规定密码
所有密码设置为: `000000`Passwords
| 密码名称 | 描述 | 密码 |
|---|---|---|
| 数据库密码(未使用变量) | 数据库 root密码 | 000000 |
| ADMIN_PASS | admin 用户密码 | 000000 |
| CINDER_DBPASS | 块存储服务 数据库密码 | 000000 |
| CINDER_PASS | 块存储服务用户密码 | 000000 |
| DASH_DBPASS | 仪表板 数据库密码 | 000000 |
| DEMO_PASS | demo 用户密码 | 000000 |
| GLANCE_DBPASS | 镜像服务 数据库密码 | 000000 |
| GLANCE_PASS | 镜像服务 用户密码 | 000000 |
| KEYSTONE_DBPASS | 认证服务 数据库密码 | 000000 |
| METADATA_SECRE | 元数据代理 密码 | 000000 |
| NEUTRON_DBPASS | 网络服务 数据库密码 | 000000 |
| NEUTRON_PASS | 网络服务 用户密码 | 000000 |
| NOVA_DBPASS | 计算服务 数据库密码 | 000000 |
| NOVA_PASS | 计算服务 用户密码 | 000000 |
| PLACEMENT_PASS | 安置服务用户 密码 | 000000 |
| RABBIT_PASS | RabbitMQ 用户密码 | 000000 |
参考:https://docs.openstack.org/install-guide/environment-security.html
网络配置
控制节点
网络接口
[root@controller ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE="Ethernet"
BOOTPROTO="none"
NAME="eth0"
DEVICE="eth0"
ONBOOT="yes"
IPADDR="178.120.2.10"
PREFIX="24"
GATEWAY="178.120.2.1"
DNS1="8.8.8.8"## provider interface:
DEVICE=INTERFACE_NAME
TYPE=Ethernet
ONBOOT="yes"
BOOTPROTO="none"名称解析
[root@controller ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
178.120.2.10 controller
178.120.2.20 compute免密登录
[root@controller ~]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
SHA256:cgfolkfd6Oum3nYdVI+HO8llHk1hKR0YaOITw2gTQAE root@controller
The key's randomart image is:
+---[DSA 1024]----+
| Eo+o.+ ..+++|
| = * = o.oo|
| o = B . .=o|
| . o = +.*|
| = S + o B.|
| . + . . * .|
| . . o |
| oo . . |
| .o+o. |
+----[SHA256]-----+
[root@controller ~]# ssh-copy-id compute
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_dsa.pub"
The authenticity of host 'compute (178.120.2.20)' can't be established.
ECDSA key fingerprint is SHA256:R/Thnqei+6YxNhVzNn26mnzVaBME9Pq1takAI7dH/Sg.
ECDSA key fingerprint is MD5:c3:f7:bb:e1:07:f9:83:d5:2e:d2:ae:c6:da:a3:2e:f7.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@compute's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'compute'"
and check to make sure that only the key(s) you wanted were added.计算节点
网络接口
[root@compute ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE="Ethernet"
BOOTPROTO="none"
NAME="eth0"
UUID="e7df2db2-cdb1-47e0-9d3b-05b50fe87c19"
DEVICE="eth0"
ONBOOT="yes"
IPADDR="178.120.2.20"
PREFIX="24"
GATEWAY="178.120.2.1"
DNS1="8.8.8.8"## provider interface:
DEVICE=INTERFACE_NAME
TYPE=Ethernet
ONBOOT="yes"
BOOTPROTO="none"名称解析
[root@compute ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
178.120.2.10 controller
178.120.2.20 compute免密登录
[root@compute ~]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
SHA256:juNTp0HHsnRvNPt+xflNUQ9HqJc0CZMcTI49yexZWX4 root@compute
The key's randomart image is:
+---[DSA 1024]----+
| +=+ +o|
| *+o*+o|
| .. Boo=E|
| + +.++o.o|
| oS= oo+ .o|
| o+ . + .+|
| o..+ . . .+|
| .... . +|
| .. ... |
+----[SHA256]-----+
[root@compute ~]# ssh-copy-id controller
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_dsa.pub"
The authenticity of host 'controller (178.120.2.10)' can't be established.
ECDSA key fingerprint is SHA256:ZjMIFXctwUyBC2Psc5ZxN4wVTAASjzf8re8aq8v11S4.
ECDSA key fingerprint is MD5:2a:f3:cd:5a:ec:2b:ca:20:99:c7:0b:6d:db:b0:1b:92.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@controller's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'controller'"
and check to make sure that only the key(s) you wanted were added.路由转发vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.ipv6.conf.all.disable_ipv6 = 1Yum源配置
所有节点
# sed -e 's|^mirrorlist=|#mirrorlist=|g' \
-e 's|^#baseurl=http://mirror.centos.org|baseurl=https://mirrors.tuna.tsinghua.edu.cn|g' \
-i.bak \
/etc/yum.repos.d/CentOS-*.repo
# cat CentOS-OpenStack-Pike.repo
[OpenStack-Pike-tuna]
name=OpenStack-Pike-tuna
baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos-vault/7.5.1804/cloud/x86_64/openstack-pike/
gpgcheck=0
enabled=1
# yum makecache最新yum源不支持pike版,需手动设置cloud
收集 RPM 包(可选)
[root@controller ~]# vim /etc/yum.conf
[main]
# 缓存目录
cachedir=/data/rpm
# 开启缓存收集
keepcache=1关闭 防火墙 & Selinux
所有节点
# systemctl stop firewalld && systemctl disable firewalld
# setenforce 0
# sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
# yum remove -y NetworkManager firewalld
# yum -y install iptables-services
# iptables -F
# iptables -X
# iptables -Z
# iptables-save 时间同步(Chrony)
控制节点
[root@controller ~]# yum install -y chrony
[root@controller ~]# timedatectl set-timezone Asia/Shanghai
[root@controller ~]# grep -Ev "#|^$" /etc/chrony.conf
server ntp.aliyun.com iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
allow 178.120.2.0/24
logdir /var/log/chrony
systemctl enable chronyd.service && systemctl start chronyd.service计算节点
[root@compute ~]# yum install -y chrony
[root@compute ~]# timedatectl set-timezone Asia/Shanghai
[root@compute ~]# grep -Ev "#|^$" /etc/chrony.conf
server controller iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
logdir /var/log/chrony
[root@compute ~]# systemctl enable chronyd.service && systemctl start chronyd.service验证
# 控制节点
[root@controller ~]# chronyc sources
210 Number of sources = 4
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 139.199.215.251 2 6 367 43 +392us[+1161us] +/- 48ms
^? ntp6.flashdance.cx 2 7 40 368 -5153us[-4963us] +/- 178ms
^- time.cloudflare.com 3 6 355 43 +50ms[ +50ms] +/- 176ms
^- stratum2-1.ntp.mow01.ru.> 2 6 367 42 +31ms[ +31ms] +/- 89ms
[root@controller ~]# date
Tue Jul 12 17:26:01 CST 2022
# 其他节点
[root@compute ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? controller 0 7 0 - +0ns[ +0ns] +/- 0ns
[root@compute ~]# date
Tue Jul 12 17:26:56 CST 2022OpenStack 客户端
[root@controller ~]# yum install -y python-openstackclient openstack-selinux
数据库(Mariadb)
安装 MySQL数据库服务、python连接MySQL数据库工具
[root@controller ~]# yum install -y mariadb mariadb-server python2-PyMySQL
配置 mysql
[root@controller ~]# vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 178.120.2.10
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8启动服务
[root@controller ~]# systemctl enable mariadb.service
[root@controller ~]# systemctl start mariadb.service
初始化数据库
[root@controller ~]# mysql_secure_installation
消息队列(Rabbitmq)
安装 Rabiitmq 服务
[root@controller ~]# yum install -y rabbitmq-server
启动 Rabiitmq 服务
[root@controller ~]# systemctl enable rabbitmq-server.service
[root@controller ~]# systemctl start rabbitmq-server.service
添加 openstack 用户
[root@controller ~]# rabbitmqctl add_user openstack 000000
配置 openstack 用户权限
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
开启 图形化插件(可选)
[root@controller ~]# rabbitmq-plugins enable rabbitmq_management
[root@controller ~]# rabbitmq-plugins enable rabbitmq_management_agent
访问 IP:15672
缓存服务(Memcached)
安装 Memcached 服务
[root@controller ~]# yum install -y memcached python-memcached
修改 Memcached 配置
[root@controller ~]# vim /etc/sysconfig/memcached
# 允许其他节点通过管理网络访问
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l controller"启动 Memcached 服务
[root@controller ~]# systemctl enable memcached.service
[root@controller ~]# systemctl start memcached.service
评论