什么是云计算
地址规划
主机名 | IP |
OpenStack01 控制节点 | 172.30.2.135 |
OpenStack02 计算端 | 172.30.2.136 |
有了云主机可以灵活扩展
OpenStack分为agent 和server端 是虚拟化的管理平台
OpenStack 开源的,基于apache2.0协议,提供IAAS,基础设施即服务
Iaas :基础设置即服务
Paas:平台即服务
Saas:软件即服务
挂载本地光盘
[root@openstack01 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda2 48G 1.8G 47G 4% /
devtmpfs 479M 0 479M 0% /dev
tmpfs 489M 0 489M 0% /dev/shm
tmpfs 489M 6.8M 482M 2% /run
tmpfs 489M 0 489M 0% /sys/fs/cgroup
tmpfs 98M 0 98M 0% /run/user/0
[root@openstack01 ~]# mount /dev/cdrom /mnt
mount: /dev/sr0 is write-protected, mounting read-only
[root@openstack01 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda2 48G 1.8G 47G 4% /
devtmpfs 479M 0 479M 0% /dev
tmpfs 489M 0 489M 0% /dev/shm
tmpfs 489M 6.8M 482M 2% /run
tmpfs 489M 0 489M 0% /sys/fs/cgroup
tmpfs 98M 0 98M 0% /run/user/0
/dev/sr0 4.3G 4.3G 0 100% /mnt
[root@openstack01 ~]# systemctl status postfix
● postfix.service - Postfix Mail Transport Agent
Loaded: loaded (/usr/lib/systemd/system/postfix.service; disabled; vendor preset: disabled)
Active: inactive (dead)
OpenStack关系图
图片链接位置:
http://blog.51cto.com/egon09/1845226
主要模块的功能和作用
nfs为文件存储
swift是对象存储,不是以目录形式,而是将文件当做一个对象;类似于百度盘秒传的作用
cellometer 监控和计费 主要服务对象是私有云
OpenStack主要模块 | 部署目标 |
keystone | 认证服务 token(令牌) |
glance | 镜像服务 |
nova | 计算服务(调用kvm) |
neutron | 网络服务 |
horizon | web界面 |
cinder | 块存储服务 |
rabbitMQ | 消息队列服务 |
memcached | 缓存令牌 |
mariadb | 数据库 |
chrony | 时间服务 |
消息队列:默认采用rabbitMQ
以上每一个服务都可以占据独立的计算机,如果装在不同
整个openstack对时间要求比较高,因而要安装chrony
OpenStack安装部署
将离线包上传
[root@openstack01 opt]# ll
total 241672
-rw-r--r-- 1 root root 247468369 Aug 14 16:53 openstack_rpm.tar.gz
#解压
[root@openstack02 opt]# tar xf openstack_rpm.tar.gz
[root@openstack02 opt]# ll
total 241724
-rw-r--r-- 1 root root 247468369 Aug 14 16:54 openstack_rpm.tar.gz
drwxr-xr-x 3 root root 36864 Jul 19 2017 repo
OpenStack安全
网络时间协议
参照文档:
1:安装基础环境
- 配置本地yum源
[root@openstack02 yum.repos.d]# cat local.repo #对这个文件进行修改
[local]
name=local
baseurl=file:///mnt
gpgcheck=0
[openstack]
name=openstack-mitaka
baseurl=file:///opt/repo
gpgcheck=0
[root@openstack02 yum.repos.d]# pwd #local.repo的路径
/etc/yum.repos.d
- 安装时间同步服务器
控制节点(时间服务器)OpenStack01
[root@openstack01 opt]# yum -y install chrony
计算节点(客户端) OpenStack02
[root@openstack01 opt]# yum -y install chrony
控制节点(时间服务器)修改
[root@openstack01 opt]# vim /etc/chrony.conf
[root@openstack01 ~]# systemctl restart chronyd
[root@openstack01 ~]# systemctl enable chronyd
[root@openstack01 ~]# systemctl start chronyd
计算节点(客户端)
[root@openstack02 ~]# vim /etc/chrony.conf
[root@openstack02 ~]# systemctl start chronyd
[root@openstack02 ~]# systemctl enable chronyd
3)控制节点跟计算节点都安装
yum -y install python-openstackclient
yum -y install openstack-selinux
4) 控制节点安装mysql
第一步安装
[root@openstack01 ~]# yum install mariadb mariadb-server python-PyMySQL –y
第二步修改配置文件
[root@openstack01 my.cnf.d]# pwd
/etc/my.cnf.d
[root@openstack01 my.cnf.d]# vim openstack.cnf
[mysqld]
bind-address=172.30.2.135
default-storage-engine=innodb
innodb_file_per_table
max_connections=4096
collation-server=utf8_general_ci
character-set-server=utf8
第三步 启动
[root@openstack01 my.cnf.d]# systemctl start mariadb
[root@openstack01 my.cnf.d]# systemctl enable mariadb
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
第四步 执行mysql的安全初始化
127.0.0.1与localhost区别 一个是通过tcp/ip协议 一个是通过socket
采用socket会更快一点
[root@openstack01 ~]# mysql_secure_installation
5) 安装nosql 数据库
是在ceilometer服务中使用,私有云不需要,可以不用安装
因而此处不安装
6)消息队列 rabbitmq只是其中之一
#安装rabbitmq
[root@openstack01 ~]# yum -y install rabbitmq-server
#启动 rabbitmq
[root@openstack01 ~]# systemctl start rabbitmq-server.service
[root@openstack01 ~]# systemctl enable rabbitmq-server.service
Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.
#创建用户 指定密码为RABBIT_PASS
[root@openstack01 ~]# rabbitmqctl add_user openstack RABBIT_PASS
Creating user "openstack" ...
#为openstack用户设置权限
[root@openstack01 ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...
7) memccached安装
缓存令牌
[root@openstack01 ~]# yum install memcached python-memcached –y
修改配置文件
[root@openstack01 ~]# rpm -ql memcached
/etc/sysconfig/memcached
/usr/bin/memcached
/usr/bin/memcached-tool
/usr/lib/systemd/system/memcached.service
/usr/share/doc/memcached-1.4.33
/usr/share/doc/memcached-1.4.33/AUTHORS
/usr/share/doc/memcached-1.4.33/CONTRIBUTORS
/usr/share/doc/memcached-1.4.33/COPYING
/usr/share/doc/memcached-1.4.33/ChangeLog
/usr/share/doc/memcached-1.4.33/NEWS
/usr/share/doc/memcached-1.4.33/README.md
/usr/share/doc/memcached-1.4.33/new_lru.txt
/usr/share/doc/memcached-1.4.33/protocol.txt
/usr/share/doc/memcached-1.4.33/readme.txt
/usr/share/doc/memcached-1.4.33/threads.txt
/usr/share/man/man1/memcached-tool.1.gz
/usr/share/man/man1/memcached.1.gz
其实监听自己就行了
#启动
[root@openstack01 ~]# systemctl start memcached.service
[root@openstack01 ~]# systemctl enable memcached.service
Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.
验证服务是否正常:
chrony 监听123和323端口
mariadb 3306
消息队列rubbitmq 4369 5672 25672
其他服务用到消息队列就往5672发请求 支持高可用架构
集群之间消息的同步是25672
keystone认证服务
作用认证授权管理 服务目录管理
openstack keystone服务安装流程
- 在数据库,创库授权
- keystone创建服务实体和注册api接口
- 安装软件包
- 修改配置
- 同步数据库
- 启动服务
- 创库授权
MariaDB [(none)]> create database keystone;
MariaDB [(none)]> grant all on keystone.* to keystone@'localhost' identified by 'KEYSTONE_DBPASS';
MariaDB [(none)]> grant all on keystone.* to keystone@'%' identified by 'KEYSTONE_DBPASSS';
Query OK, 0 rows affected (0.00 sec)
- 安装keystone软件包
[root@openstack01 ~]# yum install openstack-keystone httpd mod_wsgi –y
- 修改配置文件
grep –Ev '^$|^#' /etc/keystone/keystone.conf| wc –l
总共41行
[root@openstack01 keystone]# grep -Ev '^$|^#' /etc/keystone/keystone.conf | wc -l
41
[root@openstack01 keystone]# cp /etc/keystone/keystone.conf{,.bak}
[root@openstack01 keystone]# ll
total 172
-rw-r----- 1 root keystone 2303 Feb 1 2017 default_catalog.templates
-rw-r----- 1 root keystone 73101 May 24 2017 keystone.conf
-rw-r----- 1 root root 73101 Aug 14 20:12 keystone.conf.bak
-rw-r----- 1 root keystone 2400 Feb 1 2017 keystone-paste.ini
-rw-r----- 1 root keystone 1046 Feb 1 2017 logging.conf
-rw-r----- 1 keystone keystone 9699 Feb 1 2017 policy.json
-rw-r----- 1 keystone keystone 665 Feb 1 2017 sso_callback_template.html
[root@openstack01keystone]#grep –Ev '^$|^#' /etc/keystone/keystone.conf.bak >/etc/keystone/keystone.conf
admin_token=ADMIN_TOKEN
connection=mysql+pymysql://keystone:KEYSTONE_DBPASS@172.30.2.135/keystone
provider=fernet
补充知识点 openstack-config工具使用
[root@openstack01 keystone]# md5sum keystone.conf
f5b3047d9de7d21737cb83acc887a0d7 keystone.conf
[root@openstack01 keystone]# yum install openstack-utils.noarch –y
[root@openstack01 keystone]# md5sum keystone.conf
f5b3047d9de7d21737cb83acc887a0d7 keystone.conf
[root@openstack01 keystone]# md5sum keystone.conf.bak
cb356740726ef4019fd6cfaad9452819 keystone.conf.bak
用法
[root@openstack01 scripts]# openstack-config --set keystone.conf DEFAULT admin_token1 ADMIN_TOKEN
--set 配置文件 模块 选项 值
- 校验
[root@openstack01 keystone]# md5sum keystone.conf
- 同步数据库
[root@openstack01 ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
检查效果
6)初始化fernet keys
[root@openstack01 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
7)配置Apache Http 服务器
[root@openstack01 ~]# echo "ServerName openstack01" >>/etc/httpd/conf/httpd.conf
[root@openstack01 ~]# vim /etc/httpd/conf.d/wsgi-keystone.conf
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-nam
e=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
"/etc/httpd/conf.d/wsgi-keystone.conf" [New] 32L, 1039C written
8)校验
[root@openstack01 ~]# md5sum /etc/httpd/conf.d/wsgi-keystone.conf
8f051eb53577f67356ed03e4550315c2 /etc/httpd/conf.d/wsgi-keystone.conf
9) 启动httpd
[root@openstack01 ~]# systemctl start httpd
[root@openstack01 ~]# systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
10)检查
11)配置认证令牌
export OS_TOKEN=ADMIN_TOKEN
12)创建服务主体和注册api接口 和认证api版本
export
OS_URL=http://controller:35357/v3
export
OS_IDENTITY_API_VERSION=3
[root@openstack01 ~]# export OS_TOKEN=ADMIN_TOKEN
[root@openstack01 ~]# export OS_URL=http://openstack01:35357/v3
[root@openstack01 ~]# export OS_IDENTITY_API_VERSION=3
13)创建服务实体和API端点
openstack service create
--name keystone --description "OpenStack Identity" identity
14)注册api接口
api就是为其他程序调用它提供的接口
openstack endpoint create --region RegionOne
identity public http://openstack01:5000/v3
openstack endpoint create --region RegionOne
identity internal http://openstack01:5000/v3
openstack endpoint create --region RegionOne
identity admin http://openstack01:35357/v3