OpenStack 是一種雲操作系統,可控制整個數據中心內的大型計算、存儲和網絡資源池,所有資源都通過具有通用身份驗證機制的API進行管理和配置。
使用儀表板,使管理員能夠控制且同時授權用戶通過 Web 界面配置資源。
除了標准的基礎設施即服務功能之外,其它組件還提供編排、故障管理和服務管理以及其它服務,以確保用戶應用程序的高可用性。
openstack部署安裝環境
網絡撲圖:
使用軟件版本:
- 操作系統:CentOS Linux release 8.5.2111,主機開啟虛擬化
- openstack版本:centos-release-openstack-victoria.noarch
各個主機資源配置、角色及部署服務分布情況如下表所示:
|
節點
|
node1
|
node2
|
node3
|
node4
|
node5
|
|
網卡1
|
192.168.31.101
|
192.168.31.102
|
192.168.31.103
|
192.168.31.104
|
192.168.31.105
|
|
網卡2
|
provider
|
provider
|
provider
|
provider
|
provider
|
|
網卡3
|
inside
|
inside
|
inside
|
inside
|
inside
|
|
網卡4
|
172.16.100.11(ceph)
|
172.16.100.12(ceph)
|
172.16.100.13(ceph)
|
||
|
cpu/mem/系統盤
|
8/12G/200G
|
8/12G/200G
|
8/12G/200G
|
8/12G/200G
|
8/12G/200G
|
|
額外掛載硬盤
|
100Gx3+100G
|
100Gx3
|
100Gx3
|
200Gx2+200Gx2
|
200Gx2+200Gx2
|
|
硬盤分配
|
ceph使用:100Gx3(sdb/sdc/sdd)
nfs使用:100G(sde)
|
ceph使用:100Gx3(sdb/sdc/sdd)
|
ceph使用:100Gx3(sdb/sdc/sdd)
|
cinder使用:200Gx2(sdb/sdc)
swift使用:
200Gx2(sdd/sde)
|
cinder使用:200Gx2(sdb/sdc)
swift使用:
200Gx2(sdd/sde)
|
|
角色
|
控制節點
|
計算節點
|
計算節點
|
計算節點/存儲節點
|
計算節點/存儲節點
|
|
ceph服務(和cinder在一起有問題)
|
ceph(使用3塊硬盤組建集群)
|
ceph(使用3塊硬盤組建集群)
|
ceph(使用3塊硬盤組建集群)
|
||
|
nfs服務
|
使用第一個節點的100G,掛載目錄為/vmdata
|
網絡及服務詳詳細描述:
- provider虛擬機網絡: 網段為172.16.1.0/24,創建虛擬機時使用,物理網卡不需要配置IP地址
- inside虛擬機網絡: 網段為10.1.0.0/24,創建虛擬機時使用,物理網卡不需要配置IP地址,和provider網絡不是同一個物理網卡,存在網絡隔離
- ceph網絡: 網段172.16.100.0/24,安裝部署ceph集群使用的內部網絡
- 搭建nfs服務: 在node1節點上搭建nfs服務並對外提供訪問路徑為192.168.31.101:/vmdata
1.設置主機名,關閉防火牆和selinux,node1登錄其它主機設置ssh免密
在控制節點node1上進行操作
# 配置主機名信息到/etc/hosts
echo -e "192.168.31.101 node1\n192.168.31.102 node2\n192.168.31.103 node3\n192.168.31.104 node4\n192.168.31.105 node5" >> /etc/hosts
# 生成ssh秘鑰
[root@localhost ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Oo8Sm2MPmK3dzSTZFbs9vjgFrR2v4wOlnN4G/fajuOA root@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
| |
| |
| .. |
| .o+ |
| S.oO o |
| +. + .Bo+ . |
| o o+= oo.=oo |
| o*o O. +oB.o. |
| ...++ +E.*=*..o|
+----[SHA256]-----+
# 所有節點做ssh免密登錄、設置主機名和同步hosts文件、關閉防火牆和selinux
for i in $(seq 5);do ssh-copy-id -i /root/.ssh/id_rsa.pub node$i;done
for i in $(seq 5);do ssh node$i hostnamectl set-hostname node$i;done
for i in $(seq 5);do scp /etc/hosts node$i:/etc/hosts;done
for i in $(seq 5);do ssh node$i "systemctl stop firewalld && systemctl disable firewalld";done
for i in $(seq 5);do ssh node$i "setenforce 0 && sed -i "s/SELINUX=enforcing/SELINUX=disabled/" /etc/selinux/config";done2.所有主機設置時間同步
其它節點都和第一個節點同步時間,保證所有節點時間保持一致
# 在node1上給所有節點安裝chrony
# 修改yum源為阿里源,因為Centos8在2021年12月31日停止提供源服務
for i in $(seq 5);do ssh node$i "sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-* && sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://mirrors.aliyun.com/centos-vault|g' /etc/yum.repos.d/CentOS-*";done
for i in $(seq 5);do ssh node$i "yum -y install chrony" ;done
---------------------------------------------# 控制節點node1安裝配置
sed -i "s@^#allow.*@allow 192.168.31.0/24@" /etc/chrony.conf # 修改配置
systemctl start chronyd && systemctl enable chronyd # 啟動服務
---------------------------------------------# node1給其它節點安裝配置
for i in $(seq 2 5);do ssh node$i 'sed -i "s@pool.*@pool node1 iburst@" /etc/chrony.conf';done
for i in $(seq 2 5);do ssh node$i 'systemctl start chronyd && systemctl enable chronyd';done
---------------------------------------------# 查看其它節點是否在對時
[root@node1 ~]# chronyc clients
Hostname NTP Drop Int IntL Last Cmd Drop Int Last
===============================================================================
node2 4 0 1 - 55 0 0 - -
node3 4 0 1 - 54 0 0 - -
node4 4 0 1 - 53 0 0 - -
node5 4 0 1 - 53 0 0 - -3.安裝openstack軟件源,指定版本為victoria
# 在node1上給所有節點安裝openstack源文件
for i in $(seq 5);do ssh node$i yum -y install centos-release-openstack-victoria.noarch;done
# 再次修改openstack源服務,因為安裝了openstack的源文件
for i in $(seq 5);do ssh node$i "sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-* && sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://mirrors.aliyun.com/centos-vault|g' /etc/yum.repos.d/CentOS-*";done
# 安裝基礎軟件
for i in $(seq 5);do ssh node$i yum -y install python3-openstackclient crudini;done4.安裝mysql數據庫(控制節點node1,mysql登錄密碼root/mysql)
yum -y install mariadb mariadb-server python2-PyMySQL
# 修改配置文件
crudini --set /etc/my.cnf.d/mariadb-server.cnf mysqld bind-address 192.168.31.101
crudini --set /etc/my.cnf.d/mariadb-server.cnf mysqld default-storage-engine innodb
crudini --set /etc/my.cnf.d/mariadb-server.cnf mysqld innodb_file_per_table on
crudini --set /etc/my.cnf.d/mariadb-server.cnf mysqld max_connections 4096
crudini --set /etc/my.cnf.d/mariadb-server.cnf mysqld collation-server utf8_general_ci
crudini --set /etc/my.cnf.d/mariadb-server.cnf mysqld character-set-server utf8
# 啟動服務並初始化,初始化時第一個root密碼為空直接回車,並設置root新密碼為mysql並允許遠程登錄
systemctl enable mariadb.service && systemctl start mariadb.service
---------------------------------------------# 設置mysql服務root用戶密碼為mysql,並設置允許root遠程登錄
[root@node1 ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] n
... skipping.
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n
... skipping.
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] n
... skipping.
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
---------------------------------------------# 查看mysql是否正常工作
[root@node1 ~]# netstat -tunlp | grep 3306
tcp 0 0 192.168.31.101:3306 0.0.0.0:* LISTEN 29356/mysqld
[root@node1 ~]# mysql -uroot -hnode1 -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 12
Server version: 10.3.28-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> 5.安裝消息隊列rabbitmq(控制節點node1,添加用戶密碼opensack/openstack)
# 安裝並啟動rabbitmq
yum --enablerepo powertools -y install rabbitmq-server
systemctl enable rabbitmq-server && systemctl start rabbitmq-server
---------------------------------------------# 添加用戶密碼並設置權限
rabbitmqctl add_user openstack openstack && rabbitmqctl set_permissions openstack ".*" ".*" ".*"
---------------------------------------------# 查看rabbitmq狀態,並查看用戶及權限
[root@node1 ~]# rabbitmqctl status
[root@node1 ~]# rabbitmqctl list_user_permissions openstack
Listing permissions for user "openstack" ...
vhost configure write read
/ .* .* .*
---------------------------------------------# 查看rabbitmq監聽端口
[root@node1 ~]# netstat -tunlp | grep 5672
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 30155/beam.smp
tcp6 0 0 :::5672 :::* LISTEN 30155/beam.smp 6.安裝緩存服務memcache(控制節點node1)
# 安裝並啟動memcache服務
yum -y install memcached python3-memcached
sed -i 's/^OPTIONS.*/OPTIONS="-l 0.0.0.0"/' /etc/sysconfig/memcached
systemctl enable memcached && systemctl start memcached
---------------------------------------------# 查看memcache監聽端口
[root@node1 ~]# netstat -tunlp | grep memcached
tcp 0 0 0.0.0.0:11211 0.0.0.0:* LISTEN 33130/memcached 7.安裝nfs服務(控制節點node1)
安裝nfs服務是為了在后面給cinder組件提供nfs存儲后端
# 安裝並啟動nfs服務
yum -y install nfs-utils
systemctl status nfs-server && systemctl enable nfs-server
---------------------------------------------# 格式化node1上的最后一塊100G硬盤,然后掛載到/vmdata目錄下,並設置開機啟動
[root@node1 ~]# fdisk /dev/sde
Welcome to fdisk (util-linux 2.32.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Device does not contain a recognized partition table.
Created a new DOS disklabel with disk identifier 0x2fb2433e.
Command (m for help): n
Partition type
p primary (0 primary, 0 extended, 4 free)
e extended (container for logical partitions)
Select (default p):
Using default response p.
Partition number (1-4, default 1):
First sector (2048-209715199, default 2048):
Last sector, +sectors or +size{K,M,G,T,P} (2048-209715199, default 209715199):
Created a new partition 1 of type 'Linux' and of size 100 GiB.
Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.
[root@node1 ~]# mkfs.xfs /dev/sde1
[root@node1 ~]# blkid | grep sde1
/dev/sde1: UUID="95bb36aa-5e44-4caf-b586-24a69cadf8d9" BLOCK_SIZE="512" TYPE="xfs" PARTUUID="2fb2433e-01"
[root@node1 ~]# mkdir /vmdata
[root@node1 ~]# vi /etc/fstab
UUID=95bb36aa-5e44-4caf-b586-24a69cadf8d9 /vmdata xfs defaults 0 0
[root@node1 ~]# df -h | grep vmdata
/dev/sde1 100G 746M 100G 1% /vmdata
---------------------------------------------# 配置nfs服務
[root@node1 ~]# vi /etc/exports
/vmdata *(sync,rw,no_root_squash,no_subtree_check)
# 加載配置並生效
exportfs -r && exportfs -v
[root@node1 ~]# showmount -e node1
Export list for node1:
/vmdata *