配置OpenStack准备环境
1. 配置yum源
[root@openstack-controller etc]# cp yum.repos.d{,.bak} -a
[root@openstack-controller etc]# ls yum.repos.d.bak/
Centos-7.repo CentOS-Debuginfo.repo CentOS-Sources.repo epel-7.repo
CentOS-Base.repo CentOS-fasttrack.repo CentOS-Vault.repo
CentOS-CR.repo CentOS-Media.repo CentOS-x86_64-kernel.repo
[root@openstack-controller etc]# cd yum.repos.d
[root@openstack-controller yum.repos.d]# ls
Centos-7.repo CentOS-Debuginfo.repo CentOS-Sources.repo epel-7.repo
CentOS-Base.repo CentOS-fasttrack.repo CentOS-Vault.repo
CentOS-CR.repo CentOS-Media.repo CentOS-x86_64-kernel.repo
[root@openstack-controller yum.repos.d]# rm -rf CentOS-Debuginfo.repo CentOS-Sources.repo CentOS-Base.repo CentOS-fasttrack.repo CentOS-Vault.repo CentOS-CR.repo CentOS-Media.repo CentOS-x86_64-kernel.repo
[root@openstack-controller yum.repos.d]# ls
Centos-7.repo epel-7.repo
[root@openstack-controller yum.repos.d]# vim openstack-aliyun.repo
[root@openstack-controller yum.repos.d]# cat openstack-aliyun.repo
[openstack]
name=OpenStack on Aliyun
baseurl=https://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-rocky/
enable=1
gpgcheck=0
[root@openstack-controller yum.repos.d]# ls
Centos-7.repo epel-7.repo openstack-aliyun.repo
在另外两个节点上也先删除不需要的yum源
[root@openstack-compute1 ~]# cd /etc/yum.repos.d
[root@openstack-compute1 yum.repos.d]# ls
Centos-7.repo CentOS-Debuginfo.repo CentOS-Sources.repo epel-7.repo
CentOS-Base.repo CentOS-fasttrack.repo CentOS-Vault.repo
CentOS-CR.repo CentOS-Media.repo CentOS-x86_64-kernel.repo
[root@openstack-compute1 yum.repos.d]# cp yum.repos.d{,.bak} -a
cp: cannot stat ‘yum.repos.d’: No such file or directory
[root@openstack-compute1 yum.repos.d]# cp /etc/yum.repos.d{,.bak} -a
[root@openstack-compute1 yum.repos.d]# rm -rf CentOS-Debuginfo.repo CentOS-Sources.repo CentOS-Base.repo CentOS-fasttrack.repo CentOS-Vault.repo CentOS-CR.repo CentOS-Media.repo CentOS-x86_64-kernel.repo
[root@openstack-compute1 yum.repos.d]# ls
Centos-7.repo epel-7.repo
然后用scp命令从controller节点上直接复制openstack-aliyun.repo到另外两个节点
[root@openstack-controller yum.repos.d]# scp openstack-aliyun.repo root@compute1:/etc/yum.repos.d/
The authenticity of host 'compute1 (172.16.10.11)' can't be established.
ECDSA key fingerprint is SHA256:fYCFMxwkanECEnG9KtrKCLHkD0HeX/2ndXIitiu9NF4.
ECDSA key fingerprint is MD5:7c:05:6b:83:09:76:80:43:18:f4:02:c0:72:c7:33:2c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'compute1,172.16.10.11' (ECDSA) to the list of known hosts.
root@compute1's password:
openstack-aliyun.repo 100% 131 5.4KB/s 00:00
[root@openstack-controller yum.repos.d]# scp openstack-aliyun.repo root@neutron:/etc/yum.repos.d/
The authenticity of host 'neutron (172.16.10.1)' can't be established.
ECDSA key fingerprint is SHA256:9v9iqF5ZTp8oU5mqNJYZOAlOZBwACNdFtvRKmZJiotQ.
ECDSA key fingerprint is MD5:96:bb:12:98:65:0e:87:eb:50:87:fc:03:57:49:03:5a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'neutron,172.16.10.1' (ECDSA) to the list of known hosts.
root@neutron's password:
openstack-aliyun.repo 100% 131 3.2KB/s 00:00
然后在三个节点上更新一下yum
[root@openstack-controller yum.repos.d]# yum upgrade
[root@openstack-compute1 yum.repos.d]# yum upgrade
[root@openstack-neutron yum.repos.d]# yum upgrade
接下来安装Openstack客户端(在所有需要使用Openstack客户端的节点上安装)
[root@openstack-controller yum.repos.d]# yum install python-openstackclient -y
[root@openstack-compute1 yum.repos.d]# yum install python-openstackclient -y
[root@openstack-neutron yum.repos.d]# yum install python-openstackclient -y
接下来安装selinux管理工具
[root@openstack-neutron yum.repos.d]# yum install openstack-selinux -y
[root@openstack-controller yum.repos.d]# yum install openstack-selinux -y
[root@openstack-compute1 yum.repos.d]# yum install openstack-selinux -y
接下来配置数据库服务(控制节点)
1)安装软件包
[root@openstack-compute1 yum.repos.d]# yum install mariadb-server python2-PyMySQL -y
2)修改配置文件
[root@openstack-compute1 yum.repos.d]# vim /etc/my.cnf.d/openstack.cnf
[root@openstack-compute1 yum.repos.d]# cat /etc/my.cnf.d/openstack.cnf
bind-address = 172.16.10.2default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf83)启动数据库与安全配置
[root@openstack-controller yum.repos.d]# systemctl enable mariadb.service
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@openstack-controller yum.repos.d]# systemctl start mariadb.service
[root@openstack-controller yum.repos.d]# systemctl status mariadb.service
● mariadb.service - MariaDB 10.1 database serverLoaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)Active: active (running) since Mon 2022-04-11 10:56:30 EDT; 2h 20min agoProcess: 61012 ExecStartPost=/usr/libexec/mysql-check-upgrade (code=exited, status=0/SUCCESS)Process: 60824 ExecStartPre=/usr/libexec/mysql-prepare-db-dir %n (code=exited, status=0/SUCCESS)Process: 60801 ExecStartPre=/usr/libexec/mysql-check-socket (code=exited, status=0/SUCCESS)Main PID: 60985 (mysqld)Status: "Taking your SQL requests now..."CGroup: /system.slice/mariadb.service└─60985 /usr/libexec/mysqld --basedir=/usrApr 11 10:56:12 openstack-controller mysql-prepare-db-dir[60824]: http://dev.mysql.com
Apr 11 10:56:12 openstack-controller mysql-prepare-db-dir[60824]: Consider joining MariaDB's strong an...:
Apr 11 10:56:12 openstack-controller mysql-prepare-db-dir[60824]: https://mariadb.org/get-involved/
Apr 11 10:56:12 openstack-controller mysqld[60985]: error: Found option without preceding group in c...: 1
Apr 11 10:56:12 openstack-controller mysqld[60985]: 2022-04-11 10:56:12 140271989799104 [Note] /usr/......
Apr 11 10:56:30 openstack-controller mysql-check-upgrade[61012]: error: Found option without precedin... 1
Apr 11 10:56:30 openstack-controller mysql-check-upgrade[61012]: error: Found option without precedin... 1
Apr 11 10:56:30 openstack-controller mysql-check-upgrade[61012]: error: Found option without precedin... 1
Apr 11 10:56:30 openstack-controller mysql-check-upgrade[61012]: error: Found option without precedin... 1
Apr 11 10:56:30 openstack-controller systemd[1]: Started MariaDB 10.1 database server.
Hint: Some lines were ellipsized, use -l to show in full.[root@openstack-controller yum.repos.d]# netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 18939/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 19119/master
tcp6 0 0 :::3306 :::* LISTEN 60985/mysqld
tcp6 0 0 :::22 :::* LISTEN 18939/sshd
tcp6 0 0 ::1:25 :::* LISTEN 19119/master
可知数据库已经启动了,并且监听在3306上。数据库应该监听在内网上(127),这是出于安全性考虑的
[root@openstack-controller yum.repos.d]# mysql
error: Found option without preceding group in config file: /etc/my.cnf.d/openstack.cnf at line: 1
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 10.1.20-MariaDB MariaDB ServerCopyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| test |
+--------------------+
4 rows in set (0.01 sec)MariaDB [(none)]> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -ADatabase changed
MariaDB [mysql]> select User,Host,Password from user;
+------+----------------------+----------+
| User | Host | Password |
+------+----------------------+----------+
| root | localhost | |
| root | openstack-controller | |
| root | 127.0.0.1 | |
| root | ::1 | |
| | localhost | |
| | openstack-controller | |
+------+----------------------+----------+
6 rows in set (0.00 sec)在上面我们发现有一行报错“error: Found option without preceding group in config file: /etc/my.cnf.d/openstack.cnf at line: 1”,这是因为数据库配置文件没有写对
# 要改成这样
[root@openstack-controller yum.repos.d]# cat /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 172.16.10.2default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8# 然后重启一下服务
[root@openstack-controller yum.repos.d]# systemctl restart mariadb
[root@openstack-controller yum.repos.d]# systemctl status mariadb
● mariadb.service - MariaDB 10.1 database serverLoaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)Active: active (running) since Mon 2022-04-11 14:56:37 EDT; 5min agoProcess: 61876 ExecStopPost=/usr/libexec/mysql-wait-stop (code=exited, status=0/SUCCESS)Process: 61990 ExecStartPost=/usr/libexec/mysql-check-upgrade (code=exited, status=0/SUCCESS)Process: 61926 ExecStartPre=/usr/libexec/mysql-prepare-db-dir %n (code=exited, status=0/SUCCESS)Process: 61901 ExecStartPre=/usr/libexec/mysql-check-socket (code=exited, status=0/SUCCESS)Main PID: 61962 (mysqld)Status: "Taking your SQL requests now..."CGroup: /system.slice/mariadb.service└─61962 /usr/libexec/mysqld --basedir=/usrApr 11 14:56:21 openstack-controller systemd[1]: Starting MariaDB 10.1 database server...
Apr 11 14:56:21 openstack-controller mysql-prepare-db-dir[61926]: Database MariaDB is probably initial....
Apr 11 14:56:21 openstack-controller mysql-prepare-db-dir[61926]: If this is not the case, make sure t....
Apr 11 14:56:21 openstack-controller mysqld[61962]: 2022-04-11 14:56:21 140323032897728 [Note] /usr/......
Apr 11 14:56:37 openstack-controller systemd[1]: Started MariaDB 10.1 database server.
Hint: Some lines were ellipsized, use -l to show in full.下面执行mysql_secure_installation命令,这是一个交互式命令,会帮你配置数据库密码、是否禁用远程连接、以及是否删除测试数据库等,比如初始安装配置好数据库,可以直接登录
[root@openstack-controller ~]# mysql_secure_installation
error: Found option without preceding group in config file: /etc/my.cnf.d/openstack.cnf at line: 1NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDBSERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.Enter current password for root (enter for none):
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
Enter current password for root (enter for none):
OK, successfully used password, moving on...Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..... Success!By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.Remove anonymous users? [Y/n] y... Success!Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.Disallow root login remotely? [Y/n] n... skipping.By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.Remove test database and access to it? [Y/n] y- Dropping test database...... Success!- Removing privileges on test database...... Success!Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.Reload privilege tables now? [Y/n] y... Success!Cleaning up...All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.Thanks for using MariaDB!
这时再查看user,发现匿名用户已经不见了,这是因为在执行mysql_secure_installation命令时,Remove anonymous users? [Y/n] 时输入的是y。
然后删除::1,因为用不到。
MariaDB [mysql]> select User,Host,Password from user;
+------+----------------------+-------------------------------------------+
| User | Host | Password |
+------+----------------------+-------------------------------------------+
| root | localhost | *43C0877E648B1FAA97CF436B1449727E9A47673E |
| root | openstack-controller | *43C0877E648B1FAA97CF436B1449727E9A47673E |
| root | 127.0.0.1 | *43C0877E648B1FAA97CF436B1449727E9A47673E |
| root | ::1 | *43C0877E648B1FAA97CF436B1449727E9A47673E |
+------+----------------------+-------------------------------------------+
4 rows in set (0.00 sec)MariaDB [mysql]> delete from user where Host="::1";
Query OK, 1 row affected (0.00 sec)MariaDB [mysql]> select User,Host,Password from user;
+------+----------------------+-------------------------------------------+
| User | Host | Password |
+------+----------------------+-------------------------------------------+
| root | localhost | *43C0877E648B1FAA97CF436B1449727E9A47673E |
| root | openstack-controller | *43C0877E648B1FAA97CF436B1449727E9A47673E |
| root | 127.0.0.1 | *43C0877E648B1FAA97CF436B1449727E9A47673E |
+------+----------------------+-------------------------------------------+
3 rows in set (0.00 sec)
到了这个时候,重新开一个bash的话,直接输入mysql已经登录不了了,因为要用用户名和密码了
[root@openstack-controller ~]# mysql
error: Found option without preceding group in config file: /etc/my.cnf.d/openstack.cnf at line: 1
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
[root@openstack-controller ~]# mysql -u root -p
error: Found option without preceding group in config file: /etc/my.cnf.d/openstack.cnf at line: 1
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 12
Server version: 10.1.20-MariaDB MariaDB ServerCopyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> 这时为了在neutron节点上也能连上数据库,需要以下操作:
MariaDB [mysql]> grant all on *.* to 'root'@'172.16.10.%' identified by 'redhat';
Query OK, 0 rows affected (0.00 sec)MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.00 sec)MariaDB [mysql]> select User,Host,Password from user;
+------+----------------------+-------------------------------------------+
| User | Host | Password |
+------+----------------------+-------------------------------------------+
| root | localhost | *43C0877E648B1FAA97CF436B1449727E9A47673E |
| root | openstack-controller | *43C0877E648B1FAA97CF436B1449727E9A47673E |
| root | 127.0.0.1 | *43C0877E648B1FAA97CF436B1449727E9A47673E |
| root | 172.16.10.% | *84BB5DF4823DA319BBF86C99624479A198E6EEE9 |
| root | 172.16.10.2 | *84BB5DF4823DA319BBF86C99624479A198E6EEE9 |
+------+----------------------+-------------------------------------------+
5 rows in set (0.00 sec)
host为可以从哪些IP地址登录,然后identified by 'redhat’的意思就是从其他节点登录时,密码是redhat。
这时从neutron节点登录:
[root@openstack-neutron yum.repos.d]# mysql -u root -h 172.16.10.2 -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 20
Server version: 10.1.20-MariaDB MariaDB ServerCopyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> 接下来在安装并配置组件:
- 组件1:消息队列服务(控制节点)
OpenStack可以支持的消息队列服务有RabbitMQ, Qpid, ZeroMQ,其中分布式系统支持和使用最为广泛的是RabbitMQ,本实验也是采用RabbitMQ部署
1)安装RabbitMQ
[root@openstack-controller yum.repos.d]# yum install rabbitmq-server -y
2)设置开机启动并启动服务
[root@openstack-controller ~]# systemctl enable rabbitmq-server
Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.
[root@openstack-controller ~]# systemctl start rabbitmq-server
# RabbitMQ是默认监听在端口5672上的
[root@openstack-controller ~]# netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 62084/beam.smp
tcp 0 0 172.16.10.2:3306 0.0.0.0:* LISTEN 61962/mysqld
tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 18939/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 19119/master
tcp6 0 0 :::5672 :::* LISTEN 62084/beam.smp
tcp6 0 0 :::22 :::* LISTEN 18939/sshd
tcp6 0 0 ::1:25 :::* LISTEN 19119/master
3)为RabbitMQ添加OpenStack用户
# 前面是用户名,后面是密码
[root@openstack-controller ~]# rabbitmqctl add_user openstack openstack
Creating user "openstack"4)给openstack用户授权
# 三个权限位分别是:可配置、可写、可读
[root@openstack-controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/"- 组件2:Memcached(控制节点)
Memcached主要是keystone用来存储用户token,这样就可以避免用户每次进行身份验证时都需要查询数据库,主要用来提升性能
1)安装软件包
[root@openstack-controller ~]# yum install memcached python-memcached -y
2)修改配置文件
[root@openstack-controller ~]# vim /etc/sysconfig/memcached
[root@openstack-controller ~]# cat /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1,controller"
# 其中 OPTIONS="-l 127.0.0.1,controller" 用于指定memcached服务的监听地址
3)设置开机启动并启动服务
[root@openstack-controller ~]# systemctl enable memcached.service
Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.
[root@openstack-controller ~]# systemctl start memcached.service
# 可知其监听在11211端口上
[root@openstack-controller ~]# netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 62084/beam.smp
tcp 0 0 172.16.10.2:3306 0.0.0.0:* LISTEN 61962/mysqld
tcp 0 0 172.16.10.2:11211 0.0.0.0:* LISTEN 63270/memcached
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 63270/memcached
tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 18939/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 19119/master
tcp6 0 0 :::5672 :::* LISTEN 62084/beam.smp
tcp6 0 0 :::22 :::* LISTEN 18939/sshd
tcp6 0 0 ::1:25 :::* LISTEN 19119/master
现在我们已经把所有准备工作做好了,接下来就该配置组件了