OpenStack-Pike 搭建之基础环境(一)
标签搜索
侧边栏壁纸
博主昵称
Acha

  • 累计撰写 77 篇文章
  • 累计收到 1 条评论
openstack

OpenStack-Pike 搭建之基础环境(一)

Acha
Acha
2022-07-12 / 0 评论 / 240 阅读 / 正在检测是否收录...
温馨提示:
本文最后更新于2022年07月14日,已超过892天没有更新,若内容或图片失效,请留言反馈。

规定密码

所有密码设置为: `000000`

Passwords

密码名称 描述 密码
数据库密码(未使用变量) 数据库 root密码 000000
ADMIN_PASS admin 用户密码 000000
CINDER_DBPASS 块存储服务 数据库密码 000000
CINDER_PASS 块存储服务用户密码 000000
DASH_DBPASS 仪表板 数据库密码 000000
DEMO_PASS demo 用户密码 000000
GLANCE_DBPASS 镜像服务 数据库密码 000000
GLANCE_PASS 镜像服务 用户密码 000000
KEYSTONE_DBPASS 认证服务 数据库密码 000000
METADATA_SECRE 元数据代理 密码 000000
NEUTRON_DBPASS 网络服务 数据库密码 000000
NEUTRON_PASS 网络服务 用户密码 000000
NOVA_DBPASS 计算服务 数据库密码 000000
NOVA_PASS 计算服务 用户密码 000000
PLACEMENT_PASS 安置服务用户 密码 000000
RABBIT_PASS RabbitMQ 用户密码 000000

参考:https://docs.openstack.org/install-guide/environment-security.html

网络配置

控制节点

网络接口

[root@controller ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 
TYPE="Ethernet"
BOOTPROTO="none"
NAME="eth0"
DEVICE="eth0"
ONBOOT="yes"
IPADDR="178.120.2.10"
PREFIX="24"
GATEWAY="178.120.2.1"
DNS1="8.8.8.8"
## provider interface:
DEVICE=INTERFACE_NAME
TYPE=Ethernet
ONBOOT="yes"
BOOTPROTO="none"

名称解析

[root@controller ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
178.120.2.10 controller
178.120.2.20 compute

免密登录

[root@controller ~]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
SHA256:cgfolkfd6Oum3nYdVI+HO8llHk1hKR0YaOITw2gTQAE root@controller
The key's randomart image is:
+---[DSA 1024]----+
|   Eo+o.+   ..+++|
|       = * = o.oo|
|      o = B . .=o|
|     . o =    +.*|
|      = S +  o B.|
|     . + . .  * .|
|          .  . o |
|         oo . .  |
|       .o+o.     |
+----[SHA256]-----+

[root@controller ~]# ssh-copy-id compute
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_dsa.pub"
The authenticity of host 'compute (178.120.2.20)' can't be established.
ECDSA key fingerprint is SHA256:R/Thnqei+6YxNhVzNn26mnzVaBME9Pq1takAI7dH/Sg.
ECDSA key fingerprint is MD5:c3:f7:bb:e1:07:f9:83:d5:2e:d2:ae:c6:da:a3:2e:f7.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@compute's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'compute'"
and check to make sure that only the key(s) you wanted were added.

计算节点

网络接口

[root@compute ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 
TYPE="Ethernet"
BOOTPROTO="none"
NAME="eth0"
UUID="e7df2db2-cdb1-47e0-9d3b-05b50fe87c19"
DEVICE="eth0"
ONBOOT="yes"
IPADDR="178.120.2.20"
PREFIX="24"
GATEWAY="178.120.2.1"
DNS1="8.8.8.8"
## provider interface:
DEVICE=INTERFACE_NAME
TYPE=Ethernet
ONBOOT="yes"
BOOTPROTO="none"

名称解析

[root@compute ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
178.120.2.10 controller
178.120.2.20 compute

免密登录

[root@compute ~]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
SHA256:juNTp0HHsnRvNPt+xflNUQ9HqJc0CZMcTI49yexZWX4 root@compute
The key's randomart image is:
+---[DSA 1024]----+
|           +=+ +o|
|           *+o*+o|
|         .. Boo=E|
|        + +.++o.o|
|       oS= oo+ .o|
|       o+ . +  .+|
|      o..+ . . .+|
|     ....     . +|
|      ..     ... |
+----[SHA256]-----+

[root@compute ~]# ssh-copy-id controller
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_dsa.pub"
The authenticity of host 'controller (178.120.2.10)' can't be established.
ECDSA key fingerprint is SHA256:ZjMIFXctwUyBC2Psc5ZxN4wVTAASjzf8re8aq8v11S4.
ECDSA key fingerprint is MD5:2a:f3:cd:5a:ec:2b:ca:20:99:c7:0b:6d:db:b0:1b:92.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@controller's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'controller'"
and check to make sure that only the key(s) you wanted were added.路由转发
vim /etc/sysctl.conf 
net.bridge.bridge-nf-call-iptables = 1
net.ipv6.conf.all.disable_ipv6 = 1

Yum源配置

所有节点

# sed -e 's|^mirrorlist=|#mirrorlist=|g' \
    -e 's|^#baseurl=http://mirror.centos.org|baseurl=https://mirrors.tuna.tsinghua.edu.cn|g' \
    -i.bak \
    /etc/yum.repos.d/CentOS-*.repo

# cat CentOS-OpenStack-Pike.repo 
[OpenStack-Pike-tuna]
name=OpenStack-Pike-tuna
baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos-vault/7.5.1804/cloud/x86_64/openstack-pike/
gpgcheck=0
enabled=1

# yum makecache

最新yum源不支持pike版,需手动设置cloud

收集 RPM 包(可选)

[root@controller ~]# vim /etc/yum.conf 
[main]
# 缓存目录
cachedir=/data/rpm
# 开启缓存收集
keepcache=1

关闭 防火墙 & Selinux

所有节点

# systemctl stop firewalld && systemctl disable firewalld

# setenforce 0
# sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config 

# yum remove -y NetworkManager firewalld
# yum -y install iptables-services
# iptables -F
# iptables -X
# iptables -Z
# iptables-save

时间同步(Chrony)

控制节点

[root@controller ~]# yum install -y chrony

[root@controller ~]# timedatectl set-timezone Asia/Shanghai

[root@controller ~]# grep -Ev "#|^$" /etc/chrony.conf 
server ntp.aliyun.com iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
allow 178.120.2.0/24
logdir /var/log/chrony

systemctl enable chronyd.service && systemctl start chronyd.service

计算节点

[root@compute ~]# yum install -y chrony

[root@compute ~]# timedatectl set-timezone Asia/Shanghai

[root@compute ~]# grep -Ev "#|^$" /etc/chrony.conf 
server controller iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
logdir /var/log/chrony

[root@compute ~]# systemctl enable chronyd.service && systemctl start chronyd.service

验证

# 控制节点
[root@controller ~]# chronyc sources
210 Number of sources = 4
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 139.199.215.251               2   6   367    43   +392us[+1161us] +/-   48ms
^? ntp6.flashdance.cx            2   7    40   368  -5153us[-4963us] +/-  178ms
^- time.cloudflare.com           3   6   355    43    +50ms[  +50ms] +/-  176ms
^- stratum2-1.ntp.mow01.ru.>     2   6   367    42    +31ms[  +31ms] +/-   89ms
[root@controller ~]# date
Tue Jul 12 17:26:01 CST 2022

# 其他节点
[root@compute ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^? controller                    0   7     0     -     +0ns[   +0ns] +/-    0ns
[root@compute ~]# date
Tue Jul 12 17:26:56 CST 2022

OpenStack 客户端

[root@controller ~]# yum install -y python-openstackclient openstack-selinux

数据库(Mariadb)

安装 MySQL数据库服务、python连接MySQL数据库工具

[root@controller ~]# yum install -y mariadb mariadb-server python2-PyMySQL

配置 mysql

[root@controller ~]# vim /etc/my.cnf.d/openstack.cnf

[mysqld]
bind-address = 178.120.2.10
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

启动服务

[root@controller ~]# systemctl enable mariadb.service
[root@controller ~]# systemctl start mariadb.service

初始化数据库

[root@controller ~]# mysql_secure_installation

消息队列(Rabbitmq)

安装 Rabiitmq 服务

[root@controller ~]# yum install -y rabbitmq-server

启动 Rabiitmq 服务

[root@controller ~]# systemctl enable rabbitmq-server.service
[root@controller ~]# systemctl start rabbitmq-server.service

添加 openstack 用户

[root@controller ~]# rabbitmqctl add_user openstack 000000

配置 openstack 用户权限

[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"

开启 图形化插件(可选)

[root@controller ~]# rabbitmq-plugins enable rabbitmq_management

[root@controller ~]# rabbitmq-plugins enable rabbitmq_management_agent

访问 IP:15672

缓存服务(Memcached)

安装 Memcached 服务

[root@controller ~]# yum install -y memcached python-memcached

修改 Memcached 配置

[root@controller ~]# vim /etc/sysconfig/memcached

# 允许其他节点通过管理网络访问
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l controller"

启动 Memcached 服务

[root@controller ~]# systemctl enable memcached.service

[root@controller ~]# systemctl start memcached.service

0
Pike
版权属于: Acha
本文链接: http://blog.youto.club/index.php/openstack/160.html
作品采用: 署名-非商业性使用-相同方式共享 4.0 国际 (CC BY-NC-SA 4.0) 》许可协议授权
相关推荐
OpenStack-Pike 搭建之Cinder(七)
OpenStack-Pike 搭建之Cinder(七)
 OpenStack-Pike 搭建之Dashboard(六)
OpenStack-Pike 搭建之Dashboard(六)
 OpenStack-Pike 搭建之Neutron(五)
OpenStack-Pike 搭建之Neutron(五)
 OpenStack-Pike 搭建之Nova(四)
OpenStack-Pike 搭建之Nova(四)

评论

博主关闭了当前页面的评论