openstack基础服务的搭建
在上一篇文章中我们已经将我们的基本环境搭建成功了(详见主页),这次我们将对openstack中基础的服务进行搭建(全部在controller中做)。
1.数据库(可以使用mysql,我这里使用mariadb)
数据库在OpenStack中是非常常用的软件,用户数据、以及各个组件里面的数据都存储在数据库中
yum install -y mariadb mariadb-server python2-PyMySQL 安装数据库
(python2-PyMySQL是用于openstack各个组件连接数据库使用)
然后对mariadb的配置文件进行编辑
vim /etc/my.conf
在[mysqld]下面添加
default-storage-engine=innodb 定义使用的引擎
innodb_file_per_table 一个表为一个文件
collation-server=utf8_general_ci 定义字符集
init-connect='SET NAMES utf8'
character-set-server=utf8
max_connections=10000 定义最大连接数cd /usr/lib/systemd/system
对mariadb的启动文件进行优化
vim mariadb.service
LimitNPROC=10000 最大多少文件
LimitNOFILE=10000 最大启动多少资源随后启动mariadb
systemctl start mariadb
systemctl enable mariadb
对mariadb进行安全设置
mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n
... skipping.
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB安全设置时不要禁止root用户远程登录。并为root设置密码
在compute上安装
yum install -y python2-PyMySQL2.mongodb的安装与配置(controller节点)
yum install -y mongodb-server mongodb
vi /etc/mongod.conf
注释bind_ip (表示监听所有主机)
systemctl start mongod
systemctl enable mongod
3.rabbitmq的安装与配置(controller节点)
rabbitmq为消息队列,是各个组件内部同行的工具。
流程:一个组件中的应用程序讲一个任务发布到mq中,mq接受到任务后将任务转发给指定执行的主机,任务完成后,将结果返回给发布任务的主机。mq具有原子性,即不可分割性。任务只能有两种情况,一种完成,一种没有完成。只有任务完成了,并且返回了结果后。mq才会将这个任务在消息队列中删除。否则会循环发送。上一任务结束了才能进行下一任务。
安装
yum install -y rabbitmq-server
安装完成后,要先开启,再做后面的操作
systemctl start rabbitmq-server
systemctl enable rabbitmq-server因为在整个的云平台中,我们要实现的是远程的连接和登录,而我们的rabbitmq默认的用户guest是不支持远程登录的。所以我们要新创建一个用户,用于远程登录,从而使用rabbitmq
rabbitmqctl add_user openstack 123456 指定创建的用户名为openstack 密码为123456
rabbitmqctl set_permissions openstack ".*" ".*" ".*" 给予openstack用户所有权限
我们的rabbitmq还提供了一个web的管理界面
开启web管理界面
rabbitmq-plugins list
rabbitmq-plugins enable rabbitmq_management
rabbitmq-plugins enable rabbitmq_management_agent
做完上面的这些以后就可以通过web界面访问到rabbitmq了
你的ip地址加上15672的端口号,默认的用户名guest 密码与账户名一样登录后将openstack用户设为管理员,让openstack可以登录
4.memcached安装与配置
memcached相当于一个数据库,用户放置用户的认证令牌,一般的数据库是运行在硬盘上,而memcached运行在内存中,运行的速度快。
yum install -y memcached python-memcached
systemctl start memcached
systemctl enable memcachedpython-memcached是各个组件调用memcached使用的,因为memcached中缓存了很多用户的认证信息,用户去访问和调用各个组件的使用,各个组件要到memcached中查看用户的令牌,用于keystone的对比,从而得知用户有那些权限
以上就是openstack中的基础服务的配置了
