Alma Linux 8 OpenStack入门1--环境准备及基础组件安装

Alma Linux 8 OpenStack入门1--环境准备及基础组件安装

1.硬件环境

主机名	IP	网关/DNS	CPU/内存	磁盘
controller	172.26.37.10/24	172.26.37.2	2核 4G	100G
compute	172.26.37.20/24	172.26.37.2	2核 4G	100G
computehci	172.26.37.30/24	172.26.37.2	2核 2G	100G

2.软件环境

主机名	角色	OS	installed组件
controller	控制节点	Alma Linux 8.6	chrony，Yoga YUM Repository，enable powertools，python3-openstackclient，openstack-selinux，mariadb，rabbitmq，memcached，etcd，openstack-keystone，openstack-dashboard
compute	计算节点	Alma Linux 8.6	chrony，Yoga YUM Repository，enable powertools，python3-openstackclient，openstack-selinux
computehci	存储节点	Alma Linux 8.6	chrony，Yoga YUM Repository，enable powertools，python3-openstackclient，openstack-selinux

3.配置网卡/IP、关闭防火墙、禁用selinux、加载br_netfilter模块、配置YUM源、安装chrony

操作对象：控制节点/计算节点/存储节点
操作内容：

# vi /etc/sysconfig/network-scripts/ifcfg-ens33
# cat /etc/sysconfig/network-scripts/ifcfg-ens33 
...
IPADDR=172.26.37.10
PREFIX=24
GATEWAY=172.26.37.2
DNS1=172.26.37.2

# vi /etc/selinux/config
# cat /etc/selinux/config
...
SELINUX=disabled
...

# systemctl stop firewalld
# systemctl disable firewalld
# iptables -L

# echo br_netfilter > /etc/modules-load.d/br_netfilter.conf

# sed -e 's|^mirrorlist=|#mirrorlist=|g' \
      -e 's|^# baseurl=https://repo.almalinux.org|baseurl=https://mirrors.aliyun.com|g' \
      -i.bak \
      /etc/yum.repos.d/almalinux*.repo

# yum install -y chrony
# systemctl enable chronyd.service
# systemctl start chronyd.service
# systemctl status chronyd.service

4.配置Yoga YUM源、启用YUM powertools源、安装OpenStack基础组件

操作对象：控制节点/计算节点/存储节点
操作内容：

# sudo dnf -y install https://repos.fedorapeople.org/repos/openstack/openstack-yoga/rdo-release-yoga-1.el8.noarch.rpm
# dnf repolist
repo id                                                                       repo name
advanced-virtualization                                                       CentOS-8 - Advanced Virtualization
appstream                                                                     AlmaLinux 8 - AppStream
baseos                                                                        AlmaLinux 8 - BaseOS
centos-nfv-openvswitch                                                        CentOS-8 - NFV OpenvSwitch
centos-rabbitmq-38                                                            CentOS-8 - RabbitMQ 38
ceph-pacific                                                                  CentOS-8 - Ceph Pacific
extras                                                                        AlmaLinux 8 - Extras
openstack-yoga                                                                OpenStack Yoga Repository
powertools                                                                    AlmaLinux 8 - PowerTools

# dnf config-manager --enable powertools

# yum install -y python3-openstackclient
# yum install -y openstack-selinux

5.安装mariadb

操作对象：控制节点
操作内容：

# yum install -y mariadb mariadb-server python3-PyMySQL
#创建并编辑文件，修改bind-address为本节点IP地址
# vi /etc/my.cnf.d/openstack.cnf
# cat /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 172.26.37.10 

default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

#启用mariadb服务
# systemctl enable mariadb.service
# systemctl start mariadb.service
# systemctl status mariadb.service

#进行数据库初始化(根据提示配置root密码等信息)
# mysql_secure_installation

6.安装rabbitmq

操作对象：控制节点
操作内容：

#安装rabbitmq组件，并启用服务
# yum install -y rabbitmq-server
# systemctl enable rabbitmq-server.service
# systemctl start rabbitmq-server.service
# systemctl status rabbitmq-server.service

#创建openstack用户，并赋予其权限
# rabbitmqctl add_user openstack awcloud
# rabbitmqctl set_permissions openstack ".*" ".*" ".*"

7.安装memcached

操作对象：控制节点
操作内容：

#安装memcached组件
#yum install -y memcached python3-memcached

#修改配置文件（OPTIONS中添加本节点IP地址）
# vi /etc/sysconfig/memcached
# cat /etc/sysconfig/memcached
...
OPTIONS="-l 127.0.0.1,::1,172.26.37.10"

#启用memcached服务
# systemctl enable memcached.service
# systemctl start memcached.service
# systemctl status memcached.service 

8.安装etcd

操作对象：控制节点
操作内容：

#安装etcd组件
# yum install -y etcd

#修改配置文件（将 ETCD_INITIAL_CLUSTER, ETCD_INITIAL_ADVERTISE_PEER_URLS, ETCD_ADVERTISE_CLIENT_URLS, ETCD_LISTEN_CLIENT_URLS和ETCD_LISTEN_PEER_URLS中的ip设置为本节点ip）
# vi /etc/etcd/etcd.conf
...
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://172.26.37.10:2380"
ETCD_LISTEN_CLIENT_URLS="http://172.26.37.10:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://172.26.37.10:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://172.26.37.10:2379"
ETCD_INITIAL_CLUSTER="controller=http://172.26.37.10:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
...

#启用etcd服务
# systemctl enable etcd
# systemctl start etcd
# systemctl status etcd

9.安装keystone

操作对象：控制节点
操作内容：

#创建keystone库，授权keystone用户

# mysql -u root -p

> CREATE DATABASE keystone;
> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'root';
> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'root';
> flush privileges;

#安装keystone rpm包

# yum install -y openstack-keystone  python3-mod_wsgi

#配置keystone
#vi /etc/keystone/keystone.conf

# grep -Ev "^$|^[#;]" /etc/keystone/keystone.conf

...
[database]
connection = mysql+pymysql://keystone:[email protected]/keystone
...
[token]
provider = fernet
...

#初始化keystone数据

# su -s /bin/sh -c "keystone-manage db_sync" keystone

#初始化fernet数据

# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

#完成服务引导

# keystone-manage bootstrap --bootstrap-password awcloud \

  --bootstrap-admin-url http://172.26.37.10:5000/v3/ \
  --bootstrap-internal-url http://172.26.37.10:5000/v3/ \
  --bootstrap-public-url http://172.26.37.10:5000/v3/ \
  --bootstrap-region-id RegionOne

#配置httpd服务

# vi /etc/httpd/conf/httpd.conf

# cat /etc/httpd/conf/httpd.conf

...
ServerName 0.0.0.0
...
#关联keystone的httpd配置文件

# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

#启动httpd服务

# systemctl enable httpd.service

# systemctl start httpd.service

# systemctl status  httpd.service

9.测试keystone

操作对象：控制节点
操作内容：

#创建admin用户source文件(OS_AUTH_URL中ip为当前节点ip，OS_PASSWORD为awcloud)
# cat > admin-openrc << EOF
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=awcloud
export OS_AUTH_URL=http://172.26.37.10:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF

#source生效
# source admin-openrc

#测试创建Domain/Projects/Roles/User
# openstack domain create --description "Created for Test By Luorf In Mar 2022" example
# openstack project create --domain example --description "server project" server
# openstack role create myrole
# openstack user create --domain example --password-prompt root
User Password:
Repeat User Password:

#将myrole角色添加到myproject项目和myuser用户：
# openstack role add --project server --user root myrole

#取消临时变量
# unset OS_AUTH_URL OS_PASSWORD

#作为admin请求身份令牌
# openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
Password: 

#作为root请求身份令牌
# openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name example --os-user-domain-name example --os-project-name server --os-username root token issue
Password: 123456

10.Horizon dashboard 搭建

操作对象：控制节点
操作内容：

#安装软件包
# yum install openstack-dashboard

#更改dashboard配置文件
# vi /etc/openstack-dashboard/local_settings
# cat /etc/openstack-dashboard/local_settings
...
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*']
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'controller:11211',
    }
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
    'enable_router': False,
    'enable_quotas': False,
    'enable_distributed_router': False,
    'enable_ha_router': False,
    'enable_lb': False,
    'enable_firewall': False,
    'enable_vpn': False,
    'enable_fip_topology_check': False,
}
TIME_ZONE = "Asia/Shanghai"
...

# vi /etc/httpd/conf.d/openstack-dashboard.conf
...
WSGIApplicationGroup %{GLOBAL}
...

#重建apache的dashboard配置文件
# cd /usr/share/openstack-dashboard
# python3 manage.py make_web_conf --apache > /etc/httpd/conf.d/openstack-dashboard.conf
# ln -s /etc/openstack-dashboard /usr/share/openstack-dashboard/openstack_dashboard/conf

#重启httpd服务，加载dashboard
# systemctl restart httpd.service memcached.service
# systemctl status httpd.service memcached.service

11.Horizon dashboard登录

操作对象：浏览器
操作内容：

浏览器访问 http://172.26.37.10/auth/login/?next=/或http://controller/auth/login/?next=/

参考URL:

https://blog.csdn.net/dummy_/category_11695102.html

https://computingforgeeks.com/install-openstack-on-rocky-almalinux/

https://docs.openstack.org/install-guide/environment-packages-rdo.html
https://www.how2shout.com/linux/how-to-install-openstackclient-in-rocky-linux-almalinux-8/