生產中可以把mysql數據庫單獨安裝到一台機器上,這里因為實驗機器有限,就把mysql安裝到了控制節點
其實openstack每個組件都可以安裝到單獨的機器上。
RabbitMQ介紹
RabbitMQ是一個消息隊列產品
MQ全稱為Message Queue, 消息隊列(MQ)是一種應用程序對應用程序的通信方法。應用程序通過讀寫出入隊列的消息(針對應用程序的數據)來通信,而無需專用連接來鏈接它們。
消息傳遞指的是程序之間通過在消息中發送數據進行通信,而不是通過直接調用彼此來通信,直接調用通常是用於諸如遠程過程調用的技術。排隊指的是應用程序通過 隊列來通信。
隊列的使用除去了接收和發送應用程序同時執行的要求
MQ是消費-生產者模型的一個典型的代表,一端往消息隊列中不斷寫入消息,而另一端則可以讀取或者訂閱隊列中的消息。
消息隊列讓程序做到異步處理,而這種異步處理的方式大大的節省了服務器的請求響應時間,從而提高了系統的吞吐量。
使用rabbitmq最多的一個子項目是nova
除了控制面板Dashboard的Horizon沒用到mysql,其余組件都需要連接mysql,因此mysql數據尤為重要,生產中要做好主從以及備份
安裝和配置mariadb
大多數 OpenStack 服務使用 SQL 數據庫來存儲信息。 典型地,數據庫運行在控制節點上。OpenStack 服務也支持其他 SQL 數據庫,包括PostgreSQL
安裝下面3個包。mariadb這里精確到版本號了,是因為最新版的(mariadb-server-10.1.18-3.el7.x86_64.rpm) 安裝和一些lib文件有沖突
[root@linux-node1 ~]# yum install mariadb-5.5.52-1.el7.x86_64 -y Package 1:mariadb-5.5.52-1.el7.x86_64 already installed and latest version Nothing to do [root@linux-node1 ~]# yum install mariadb-server-5.5.52-1.el7.x86_64 -y Package 1:mariadb-server-5.5.52-1.el7.x86_64 already installed and latest version Nothing to do [root@linux-node1 ~]# yum install python2-PyMySQL -y Package python2-PyMySQL-0.7.9-2.el7.noarch already installed and latest version Nothing to do
最后一行看到主配置文件會include下面目錄,因此可以把openstack本次實驗需要的參數放到此目錄下,當然也可以放到主配置文件里。
!includedir /etc/my.cnf.d
[root@linux-node1 ~]# cat /etc/my.cnf [mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 # Settings user and group are ignored when systemd is used. # If you need to run mysqld under a different user or group, # customize your systemd unit file for mariadb according to the # instructions in http://fedoraproject.org/wiki/Systemd [mysqld_safe] log-error=/var/log/mariadb/mariadb.log pid-file=/var/run/mariadb/mariadb.pid # # include all files from the config directory # !includedir /etc/my.cnf.d [root@linux-node1 ~]#
需要在mariadb配置文件里加入以下參數,進行一些優化
default-storage-engine = innodb 默認存儲引擎innodb innodb_file_per_table 設置獨享的表空間,如果不設置,會是共享表空間 collation-server = utf8_general_ci 校對規則 init-connect = 'SET NAMES utf8' 鏈接字符集 character-set-server = utf8 數據庫建庫字符集 max_connections = 4096 最大連接數 bind-address mysql監聽地址
這里我們單獨創建配置文件,放到此目錄下
[root@linux-node1 ~]# touch /etc/my.cnf.d/openstack.cnf [root@linux-node1 ~]# vim /etc/my.cnf.d/openstack.cnf [root@linux-node1 ~]# cat /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 0.0.0.0 default-storage-engine = innodb innodb_file_per_table max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 [root@linux-node1 ~]#
啟動數據庫服務,並將其配置為開機自啟:
[root@linux-node1 ~]# systemctl enable mariadb.service Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service. [root@linux-node1 ~]# systemctl start mariadb.service [root@linux-node1 ~]#
查看啟動情況
[root@linux-node1 ~]# netstat -lntp | grep 3306 tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1965/mysqld [root@linux-node1 ~]#
為了保證數據庫服務的安全性,運行mysql_secure_installation腳本,進行一些安全方面的配置,刪除匿名用戶,刪除test庫,設置root密碼等
[root@linux-node1 ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
[root@linux-node1 ~]#
Openstack組件建庫和授權
建庫和授權,之前說過,除了Horizon,其它組件都用到了數據庫。 可以在安裝響應組件之前建庫和授權。
這里我們提前建好,復制下面語句,直接在命令行執行即可,注意root密碼根據自己的密碼。
這里M版本的openstack,除了新建nova庫,還需要新建一個nova_api庫。
mysql -u root -p123456 -e "CREATE DATABASE keystone;" mysql -u root -p123456 -e "GRANT ALL ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';" mysql -u root -p123456 -e "GRANT ALL ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';" mysql -u root -p123456 -e "CREATE DATABASE glance;" mysql -u root -p123456 -e "GRANT ALL ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';" mysql -u root -p123456 -e "GRANT ALL ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';" mysql -u root -p123456 -e "CREATE DATABASE nova;" mysql -u root -p123456 -e "GRANT ALL ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';" mysql -u root -p123456 -e "GRANT ALL ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';" mysql -u root -p123456 -e "CREATE DATABASE nova_api;" mysql -u root -p123456 -e "GRANT ALL ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';" mysql -u root -p123456 -e "GRANT ALL ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';" mysql -u root -p123456 -e "CREATE DATABASE neutron;" mysql -u root -p123456 -e "GRANT ALL ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';" mysql -u root -p123456 -e "GRANT ALL ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';"
檢查庫和用戶
[root@linux-node1 ~]# mysql -u root -p123456 -e "show databases ;" |egrep "glance|keystone|neutron|nova|nova_api" glance keystone neutron nova nova_api [root@linux-node1 ~]# mysql -u root -p123456 -e "select user,host from mysql.user ;" |egrep "cinder|glance|keystone|neutron|nova" glance % keystone % neutron % nova % glance localhost keystone localhost neutron localhost nova localhost [root@linux-node1 ~]#
安裝和配置RabbitMQ
OpenStack 使用 message queue 協調操作和各服務的狀態信息。消息隊列服務一般運行在控制節點上。OpenStack支持好幾種消息隊列服務包括 RabbitMQ, Qpid, 和 ZeroMQ。
不過,大多數發行版本的OpenStack包支持特定的消息隊列服務。本指南安裝 RabbitMQ 消息隊列服務,因為大部分發行版本都支持它。
1. 安裝包:
yum install rabbitmq-server -y
2. 啟動消息隊列服務並將其配置為隨系統啟動:
systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service
3. 添加 openstack 用戶,並設置密碼(這里我實驗環境設置密碼也是openstack):
rabbitmqctl add_user openstack openstack
4. 給openstack用戶配置寫和讀權限:
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
操作過程如下
[root@linux-node1 ~]# systemctl enable rabbitmq-server.service Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service. [root@linux-node1 ~]# systemctl start rabbitmq-server.service [root@linux-node1 ~]# rabbitmqctl add_user openstack openstack Creating user "openstack" ... [root@linux-node1 ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*" Setting permissions for user "openstack" in vhost "/" ... [root@linux-node1 ~]#
查看端口:rabbitmq的端口是5672
[root@linux-node1 ~]# netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 2607/beam.smp tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1580/mysqld tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 1/systemd tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1656/dnsmasq tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1158/sshd tcp6 0 0 :::5672 :::* LISTEN 2607/beam.smp tcp6 0 0 :::111 :::* LISTEN 1/systemd tcp6 0 0 :::22 :::* LISTEN 1158/sshd [root@linux-node1 ~]#
rabbitmq默認帶了個web的插件,可以通過web來看rabbit的狀態
它有下面這么多插件
列出rabbitmq的插件:
[root@linux-node1 ~]# rabbitmq-plugins list Configured: E = explicitly enabled; e = implicitly enabled | Status: * = running on rabbit@linux-node1 |/ [ ] amqp_client 3.6.5 [ ] cowboy 1.0.3 [ ] cowlib 1.0.1 [ ] mochiweb 2.13.1 [ ] rabbitmq_amqp1_0 3.6.5 [ ] rabbitmq_auth_backend_ldap 3.6.5 [ ] rabbitmq_auth_mechanism_ssl 3.6.5 [ ] rabbitmq_consistent_hash_exchange 3.6.5 [ ] rabbitmq_event_exchange 3.6.5 [ ] rabbitmq_federation 3.6.5 [ ] rabbitmq_federation_management 3.6.5 [ ] rabbitmq_jms_topic_exchange 3.6.5 [ ] rabbitmq_management 3.6.5 [ ] rabbitmq_management_agent 3.6.5 [ ] rabbitmq_management_visualiser 3.6.5 [ ] rabbitmq_mqtt 3.6.5 [ ] rabbitmq_recent_history_exchange 1.2.1 [ ] rabbitmq_sharding 0.1.0 [ ] rabbitmq_shovel 3.6.5 [ ] rabbitmq_shovel_management 3.6.5 [ ] rabbitmq_stomp 3.6.5 [ ] rabbitmq_top 3.6.5 [ ] rabbitmq_tracing 3.6.5 [ ] rabbitmq_trust_store 3.6.5 [ ] rabbitmq_web_dispatch 3.6.5 [ ] rabbitmq_web_stomp 3.6.5 [ ] rabbitmq_web_stomp_examples 3.6.5 [ ] sockjs 0.3.4 [ ] webmachine 1.10.3 [root@linux-node1 ~]#
開機自啟動rabbitmq的管理插件(這些官方文檔沒有):
[root@linux-node1 ~]# rabbitmq-plugins enable rabbitmq_management The following plugins have been enabled: mochiweb webmachine rabbitmq_web_dispatch amqp_client rabbitmq_management_agent rabbitmq_management Applying plugin configuration to rabbit@linux-node1... started 6 plugins. [root@linux-node1 ~]#
重新啟動rabbitmq:
[root@linux-node1 ~]# systemctl restart rabbitmq-server.service [root@linux-node1 ~]#
再次查看監聽的端口:web管理端口:15672
[root@linux-node1 ~]# netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 3455/beam.smp tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1965/mysqld tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 1/systemd tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1337/dnsmasq tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1153/sshd tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 3455/beam.smp tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1277/master tcp6 0 0 :::5672 :::* LISTEN 3455/beam.smp tcp6 0 0 :::111 :::* LISTEN 1/systemd tcp6 0 0 :::22 :::* LISTEN 1153/sshd tcp6 0 0 ::1:25 :::* LISTEN 1277/master [root@linux-node1 ~]#
rabbitmq監控5672端口
它的web頁面監控在15672頁面
web端打開http://192.168.56.11:15672
用戶名 guest 密碼 guest
用戶名 guest 密碼 guest
guest是超級管理員,你可以給guest改個密碼
現在使用openstack用戶是無法登錄的
guest登錄后的頁面
rabbitmq在openstack通信過程中扮演通信的交通樞紐的作用,它也是支持集群的
很多地方都用到了它,比如你下完訂單,查詢訂單時提示訂單正在處理中,很有可能就是寫到了消息隊列里,還沒寫到數據庫里面,這樣可以緩解數據庫壓力的問題
雙十一,一下訂單就寫到數據庫里,什么數據庫也扛不住的。它們就可以使用分布式消息隊列
使用消息隊列還可以用於分布式的事務,12306很明顯就用到消息隊列了。訂單處理中
怎么讓openstack也能登陸呢,點擊Admin
點擊openstack這個用戶,tags設置為下面這種,密碼改成openstack
點擊update之后
退出使用openstack登錄
登錄成功
也就是說只允許標簽是administrator的登錄
既然rabbitmq這么重要,怎么監控rabbitmq呢,可以通過http api監控它
點擊進去,看到如下所示,暫時和我們的實驗無關。就不深入研究它了
很多時候,時間不一致無法創建虛擬機。 再次給機器做下時間同步
[root@linux-node1 ~]# yum install ntpdate -y [root@linux-node1 ~]# ntpdate time1.aliyun.com 17 Feb 16:32:15 ntpdate[3951]: adjust time server 115.28.122.198 offset 0.010747 sec [root@linux-node1 ~]# ntpdate time1.aliyun.com 17 Feb 16:32:28 ntpdate[3962]: adjust time server 115.28.122.198 offset 0.007115 sec [root@linux-node1 ~]# date Fri Feb 17 16:32:29 CST 2017 [root@linux-node1 ~]#