1、先电云计算基础架构服务平台用户手册XianDianiaasv21云计算基础架构服务平台用户手册 版本:先电 iaas V2.1 发布日期:2017年04月20日南京第五十五所技术开发有限公司版本修订说明修订版本修订时间修订说明Xiandian-iaas-v2.02016年10月28日云计算基础架构服务平台用户手册2.0Xiandian-iaas-v2.12017年04月20日修改上个版本已知错误,部分配置文件进行修改优化,修改数据库连接,添加Trove组件,添加系统卸载脚本1 基本环境配置云计算平台的拓扑图如图1所示,IP地址规划如图1所示。图1云计算平台拓扑图本次搭建采用双节点安装,即con
2、troller node控制节点和compute node计算节点。enp8s0为外部网络,enp9s0为内部管理网络。存储节点安装操作系统时划分两个空白分区以sda,sdb为例。作为cinder和swift存储磁盘,搭建 ftp服务器作为搭建云平台的yum源。配置文件中密码需要根据实际环境进行配置。1.1安装CentOS7说明 【空白分区划分】CentOS7的安装与CentOS6.5的安装有明显的区别。在CentOS7安装过程中,设置分区都需要一个挂载点,这样一来就无法创建两个空白的磁盘分区作为cinder服务和swift服务的存储磁盘了。 所以我们应该在系统安装过程中留下足够的磁盘大小,系
3、统安装完成后,使用命令parted划分新分区,然后使用mkfs.xfs进行文件系统格式化,完成空白分区的划分。具体命令如下:rootcompute # parted /dev/md126 (parted) mkpart swift 702G 803G /创建swift分区,从702G到803G rootcompute # mkfs.xfs /dev/md126p51.2配置网络、主机名修改和添加/etc/sysconfig/network-scripts/ifcfg-enp*(具体的网口)文件。(1)controller节点配置网络:enp8s0: 192.168.100.10DEVICE=e
4、np8s0TYPE=EthernetONBOOT=yesNM_CONTROLLED=noBOOTPROTO=staticIPADDR=192.168.100.10PREFIX=24GATEWAY=192.168.100.1enp9s0: 192.168.200.10DEVICE=enp9s0TYPE=EthernetONBOOT=yesNM_CONTROLLED=noBOOTPROTO=staticIPADDR=192.168.200.10PREFIX=24配置主机名:重启网卡命令 service network restart# hostnamectl set-hostname contro
5、ller按ctrl+d 退出 重新登陆(2)compute 节点配置网络:enp8s0: 192.168.100.20DEVICE=enp8s0TYPE=EthernetONBOOT=yesNM_CONTROLLED=noBOOTPROTO=staticIPADDR=192.168.100.20PREFIX=24GATEWAY=192.168.100.1enp9s0: 192.168.200.20DEVICE=enp9s0TYPE=EthernetONBOOT=yesNM_CONTROLLED=noBOOTPROTO=staticIPADDR=192.168.200.20PREFIX=24配置
6、主机名:# hostnamectl set-hostname compute按ctrl+d 退出 重新登陆1.3配置yum源#Controller和compute节点(1)yum源备份#mv /etc/yum.repos.d/* /opt/(2)创建repo文件【controller】在/etc/yum.repos.d创建centos.repo源文件centosname=centosbaseurl=file:/opt/centosgpgcheck=0enabled=1iaasname=iaasbaseurl=file:/opt/iaas-repogpgcheck=0enabled=1【comp
7、ute】在/etc/yum.repos.d创建centos.repo源文件centosname=centosbaseurl=ftp:/192.168.100.10/centosgpgcheck=0enabled=1iaasname=iaasbaseurl=ftp:/192.168.100.10/iaas-repogpgcheck=0enabled=1(3)挂载iso文件【挂载CentOS-7-x86_64-DVD-1511.iso】rootcontroller # mount -o loop CentOS-7-x86_64-DVD-1511.iso /mnt/rootcontroller #
8、mkdir /opt/centosrootcontroller # cp -rvf /mnt/* /opt/centos/rootcontroller # umount /mnt/【挂载XianDian-IaaS-v2.0-1228.iso】rootcontroller # mount -o loop XianDian-IaaS-v2.0-1228.iso /mnt/rootcontroller # cp -rvf /mnt/* /opt/rootcontroller # umount /mnt/(4)搭建ftp服务器,开启并设置自启rootcontroller # yum install v
9、sftpd yrootcontroller # vi /etc/vsftpd/vsftpd.conf添加anon_root=/opt/保存退出rootcontroller # systemctl start vsftpdrootcontroller # systemctl enable vsftpd(5)关闭防火墙并设置开机不自启【controller/compute】systemctl stop firewalldsystemctl disable firewalld(6)清除缓存,验证yum源【controller/compute】# yum clean all# yum list1.4编
10、辑环境变量# controller和compute节点# yum install iaas-xiandian -y编辑文件/etc/xiandian/openrc.sh,此文件是安装过程中的各项参数,根据每项参数上一行的说明及服务器实际情况进行配置。HOST_IP=192.168.100.10HOST_NAME=controllerHOST_IP_NODE=192.168.100.20HOST_NAME_NODE=computeRABBIT_USER=openstackRABBIT_PASS=000000DB_PASS=000000DOMAIN_NAME=demo(自定义)ADMIN_PASS
11、=000000DEMO_PASS=000000KEYSTONE_DBPASS=000000GLANCE_DBPASS=000000GLANCE_PASS=000000NOVA_DBPASS=000000NOVA_PASS=000000NEUTRON_DBPASS=000000NEUTRON_PASS=000000METADATA_SECRET=000000INTERFACE_NAME=enp9s0(外网网卡名)CINDER_DBPASS=000000CINDER_PASS=000000TROVE_DBPASS=000000TROVE_PASS=000000BLOCK_DISK=md126p4(
12、空白分区名)SWIFT_PASS=000000OBJECT_DISK=md126p5(空白分区名)STORAGE_LOCAL_NET_IP=192.168.100.20HEAT_DBPASS=000000HEAT_PASS=000000CEILOMETER_DBPASS=000000CEILOMETER_PASS=000000AODH_DBPASS=000000AODH_PASS=0000001.5通过脚本安装服务1.6-1.9的基础配置操作命令已经编写成shell脚本,通过脚本进行一键安装。如下:# Controller节点和Compute节点执行脚本iaas-pre-host.sh进行安装
13、# 安装完成后同时重启rootcontroller # reboot1.6安装Openstack包# controller和compute节点# yum -y install openstack-utils openstack-selinux python-openstackclient# yum upgrade1.7配置域名解析修改/etc/hosts添加一下内容(1)controller 节点20.0.0.10 controller20.0.0.20 compute(2)compute 节点20.0.0.10 controller20.0.0.20 compute1.8配置防火墙和Seli
14、nux编辑selinux文件# vi /etc/selinux/configSELINUX=permissive关闭防火墙并设置开机不自启# systemctl stop firewalld.service# systemctl disable firewalld.service# yum remove -y NetworkManager firewalld# yum -y install iptables-services# systemctl enable iptables# systemctl restart iptables# iptables -F# iptables -X# ipt
15、ables -X# service iptables save1.9安装ntp服务(1)controller和compute节点# yum -y install ntp(2)配置controller节点编辑/etc/ntp.conf文件添加以下内容(删除默认sever规则)server 127.127.1.0fudge 127.127.1.0 stratum 10启动ntp服务器# service ntpd start # chkconfig ntpd on(3)配置compute节点# ntpdate controller# chkconfig ntpdate on1.10通过脚本安装服务1
16、.11-1.14基础服务的操作命令已经编写成shell脚本,通过脚本进行一键安装。如下:# Controller节点执行脚本iaas-install-mysql.sh进行安装1.11安装Mysql数据库服务# yum install mysql mysql-server MySQL-python修改 /etc/f文件mysqld中添加max_connections=10000default-storage-engine = innodbinnodb_file_per_tablecollation-server = utf8_general_ciinit-connect = SET NAMES
17、utf8character-set-server = utf8启动服务#systemctl enable mariadb.service#systemctl start mariadb.service配置Mysql#mysql_secure_installation修改/usr/lib/systemd/system/mariadb.serviceService新添加两行如下参数:LimitNOFILE=10000LimitNPROC=10000重新加载系统服务,并重启mariadb服务# systemctl daemon-reload# service mariadb restart按ente
18、r确认后设置数据库root密码Remove anonymous users? Y/n yDisallow root login remotely? Y/n nRemove test database and access to it? Y/n yReload privilege tables now? Y/n y(2)compute节点#yum -y install MySQL-python1.12安装Mongo数据库服务#yum install -y mongodb-server mongodb编辑 /etc/mongod.conf文件删除bind_ip行修改 smallfiles = tr
19、ue#systemctl enable mongod.service#systemctl start mongod.service1.13安装RabbitMQ服务# yum install -y rabbitmq-serversystemctl enable rabbitmq-server.servicesystemctl restart rabbitmq-server.servicerabbitmqctl add_user openstack 000000rabbitmqctl set_permissions openstack .* .* .*1.14安装memcahce#yum inst
20、all memcached python-memcachedsystemctl enable memcached.servicesystemctl restart memcached.service2 安装Keystone认证服务#Controller2.1 通过脚本安装keystone服务2.2-2.9的认证服务的操作命令已经编写成shell脚本,通过脚本进行一键安装。如下:# Controller节点执行脚本iaas-install-keystone.sh进行安装。2.2安装keystone服务软件包yum install -y openstack-keystone httpd mod_w
21、sgi 2.3创建Keystone数据库# mysql u root -p(此处数据库密码为之前安装Mysql设置的密码)mysql CREATE DATABASE keystone;mysql GRANT ALL PRIVILEGES ON keystone.* TO keystonelocalhost IDENTIFIED BY KEYSTONE_DBPASS;mysql GRANT ALL PRIVILEGES ON keystone.* TO keystone% IDENTIFIED BY KEYSTONE_DBPASS;mysql exit2.4配置数据库连接#openstack-c
22、onfig -set /etc/keystone/keystone.conf database connection mysql+pymysql:/keystone:KEYSTONE_DBPASScontroller/keystone 2.5为keystone服务创建数据库表#su -s /bin/sh -c keystone-manage db_sync keystone2.6创建令牌#ADMIN_TOKEN=$(openssl rand -hex 10)#openstack-config -set /etc/keystone/keystone.conf DEFAULT admin_toke
23、n $ADMIN_TOKEN#openstack-config -set /etc/keystone/keystone.conf token provider fernet2.7创建签名密钥和证书#keystone-manage fernet_setup -keystone-user keystone -keystone-group keystone修改/etc/httpd/conf/httpd.conf配置文件将ServerName :80 替换为ServerName controller创建/etc/httpd/conf.d/wsgi-keystone.conf文件,内容如下:Listen
24、 5000Listen 35357 WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%GROUP WSGIProcessGroup keystone-public WSGIScriptAlias / /usr/bin/keystone-wsgi-public WSGIApplicationGroup %GLOBAL WSGIPassAuthorization On ErrorLogFormat %cut %M ErrorLog /var/log/h
25、ttpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined Require all granted WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%GROUP WSGIProcessGroup keystone-admin WSGIScriptAlias / /usr/bin/keystone-wsgi-admin WSGIApplicationGrou
26、p %GLOBAL WSGIPassAuthorization On ErrorLogFormat %cut %M ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined Require all granted #systemctl enable httpd.service#systemctl start httpd.service2.8定义用户、租户和角色(1)设置环境变量export OS_TOKEN=$ADMIN_TOKENexport OS_URL=
27、http:/controller:35357/v3export OS_IDENTITY_API_VERSION=3(2)创建keystone相关内容openstack service create -name keystone -description OpenStack Identity identityopenstack endpoint create -region RegionOne identity public http:/controller:5000/v3 openstack endpoint create -region RegionOne identity internal
28、 http:/controller:5000/v3openstack endpoint create -region RegionOne identity admin http:/controller:35357/v3openstack domain create -description Default Domain defaultopenstack project create -domain default -description Admin Project adminopenstack user create -domain default -password 000000 admi
29、nopenstack role create adminopenstack role add -project admin -user admin adminopenstack project create -domain default -description Service Project serviceopenstack project create -domain default -description Demo Project demoopenstack user create -domain default -password 000000 demoopenstack role create useropenstack role add -project demo -user demo user(3)清除环境变量#unset OS_TOKEN OS_URL2.9创建admin-openrc.sh创建admin环境变量admin-openrc.sh export OS_PROJECT_DOMAIN_NAME=defaultexport OS_USER_DOMAIN_NAME=defaultexport OS_PROJECT_NAME=adminexport OS_US
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1