络安全如果你是一
Azkaban各种类型的Job编写 __元昊__
一、概述原生的Azkaban支持的plugin类型有以下这些：command：Linuxshell命令行任务gobblin：通用数据采集工具hadoopJava：运行hadoopMR任务java：原生java任务hive：支持执行hiveSQLpig：pig脚本任务spark：spark任务hdfsToTeradata：把数据从hdfs导入TeradatateradataToHdfs：把数据从Te
Linux初学（十）shell脚本王依硕 Linux linux 运维服务器
一、for循环1.1循环的格式for变量in列表do代码代码....done循环的逻辑：将列表中的每个元素逐一赋值给变量每赋值一次，do和done之间的代码就会执行一次1.2列表的生成方式方法1：直接给出列表元素【用空格分隔多个元素】133129hahabaidu方法2：用通配符来生成元素/home/a*方法3：用命令来生成元素ls/etc/方法4：用{}展开的形式生成元素{3..7}{a..e}
Ubuntu下安装Chrome浏览器(简单,使用) Starry-sky(jing) [linux操作系统笔记]chrome 深度学习 linux
下载安装GoogleChrome浏览器deb包极速下载:下载链接32位wgethttps://dl.google.com/linux/direct/google-chrome-stable_current_i386.deb64位wgethttps://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb安装sudodpk
【Linux】PyCharm无法启动报错及解决方法不是AI python 软件操作 Linux linux pycharm 运维
一、问题描述如图，笔者试图在Ubuntu18.04虚拟机上运行PyCharm开发工具（已安装，安装过程可以参考我的博客Ubuntu安装PyCharm），无法启动，报错：CannotconnecttoalreadyrunningIDEinstance.Exception:Process2574isstillrunning.报错截图如下：二、解决方法通过报错信息看出，出于某种原因，进程（PID为257
Linux（centos7）部署hive 灯下夜无眠 Linux linux hive 运维 dbeaver hive客户端
前提环境：已部署完hadoop(HDFS、MapReduce、YARN)1、安装元数据服务MySQL切换root用户#更新密钥rpm--importhttps://repo.mysql.com/RPM-GPG-KEY-mysqL-2022#安装Mysqlyum库rpm-Uvhhttp://repo.mysql.com//mysql57-community-release-el7-7.noarch.
Linux通过Tuned实现动态调优系统性能星河_赵梓宇 linux 运维服务器
Linux通过Tuned实现动态调优系统性能Tuned简介对于普通用户来说，优化Linux应用环境可能是相当具有挑战性的。它涵盖了各种领域，并且有许多参数需要考虑，比如CPU、存储、缓存策略和内存管理。尽管Linux有默认设置可以处理大多数情况和场景，但是对于高性能、高并发和高可用性系统等特殊场景，需要进行调整。本文讨论的特性是tuned，它是Linux系统中常用的一种调优服务。tuned由两个程
山东省大数据局副局长禹金涛一行莅临聚合数据走访调研聚合数据 API 大数据人工智能 API
3月19日，山东省大数据局党组成员、副局长禹金涛莅临聚合数据展开考察调研。山东省大数据局数据应用管理与安全处处长杨峰，副处长都海明参加调研，苏州市大数据局副局长汤晶陪同。聚合数据董事长左磊等人接待来访。调研组一行参观了聚合数据展厅，了解了聚合数据的发展历程、数据产品、应用案例、奖项荣誉等情况。并就企业在数据处理和应用方面取得的成绩进行了深入交流。作为最早一批进入大数据行业的企业，聚合数据深耕行业十
vscode配置go远程linux gdut17 golang
Toolsenvironment:GOPATH=/root/goInstalling9toolsat/root/go/bininmodulemode.gopkgsgo-outlinegotestsgomodifytagsimplgoplaydlvgolintgoplsInstallinggithub.com/uudashr/gopkgs/v2/cmd/gopkgs(/root/go/bin/gop
部署es集群 liushaojiax elasticsearch java 大数据
我们会在单机上利用docker容器运行多个es实例来模拟es集群。不过生产环境推荐大家每一台服务节点仅部署一个es的实例。部署es集群可以直接使用docker-compose来完成，但这要求你的Linux虚拟机至少有4G的内存空间创建es集群首先编写一个docker-compose文件，内容如下：version:'2.2'services:es01:image:elasticsearch:7.12
网络安全（黑客技术）—自学德西德西 web安全安全网络安全学习 python 开发语言 php
1.网络安全是什么网络安全可以基于攻击和防御视角来分类，我们经常听到的“红队”、“渗透测试”等就是研究攻击技术，而“蓝队”、“安全运营”、“安全运维”则研究防御技术。2.网络安全市场一、是市场需求量高；二、则是发展相对成熟入门比较容易。3.所需要的技术水平需要掌握的知识点偏多（举例）：4.国家政策环境对于国家与企业的地位愈发重要，没有网络安全就没有国家安全更有为国效力的正义黑客—红客联盟可见其重视
智慧公厕的先进技术应用中期科技ZONTREE 智慧厕所智慧公厕智慧城市
公共厕所一直以来都是城市管理中一个重要的工作，但设施老化、环境脏乱、服务质量低下等问题一直困扰着城市居民。然而，随着科技的进步和数字技术的应用，智慧公厕的建设正在改变这一现状。智慧公厕通过对所在辖区内所有公共厕所的全域感知、全网协同、全业务融合和全场景智慧的赋能，“千厕一云”的公共厕所云管理模式应运而生。智慧公厕的云端多屏管理，将各个公厕连接在一起，实现信息的共享和管理的集中化。通过大数据、云计算
SQL运维_Unix下MySQL-8.0.18配置文件示例 Mostcow SQL sql 运维 unix
SQL运维_Unix下MySQL-8.0.18配置文件示例MySQL是一个关系型数据库管理系统,由瑞典MySQLAB公司开发,属于Oracle旗下产品。MySQL是最流行的关系型数据库管理系统之一,在WEB应用方面,MySQL是最好的RDBMS(RelationalDatabaseManagementSystem,关系数据库管理系统)应用软件之一。MySQL是一种关系型数据库管理系统,关系数据库将
在 Linux/Ubuntu/Debian 上安装 SQL Server 2019 理工男老K ubuntu linux 运维 debian sqlserver
Microsoft为Linux发行版（包括Ubuntu）提供SQLServer。以下是有关如何执行此操作的基本指南：注册MicrosoftUbuntu存储库并添加公共存储库GPG密钥：sudowget-qO-https://packages.microsoft.com/keys/microsoft.asc|sudoapt-keyadd-sudoadd-apt-repository"$(wget-q
关于HDP的20道高级运维面试题编织幻境的妖运维
1.描述HDP的主要组件及其作用。HDP（HortonworksDataPlatform）的主要组件包括Hadoop框架、HDFS、MapReduce、YARN以及Hadoop生态系统中的其他关键工具，如Spark、Flink、Hive、HBase等。以下是对这些组件及其作用的具体描述：Hadoop框架:Hadoop是一个开源的分布式计算框架，用Java语言编写，用于存储和处理大规模数据集。它广义
生信星球学习小组第80期 Day3笔记--ZJUSKY ZJUSKY
Conda简介Conda是一个开源的软件包管理系统和环境管理系统，用于安装多个版本的软件包及其依赖关系，并在它们之间轻松切换。简单来说Conda就是Linux系统下的应用商店，你可以在通过Conda下载，安装很多软件。这里我们推荐miniconda,它只包含了最基本的内容，python和conda，以及相关的必须依赖项。精简的miniconda足够满足日常生信使用。下载miniconda推荐使用清
集合框架天子之骄 java 数据结构集合框架
集合框架集合框架可以理解为一个容器，该容器主要指映射(map)、集合(set)、数组(array)和列表(list)等抽象数据结构。从本质上来说，Java集合框架的主要组成是用来操作对象的接口。不同接口描述不同的数据类型。简单介绍： Collection接口是最基本的接口，它定义了List和Set，List又定义了LinkLi
Table Driven（表驱动）方法实例 bijian1013 java enum Table Driven 表驱动
实例一： /** * 驾驶人年龄段 * 保险行业，会对驾驶人的年龄做年龄段的区分判断 * 驾驶人年龄段：01-[18,25);02-[25,30);03-[30-35);04-[35,40);05-[40,45);06-[45,50);07-[50-55);08-[55,+∞) */ public class AgePeriodTest { //if...el
Jquery 总结 cuishikuan java jquery Ajax Web jquery方法
1.$.trim方法用于移除字符串头部和尾部多余的空格。如：$.trim(' Hello ') // Hello2.$.contains方法返回一个布尔值，表示某个DOM元素（第二个参数）是否为另一个DOM元素（第一个参数）的下级元素。如：$.contains(document.documentElement, document.body); 3.$
面向对象概念的提出麦田的设计者 java 面向对象面向过程
面向对象中，一切都是由对象展开的，组织代码，封装数据。在台湾面向对象被翻译为了面向物件编程，这充分说明了，这种编程强调实体。下面就结合编程语言的发展史，聊一聊面向过程和面向对象。 c语言由贝尔实
linux网口绑定被触发 linux
刚在一台IBM Xserver服务器上装了RedHat Linux Enterprise AS 4，为了提高网络的可靠性配置双网卡绑定。一、环境描述我的RedHat Linux Enterprise AS 4安装双口的Intel千兆网卡，通过ifconfig -a命令看到eth0和eth1两张网卡。二、双网卡绑定步骤： 2.1 修改/etc/sysconfig/network
XML基础语法肆无忌惮_ xml
一、什么是XML？ XML全称是Extensible Markup Language，可扩展标记语言。很类似HTML。XML的目的是传输数据而非显示数据。XML的标签没有被预定义，你需要自行定义标签。XML被设计为具有自我描述性。是W3C的推荐标准。二、为什么学习XML？用来解决程序间数据传输的格式问题做配置文件充当小型数据库三、XML与HTM
为网页添加自己喜欢的字体知了ing 字体秒表 css
@font-face { font-family: miaobiao;//定义字体名字 font-style: normal; font-weight: 400; src: url('font/DS-DIGI-e.eot');//字体文件 } 使用： <label style="font-size:18px;font-famil
redis范围查询应用-查找IP所在城市矮蛋蛋 redis
原文地址： http://www.tuicool.com/articles/BrURbqV 需求根据IP找到对应的城市原来的解决方案 oracle表（ip_country）：查询IP对应的城市： 1.把a.b.c.d这样格式的IP转为一个数字，例如为把210.21.224.34转为3524648994 2. select city from ip_
输入两个整数，计算百分比 alleni123 java
public static String getPercent(int x, int total){ double result=(x*1.0)/(total*1.0); System.out.println(result); DecimalFormat df1=new DecimalFormat("0.0000%");
百合——————>怎么学习计算机语言百合不是茶 java 移动开发
对于一个从没有接触过计算机语言的人来说，一上来就学面向对象，就算是心里上面接受的了，灵魂我觉得也应该是跟不上的，学不好是很正常的现象，计算机语言老师讲的再多，你在课堂上面跟着老师听的再多，我觉得你应该还是学不会的，最主要的原因是你根本没有想过该怎么来学习计算机编程语言，记得大一的时候金山网络公司在湖大招聘我们学校一个才来大学几天的被金山网络录取，一个刚到大学的就能够去和
linux下tomcat开机自启动 bijian1013 tomcat
方法一：修改Tomcat/bin/startup.sh 为: export JAVA_HOME=/home/java1.6.0_27 export CLASSPATH=$CLASSPATH:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar:. export PATH=$JAVA_HOME/bin:$PATH export CATALINA_H
spring aop实例 bijian1013 java spring AOP
1.AdviceMethods.java package com.bijian.study.spring.aop.schema; public class AdviceMethods { public void preGreeting() { System.out.println("--how are you!--"); } } 2.beans.x
[Gson八]GsonBuilder序列化和反序列化选项enableComplexMapKeySerialization bit1129 serialization
enableComplexMapKeySerialization配置项的含义 Gson在序列化Map时，默认情况下，是调用Key的toString方法得到它的JSON字符串的Key，对于简单类型和字符串类型，这没有问题，但是对于复杂数据对象，如果对象没有覆写toString方法，那么默认的toString方法将得到这个对象的Hash地址。 GsonBuilder用于
【Spark九十一】Spark Streaming整合Kafka一些值得关注的问题 bit1129 Stream
包括Spark Streaming在内的实时计算数据可靠性指的是三种级别： 1. At most once，数据最多只能接受一次，有可能接收不到 2. At least once, 数据至少接受一次，有可能重复接收 3. Exactly once 数据保证被处理并且只被处理一次，具体的多读几遍http://spark.apache.org/docs/lates
shell脚本批量检测端口是否被占用脚本 ronin47
#!/bin/bash cat ports |while read line do#nc -z -w 10 $line nc -z -w 2 $line 58422>/dev/null2>&1if[ $?-eq 0]then echo $line:ok else echo $line:fail fi done 这里的ports 既可以是文件
java-2.设计包含min函数的栈 bylijinnan java
具体思路参见：http://zhedahht.blog.163.com/blog/static/25411174200712895228171/ import java.util.ArrayList; import java.util.List; public class MinStack { //maybe we can use origin array rathe
Netty源码学习-ChannelHandler bylijinnan java netty
一般来说，“有状态”的ChannelHandler不应该是“共享”的，“无状态”的ChannelHandler则可“共享” 例如ObjectEncoder是“共享”的, 但 ObjectDecoder 不是因为每一次调用decode方法时，可能数据未接收完全（incomplete），它与上一次decode时接收到的数据“累计”起来才有可能是完整的数据，是“有状态”的 p
java生成随机数 cngolon java
方法一： /** * 生成随机数 * @author [email protected] * @return */ public synchronized static String getChargeSequenceNum(String pre){ StringBuffer sequenceNum = new StringBuffer(); Date dateTime = new D
POI读写海量数据 ctrain 海量数据
import java.io.FileOutputStream; import java.io.OutputStream; import org.apache.poi.xssf.streaming.SXSSFRow; import org.apache.poi.xssf.streaming.SXSSFSheet; import org.apache.poi.xssf.streaming
mysql 日期格式化date_format详细使用 daizj mysql date_format 日期格式转换日期格式化
日期转换函数的详细使用说明 DATE_FORMAT(date,format) Formats the date value according to the format string. The following specifiers may be used in the format string. The&n
一个程序员分享8年的开发经验 dcj3sjt126com 程序员
在中国有很多人都认为IT行为是吃青春饭的，如果过了30岁就很难有机会再发展下去!其实现实并不是这样子的，在下从事.NET及JAVA方面的开发的也有8年的时间了，在这里在下想凭借自己的亲身经历，与大家一起探讨一下。明确入行的目的很多人干IT这一行都冲着“收入高”这一点的，因为只要学会一点HTML, DIV+CSS，要做一个页面开发人员并不是一件难事，而且做一个页面开发人员更容
android欢迎界面淡入淡出效果 dcj3sjt126com android
很多Android应用一开始都会有一个欢迎界面，淡入淡出效果也是用得非常多的，下面来实现一下。主要代码如下： package com.myaibang.activity; import android.app.Activity;import android.content.Intent;import android.os.Bundle;import android.os.CountDown
linux 复习笔记之常见压缩命令 eksliang tar解压 linux系统常见压缩命令 linux压缩命令 tar压缩
转载请出自出处:http://eksliang.iteye.com/blog/2109693 linux中常见压缩文件的拓展名 *.gz gzip程序压缩的文件 *.bz2 bzip程序压缩的文件 *.tar tar程序打包的数据，没有经过压缩 *.tar.gz tar程序打包后，并经过gzip程序压缩 *.tar.bz2 tar程序打包后，并经过bzip程序压缩 *.zi
Android 应用程序发送shell命令 gqdy365 android
项目中需要直接在APP中通过发送shell指令来控制lcd灯，其实按理说应该是方案公司在调好lcd灯驱动之后直接通过service送接口上来给APP，APP调用就可以控制了，这是正规流程，但我们项目的方案商用的mtk方案，方案公司又没人会改，只调好了驱动，让应用程序自己实现灯的控制，这不蛋疼嘛！！！！发就发吧！一、关于shell指令：我们知道，shell指令是Linux里面带的
java 无损读取文本文件 hw1287789687 读取文件无损读取读取文本文件 charset
java 如何无损读取文本文件呢？以下是有损的 @Deprecated public static String getFullContent(File file, String charset) { BufferedReader reader = null; if (!file.exists()) { System.out.println("getFull
Firebase 相关文章索引 justjavac firebase
Awesome Firebase 最近谷歌收购Firebase的新闻又将Firebase拉入了人们的视野，于是我做了这个 github 项目。 Firebase 是一个数据同步的云服务，不同于 Dropbox 的「文件」，Firebase 同步的是「数据」，服务对象是网站开发者，帮助他们开发具有「实时」（Real-Time）特性的应用。开发者只需引用一个 API 库文件就可以使用标准 RE
C++学习重点 lx.asymmetric C++笔记
1.c++面向对象的三个特性：封装性，继承性以及多态性。 2.标识符的命名规则：由字母和下划线开头，同时由字母、数字或下划线组成；不能与系统关键字重名。 3.c++语言常量包括整型常量、浮点型常量、布尔常量、字符型常量和字符串性常量。 4.运算符按其功能开以分为六类：算术运算符、位运算符、关系运算符、逻辑运算符、赋值运算符和条件运算符。 &n
java bean和xml相互转换 q821424508 java bean xml xml和bean转换 java bean和xml转换
这几天在做微信公众号做的过程中想找个java bean转xml的工具，找了几个用着不知道是配置不好还是怎么回事，都会有一些问题，然后脑子一热谢了一个javabean和xml的转换的工具里，自己用着还行，虽然有一些约束吧，还是贴出来记录一下顺便你提一下下，这个转换工具支持属性为集合、数组和非基本属性的对象。 packag
C 语言初级位运算 1140566087 位运算 c
第十章位运算 1、位运算对象只能是整形或字符型数据，在VC6.0中int型数据占4个字节 2、位运算符：运算符作用 ~ 按位求反 << 左移 >> 右移 & 按位与 ^ 按位异或 | 按位或他们的优先级从高到低； 3、位运算符的运算功能： a、按位取反： ~01001101 = 101
14点睛Spring4.1-脚本编程 wiselyman spring4
14.1 Scripting脚本编程脚本语言和java这类静态的语言的主要区别是:脚本语言无需编译,源码直接可运行; 如果我们经常需要修改的某些代码,每一次我们至少要进行编译,打包,重新部署的操作,步骤相当麻烦; 如果我们的应用不允许重启,这在现实的情况中也是很常见的; 在spring中使用脚本编程给上述的应用场景提供了解决方案,即动态加载bean; spring支持脚本