Openstack云计算平台部署——环境篇
刚考完红帽RHCA云计算课-EX210 (openstack V10),对openstack云计算平台有了更深的认识,回来后又心血来潮从头搞了一遍,把部署过程给大家整理出来,帮助openstack的初学者少踩坑,老鸟可以跳过了。
红帽EX210的考试环境是i7cpu + 32G内存 + 500G SATA (256G SSD更好),回来就没有那么高的配置了,看来过年该给自己升级下装备了,其实自己搭个Openstack实验环境满足以下最小需求即可:
控制节点:1 处理器, 4 GB 内存, 及5 GB 存储
计算节点:1 处理器, 2 GB 内存, 及10 GB 存储
具体可以参考官方文档:https://docs.openstack.org/mitaka/zh_CN/install-guide-rdo/,当前官方最新版是Pike,推荐大家从Mitaka版开始,因为这个版本文档官方翻译了中文,哈哈!
实验环境如下:
物理机配置:i5 cpu + 8G内存 + 256G SSD (勉强够用,cpu和内存都要升级)
KVM虚拟机配置:控制节点 1vcpu + 4G内存 + 10G存储 + RHEL7.3最小化安装
计算节点 1vcpu + 2G内存 + 10G存储 + RHEL7.3最小化安装
存储节点可选
所有节点禁用Selinux和firewalld服务,selinux是个坑。需要具备一定的红帽Linux操作系统能力,毕竟openstack是部署在Linux系统平台上的,生产环境部署强烈推荐使用红帽企业版Linux系统,ubuntu系统是个坑哦。
控制节点配置:
网络配置:
RHEL7引入了新的命名规则,网卡命名类似这样:ifcfg-enp0s8,如果还是喜欢RHEL6的方式,可以在启动虚拟机时传递“net.ifnames=0”的内核参数从而修改RHEL7系统对网卡接口的命名方式,写入/boot/grub2/grub.cfg文件可以永久保存。
[root@controller network-scripts]# cat ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=static
IPADDR=172.25.0.11
PREFIX=24
GATEWAY=172.25.0.250
DNS1=114.114.114.114
UUID=8f9d8331-384a-4d56-ab74-91ac001e1aa8
DEVICE=eth0
ONBOOT=yes
[root@controller network-scripts]# cat ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=none
DEVICE=eth1
ONBOOT=yes
所有节点主机名需要解析:
127.0.0.1 localhost
172.25.0.11 controller
172.25.0.12 compute1
启用NTP服务:
# yum install chrony -y
# vim /etc/chrony.conf
server time1.aliyun.com iburst #阿里云ntp服务器time1-7.aliyun.com
allow 192.168.0.0/24
# systemctl enable chronyd
# systemctl restart chronyd
所有openstack节点的时间都必须一致,不然会导致无法启动虚拟机。
Openstack安装源:
# rpm -ivh rdo-release-mitaka-6.noarch.rpm
# yum upgrade # 系统更新,如果更新了内核需要重启。
# yum install openstack-selinux # 系统启动selinux的话需要安装,自动管理 OpenStack 服务的安全策略 (也不是绝对可以解决,踩过坑)
# yum install python-openstackclient -y # openstack的客户端
# yum install mariadb mariadb-server python2-PyMySQL -y
# vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 172.25.0.11 # 控制节点的管理网络IP地址
default-storage-engine = innodb
innodb_file_per_table # 独享表空间
max_connections = 4096 # 最大连接数,默认1024
collation-server = utf8_general_ci
character-set-server = utf8
# systemctl enable mariadb.service
# systemctl start mariadb.service
# mysql_secure_installation
创建数据库并授权:
MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE glance;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE nova_api;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE nova;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE neutron;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
消息队列RabbiMQ:
[root@controller ~]# yum install rabbitmq-server -y
[root@controller ~]# systemctl enable rabbitmq-server.service
[root@controller ~]# systemctl start rabbitmq-server.service
[root@controller ~]# netstat -antlp |grep :5672
tcp6 0 0 :::5672 :::* LISTEN 873/beam
添加openstack用户,密码openstack:
[root@controller ~]# rabbitmqctl add_user openstack openstack
Creating user "openstack" ...
给openstack用户授权:
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...
列出可用插件:
[root@controller ~]# rabbitmq-plugins list
Configured: E = explicitly enabled; e = implicitly enabled
| Status: * = running on rabbit@controller
|/
[ ] amqp_client 3.6.5
[ ] cowboy 1.0.3
[ ] cowlib 1.0.1
[ ] mochiweb 2.13.1
[ ] rabbitmq_amqp1_0 3.6.5
[ ] rabbitmq_auth_backend_ldap 3.6.5
[ ] rabbitmq_auth_mechanism_ssl 3.6.5
[ ] rabbitmq_consistent_hash_exchange 3.6.5
[ ] rabbitmq_event_exchange 3.6.5
[ ] rabbitmq_federation 3.6.5
[ ] rabbitmq_federation_management 3.6.5
[ ] rabbitmq_jms_topic_exchange 3.6.5
[ ] rabbitmq_management 3.6.5
[ ] rabbitmq_management_agent 3.6.5
[ ] rabbitmq_management_visualiser 3.6.5
[ ] rabbitmq_mqtt 3.6.5
[ ] rabbitmq_recent_history_exchange 1.2.1
[ ] rabbitmq_sharding 0.1.0
[ ] rabbitmq_shovel 3.6.5
[ ] ra6bbitmq_shovel_management 3.6.5
[ ] rabbitmq_stomp 3.6.5
[ ] rabbitmq_top 3.6.5
[ ] rabbitmq_tracing 3.6.5
[ ] rabbitmq_trust_store 3.6.5
[ ] rabbitmq_web_dispatch 3.6.5
[ ] rabbitmq_web_stomp 3.6.5
[ ] rabbitmq_web_stomp_examples 3.6.5
[ ] sockjs 0.3.4
[ ] webmachine 1.10.3
启动插件:
[root@controller ~]# rabbitmq-plugins enable rabbitmq_management
The following plugins have been enabled:
mochiweb
webmachine
rabbitmq_web_dispatch
amqp_client
rabbitmq_management_agent
rabbitmq_management
Applying plugin configuration to rabbit@controller... started 6 plugins.
默认管理插件监听端口是15672:
配置memcached服务:
认证服务认证缓存使用Memcached缓存令牌。缓存服务memecached运行在控制节点。在生产部署中,我们推荐联合启用防火墙、认证和加密保证它的安全。
# yum install -y memcached python-memcached
rhel7下memcached默认监听127.0.0.1:11211,配置监听本机所有接口:
# vim /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
#OPTIONS="-l 127.0.0.1,::1"
OPTIONS=""
# systemctl enable memcached.service
# systemctl start memcached.service