虚拟机 openstack 基础镜像制作 + 安装全过程 + 新增计算节点

# 制作centos7.4-1708 镜像
# 见本目录视频

# 一 安装系统
# 1 
开始安装装作系统 install 界面按tab键输入： net-ifnames=0 boisdevname=0

# 2
设置network IP
langviage seppot 选择支持英文+中文 
minimal+选择前三个软件 
勾选时区右上角ON-安装chrony-NTP
如果是虚拟机不建议选择lvm
分区右边有个内核崩溃备份 取消节省内存

# 二 系统优化
#修改sshd配置文件  
UseDNS no 
GSSAPIAuthentication yes
UsePAM yes

#停止防火墙 selinux NetworkManger 邮件服务
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i s///g /etc/selinux/config
systemctl stop NetworkManager
systemctl disable NetworkManager
systmctl stop postfix
systmctl diable postfix

#安装常用插件
yum -y install base-completion.noarch # tab补全
yum -y net-tools lrzsz wget tree screen lsof tcpdump 

# --------------- 两台机器都要操作
# 配置hostname 并且修改 /etc/hosts 文件
echo 10.0.0.11 controller >> /etc/hosts
echo 10.0.0.31 computer1 >> /etc/hosts

# 挂载本地yum
# mount -o loop /root/code/CentOS-7-x86_64-DVD-1810.iso /mnt
mount /dev/cdrom /mnt
cd /opt/
tar -zxvf openstack_rpm.tar.gz 
echo '[local]
name=local
baseurl=file:///mnt
gpgcheck=0

[openstack]
name=openstack
baseurl=file:///opt/repo
gpgcheck=0' >/etc/yum.repos.d/local.repo

资料包下载地址：
链接：https://pan.baidu.com/s/1tQzbz_qeGF0tht3vXh8RTg 提取码：artp 

1：什么是云计算？
云计算是通过虚拟化技术去实现的，它是一种按量付费的模式！

2：为什么要用云计算？
小公司：1年，20人+，500w，招一个运维，15k，(10台*1.5w，托管IDC机房，8k/年/每台,带宽 100M，5个公网ip， 10k/月),  买10台云主机，600*10=6000

大公司：举行活动，加集群，把闲置时间出租，超卖（kvm  ksm）
16G，kvm，64G（ksm），金牌用户（200w+/月）


3：云计算的服务类型
IDC   

IAAS           基础设施即服务 ECS云主机  自己部署环境，自己管理代码和数据
PAAS   平台即服务   提供软件的运行环境php，java，python，go，c#,nodejs  自己管理代码和数据
SAAS           软件即服务   企业邮箱，cdn，rds

4:云计算IAAS有哪些功能？kvm虚拟化的管理平台（计费）

kvm：1000宿主机（agent），虚拟出2w虚拟机，
虚拟机的详细情况：硬件资源，ip情况统计？
虚拟机管理平台：每台虚拟机的管理，都用数据库来统计



5：openstack实现的是云计算IAAS，开源的云计算平台，apache 2.0，阿里云（飞天云平台）
青云

6:openstack （soa架构）
云平台（keystone认证服务，glance镜像服务，nova计算服务，neutron网络服务，cinder存储服务，horizon web界面）

每个服务：数据库，消息队列，memcached缓存，时间同步

MVC
首页   www.jd.com/index.html
秒杀   www.jd.com/miaosha/index.html
优惠卷 www.jd.com/juan/index.html
会员   www.jd.com/plus/index.html
登录   www.jd.com/login/index.html



SOA(拆业务) 千万用户同时访问
首页   www.jd.com/index.html（5张）+ 缓存 + web + 文件存储
秒杀   miaosha.jd.com/index.html（15张）
优惠卷 juan.jd.com/index.html （15张）
会员   plus.jd.com/index.html（15张）
登录   login.jd.com/index.html（15张）
200个业务

微服务： 亿级用户
阿里开源的dubbo
Spring Boot

自动化代码上线  Jenkins，gitlab ci
自动化代码质量检查   sonarqube




7：虚拟机规划
controller：内存3G，cpu开启虚拟化，        ip：10.0.0.11
compute1：  内存1G，cpu开启虚拟化（必开），ip：10.0.0.31

修改主机名，ip地址，host解析，测试ping百度

8：配置yum源
# mount /dev/cdrom /mnt
# rz 上传openstack_rpm.tar.gz到/opt，并解压

#生成repo配置文件
mount /dev/cdrom /mnt
echo '[local]
name=local
baseurl=file:///mnt
gpgcheck=0

[openstack]
name=openstack
baseurl=file:///opt/repo
gpgcheck=0' >/etc/yum.repos.d/local.repo



echo 'mount /dev/cdrom /mnt' >>/etc/rc.local
chmod +x /etc/rc.d/rc.local
yum makecache
yum repolist

9：安装基础服务 
在所有节点上执行：
yum -y install chrony

a：时间同步
控制节点：
vim /etc/chrony.conf
修改第26行为
allow 10/8
systemctl restart chronyd

计算节点：
vim /etc/chrony.conf
修改第3行为
server 10.0.0.11 iburst

systemctl restart chronyd
systemctl status chronyd
netstat -lntup


b：安装openstack客户端和openstack-selinux
yum install python-openstackclient openstack-selinux -y

# ----------------------------------------------以上为基础环境-----------------------------
# -----------------------------------------------------------------------------------------
# ----------------------------------------------以下开始控制节点----------------------------
# ----------------------------------------------仅控制节点执行----------------------------
# c: 安装配置mariadb
yum install mariadb mariadb-server python2-PyMySQL -y

echo '[mysqld]
bind-address = 10.0.0.11
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8'  >/etc/my.cnf.d/openstack.cnf

systemctl start mariadb
systemctl enable mariadb

mysql_secure_installation
回车
n
y
y
y
y

d：安装rabbitmq并创建用户
yum install rabbitmq-server -y
systemctl start rabbitmq-server.service 
systemctl enable rabbitmq-server.service

rabbitmqctl add_user openstack RABBIT_PASS # 授权openstack并创建密码 Creating user "openstack" ...
rabbitmqctl set_permissions openstack ".*" ".*" ".*" # 给 openstack 配置 写 读 权限 Setting permissions for user "openstack" in vhost "/" ...


rabbitmq-plugins enable rabbitmq_management # Applying plugin configuration to rabbit@oldboy... started 6 plugins.

# e：memcached缓存token
yum install memcached python-memcached -y
sed -i 's#127.0.0.1#10.0.0.11#g' /etc/sysconfig/memcached
systemctl restart memcached.service
systemctl enable memcached.service


# 10：keystone认证服务
# a：创库授权
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
  IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
  IDENTIFIED BY 'KEYSTONE_DBPASS';
# b：安装keystone相关软件包
yum install openstack-keystone httpd mod_wsgi -y
# c:修改配置文件
\cp /etc/keystone/keystone.conf{,.bak} # 复制
grep -Ev '^$|#' /etc/keystone/keystone.conf.bak >/etc/keystone/keystone.conf #过滤注释
yum install openstack-utils -y
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token  ADMIN_TOKEN
openstack-config --set /etc/keystone/keystone.conf database connection  mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
openstack-config --set /etc/keystone/keystone.conf token provider  fernet
#校验
md5sum /etc/keystone/keystone.conf
# d5acb3db852fe3f247f4f872b051b7a9  /etc/keystone/keystone.conf


# d：同步数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
mysql keystone -e 'show tables'; # j检查是否有表
# e：初始化fernet
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# f：配置httpd
echo "ServerName controller" >>/etc/httpd/conf/httpd.conf
# 新增编辑 /etc/httpd/conf.d/wsgi-keystone.conf
echo 'Listen 5000
Listen 35357


    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    
        Require all granted
    



    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    
        Require all granted
    
' > /etc/httpd/conf.d/wsgi-keystone.conf


#校验配置文件MD5值
md5sum /etc/httpd/conf.d/wsgi-keystone.conf
# 8f051eb53577f67356ed03e4550315c2  /etc/httpd/conf.d/wsgi-keystone.conf


# g:启动httpd
systemctl enable httpd.service
systemctl start httpd.service

# h：创建服务和注册api：
export OS_TOKEN=ADMIN_TOKEN
export OS_URL=http://controller:35357/v3  
export OS_IDENTITY_API_VERSION=3

# 检查环境变量
env | grep OS


openstack service create \
  --name keystone --description "OpenStack Identity" identity
  
openstack endpoint create --region RegionOne \
  identity public http://controller:5000/v3 
  
openstack endpoint create --region RegionOne \
  identity internal http://controller:5000/v3 
  
openstack endpoint create --region RegionOne \
  identity admin http://controller:35357/v3 

# 验证
openstack service list
openstack endpoint list

I：创建域、项目、用户、角色
openstack domain create --description "Default Domain" default

openstack project create --domain default \
  --description "Admin Project" admin
  
openstack user create --domain default \
  --password ADMIN_PASS admin # 密码非123456
  
openstack role create admin

#关联项目，用户，角色 。 # 没有创建demo项目 和 user用户
openstack role add --project admin --user admin admin
#在admin项目上，给admin用户赋予admin角色

openstack project create --domain default \
  --description "Service Project" service

# 这里不要去掉 token 暂时
# timedatectl 查看 UTC时间和CST时间

j：创建环境变量脚本
# 去掉上面的两个变量
unset OS_TOKEN OS_URL

cd ~ # 去root家目录新建脚本 admin-openrc
echo "export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2" > admin-openrc

source admin-openrc
# 验证
env | grep OS
openstack user list # 查看user user 可以换成 projeck role 等参数
openstack token issue # 生成 token 如果401是密码错误 如果是'NoneType' object has no attribute 'service_catalog' 缺少 unset OS_TOKEN OS_URL
# | Field      | Value                                                                                   |
# +------------+-----------------------------------------------------------------------------------------+
# | expires    | 2020-12-31T10:18:15.000000Z                                                             |
# | id         | gAAAAABf7ZdXbrrIlT4Bpiw72fWHZ__HymegN8WLR52GCBgv5zyGBdwS-                               |
# |            | H9c_vGi_3FdIbN7ZCGWjiFMDvNNOLE8GtZULTpTNw2Zk-                                           |
# |            | p96LEPYCYKicbBzCim_M9YGHR9ijIdJWMnSDrZG__kclxYDkYpbeqGHrNrurVhd1T57zKWvCjJvkbdjy8       |
# | project_id | afde967f63aa44c0b7d9bbe98b3ed967                                                        |
# | user_id    | 15015bb37e414f34aa9227cc380f0301       


11：安装glance镜像服务 7步
# a：数据库创库授权
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
  IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
  IDENTIFIED BY 'GLANCE_DBPASS';
  
# b：在keystone创建glance用户关联角色
openstack user create --domain default --password GLANCE_PASS glance
openstack role add --project service --user glance admin

# c：在keystone上创建服务和注册api
openstack service create --name glance \
  --description "OpenStack Image" image
openstack endpoint create --region RegionOne \
  image public http://controller:9292
openstack endpoint create --region RegionOne \
  image internal http://controller:9292
openstack endpoint create --region RegionOne \
  image admin http://controller:9292

# d：安装服务相应软件包
yum install openstack-glance -y

# e：修改相应服务的配置文件
cp /etc/glance/glance-api.conf{,.bak}
grep '^[a-Z\[]' /etc/glance/glance-api.conf.bak >/etc/glance/glance-api.conf
openstack-config --set /etc/glance/glance-api.conf  database  connection  mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
openstack-config --set /etc/glance/glance-api.conf  glance_store stores  file,http
openstack-config --set /etc/glance/glance-api.conf  glance_store default_store  file
openstack-config --set /etc/glance/glance-api.conf  glance_store filesystem_store_datadir  /var/lib/glance/images/
openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken auth_uri  http://controller:5000
openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken auth_url  http://controller:35357
openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken memcached_servers  controller:11211
openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken auth_type  password
openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken project_domain_name  default
openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken user_domain_name  default
openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken project_name  service
openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken username  glance
openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken password  GLANCE_PASS
openstack-config --set /etc/glance/glance-api.conf  paste_deploy flavor  keystone
md5sum /etc/glance/glance-api.conf
# 3e1a4234c133eda11b413788e001cba3  /etc/glance/glance-api.conf

#####
cp /etc/glance/glance-registry.conf{,.bak}
grep '^[a-Z\[]' /etc/glance/glance-registry.conf.bak > /etc/glance/glance-registry.conf
openstack-config --set /etc/glance/glance-registry.conf  database  connection  mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken auth_uri  http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken auth_url  http://controller:35357
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken memcached_servers  controller:11211
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken auth_type  password
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken project_domain_name  default
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken user_domain_name  default
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken project_name  service
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken username  glance
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken password  GLANCE_PASS
openstack-config --set /etc/glance/glance-registry.conf  paste_deploy flavor  keystone
md5sum /etc/glance/glance-registry.conf
# 46acabd81a65b924256f56fe34d90b8f  /etc/glance/glance-registry.conf

f：同步数据库
su -s /bin/sh -c "glance-manage db_sync" glance # 这一步会有警告
# Option "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.
# /usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1056: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade
#   expire_on_commit=expire_on_commit, _conf=conf)
# /usr/lib/python2.7/site-packages/pymysql/cursor