OpenStack多节点企业私有云平台部署

最新推荐文章于 2025-03-27 19:38:08 发布

leon.yan1994

最新推荐文章于 2025-03-27 19:38:08 发布

阅读量1.4k

点赞数 4

CC 4.0 BY-SA版权

分类专栏： OpenStack 文章标签： mysql openstack 云服务

本文链接：https://blog.csdn.net/yanxifaner/article/details/120144873

部署OpenStack多节点企业私有云平台

基础环境

三台虚拟机，至少4G2C，开启虚拟化
修改主机名

hostnamectl set-hostname controller

cat hostnamectl set-hostname compute01

hostnamectl set-hostname block01
关闭NetworkManager

systemctl stop NetworkManager

systemctl disable NetworkManager
关闭防火墙

systemctl stop firewalld

systemctl disable firewalld
关闭selinux

sed -i "s/.*SELINUX=.*/SELINUX=disabled/g" /etc/selinux/config
时间同步chrony

yum -t install chrony

systemctl start chronyd

chronyc sources -v
host映射

cat >> /etc/hosts << EOF

172.16.10.10 controller

172.16.10.11 compute01

172.16.10.12 block01

EOF

一、安装yum源

在controller节点和compute01节点执行

 yum -y install centos-release-openstack-train
 yum -y install python-openstackclient
 yum -y install openstack-selinux
 yum -y install openstack-utils

二、部署基础环境

在controller节点执行

2.1 部署数据库

2.1.1 安装数据库

 yum -y install mariadb mariadb-server python2-PyMySQL

2.1.2 修改配置文件 /etc/my.cnf.d/openstack.cnf

 [root@controller ~]# vim /etc/my.cnf.d/openstack.cnf 
 [mysqld]
 # 绑定controller节点的IP
 bind-address = 172.16.10.10
 # 默认存储引擎
 default-storage-engine = innodb
 # 每张表独立表空间文件
 innodb_file_per_table = on
 # 最大连接数
 max_connections = 4096
 # 默认字符集
 collation-server = utf8_general_ci
 character-set-server = utf8

2.1.3 启动mariadb服务

 systemctl start mariadb
 systemctl enable mariadb

2.1.4 配置mysql

[root@controller ~]# mysql_secure_installation ##配置mysql，设置mysql登录密码为123456
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): ## 直接按回车
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] Y
New password: ## 设置密码123456
Re-enter new password: ## 重复密码123456
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n
... skipping.
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!

2.2 部署rabbitmq

2.2.1 安装并启动rabbitmq

 [root@controller ~]# yum -y install rabbitmq-server
 [root@controller ~]# systemctl start rabbitmq-server
 [root@controller ~]# systemctl enable rabbitmq-server

2.2.2 创建用户并授权

 [root@controller ~]# rabbitmqctl add_user openstack RABBIT_PASS  ## 创建用户及密码
 Creating user "openstack"
 [root@controller ~]# rabbitmqctl set_permissions  openstack ".*" ".*" ".*"  ## 授权
 Setting permissions for user "openstack" in vhost "/"

2.3 部署memcached

2.3.1 安装配置并启动memached

 # 安装
 [root@controller ~]# yum -y install memcached python-memcached
 # 修改配置文件
 [root@controller ~]# sed -i "s/OPTIONS=\"-l 127.0.0.1,::1\"/OPTIONS=\"-l 127.0.0.1,::1,controller\"/g" /etc/sysconfig/memcached
 # 启动
 [root@controller ~]# systemctl start memcached
 [root@controller ~]# systemctl enable memcached

2.4 部署etcd

2.4.1 安装配置etcd

# 安装
[root@controller ~]# yum -y install etcd
# 配置
[root@controller ~]# mv /etc/etcd/etcd.conf /etc/etcd/etcd.conf_bak
[root@controller ~]# vim /etc/etcd/etcd.conf
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://172.16.10.10:2380"
ETCD_LISTEN_CLIENT_URLS="http://172.16.10.10:2379"
ETCD_NAME="controller"
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://172.16.10.10:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://172.16.10.10:2379"
ETCD_INITIAL_CLUSTER="controller=http://172.16.10.10:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
# 启动
[root@controller ~]# systemctl start etcd
[root@controller ~]# systemctl enable etcd

三、部署keystone服务

3.1 数据库用户创建及授权

mysql -uroot -p123456 -e "create database keystone;"
mysql -uroot -p123456 -e "grant all privileges on keystone.* to 'keystone'@'localhost' identified by 'KEYSTONEDB_PASS';"
mysql -uroot -p123456 -e "grant all privileges on keystone.* to 'keystone'@'%' identified by 'KEYSTONEDB_PASS';"

3.2 安装openstack-keystone httpd mod_wsgi

yum -y install openstack-keystone httpd mod_wsgi

3.3 修改配置文件使用的是openstack-config --set与vim编辑原理相同

cp -a /etc/keystone/keystone.conf{,.bak}
grep -Ev "^$|#" /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf
openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:KEYSTONEDB_PASS@controller/keystone
openstack-config --set /etc/keystone/keystone.conf token provider fernet

3.4 初始化数据库

su -s /bin/sh -c "keystone-manage db_sync" keystone

3.5 初始化keystone

Fernet keys 是用于 API token 的安全信息格式。下面命令用于初始化 Fernet keys

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

3.6 配置身份认证

keystone-manage bootstrap --bootstrap-password ADMIN_PASS --bootstrap-admin-url http://controller:5000/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne

3.7 配置httpd

echo "ServerName controller" >> /etc/httpd/conf/httpd.conf
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
# 启动
systemctl start httpd
systemctl enable httpd

3.8 设置环境变量

cat >> ~/.bashrc << EOF
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin

最低0.47元/天解锁文章

200万优质内容无限畅学