文章目录
- 一:安装系统
- 二:同步Openstack生产环境源
- 2.1 备份系统自带的yum源
- 2.2 编辑阿里云Centos 7 官方源和OpenStack源
- 2.3 检验阿里云源是否正常
- 2.4 安装相关软件
- 2.5 创建源目录,挂载数据盘,将源同步到本地目录
- 三:解决OpenStack软件环境依赖关系
- 3.1 创建软件依赖关系库
- 3.2 更新源数据
- 3.3 创建更新yum脚本
- 3.4 将脚本加入到定时任务中
- 四:发布本地OpenStack-YUM源仓库
- 4.1 安装nginx开启目录权限保证本地机器可以直接本地yum源
- 五:OpenStack客户端部署本地YUM源仓库
- 5.1 登录客户机(192.168.254.0/24)测试本地YUM源
- 5.2 测试是否可以下载RPM包
- 六:配置阿里云时间同步服务、配置NTP服务
- 6.1 配置同步阿里时钟,在192.168.254.152(本地源)配置
- 6.2 NTP时钟同步完毕,便开始安装NTP服务,让别人同步自己
前言:
根据OpenStack现场搭建环境,当前服务器不具备搭建要求,就需要对Yum源的仓库进行本地化实施。
解决方案如下:
1、寻找第三方OpenStack生产环境专用yum源仓库https://mirrors.aliyun.com/centos/7/cloud/x86_64/
2、搭建Centos 7.6 系统载体
3、同步Openstack生产环境源
4、解决OpenStack软件环境依赖关系
5、发布本地OpenStack-YUM源仓库
6、OpenStack客户端部署本地YUM源仓库
7、配置阿里云时间同步服务、配置NTP服务(允许自己的网段)
一:安装系统
配置如下:
Centos 7.6 虚拟机一台
CPU:双核双线程
内存:2G
硬盘:30G系统盘+300G挂载盘
安装桌面-开发工具
网卡:NAT模式(192.168.247.0/24) 仅主机模式(192.168.254.0/24)
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# ls
ifcfg-ens33 ifdown-ipv6 ifdown-tunnel ifup-isdn ifup-TeamPort
ifcfg-ens34 ifdown-isdn ifup ifup-plip ifup-tunnel
ifcfg-lo ifdown-post ifup-aliases ifup-plusb ifup-wireless
ifdown ifdown-ppp ifup-bnep ifup-post init.ipv6-global
ifdown-bnep ifdown-routes ifup-eth ifup-ppp network-functions
ifdown-eth ifdown-sit ifup-ib ifup-routes network-functions-ipv6
ifdown-ib ifdown-Team ifup-ippp ifup-sit
ifdown-ippp ifdown-TeamPort ifup-ipv6 ifup-Team
[root@localhost network-scripts]# vim ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=b36d565c-37ff-41ad-824a-118cd09113f9
DEVICE=ens33
ONBOOT=yes
DNS1=8.8.8.8
DNS2=114.114.114.114
[root@localhost network-scripts]# vim ifcfg-ens34
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens34
UUID=38139b48-e28e-428d-8e57-9dcecd625a89
DEVICE=ens34
ONBOOT=yes
IPADDR=192.168.254.152
NETMASK=255.255.255.0
GATEWAY=192.168.254.1
[root@localhost network-scripts]# systemctl restart network
[root@localhost network-scripts]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.247.134 netmask 255.255.255.0 broadcast 192.168.247.255
inet6 fe80::4341:65ad:6356:8ca5 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:9d:f2:d9 txqueuelen 1000 (Ethernet)
RX packets 12748 bytes 18711030 (17.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2131 bytes 141596 (138.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.254.152 netmask 255.255.255.0 broadcast 192.168.254.255
[root@localhost network-scripts]# ping www.baidu.com
PING www.a.shifen.com (180.101.49.11) 56(84) bytes of data.
64 bytes from 180.101.49.11 (180.101.49.11): icmp_seq=1 ttl=128 time=9.14 ms
64 bytes from 180.101.49.11 (180.101.49.11): icmp_seq=2 ttl=128 time=8.67 ms
64 bytes from 180.101.49.11 (180.101.49.11): icmp_seq=3 ttl=128 time=8.66 ms
^C
--- www.a.shifen.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2005ms
rtt min/avg/max/mdev = 8.660/8.824/9.142/0.249 ms
[root@localhost network-scripts]# ping 192.168.254.1
PING 192.168.254.1 (192.168.254.1) 56(84) bytes of data.
64 bytes from 192.168.254.1: icmp_seq=1 ttl=128 time=1.32 ms
64 bytes from 192.168.254.1: icmp_seq=2 ttl=128 time=0.754 ms
64 bytes from 192.168.254.1: icmp_seq=3 ttl=128 time=0.777 ms
64 bytes from 192.168.254.1: icmp_seq=4 ttl=128 time=0.829 ms
^C
--- 192.168.254.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 0.754/0.922/1.328/0.235 ms
[root@localhost network-scripts]#
防火墙:关闭
[root@localhost network-scripts]# systemctl stop firewalld.service
[root@localhost network-scripts]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
核心防护:关闭
[root@localhost network-scripts]# setenforce 0
[root@localhost network-scripts]# vim /etc/selinux/config
SELINUX=disabled
二:同步Openstack生产环境源
2.1 备份系统自带的yum源
[root@localhost network-scripts]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# mkdir bak
[root@localhost yum.repos.d]# mv C* bak/
[root@localhost yum.repos.d]# hostnamectl set-hostname opstkyumy
[root@localhost yum.repos.d]# su
[root@opstkyumy yum.repos.d]#
2.2 编辑阿里云Centos 7 官方源和OpenStack源
将相关的repo文件复制到/etc/yum.repos.d/下
CentOS-QEMU-EV.repo
epel.repo
openstack.repo
CentOS-Base.repo
CentOS-Storage-common.repo
nginx.repo
[root@opstkyumy yum.repos.d]# mkdir /abc
[root@opstkyumy yum.repos.d]# mount.cifs //192.168.254.1/linuxs /abc
Password for root@//192.168.254.1/linuxs:
[root@opstkyumy yum.repos.d]# cp /abc/yum.repos.d/* .
[root@opstkyumy yum.repos.d]# ls
bak CentOS-QEMU-EV.repo epel.repo openstack.repo
CentOS-Base.repo CentOS-Storage-common.repo nginx.repo
2.3 检验阿里云源是否正常
[root@opstkyumy yum.repos.d]# yum repolist
2.4 安装相关软件
yum-utils:reposync同步工具
createrepo:编辑yum库工具 做依赖关系用
plugin-priorities:控制yum源更新优先级工具,这个工具可以用来控制进行yum源检索的先后顺序,建议可以用在client端。
注:由于很多人喜欢最小化安装,上边软件是一些常用环境。
[root@opstkyumy yum.repos.d]# yum install -y wget make cmake gcc gcc-c++ pcre-devel zlib-devel openssl openssl-devel createrepo yum-utils
2.5 创建源目录,挂载数据盘,将源同步到本地目录
[root@opstkyumy yum.repos.d]# mkdir /data
[root@opstkyumy yum.repos.d]# fdisk -l
磁盘 /dev/sdb:322.1 GB, 322122547200 字节,629145600 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理):512 字节 / 512 字节
I/O 大小(最小/最佳):512 字节 / 512 字节
磁盘 /dev/sda:32.2 GB, 32212254720 字节,62914560 个扇区
Units = 扇区 of 1 * 512 = 512 bytes
扇区大小(逻辑/物理):512 字节 / 512 字节
I/O 大小(最小/最佳):512 字节 / 512 字节
磁盘标签类型:dos
磁盘标识符:0x0001df55
设备 Boot Start End Blocks Id System
/dev/sda1 * 2048 2099199 1048576 83 Linux
/dev/sda2 2099200 6295551 2098176 82 Linux swap / Solaris
/dev/sda3 6295552 62914559 28309504 83 Linux
[root@opstkyumy yum.repos.d]#
[root@opstkyumy yum.repos.d]# mkfs.xfs /dev/sdb
meta-data=/dev/sdb isize=512 agcount=4, agsize=19660800 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=0, sparse=0
data = bsize=4096 blocks=78643200, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=1
log =internal log bsize=4096 blocks=38400, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
[root@opstkyumy yum.repos.d]# mount /dev/sdb /data
[root@opstkyumy data]# vim /etc/fstab
/dev/sdb /data xfs defaults 0 0
[root@opstkyumy data]# mount -a //也可以重启生效更稳妥
[root@opstkyumy data]# df -Th
文件系统 类型 容量 已用 可用 已用% 挂载点
/dev/sda3 xfs 27G 4.2G 23G 16% /
devtmpfs devtmpfs 895M 0 895M 0% /dev
tmpfs tmpfs 910M 0 910M 0% /dev/shm
tmpfs tmpfs 910M 11M 900M 2% /run
tmpfs tmpfs 910M 0 910M 0% /sys/fs/cgroup
/dev/sda1 xfs 1014M 174M 841M 18% /boot
tmpfs tmpfs 182M 4.0K 182M 1% /run/user/42
tmpfs tmpfs 182M 24K 182M 1% /run/user/0
/dev/sr0 iso9660 4.3G 4.3G 0 100% /run/media/root/CentOS 7 x86_64
//192.168.254.1/linuxs cifs 455G 183G 273G 41% /abc
/dev/sdb xfs 300G 33M 300G 1% /data
开始同步,将源同步到本地目录
可以用 repo -r --repoid=repoid指定要查询的repo id,可以指定多个(# reposync -r base -p /data #这里同步base目录到本地)
更新新的rpm包
reposync -np /data
注:时间同样较长,请耐心等待。
[root@opstkyumy ~]# reposync -p /data
[root@opstkyumy data]# ls
base epel nginx openstack-rocky openstack-train
centos-qemu-ev extras openstack-queens openstack-stein updates
[root@opstkyumy data]# ls base/
Packages //里面都是RPM包
[root@opstkyumy data]# ls epel/
Packages
[root@opstkyumy data]# ls nginx/
RPMS
[root@opstkyumy data]# ls openstack-rocky/ //里面都是RPM包
[root@opstkyumy data]# ls centos-qemu-ev/
[root@opstkyumy data]# ls extras/
Packages
[root@opstkyumy data]# ls updates/
Packages
三:解决OpenStack软件环境依赖关系
3.1 创建软件依赖关系库
[root@opstkyumy ~]# createrepo -po /data/base/ /data/base/
[root@opstkyumy ~]# createrepo -po /data/extras/ /data/extras/
[root@opstkyumy ~]# createrepo -po /data/updates/ /data/updates/
[root@opstkyumy ~]# createrepo -po /data/epel/ /data/epel/
[root@opstkyumy ~]# createrepo -po /data/openstack-queens/ /data/openstack-queens/
[root@opstkyumy ~]# createrepo -po /data/openstack-rocky/ /data/openstack-rocky/
[root@opstkyumy ~]# createrepo -po /data/openstack-stein/ /data/openstack-stein/
[root@opstkyumy ~]# createrepo -po /data/openstack-train/ /data/openstack-train/
[root@opstkyumy ~]# createrepo -po /data/centos-qemu-ev /data/centos-qemu-ev/
[root@opstkyumy ~]# createrepo -po /data/nginx /data/nginx
3.2 更新源数据
[root@localhost ~]# createrepo --update /data/base
[root@localhost ~]# createrepo --update /data/extras
[root@localhost ~]# createrepo --update /data/updates
[root@localhost ~]# createrepo --update /data/epel
[root@localhost ~]# createrepo --update /data/openstack-queens
[root@localhost ~]# createrepo --update /data/openstack-rocky
[root@localhost ~]# createrepo --update /data/openstack-stein
[root@localhost ~]# createrepo --update /data/openstack-train
[root@localhost ~]# createrepo --update /data/centos-qemu-ev
[root@localhost ~]# createrepo --update /data/nginx
3.3 创建更新yum脚本
[root@opstkyumy ~]# mkdir /data/script
[root@opstkyumy ~]# vim /data/script/centos_openstack_yum_update.sh
#!/bin/bash
echo 'Updating Aliyum Source'
DATETIME=`date +%F_%T`
exec > /var/log/aliyumrepo_$DATETIME.log
reposync -np /data
if [ $? -eq 0 ];then
createrepo --update /data/base
createrepo --update /data/extras
createrepo --update /data/updates
createrepo --update /data/epel
createrepo --update /data/openstack-queens
createrepo --update /data/openstack-rocky
createrepo --update /data/openstack-stein
createrepo --update /data/openstack-train
createrepo --update /data/centos-ceph-nautilus
createrepo --update /data/centos-nfs-ganesha28
createrepo --update /data/centos-ceph-luminous
createrepo --update /data/centos-qemu-ev
createrepo --update /data/nginx
createrepo --update /data/ceph-noarch
echo "SUCESS: $DATETIME aliyum_yum update successful"
else
echo "ERROR: $DATETIME aliyum_yum update failed"
fi
[root@opstkyumy ~]# chmod +x /data/script/centos_openstack_yum_update.sh
3.4 将脚本加入到定时任务中
[root@opstkyumy ~]# crontab -e
00 13 * * 6 [ $(date +%d) -eq $(cal | awk 'NR==3{print $NF}') ] && /bin/bash /data/script/centos_openstack_yum_update.sh
四:发布本地OpenStack-YUM源仓库
4.1 安装nginx开启目录权限保证本地机器可以直接本地yum源
[root@opstkyumy ~]# groupadd nginx
[root@opstkyumy ~]# useradd -r -g nginx -s /bin/false -M nginx
[root@opstkyumy ~]# yum -y install nginx
[root@opstkyumy ~]# vim /etc/nginx/nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name opstkyumy;
root /data;
location / {
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
charset utf-8,gbk;
index index.html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
[root@opstkyumy nginx]# systemctl start nginx
[root@opstkyumy nginx]# systemctl stop firewalld
[root@opstkyumy nginx]# systemctl disable firewalld
[root@opstkyumy nginx]# setenforce 0
setenforce: SELinux is disabled
[root@opstkyumy nginx]# systemctl enable nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
五:OpenStack客户端部署本地YUM源仓库
5.1 登录客户机(192.168.254.0/24)测试本地YUM源
首先先配置网卡
[root@localhost ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.254.40 netmask 255.255.255.0 broadcast 192.168.254.255
inet6 fe80::172f:76ba:bad8:2ef7 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:8d:1e:35 txqueuelen 1000 (Ethernet)
RX packets 3712 bytes 632590 (617.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 176 bytes 15930 (15.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost ~]# ping 192.168.254.152
PING 192.168.254.152 (192.168.254.152) 56(84) bytes of data.
64 bytes from 192.168.254.152: icmp_seq=1 ttl=64 time=1.23 ms
64 bytes from 192.168.254.152: icmp_seq=2 ttl=64 time=0.773 ms
^C
--- 192.168.254.152 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 0.773/1.003/1.234/0.232 ms
然后搭建私网仓库
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# ls
bak local.repo
[root@localhost yum.repos.d]# rm -rf local.repo
[root@localhost yum.repos.d]# vim openstack.repo
[base]
name=CentOS-$releasever - Base - data.template.com
baseurl=http://192.168.254.152/base/
enabled=1
gpgcheck=0
[updates]
name=CentOS-$releasever - Updates - data.template.com
baseurl=http://192.168.254.152/updates/
enabled=1
gpgcheck=0
[extras]
name=CentOS-$releasever - Extras - datas.template.com
baseurl=http://192.168.254.152/extras/
enabled=1
gpgcheck=0
[epel]
name=CentOS-$releasever - epel - datas.template.com
baseurl=http://192.168.254.152/epel/
failovermethod=priority
enabled=1
gpgcheck=0
#[openstack-queens]
#name=openstack-queens
#baseurl=http://192.168.254.152/openstack-queens/
#gpgcheck=0
#enabled=1
#[openstack-rocky]
#name=openstack-rocky
#baseurl=http://192.168.254.152/openstack-rocky/
#gpgcheck=0
#enabled=1
#[openstack-stein]
#name=openstack-stein
#baseurl=http://192.168.254.152/openstack-stein/
#gpgcheck=0
#enabled=1
[openstack-train]
name=openstack-train
baseurl=http://192.168.254.152/openstack-train/
gpgcheck=0
enabled=1
#[centos-ceph-luminous]
#name=centos-ceph-luminous
#baseurl=http://192.168.254.152/centos-ceph-luminous/
#gpgcheck=0
#enabled=1
#[centos-ceph-nautilus]
#name=centos-ceph-nautilus
#baseurl=http://192.168.254.152/centos-ceph-nautilus/
#gpgcheck=0
#enabled=1
#[centos-nfs-ganesha28]
#name=centos-nfs-ganesha28
#baseurl=http://192.168.254.152/centos-nfs-ganesha28/
#gpgcheck=0
#enabled=1
[centos-qemu-ev]
name=centos-qemu-ev
baseurl=http://192.168.254.152/centos-qemu-ev/
gpgcheck=0
enabled=1
[nginx]
name=nginx
baseurl=http://192.168.254.152/nginx/
gpgcheck=0
enabled=1
#[ceph-noarch]
#name=ceph-noarch
#baseurl=http://192.168.254.152/ceph-noarch/
#gpgcheck=0
#enabled=1
[root@localhost yum.repos.d]# yum clean all
[root@localhost yum.repos.d]# yum makecache
5.2 测试是否可以下载RPM包
[root@localhost yum.repos.d]# cd /opt
[root@localhost opt]# ls
rh
[root@localhost opt]# yumdownloader openstack-swift-account
[root@localhost opt]# ll
总用量 24
-rw-r--r-- 1 root root 21264 10月 25 22:27 openstack-swift-account-2.23.1-1.el7.noarch.rpm
drwxr-xr-x. 2 root root 6 10月 31 2018 rh
可以下载,部署成功
六:配置阿里云时间同步服务、配置NTP服务
6.1 配置同步阿里时钟,在192.168.254.152(本地源)配置
[root@opstkyumy data]# yum -y install ntpdate
[root@opstkyumy data]# ntpdate ntp.aliyun.com
19 Feb 23:19:01 ntpdate[54480]: adjust time server 203.107.6.88 offset -0.002603 sec
[root@opstkyumy ~]# crontab -e
*/30 * * * * /usr/sbin/ntpdate ntp.aliyun.com >>/var/log/ntpdate.log
//可以先把时间调小一点,测试是否生效
[root@opstkyumy data]# cd /var/log/
[root@opstkyumy log]# systemctl restart crond
[root@opstkyumy log]# systemctl enable crond
[root@opstkyumy log]# ll | grep "ntp"
-rw-r--r-- 1 root root 84 Feb 19 23:22 ntpdate.log
[root@opstkyumy log]# tail -f /var/log/ntpdate.log
19 Feb 23:22:09 ntpdate[57911]: adjust time server 203.107.6.88 offset 0.005077 sec
19 Feb 23:23:09 ntpdate[59092]: adjust time server 203.107.6.88 offset -0.001974 sec
6.2 NTP时钟同步完毕,便开始安装NTP服务,让别人同步自己
[root@opstkyumy log]# yum -y install ntp
[root@opstkyumy log]# vim /etc/ntp.conf
8 restrict default nomodify notrap
17 restrict 192.168.254.0 mask 255.255.255.0 nomodify notrap
//原有的21-24行删除,加入下面配置
21 fudeg 127.127.1.0 stratum 10
22 server 127.127.1.0
NTP设置开机自启然后reboot之后出现没有自启动的bug解决:
通过禁止chronyd服务开启自启动之后再将系统重启
chronyd是linux自带的时间服务
[root@opstkyumy log]# systemctl disable chronyd.service
Removed symlink /etc/systemd/system/multi-user.target.wants/chronyd.service.
[root@opstkyumy log]# systemctl restart ntpd
[root@opstkyumy log]# systemctl enable ntpd
Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
2.168.254.0 mask 255.255.255.0 nomodify notrap
//原有的21-24行删除,加入下面配置
21 fudeg 127.127.1.0 stratum 10
22 server 127.127.1.0
NTP设置开机自启然后reboot之后出现没有自启动的bug解决:
通过禁止chronyd服务开启自启动之后再将系统重启
chronyd是linux自带的时间服务
[root@opstkyumy log]# systemctl disable chronyd.service
Removed symlink /etc/systemd/system/multi-user.target.wants/chronyd.service.
[root@opstkyumy log]# systemctl restart ntpd
[root@opstkyumy log]# systemctl enable ntpd
Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
配置完毕,记得拍快照留念