【一】OpenStack-基础配置
原创
©著作权归作者所有:来自51CTO博客作者mb612e1baf11b8e的原创作品,请联系作者获取转载授权,否则将追究法律责任
实验拓扑
配置服务器openstack-controller1
官方网站安装部署指导
https://docs.openstack.org/install-guide/openstack-services.html
#最后一个中文文档
https://docs.openstack.org/ocata/zh_CN/install-guide-rdo/
#安装系统时 按tab 使得ens33 改为 eth0
配置:net.ifnames=0 biosdevname=0
#配置网略
ip addr
cd /etc/sysconfig/network-scripts/
[root@openstack-controller1 network-scripts]# cat ifcfg-eth0
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="eth0"
UUID="39d55d0d-ed5c-4497-8767-8f56571c92d6"
DEVICE="eth0"
ONBOOT="yes"
IPADDR="192.168.40.101"
PREFIX="21"
GATEWAY="192.168.40.2"
DNS1="192.168.40.2"
DNS2="114.114.114.114"
DNS3="8.8.8.8"
IPV6_PRIVACY="no"
#不要指网关
[root@openstack-controller1 network-scripts]# vi ifcfg-eth1
[root@openstack-controller1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
ONBOOT=yes
DEVICE=eth1
NAME=eth1
BOOTPROTO=static
IPADDR=10.10.7.101
NETMASK=255.255.248.0
PROXY_METHOD=none
BROWSER_ONLY=no
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
UUID=fae29040-2677-49bf-9946-642100a8fd7d
#关闭防火墙、selinux、NetWorkManager
systemctl disable firewalld
#关闭 SELinux(Security-Enhanced Linux) 强制访问控制
getenforce
setenforce 0
sed -i 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
systemctl disable NetworkManager
#安装yum 软件
yum install -y vim wget tree lrzsz gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel openssl openssl-devel iproute net-tools iotop lsof ntpdate telnet bridge-utils curl
#配置主机名、hosts文件
[root@openstack-controller1 network-scripts]# vim /etc/hostname
openstack-controller1.xks.local
[root@openstack-controller1 ~]# vim /etc/hosts
192.168.40.101 openstack-controller1.xks.local openstack-controller1
192.168.40.103 openstack-mysql.xks.local openstack-mysql
192.168.40.105 openstack-haproxy1.xks.local openstack-haproxy1
192.168.40.107 openstack-node1.xks.local openstack-node1
192.168.40.248 openstack-vip.xks.local openstack-vip
#配置时间同步
[root@openstack-controller1 network-scripts]# cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
[root@openstack-controller1 network-scripts]# crontab -e
*/10 * * * * /usr/sbin/ntpdate time1.aliyun.com && hwclock -w
#不要配置 yum update 会有问题
#查看能够支持的版本
[root@openstack-controller1 ~]# yum list centos-release-openstack*
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.ustc.edu.cn
* extras: ftp.sjtu.edu.cn
* updates: mirrors.ustc.edu.cn
Available Packages
centos-release-openstack-queens.noarch 1-2.el7.centos extras
centos-release-openstack-rocky.noarch 1-1.el7.centos extras
centos-release-openstack-stein.noarch 1-1.el7.centos extras
centos-release-openstack-train.noarch 1-1.el7.centos extras
#启用OpenStack库
yum install -y centos-release-openstack-train.noarch
yum install -y https://rdoproject.org/repos/rdo-release.rpm
#Finalize the installation
yum install -y python-openstackclient openstack-selinux
#必须安装此模块 用于连接mysql
yum install -y python2-PyMySQL
#必须安装此模块 用于连接memcached
yum install -y memcached python-memcached
#下面不用配置
#阿里云镜像
https://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-train/
#在RHEL上,下载和安装RDO仓库RPM来启用OpenStack仓库。
yum install https://rdoproject.org/repos/rdo-release.rp
配置服务器openstack-mysql(包括 mariadb、rabbitmq、memcache)
参考上面操作
IP:192.168.40.103
10.10.7.103
打快照
#启用OpenStack库
yum install -y centos-release-openstack-train.noarch
yum install -y https://rdoproject.org/repos/rdo-release.rpm
#SQL database for RHEL and CentOS
#mariadb mariadb-server python2-PyMySQL-controller必须安装
yum install mariadb mariadb-server python2-PyMySQL
vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 0.0.0.0
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
#开机自启
[root@openstack-mysql ~]# systemctl restart mariadb
[root@openstack-mysql ~]# systemctl enable mariadb
[root@openstack-mysql ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:3306 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
# mysql_secure_installation
#Message queue for RHEL and CentOS
#rabbitmq-server.noarch 0:3.6.16-1.el7
yum install -y rabbitmq-server
#开启服务
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
#添加rabbitmq账户
rabbitmqctl add_user openstack openstack123
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
#开启插件 - 15672 guest/guest
rabbitmq-plugins enable rabbitmq_management
ss -nltp | grep 15672
#Memcached for RHEL and CentOS
yum install -y memcached python-memcached
#开启cachesize:1G options改为0.0.0.0
vim /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="1024"
OPTIONS="-l 0.0.0.0,::1"
systemctl enable memcached.service
systemctl start memcached.service
ss -ntlp | grep 11211
配置服务器openstack-haproxy1
参考上面操作
IP:192.168.40.105
10.10.7.105
打快照
yum install -y keepalived haproxy
#===配置keepalived===
#创建VIP 配置 keepalived
#vrrp_iptables 必须加上这条 否则ping不通vip
[root@openstack-haproxy1 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 58
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.40.248 dev eth0 label eth0:0
}
}
systemctl restart keepalived
ifconfig | grep 192.168.40.248
#===配置Haproxy===
# mode tcp
[root@openstack-haproxy1 ~]# cat /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
listen openstack-mysql-3306
bind 192.168.40.248:3306
mode tcp
server 192.168.40.103 192.168.40.103:3306 check inter 3s fall 3 rise 5
listen openstack-rabbitmq-5672
bind 192.168.40.248:5672
mode tcp
server 192.168.40.103 192.168.40.103:5672 check inter 3s fall 3 rise 5
listen openstack-memcached-11211
bind 192.168.40.248:11211
mode tcp
server 192.168.40.103 192.168.40.103:11211 check inter 3s fall 3 rise 5
[root@openstack-haproxy1 ~]# systemctl restart haproxy
[root@openstack-haproxy1 ~]# systemctl enable haproxy
[root@openstack-haproxy1 ~]# ss -nltp | grep 192.168.40.248
LISTEN 0 128 192.168.40.248:5672 *:* users:(("haproxy",pid=2853,fd=7))
LISTEN 0 128 192.168.40.248:3306 *:* users:(("haproxy",pid=2853,fd=5))
LISTEN 0 128 192.168.40.248:11211 *:* users:(("haproxy",pid=2853,fd=8))
#openstack-controller1上 测试是否可以正常访问
[root@openstack-controller1 ~]# telnet 192.168.40.248 3306
[root@openstack-controller1 ~]# telnet 192.168.40.248 5672
[root@openstack-controller1 ~]# telnet 192.168.40.248 11211