openstack之kilo安装 基础环境

发表于   |   分类于   |  

这周在折腾openstack,下面是过程小记。

参考:Chapter 2. Basic environment

Before you begin

  • 配置 stack 用户
    #
    sudo groupadd stack
    sudo useradd -g stack -s /bin/bash  -m stack
    #添加 stack 用户权限。
    sudo echo "stack ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
    #切换到 stack 用户
    sudo su - stack

Security

Networking

  • OpenStack Networking (neutron)
    The example architecture with OpenStack Networking (neutron) requires one controller node, one network node, and at least one compute node. The controller node contains one network interface on the management network. The network node contains one network interface on the management network, one on the instance tunnels network, and one on the external network. The compute node contains one network interface on the management network and one on the instance tunnels network.

The example architecture assumes use of the following networks:

Management on 10.0.0.0/24 with gateway 10.0.0.1

[Note] Note
This network requires a gateway to provide Internet access to all nodes for administrative purposes such as package installation, security updates, DNS, and NTP.

Instance tunnels on 10.0.1.0/24 without a gateway

[Note] Note
This network does not require a gateway because communication only occurs among network and compute nodes in your OpenStack environment.

External on 203.0.113.0/24 with gateway 203.0.113.1

[Note] Note
This network requires a gateway to provide Internet access to instances in your OpenStack environment.

You can modify these ranges and gateways to work with your particular network infrastructure.

Minimal architecture example with OpenStack Networking (neutron)—Network layout

  • 控制节点
#
hostnamectl set-hostname controller --static
#
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=10.0.0.11
NETMASK=255.255.255.0
EOF
#
cat <<EOF >> /etc/hosts
# controller
10.0.0.11       controller
# network
10.0.0.21       network
# compute1
10.0.0.31       compute1
EOF

ip addr | grep ^2: |awk -F “:” ‘{print$2}’ | awk -F “ “ ‘{print$1}’

  • 网络节点
#
hostnamectl set-hostname network --static
#Management network
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=10.0.0.21
NETMASK=255.255.255.0
EOF
#Tunnel network
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=10.0.1.21
NETMASK=255.255.255.0
EOF
#Set hosts
cat <<EOF >> /etc/hosts
# controller
10.0.0.11       controller
# network
10.0.0.21       network
# compute1
10.0.0.31       compute1
EOF

The external interface uses a special configuration without an IP address assigned to it. Configure the third interface as the external interface:

Replace INTERFACE_NAME with the actual interface name. For example, eth2 or ens256.

Edit the /etc/sysconfig/network-scripts/ifcfg-INTERFACE_NAME file to contain the following:

#External network
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-eth2
DEVICE=eth2
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=none
EOF

  • 计算节点
#
hostnamectl set-hostname compute1 --static
#Management network
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=10.0.0.31
NETMASK=255.255.255.0
EOF
#Tunnel network
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=10.0.1.31
NETMASK=255.255.255.0
EOF
#Storage network
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-eth2
DEVICE=eth2
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=10.0.2.31
NETMASK=255.255.255.0
EOF
#Set hosts
cat <<EOF >> /etc/hosts
# controller
10.0.0.11       controller
# network
10.0.0.21       network
# compute1
10.0.0.31       compute1
EOF

Network Time Protocol (NTP)

#修改时区
timedatectl set-timezone Asia/Shanghai
#否打开NTP选项
timedatectl set-ntp yes

OpenStack packages

  • 配置epel源

    #
    curl -o /etc/yum.repos.d/epel7.repo http://192.178.102.249/help/epel7.repo
    curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

  • 配置openstack源

    #
    curl -o /etc/yum.repos.d/openstack-kilo.repo http://192.178.102.249/help/openstack-kilo.repo
    yum install -y http://rdo.fedorapeople.org/openstack-kilo/rdo-release-kilo.rpm

  • 安装open-vm-tools
    我的底层环境使用vsphere esxi5.5 u2,为了更好的体验,安装vmware建议的open-vm-tools客户端工具,cenots 7已经集成进epel源,直接安装即可。

    #
    yum install -y open-vm-tools

  • 另外两个事情
    更新系统到最新

    #
    yum upgrade -y

注意
If the upgrade process includes a new kernel, reboot your system to activate it.

RHEL 和 CentOS 默认启用SELinux 。安装openstack-selinux 包来对OpenStack 服务相关的安全策略自动管理。

#
yum install -y openstack-selinux
#或者关闭selinux
setenforce 0
sed -i "s/\(^SELINUX=\).*\$/\1disabled/" /etc/selinux/config

SQL database

大部分OpenStack服务使用数据库存储信息。一般在控制节点安装。支持MariaDB、MySQL其他分支和PostgreSQL。

#
yum install -y mariadb mariadb-server MySQL-python

生成数据库配置文件,记得配置绑定地址到控制节点的管理网络IP以便其他节点可以通过管理网络访问。

#
echo "
[mysqld]
bind-address = controller
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8" >/etc/my.cnf.d/mariadb_openstack.cnf

启动数据库服务并配置开机自启动。

#
systemctl enable mariadb.service
systemctl start mariadb.service

对数据库进行安全加固,设置root密码,访问权限,移除测试库。

#
mysql_secure_installation

配置防火墙,允许 MySql service 通过:

#
firewall-cmd --permanent --add-service=mysql
firewall-cmd --reload

Message queue

OpenStack uses a message queue to coordinate operations and status information among services. The message queue service typically runs on the controller node. OpenStack supports several message queue services including RabbitMQ, Qpid, and ZeroMQ. However, most distributions that package OpenStack support a particular message queue service. This guide implements the RabbitMQ message queue service because most distributions support it. If you prefer to implement a different message queue service, consult the documentation associated with it.

安装:

#
yum install -y rabbitmq-server

启动并配置开机自启动:

#
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service

添加 openstack 用户:

#
rabbitmqctl add_user openstack RABBIT_PASS

修改 RABBIT_PASS 为你想设置的密码,这里我改了。

给openstack配置读写权限:

#
rabbitmqctl set_permissions openstack ".*" ".*" ".*"