这周在折腾openstack,下面是过程小记。
Before you begin
- 配置 stack 用户
#
sudo groupadd stack
sudo useradd -g stack -s /bin/bash -m stack
#添加 stack 用户权限。
sudo echo "stack ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
#切换到 stack 用户
sudo su - stack
Security
Networking
- OpenStack Networking (neutron)
The example architecture with OpenStack Networking (neutron) requires one controller node, one network node, and at least one compute node. The controller node contains one network interface on the management network. The network node contains one network interface on the management network, one on the instance tunnels network, and one on the external network. The compute node contains one network interface on the management network and one on the instance tunnels network.
The example architecture assumes use of the following networks:
Management on 10.0.0.0/24 with gateway 10.0.0.1
[Note] Note
This network requires a gateway to provide Internet access to all nodes for administrative purposes such as package installation, security updates, DNS, and NTP.
Instance tunnels on 10.0.1.0/24 without a gateway
[Note] Note
This network does not require a gateway because communication only occurs among network and compute nodes in your OpenStack environment.
External on 203.0.113.0/24 with gateway 203.0.113.1
[Note] Note
This network requires a gateway to provide Internet access to instances in your OpenStack environment.
You can modify these ranges and gateways to work with your particular network infrastructure.
Minimal architecture example with OpenStack Networking (neutron)—Network layout
- 控制节点
# |
# |
# |
ip addr | grep ^2: |awk -F “:” ‘{print$2}’ | awk -F “ “ ‘{print$1}’
- 网络节点
# |
#Management network |
The external interface uses a special configuration without an IP address assigned to it. Configure the third interface as the external interface:
Replace INTERFACE_NAME with the actual interface name. For example, eth2 or ens256.
Edit the /etc/sysconfig/network-scripts/ifcfg-INTERFACE_NAME file to contain the following:#External network
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-eth2
DEVICE=eth2
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=none
EOF
- 计算节点
# |
#Management network |
Network Time Protocol (NTP)
#修改时区 |
OpenStack packages
配置epel源
#
curl -o /etc/yum.repos.d/epel7.repo http://192.178.102.249/help/epel7.repo
curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo配置openstack源
#
curl -o /etc/yum.repos.d/openstack-kilo.repo http://192.178.102.249/help/openstack-kilo.repo
yum install -y http://rdo.fedorapeople.org/openstack-kilo/rdo-release-kilo.rpm安装open-vm-tools
我的底层环境使用vsphere esxi5.5 u2,为了更好的体验,安装vmware建议的open-vm-tools客户端工具,cenots 7已经集成进epel源,直接安装即可。#
yum install -y open-vm-tools另外两个事情
更新系统到最新#
yum upgrade -y
注意
If the upgrade process includes a new kernel, reboot your system to activate it.
RHEL 和 CentOS 默认启用SELinux 。安装openstack-selinux 包来对OpenStack 服务相关的安全策略自动管理。#
yum install -y openstack-selinux
#或者关闭selinux
setenforce 0
sed -i "s/\(^SELINUX=\).*\$/\1disabled/" /etc/selinux/config
SQL database
大部分OpenStack服务使用数据库存储信息。一般在控制节点安装。支持MariaDB、MySQL其他分支和PostgreSQL。
# |
生成数据库配置文件,记得配置绑定地址到控制节点的管理网络IP以便其他节点可以通过管理网络访问。#
echo "
[mysqld]
bind-address = controller
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8" >/etc/my.cnf.d/mariadb_openstack.cnf
启动数据库服务并配置开机自启动。#
systemctl enable mariadb.service
systemctl start mariadb.service
对数据库进行安全加固,设置root密码,访问权限,移除测试库。#
mysql_secure_installation
配置防火墙,允许 MySql service 通过:#
firewall-cmd --permanent --add-service=mysql
firewall-cmd --reload
Message queue
OpenStack uses a message queue to coordinate operations and status information among services. The message queue service typically runs on the controller node. OpenStack supports several message queue services including RabbitMQ, Qpid, and ZeroMQ. However, most distributions that package OpenStack support a particular message queue service. This guide implements the RabbitMQ message queue service because most distributions support it. If you prefer to implement a different message queue service, consult the documentation associated with it.
安装:#
yum install -y rabbitmq-server
启动并配置开机自启动:#
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
添加 openstack 用户:#
rabbitmqctl add_user openstack RABBIT_PASS
修改 RABBIT_PASS 为你想设置的密码,这里我改了。
给openstack配置读写权限:#
rabbitmqctl set_permissions openstack ".*" ".*" ".*"