虚拟机 openstack 基础镜像制作 + 安装全过程 + 新增计算节点

# 制作centos7.4-1708 镜像
# 见本目录视频

# 一 安装系统
# 1 
开始安装装作系统 install 界面按tab键输入: net-ifnames=0 boisdevname=0

# 2
设置network IP
langviage seppot 选择支持英文+中文 
minimal+选择前三个软件 
勾选时区右上角ON-安装chrony-NTP
如果是虚拟机不建议选择lvm
分区右边有个内核崩溃备份 取消节省内存

# 二 系统优化
#修改sshd配置文件  
UseDNS no 
GSSAPIAuthentication yes
UsePAM yes

#停止防火墙 selinux NetworkManger 邮件服务
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i s///g /etc/selinux/config
systemctl stop NetworkManager
systemctl disable NetworkManager
systmctl stop postfix
systmctl diable postfix

#安装常用插件
yum -y install base-completion.noarch # tab补全
yum -y net-tools lrzsz wget tree screen lsof tcpdump 

# --------------- 两台机器都要操作
# 配置hostname 并且修改 /etc/hosts 文件
echo 10.0.0.11 controller >> /etc/hosts
echo 10.0.0.31 computer1 >> /etc/hosts

# 挂载本地yum
# mount -o loop /root/code/CentOS-7-x86_64-DVD-1810.iso /mnt
mount /dev/cdrom /mnt
cd /opt/
tar -zxvf openstack_rpm.tar.gz 
echo '[local]
name=local
baseurl=file:///mnt
gpgcheck=0

[openstack]
name=openstack
baseurl=file:///opt/repo
gpgcheck=0' >/etc/yum.repos.d/local.repo

资料包下载地址:
链接:https://pan.baidu.com/s/1tQzbz_qeGF0tht3vXh8RTg 提取码:artp 

1:什么是云计算?
云计算是通过虚拟化技术去实现的,它是一种按量付费的模式!

2:为什么要用云计算?
小公司:1年,20人+,500w,招一个运维,15k,(10台*1.5w,托管IDC机房,8k/年/每台,带宽 100M,5个公网ip, 10k/月),  买10台云主机,600*10=6000

大公司:举行活动,加集群,把闲置时间出租,超卖(kvm  ksm)
16G,kvm,64G(ksm),金牌用户(200w+/月)


3:云计算的服务类型
IDC   

IAAS           基础设施即服务 ECS云主机  自己部署环境,自己管理代码和数据
PAAS   平台即服务   提供软件的运行环境php,java,python,go,c#,nodejs  自己管理代码和数据
SAAS           软件即服务   企业邮箱,cdn,rds

4:云计算IAAS有哪些功能?kvm虚拟化的管理平台(计费)

kvm:1000宿主机(agent),虚拟出2w虚拟机,
虚拟机的详细情况:硬件资源,ip情况统计?
虚拟机管理平台:每台虚拟机的管理,都用数据库来统计



5:openstack实现的是云计算IAAS,开源的云计算平台,apache 2.0,阿里云(飞天云平台)
青云

6:openstack (soa架构)
云平台(keystone认证服务,glance镜像服务,nova计算服务,neutron网络服务,cinder存储服务,horizon web界面)

每个服务:数据库,消息队列,memcached缓存,时间同步

MVC
首页   www.jd.com/index.html
秒杀   www.jd.com/miaosha/index.html
优惠卷 www.jd.com/juan/index.html
会员   www.jd.com/plus/index.html
登录   www.jd.com/login/index.html



SOA(拆业务) 千万用户同时访问
首页   www.jd.com/index.html(5张)+ 缓存 + web + 文件存储
秒杀   miaosha.jd.com/index.html(15张)
优惠卷 juan.jd.com/index.html (15张)
会员   plus.jd.com/index.html(15张)
登录   login.jd.com/index.html(15张)
200个业务

微服务: 亿级用户
阿里开源的dubbo
Spring Boot

自动化代码上线  Jenkins,gitlab ci
自动化代码质量检查   sonarqube




7:虚拟机规划
controller:内存3G,cpu开启虚拟化,        ip:10.0.0.11
compute1:  内存1G,cpu开启虚拟化(必开),ip:10.0.0.31

修改主机名,ip地址,host解析,测试ping百度

8:配置yum源
# mount /dev/cdrom /mnt
# rz 上传openstack_rpm.tar.gz到/opt,并解压

#生成repo配置文件
mount /dev/cdrom /mnt
echo '[local]
name=local
baseurl=file:///mnt
gpgcheck=0

[openstack]
name=openstack
baseurl=file:///opt/repo
gpgcheck=0' >/etc/yum.repos.d/local.repo



echo 'mount /dev/cdrom /mnt' >>/etc/rc.local
chmod +x /etc/rc.d/rc.local
yum makecache
yum repolist

9:安装基础服务 
在所有节点上执行:
yum -y install chrony

a:时间同步
控制节点:
vim /etc/chrony.conf
修改第26行为
allow 10/8
systemctl restart chronyd

计算节点:
vim /etc/chrony.conf
修改第3行为
server 10.0.0.11 iburst

systemctl restart chronyd
systemctl status chronyd
netstat -lntup


b:安装openstack客户端和openstack-selinux
yum install python-openstackclient openstack-selinux -y

# ----------------------------------------------以上为基础环境-----------------------------
# -----------------------------------------------------------------------------------------
# ----------------------------------------------以下开始控制节点----------------------------
# ----------------------------------------------仅控制节点执行----------------------------
# c: 安装配置mariadb
yum install mariadb mariadb-server python2-PyMySQL -y

echo '[mysqld]
bind-address = 10.0.0.11
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8'  >/etc/my.cnf.d/openstack.cnf

systemctl start mariadb
systemctl enable mariadb

mysql_secure_installation
回车
n
y
y
y
y

d:安装rabbitmq并创建用户
yum install rabbitmq-server -y
systemctl start rabbitmq-server.service 
systemctl enable rabbitmq-server.service

rabbitmqctl add_user openstack RABBIT_PASS # 授权openstack并创建密码 Creating user "openstack" ...
rabbitmqctl set_permissions openstack ".*" ".*" ".*" # 给 openstack 配置 写 读 权限 Setting permissions for user "openstack" in vhost "/" ...


rabbitmq-plugins enable rabbitmq_management # Applying plugin configuration to rabbit@oldboy... started 6 plugins.

# e:memcached缓存token
yum install memcached python-memcached -y
sed -i 's#127.0.0.1#10.0.0.11#g' /etc/sysconfig/memcached
systemctl restart memcached.service
systemctl enable memcached.service


# 10:keystone认证服务
# a:创库授权
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
  IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
  IDENTIFIED BY 'KEYSTONE_DBPASS';
# b:安装keystone相关软件包
yum install openstack-keystone httpd mod_wsgi -y
# c:修改配置文件
\cp /etc/keystone/keystone.conf{,.bak} # 复制
grep -Ev '^$|#' /etc/keystone/keystone.conf.bak >/etc/keystone/keystone.conf #过滤注释
yum install openstack-utils -y
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token  ADMIN_TOKEN
openstack-config --set /etc/keystone/keystone.conf database connection  mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
openstack-config --set /etc/keystone/keystone.conf token provider  fernet
#校验
md5sum /etc/keystone/keystone.conf
# d5acb3db852fe3f247f4f872b051b7a9  /etc/keystone/keystone.conf


# d:同步数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
mysql keystone -e 'show tables'; # j检查是否有表
# e:初始化fernet
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# f:配置httpd
echo "ServerName controller" >>/etc/httpd/conf/httpd.conf
# 新增编辑 /etc/httpd/conf.d/wsgi-keystone.conf
echo 'Listen 5000
Listen 35357


    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    
        Require all granted
    



    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    
        Require all granted
    
' > /etc/httpd/conf.d/wsgi-keystone.conf


#校验配置文件MD5值
md5sum /etc/httpd/conf.d/wsgi-keystone.conf
# 8f051eb53577f67356ed03e4550315c2  /etc/httpd/conf.d/wsgi-keystone.conf


# g:启动httpd
systemctl enable httpd.service
systemctl start httpd.service

# h:创建服务和注册api:
export OS_TOKEN=ADMIN_TOKEN
export OS_URL=http://controller:35357/v3  
export OS_IDENTITY_API_VERSION=3

# 检查环境变量
env | grep OS


openstack service create \
  --name keystone --description "OpenStack Identity" identity
  
openstack endpoint create --region RegionOne \
  identity public http://controller:5000/v3 
  
openstack endpoint create --region RegionOne \
  identity internal http://controller:5000/v3 
  
openstack endpoint create --region RegionOne \
  identity admin http://controller:35357/v3 

# 验证
openstack service list
openstack endpoint list

I:创建域、项目、用户、角色
openstack domain create --description "Default Domain" default

openstack project create --domain default \
  --description "Admin Project" admin
  
openstack user create --domain default \
  --password ADMIN_PASS admin # 密码非123456
  
openstack role create admin

#关联项目,用户,角色 。 # 没有创建demo项目 和 user用户
openstack role add --project admin --user admin admin
#在admin项目上,给admin用户赋予admin角色

openstack project create --domain default \
  --description "Service Project" service

# 这里不要去掉 token 暂时
# timedatectl 查看 UTC时间和CST时间

j:创建环境变量脚本
# 去掉上面的两个变量
unset OS_TOKEN OS_URL

cd ~ # 去root家目录新建脚本 admin-openrc
echo "export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2" > admin-openrc

source admin-openrc
# 验证
env | grep OS
openstack user list # 查看user user 可以换成 projeck role 等参数
openstack token issue # 生成 token 如果401是密码错误 如果是'NoneType' object has no attribute 'service_catalog' 缺少 unset OS_TOKEN OS_URL
# | Field      | Value                                                                                   |
# +------------+-----------------------------------------------------------------------------------------+
# | expires    | 2020-12-31T10:18:15.000000Z                                                             |
# | id         | gAAAAABf7ZdXbrrIlT4Bpiw72fWHZ__HymegN8WLR52GCBgv5zyGBdwS-                               |
# |            | H9c_vGi_3FdIbN7ZCGWjiFMDvNNOLE8GtZULTpTNw2Zk-                                           |
# |            | p96LEPYCYKicbBzCim_M9YGHR9ijIdJWMnSDrZG__kclxYDkYpbeqGHrNrurVhd1T57zKWvCjJvkbdjy8       |
# | project_id | afde967f63aa44c0b7d9bbe98b3ed967                                                        |
# | user_id    | 15015bb37e414f34aa9227cc380f0301       


11:安装glance镜像服务 7步
# a:数据库创库授权
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
  IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
  IDENTIFIED BY 'GLANCE_DBPASS';
  
# b:在keystone创建glance用户关联角色
openstack user create --domain default --password GLANCE_PASS glance
openstack role add --project service --user glance admin

# c:在keystone上创建服务和注册api
openstack service create --name glance \
  --description "OpenStack Image" image
openstack endpoint create --region RegionOne \
  image public http://controller:9292
openstack endpoint create --region RegionOne \
  image internal http://controller:9292
openstack endpoint create --region RegionOne \
  image admin http://controller:9292

# d:安装服务相应软件包
yum install openstack-glance -y

# e:修改相应服务的配置文件
cp /etc/glance/glance-api.conf{,.bak}
grep '^[a-Z\[]' /etc/glance/glance-api.conf.bak >/etc/glance/glance-api.conf
openstack-config --set /etc/glance/glance-api.conf  database  connection  mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
openstack-config --set /etc/glance/glance-api.conf  glance_store stores  file,http
openstack-config --set /etc/glance/glance-api.conf  glance_store default_store  file
openstack-config --set /etc/glance/glance-api.conf  glance_store filesystem_store_datadir  /var/lib/glance/images/
openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken auth_uri  http://controller:5000
openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken auth_url  http://controller:35357
openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken memcached_servers  controller:11211
openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken auth_type  password
openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken project_domain_name  default
openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken user_domain_name  default
openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken project_name  service
openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken username  glance
openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken password  GLANCE_PASS
openstack-config --set /etc/glance/glance-api.conf  paste_deploy flavor  keystone
md5sum /etc/glance/glance-api.conf
# 3e1a4234c133eda11b413788e001cba3  /etc/glance/glance-api.conf

#####
cp /etc/glance/glance-registry.conf{,.bak}
grep '^[a-Z\[]' /etc/glance/glance-registry.conf.bak > /etc/glance/glance-registry.conf
openstack-config --set /etc/glance/glance-registry.conf  database  connection  mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken auth_uri  http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken auth_url  http://controller:35357
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken memcached_servers  controller:11211
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken auth_type  password
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken project_domain_name  default
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken user_domain_name  default
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken project_name  service
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken username  glance
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken password  GLANCE_PASS
openstack-config --set /etc/glance/glance-registry.conf  paste_deploy flavor  keystone
md5sum /etc/glance/glance-registry.conf
# 46acabd81a65b924256f56fe34d90b8f  /etc/glance/glance-registry.conf

f:同步数据库
su -s /bin/sh -c "glance-manage db_sync" glance # 这一步会有警告
# Option "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.
# /usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1056: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade
#   expire_on_commit=expire_on_commit, _conf=conf)
# /usr/lib/python2.7/site-packages/pymysql/cursor

你可能感兴趣的:(openstack,云计算)