环境说明:centos 7 主机使用kvm创建openstack动态扩容根分区镜像。
安装kvm包
yum install -y qemu-kvm qemu-kvm-tools libvirt virt-manager virt-install libguestfs-tools
创建kvm网络环境
cat <<EOF | tee /etc/sysconfig/network-scripts/ifcfg-eth0 >> /dev/null
BOOTPROTO=static
DEVICE=eth0
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=no
EOF
cat <<EOF | tee /etc/sysconfig/network-scripts/ifcfg-br0 >> /dev/null
TYPE=Bridge
BOOTPROTO=static
IPV4_FAILURE_FATAL=no
NAME=br0
DEVICE=br0
ONBOOT=yes
IPADDR=192.168.100.100
NETMASK=255.255.255.0
GATEWAY=192.168.100.2
DNS1=223.5.5.5
EOF
systemctl restart network
上传centos ISO镜像
自行上传镜像到宿主机上。本教程将镜像上传到 /opt/share 目录。
创建qcow2文件
mkdir /opt/images
qemu-img create -f qcow2 /opt/images/CentOS-7-x86_64.qcow2 10G
启动kvm虚机
systemctl start libvirtd
virt-install --virt-type kvm --name CentOS7 --ram 1024 --cdrom=/opt/images/CentOS-7-x86_64-DVD-1810.iso --disk path=/opt/images/CentOS-7-x86_64.qcow2 --network bridge=br0 --graphics vnc,listen=0.0.0.0 --noautoconsole
安装系统自行决定怎么安装,分区最好手动分区。
安装好系统,是让reboot重启系统。重启后kvm虚拟机不会启动系统。需要手动启动系统。
virsh list --all
virsh start CentOS7-x86_64
修改yum源
yum install wget -y
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum makecache
安装常用的软件包
yum install vim net-tools gcc gcc-c++ tree wget telnet traceroute bash-completion-extras -y
修改PS1样式
cat << EOF | tee /etc/profile.d/environment.sh >> /dev/null
PS1='[[e[32;1m]u[e[37;1m]@[e[31;4m]h[e[0m] [e[33;1m]w[e[37;1m]]\$ [e[0m]'
EOF
修改sshd服务
cd /etc/ssh/
cp sshd_config sshd_config.bak
vim sshd_config
# 修改端口
Port XXXX
# 禁止root用户直接登录,首先要有普通用户。
PermitRootLogin no
# 优化sshd的连接速度
GSSAPIAuthentication no
UseDNS no
禁用ipv6服务
cat << EOF | tee -a /etc/sysctl.conf >> /dev/null
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
EOF
禁用selinux服务
sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
增大文件描述符
cat << EOF | tee -a /etc/security/limits.conf >> /dev/null
* - nofile 65535
EOF
tail -1 /etc/security/limits.conf
设置时间同步
yum install -y ntp
vim /etc/ntp.conf
#修改前
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
#修改后
server ntp1.alyun.com
server ntp2.alyun.com
server ntp3.alyun.com
systemctl enable chronyd
用户sudo免密
cat <<EOF | tee -a /etc/sudoers >> /dev/null
devops ALL=(ALL) NOPASSWD: ALL
EOF
禁用默认zeroconf路由
CentOS系统必须要禁用默认zeroconf路由,以便精确访问OpenStack数据源
echo "NOZEROCONF=yes" >> /etc/sysconfig/network
下载cloud-init相关包
yum install -y gdisk cloud-init cloud-utils-growpart qemu-guest-agent acpid
systemctl enable qemu-guest-agent.service acpid.service
查看根分区的编号
$ mount |grep /dev/vd
/dev/vda3 on / type xfs (rw,relatime,seclabel,attr2,inode64,noquota)
/dev/vda1 on /boot type xfs (rw,relatime,seclabel,attr2,inode64,noquota)
填写cloud-init配置
根据上面查看的根分区数字填写,不要写在最后。尽量前面几行。
vi /etc/cloud/cloud.cfg
# 可以使用密码登录
ssh_pwauth: 1
# 注释此行,如果不注释每次开机都会修改hosts文件
# - update_etc_hosts
# 修改用户为root,注释的就是修改的行。
system_info:
default_user:
# name: centos
name: root
lock_passwd: true
gecos: Cloud User
# groups: [adm, systemd-journal]
groups: [wheel, adm]
sudo: ["ALL=(ALL) NOPASSWD:ALL"]
shell: /bin/bash
...
# 添加扩容根分区
bootcmd:
- [ cloud-init-per, once, grow-partition, growpart, /dev/vda, 3 ]
- [ cloud-init-per, once, resize-filesystem, resize2fs, /dev/vda3 ]
# 使用hosts模板
manage_etc_hosts: True
关闭kvm虚拟机
init 0
清理kvm虚拟机信息
virt-sysprep -d CentOS7-x86_64
修改nova服务配置
配置所有的计算节点nova配置文件/etc/nova/nova.conf,添加(修改)如下选项
$ vim /etc/nova/nova.conf
...
[libvirt]
inject_password=true
inject_key=true
inject_partition=-1
# 该参数修改成你的域名,或者空白。
[DEFAULT]
dhcp_domain=ecloud.com
...
$ systemctl restart openstack-nova-compute.service openstack-nova-api.service
创建修改云主机参数的文件
命令行创建云主机支持 --user-data 参数,可以是 cloud-init 支持的一个 yaml 结构文件,所以还可以通过如下方式改密码
cat << EOF | tee cloud-config.txt >> /dev/null
#cloud-config
# 修改密码
chpasswd:
list: |
root:123456
expire: False
# 添加~/.ssh/authorized_keys。类似于ssh-copy-id复制的公钥
ssh_authorized_keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAGEA3FSyQwBI6Z+nCSjUUk8EEAnnkhXlukKoUPND/RRClWz2s5TCzIkd3Ou5+Cyz71X0XmazM3l5WgeErvtIwQMyT1KjNoMhoJMrJnWqQPOt5Q8zWd9qG7PBl9+eiH5qV7NZ mykey@host
# 创建 ssh-keygen 。两种格式加密,使用其中一种即可
ssh_keys:
rsa_private: |
-----BEGIN RSA PRIVATE KEY-----
MIIBxwIBAAJhAKD0YSHy73nUgysO13XsJmd4fHiFyQ+00R7VVu2iV9Qcon2LZS/x
1cydPZ4pQpfjEha6WxZ6o8ci/Ea/w0n+0HGPwaxlEG2Z9inNtj3pgFrYcRztfECb
1j6HCibZbAzYtwIBIwJgO8h72WjcmvcpZ8OvHSvTwAguO2TkR6mPgHsgSaKy6GJo
PUJnaZRWuba/HX0KGyhz19nPzLpzG5f0fYahlMJAyc13FV7K6kMBPXTRR6FxgHEg
L0MPC7cdqAwOVNcPY6A7AjEA1bNaIjOzFN2sfZX0j7OMhQuc4zP7r80zaGc5oy6W
p58hRAncFKEvnEq2CeL3vtuZAjEAwNBHpbNsBYTRPCHM7rZuG/iBtwp8Rxhc9I5w
ixvzMgi+HpGLWzUIBS+P/XhekIjPAjA285rVmEP+DR255Ls65QbgYhJmTzIXQ2T9
luLvcmFBC6l35Uc4gTgg4ALsmXLn71MCMGMpSWspEvuGInayTCL+vEjmNBT+FAdO
W7D4zCpI43jRS9U06JVOeSc9CDk2lwiA3wIwCTB/6uc8Cq85D9YqpM10FuHjKpnP
REPPOyrAspdeOAV+6VKRavstea7+2DZmSUgE
-----END RSA PRIVATE KEY-----
rsa_public: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAGEAoPRhIfLvedSDKw7XdewmZ3h8eIXJD7TRHtVW7aJX1ByifYtlL/HVzJ09nilCl+MSFrpbFnqjxyL8Rr/DSf7QcY/BrGUQbZn2Kc22PemAWthxHO18QJvWPocKJtlsDNi3 smoser@localhost
dsa_private: |
-----BEGIN DSA PRIVATE KEY-----
MIIBuwIBAAKBgQDP2HLu7pTExL89USyM0264RCyWX/CMLmukxX0Jdbm29ax8FBJT
pLrO8TIXVY5rPAJm1dTHnpuyJhOvU9G7M8tPUABtzSJh4GVSHlwaCfycwcpLv9TX
DgWIpSj+6EiHCyaRlB1/CBp9RiaB+10QcFbm+lapuET+/Au6vSDp9IRtlQIVAIMR
8KucvUYbOEI+yv+5LW9u3z/BAoGBAI0q6JP+JvJmwZFaeCMMVxXUbqiSko/P1lsa
LNNBHZ5/8MOUIm8rB2FC6ziidfueJpqTMqeQmSAlEBCwnwreUnGfRrKoJpyPNENY
d15MG6N5J+z81sEcHFeprryZ+D3Ge9VjPq3Tf3NhKKwCDQ0240aPezbnjPeFm4mH
bYxxcZ9GAoGAXmLIFSQgiAPu459rCKxT46tHJtM0QfnNiEnQLbFluefZ/yiI4DI3
8UzTCOXLhUA7ybmZha+D/csj15Y9/BNFuO7unzVhikCQV9DTeXX46pG4s1o23JKC
/QaYWNMZ7kTRv+wWow9MhGiVdML4ZN4XnifuO5krqAybngIy66PMEoQCFEIsKKWv
99iziAH0KBMVbxy03Trz
-----END DSA PRIVATE KEY-----
dsa_public: ssh-dss AAAAB3NzaC1kc3MAAACBAM/Ycu7ulMTEvz1RLIzTbrhELJZf8Iwua6TFfQl1ubb1rHwUElOkus7xMhdVjms8AmbV1Meem7ImE69T0bszy09QAG3NImHgZVIeXBoJ/JzByku/1NcOBYilKP7oSIcLJpGUHX8IGn1GJoH7XRBwVub6Vqm4RP78C7q9IOn0hG2VAAAAFQCDEfCrnL1GGzhCPsr/uS1vbt8/wQAAAIEAjSrok/4m8mbBkVp4IwxXFdRuqJKSj8/WWxos00Ednn/ww5QibysHYULrOKJ1+54mmpMyp5CZICUQELCfCt5ScZ9GsqgmnI80Q1h3Xkwbo3kn7PzWwRwcV6muvJn4PcZ71WM+rdN/c2EorAINDTbjRo97NueM94WbiYdtjHFxn0YAAACAXmLIFSQgiAPu459rCKxT46tHJtM0QfnNiEnQLbFluefZ/yiI4DI38UzTCOXLhUA7ybmZha+D/csj15Y9/BNFuO7unzVhikCQV9DTeXX46pG4s1o23JKC/QaYWNMZ7kTRv+wWow9MhGiVdML4ZN4XnifuO5krqAybngIy66PMEoQ= smoser@localhost
# 默认情况下,用户授权密钥的指纹在cloud-init 添加被打印到控制台。
no_ssh_fingerprints: false
# 默认情况下,(大多数)ssh 主机密钥会打印到控制台。
ssh:
emit_keys_to_console: false
EOF
使用命令行创建云主机(注入元数据)
openstack server create --user-data ./cloud-config.txt
--flavor 1c2g --availability-zone nova
--image 75398b9c-5cd6-4936-a093-eba02984f7f0
--nic net-id=5ac5c948-909f-47ff-beba-a2ffaf917c5f,v4-fixed-ip=172.16.99.134
--nic net-id=85ae5035-203b-4ef7-b65c-397f80b5a8af,v4-fixed-ip=172.16.100.34
--security-group 5bb5f2b1-9210-470f-a4a7-2715220b2920 tomcat-vm4
参考 cloud-init官方 配置文件