openstack部署
1.基础环境准备
1.1.主机名修改
[root@slave2 ~]# hostnamectl set-hostname controller
[root@slave2 ~]# bash
[root@controller ~]#
# 修改后hostname文件内容对应修改
[root@controller ~]# cat /etc/hostname
controller
1.2.yum源配置
# 切换到yum目录
[root@controller ~]# cd /etc/yum.repos.d/
# 创建备份目录
[root@controller yum.repos.d]# mkdir repo.bak
[root@controller yum.repos.d]# ls
CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Media.repo CentOS-Vault.repo
CentOS-CR.repo CentOS-fasttrack.repo CentOS-Sources.repo repo.bak
# 把原来的yum文件移到到备份目录
[root@controller yum.repos.d]# mv *.repo repo.bak/
# 下载阿里的yum源
[root@controller yum.repos.d]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2523 100 2523 0 0 15162 0 --:--:-- --:--:-- --:--:-- 15198
# 清理yum
[root@controller yum.repos.d]# yum clean all
Loaded plugins: fastestmirror
Cleaning repos: base extras updates
Cleaning up everything
Maybe you want: rm -rf /var/cache/yum, to also free up space taken by orphaned data from disabled or removed repos
[root@controller yum.repos.d]# yum makecache
Loaded plugins: fastestmirror
Determining fastest mirrors
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/10): base/7/x86_64/group_gz | 153 kB 00:00:00
(2/10): extras/7/x86_64/filelists_db | 276 kB 00:00:00
(3/10): extras/7/x86_64/other_db | 149 kB 00:00:00
(4/10): base/7/x86_64/other_db | 2.6 MB 00:00:03
Trying other mirror.
(5/10): updates/7/x86_64/filelists_db | 11 MB 00:00:21
(6/10): extras/7/x86_64/primary_db | 249 kB 00:00:01
(7/10): updates/7/x86_64/other_db | 1.3 MB 00:00:03
(8/10): base/7/x86_64/primary_db | 6.1 MB 00:00:07
(9/10): base/7/x86_64/filelists_db | 7.2 MB 00:00:14
(10/10): updates/7/x86_64/primary_db | 20 MB 00:00:44
Metadata Cache Created
1.3本地域名的解析
直接通过主机名访问主机,需要将主机名和IP地址进行绑定,绑定工作可以通过本地域名解析来实现。
Linux中的 /etc/hosts 文件可以将一些常用的域名和对应的IP建立对应关系。
# 每一行都表示一个域名到Ip地址的映射关系
# 127.0.0.1表示IPv4的本地IP地址
# ::1表示IPv6的本地IP地址
[root@controller yum.repos.d]# vi /etc/hosts
[root@controller yum.repos.d]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.131 controller
# ping通,解析正常
[root@controller yum.repos.d]# ping controller
PING controller (192.168.100.131) 56(84) bytes of data.
64 bytes from controller (192.168.100.131): icmp_seq=1 ttl=64 time=0.009 ms
64 bytes from controller (192.168.100.131): icmp_seq=7 ttl=64 time=0.017 ms
64 bytes from controller (192.168.100.131): icmp_seq=8 ttl=64 time=0.017 ms
64 bytes from controller (192.168.100.131): icmp_seq=9 ttl=64 time=0.017 ms
^C
--- controller ping statistics ---
9 packets transmitted, 9 received, 0% packet loss, time 8000ms
rtt min/avg/max/mdev = 0.009/0.018/0.038/0.008 ms
二.Openstack基础支持服务
Openstack平台需要借助多种第三方提供的基础服务才能正常运行,数据库、消息队列、时间同步、缓存服务等。
2.1Chrony时间同步服务
同一个系统内的计算机时间必须保持一致才能保证系统工作正常。
Chrony软件是一款开源的自由软件,包括两个核心组件:chronyd(后台守护程序)和chronyc(命令行用户管理工具)。
2.1.1时间同步服务配置
# 安装chrony
[root@controller ~]# yum install -y chrony
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package chrony.x86_64 0:3.4-1.el7 will be installed
--> Processing Dependency: libseccomp.so.2()(64bit) for package: chrony-3.4-1.el7.x86_64
--> Running transaction check
---> Package libseccomp.x86_64 0:2.3.1-4.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
==========================================================================================
Package Arch Version Repository Size
==========================================================================================
Installing:
chrony x86_64 3.4-1.el7 base 251 k
Installing for dependencies:
libseccomp x86_64 2.3.1-4.el7 base 56 k
Transaction Summary
==========================================================================================
Install 1 Package (+1 Dependent package)
Total download size: 307 k
Installed size: 788 k
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/libseccomp-2.3.1-4.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for libseccomp-2.3.1-4.el7.x86_64.rpm is not installed
(1/2): libseccomp-2.3.1-4.el7.x86_64.rpm | 56 kB 00:00:00
(2/2): chrony-3.4-1.el7.x86_64.rpm | 251 kB 00:00:00
------------------------------------------------------------------------------------------
Total 458 kB/s | 307 kB 00:00:00
Retrieving key from http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
From : http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : libseccomp-2.3.1-4.el7.x86_64 1/2
Installing : chrony-3.4-1.el7.x86_64 2/2
Verifying : libseccomp-2.3.1-4.el7.x86_64 1/2
Verifying : chrony-3.4-1.el7.x86_64 2/2
Installed:
chrony.x86_64 0:3.4-1.el7
Dependency Installed:
libseccomp.x86_64 0:2.3.1-4.el7
Complete!
# 修改chrony配置文件
# Allow NTP client access from local network.
allow 192.168.100.0/24 # 设置允许某个网段的chrony客户端使用本机NTP服务
# 修改配置后,重启服务生效
[root@controller ~]# systemctl restart chronyd
[root@controller ~]# systemctl enable chronyd
2.1.2时间同步服务管理
时间同步由chronyc命令进行监控和管理。
# 查看当前客户端与NTP服务器连接情况(不加-v)
[root@controller ~]# chronyc sources
210 Number of sources = 4
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* time.neu.edu.cn 1 6 37 12 -36us[-1346us] +/- 17ms
^? ntp.wdc2.us.leaseweb.net 2 6 1 11 +5152us[+5152us] +/- 236ms
^- ntp1.flashdance.cx 2 6 37 12 +327us[ -979us] +/- 166ms
^- 119.28.206.193 2 6 73 11 +957us[ +957us] +/- 51ms
# 查看当前客户端与NTP服务器连接情况(加-v)
[root@controller ~]# chronyc sources -v
210 Number of sources = 4
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* time.neu.edu.cn 1 6 37 33 -36us[-1346us] +/- 17ms
^? ntp.wdc2.us.leaseweb.net 2 6 1 32 +5152us[+5152us] +/- 236ms
^- ntp1.flashdance.cx 2 6 37 34 +327us[ -979us] +/- 166ms
^- 119.28.206.193 2 6 73 33 +957us[ +957us] +/- 51ms
# 查看 ntp服务器 是否在线
[root@controller ~]# chronyc activity
200 OK
4 sources online
0 sources offline
0 sources doing burst (return to online)
0 sources doing burst (return to offline)
0 sources with unknown address
2.2Openstack云计算平台框架
安装组件前,需要先将框架搭建起来。因此要安装由CentOS官方发布的Openstack云计算框架与客户端管理工具。
# 1.安装Openstack框架
[root@controller ~]# yum -y install centos-release-openstack-train
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package centos-release-openstack-train.noarch 0:1-1.el7.centos will be installed
--> Processing Dependency: centos-release-qemu-ev for package: centos-release-openstack-train-1-1.el7.centos.noarch
--> Processing Dependency: centos-release-ceph-nautilus for package: centos-release-openstack-train-1-1.el7.centos.noarch
--> Running transaction check
---> Package centos-release-ceph-nautilus.noarch 0:1.2-2.el7.centos will be installed
--> Processing Dependency: centos-release >= 7-5.1804.el7.centos.2 for package: centos-release-ceph-nautilus-1.2-2.el7.centos.noarch
--> Processing Dependency: centos-release-storage-common for package: centos-release-ceph-nautilus-1.2-2.el7.centos.noarch
--> Processing Dependency: centos-release-nfs-ganesha28 for package: centos-release-ceph-nautilus-1.2-2.el7.centos.noarch
---> Package centos-release-qemu-ev.noarch 0:1.0-4.el7.centos will be installed
--> Processing Dependency: centos-release-virt-common for package: centos-release-qemu-ev-1.0-4.el7.centos.noarch
--> Running transaction check
---> Package centos-release.x86_64 0:7-5.1804.el7.centos will be updated
---> Package centos-release.x86_64 0:7-9.2009.1.el7.centos will be an update
---> Package centos-release-nfs-ganesha28.noarch 0:1.0-3.el7.centos will be installed
---> Package centos-release-storage-common.noarch 0:2-2.el7.centos will be installed
---> Package centos-release-virt-common.noarch 0:1-1.el7.centos will be installed
--> Finished Dependency Resolution
Dependencies Resolved
==========================================================================================
Package Arch Version Repository Size
==========================================================================================
Installing:
centos-release-openstack-train noarch 1-1.el7.centos extras 5.3 k
Installing for dependencies:
centos-release-ceph-nautilus noarch 1.2-2.el7.centos extras 5.1 k
centos-release-nfs-ganesha28 noarch 1.0-3.el7.centos extras 4.3 k
centos-release-qemu-ev noarch 1.0-4.el7.centos extras 11 k
centos-release-storage-common noarch 2-2.el7.centos extras 5.1 k
centos-release-virt-common noarch 1-1.el7.centos extras 4.5 k
Updating for dependencies:
centos-release x86_64 7-9.2009.1.el7.centos updates 27 k
Transaction Summary
==========================================================================================
Install 1 Package (+5 Dependent packages)
Upgrade ( 1 Dependent package)
Total download size: 62 k
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/7): centos-release-ceph-nautilus-1.2-2.el7.centos.noarch.rpm | 5.1 kB 00:00:00
(2/7): centos-release-nfs-ganesha28-1.0-3.el7.centos.noarch.rpm | 4.3 kB 00:00:00
(3/7): centos-release-openstack-train-1-1.el7.centos.noarch.rpm | 5.3 kB 00:00:00
(4/7): centos-release-7-9.2009.1.el7.centos.x86_64.rpm | 27 kB 00:00:00
(5/7): centos-release-qemu-ev-1.0-4.el7.centos.noarch.rpm | 11 kB 00:00:00
(6/7): centos-release-storage-common-2-2.el7.centos.noarch.rpm | 5.1 kB 00:00:00
(7/7): centos-release-virt-common-1-1.el7.centos.noarch.rpm | 4.5 kB 00:00:00
------------------------------------------------------------------------------------------
Total 234 kB/s | 62 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : centos-release-7-9.2009.1.el7.centos.x86_64 1/8
warning: /etc/yum/vars/contentdir created as /etc/yum/vars/contentdir.rpmnew
Installing : centos-release-storage-common-2-2.el7.centos.noarch 2/8
Installing : centos-release-nfs-ganesha28-1.0-3.el7.centos.noarch 3/8
Installing : centos-release-ceph-nautilus-1.2-2.el7.centos.noarch 4/8
Installing : centos-release-virt-common-1-1.el7.centos.noarch 5/8
Installing : centos-release-qemu-ev-1.0-4.el7.centos.noarch 6/8
Installing : centos-release-openstack-train-1-1.el7.centos.noarch 7/8
Cleanup : centos-release-7-5.1804.el7.centos.x86_64 8/8
Verifying : centos-release-openstack-train-1-1.el7.centos.noarch 1/8
Verifying : centos-release-nfs-ganesha28-1.0-3.el7.centos.noarch 2/8
Verifying : centos-release-7-9.2009.1.el7.centos.x86_64 3/8
Verifying : centos-release-ceph-nautilus-1.2-2.el7.centos.noarch 4/8
Verifying : centos-release-virt-common-1-1.el7.centos.noarch 5/8
Verifying : centos-release-storage-common-2-2.el7.centos.noarch 6/8
Verifying : centos-release-qemu-ev-1.0-4.el7.centos.noarch 7/8
Verifying : centos-release-7-5.1804.el7.centos.x86_64 8/8
Installed:
centos-release-openstack-train.noarch 0:1-1.el7.centos
Dependency Installed:
centos-release-ceph-nautilus.noarch 0:1.2-2.el7.centos
centos-release-nfs-ganesha28.noarch 0:1.0-3.el7.centos
centos-release-qemu-ev.noarch 0:1.0-4.el7.centos
centos-release-storage-common.noarch 0:2-2.el7.centos
centos-release-virt-common.noarch 0:1-1.el7.centos
Dependency Updated:
centos-release.x86_64 0:7-9.2009.1.el7.centos
Complete!
# 升级所有的软件包
# 自动检查所有可升级的软件包并升级
[root@controller ~]# yum upgrade -y
......
Replaced:
grub2.x86_64 1:2.02-0.65.el7.centos.2 grub2-tools.x86_64 1:2.02-0.65.el7.centos.2
iwl7265-firmware.noarch 0:22.0.7.0-62.el7 python-pyudev.noarch 0:0.15-9.el7
Complete!
#安装openstack客户端
[root@controller ~]# yum install -y python-openstackclient
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* centos-ceph-nautilus: mirrors.cqu.edu.cn
* centos-nfs-ganesha28: mirrors.ustc.edu.cn
* centos-openstack-train: mirrors.cqu.edu.cn
* centos-qemu-ev: mirrors.cqu.edu.cn
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
......
python2-pyparsing.noarch 0:2.3.1-1.el7
python2-pyperclip.noarch 0:1.6.4-1.el7
python2-pysocks.noarch 0:1.5.6-3.el7
python2-requests.noarch 0:2.21.0-3.el7
python2-requestsexceptions.noarch 0:1.4.0-1.el7
python2-rfc3986.noarch 0:1.2.0-1.el7
python2-setuptools.noarch 0:40.8.0-1.el7
python2-simplejson.x86_64 0:3.16.0-5.el7
python2-stevedore.noarch 0:1.31.0-2.el7
python2-subprocess32.x86_64 0:3.2.6-14.el7
python2-urllib3.noarch 0:1.24.1-3.el7
python2-wcwidth.noarch 0:0.1.7-8.el7
python2-wrapt.x86_64 0:1.11.1-1.el7
pytz.noarch 0:2016.10-2.el7
rsync.x86_64 0:3.1.2-12.el7_9
Complete!
# 查看openstack的版本号
[root@controller ~]# openstack --version
openstack 4.0.2
3.mariadb数据库
Mysql的创始人Michel Widenius主导开发完全兼容MYSQL、开源免费的MariaDB数据库。
MariaDB采用Maria存储引擎的MYSQL数据库的分支版本。
3.1安装mariadb
# mariadb-server:数据库后台服务
# python2-PyMySQL:python访问数据库的模块
[root@controller ~]# yum install -y mariadb-server python2-PyMySQL
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* centos-ceph-nautilus: mirrors.cqu.edu.cn
* centos-nfs-ganesha28: mirrors.ustc.edu.cn
* centos-openstack-train: mirrors.ustc.edu.cn
* centos-qemu-ev: mirrors.ustc.edu.cn
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package mariadb-server.x86_64 3:10.3.20-3.el7.0.0.rdo1 will be installed
--> Processing Dependency: mariadb-errmsg(x86-64) = 3:10.3.20-3.el7.0.0.rdo1 for package: 3:mariadb-server-10.3.20-3.el7.0.0.rdo1.x86_64
--> Processing Dependency: mysql(x86-64) for package: 3:mariadb-server-10.3.20-3.el7.0.0.rdo1.x86_64
--> Processing Dependency: mysql-compat-client(x86-64) for package: 3:mariadb-server-10.3.20-3.el7.0.0.rdo1.x86_64
--> Processing Dependency: psmisc for package: 3:mariadb-server-10.3.20-3.el7.0.0.rdo1.x86_64
---> Package python2-PyMySQL.noarch 0:0.9.2-2.el7 will be installed
--> Running transaction check
---> Package mariadb.x86_64 3:10.3.20-3.el7.0.0.rdo1 will be installed
---> Package mariadb-errmsg.x86_64 3:10.3.20-3.el7.0.0.rdo1 will be installed
---> Package psmisc.x86_64 0:22.20-17.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
==========================================================================================
Package Arch Version Repository Size
==========================================================================================
Installing:
mariadb-server x86_64 3:10.3.20-3.el7.0.0.rdo1 centos-openstack-train 16 M
python2-PyMySQL noarch 0.9.2-2.el7 centos-openstack-train 92 k
Installing for dependencies:
mariadb x86_64 3:10.3.20-3.el7.0.0.rdo1 centos-openstack-train 5.9 M
mariadb-errmsg x86_64 3:10.3.20-3.el7.0.0.rdo1 centos-openstack-train 229 k
psmisc x86_64 22.20-17.el7 base 141 k
Transaction Summary
==========================================================================================
Install 2 Packages (+3 Dependent packages)
Total size: 22 M
Total download size: 141 k
Installed size: 122 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
psmisc-22.20-17.el7.x86_64.rpm | 141 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : 3:mariadb-errmsg-10.3.20-3.el7.0.0.rdo1.x86_64 1/5
Installing : psmisc-22.20-17.el7.x86_64 2/5
Installing : 3:mariadb-10.3.20-3.el7.0.0.rdo1.x86_64 3/5
Installing : 3:mariadb-server-10.3.20-3.el7.0.0.rdo1.x86_64 4/5
Installing : python2-PyMySQL-0.9.2-2.el7.noarch 5/5
Verifying : 3:mariadb-10.3.20-3.el7.0.0.rdo1.x86_64 1/5
Verifying : python2-PyMySQL-0.9.2-2.el7.noarch 2/5
Verifying : psmisc-22.20-17.el7.x86_64 3/5
Verifying : 3:mariadb-server-10.3.20-3.el7.0.0.rdo1.x86_64 4/5
Verifying : 3:mariadb-errmsg-10.3.20-3.el7.0.0.rdo1.x86_64 5/5
Installed:
mariadb-server.x86_64 3:10.3.20-3.el7.0.0.rdo1 python2-PyMySQL.noarch 0:0.9.2-2.el7
Dependency Installed:
mariadb.x86_64 3:10.3.20-3.el7.0.0.rdo1 mariadb-errmsg.x86_64 3:10.3.20-3.el7.0.0.rdo1
psmisc.x86_64 0:22.20-17.el7
Complete!
3.2编辑数据库配置文件
[root@controller ~]# cd /etc/my.cnf.d/
[root@controller my.cnf.d]# ls
client.cnf enable_encryption.preset mariadb-server.cnf mysql-clients.cnf
# 创建文件
[root@controller my.cnf.d]# touch openstack.cnf
# 写入信息
[root@controller my.cnf.d]# vi openstack.cnf
[root@controller my.cnf.d]# cat openstack.cnf
[mysqld]
bind-address = 192.168.100.131
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
3.3启动mariadb
# 设置开机启动
[root@controller my.cnf.d]# systemctl enable mariadb
Created symlink from /etc/systemd/system/mysql.service to /usr/lib/systemd/system/mariadb.service.
Created symlink from /etc/systemd/system/mysqld.service to /usr/lib/systemd/system/mariadb.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
# 立即启动数据库
[root@controller my.cnf.d]# systemctl start mariadb
# 检查数据库启动情况
[root@controller my.cnf.d]# systemctl status mariadb
● mariadb.service - MariaDB 10.3 database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2023-04-13 15:00:04 CST; 16s ago
Docs: man:mysqld(8)
https://mariadb.com/kb/en/library/systemd/
Process: 48088 ExecStartPost=/usr/libexec/mysql-check-upgrade (code=exited, status=0/SUCCESS)
Process: 47952 ExecStartPre=/usr/libexec/mysql-prepare-db-dir %n (code=exited, status=0/SUCCESS)
Process: 47927 ExecStartPre=/usr/libexec/mysql-check-socket (code=exited, status=0/SUCCESS)
Main PID: 48056 (mysqld)
Status: "Taking your SQL requests now..."
CGroup: /system.slice/mariadb.service
└─48056 /usr/libexec/mysqld --basedir=/usr
Apr 13 15:00:03 controller mysql-prepare-db-dir[47952]: Please report any problems at ...a
Apr 13 15:00:03 controller mysql-prepare-db-dir[47952]: The latest information about M....
Apr 13 15:00:03 controller mysql-prepare-db-dir[47952]: You can find additional inform...:
Apr 13 15:00:03 controller mysql-prepare-db-dir[47952]: http://dev.mysql.com
Apr 13 15:00:03 controller mysql-prepare-db-dir[47952]: Consider joining MariaDB's str...:
Apr 13 15:00:03 controller mysql-prepare-db-dir[47952]: https://mariadb.org/get-involved/
Apr 13 15:00:04 controller mysqld[48056]: 2023-04-13 15:00:04 0 [Note] /usr/libexec/m.....
Apr 13 15:00:04 controller mysqld[48056]: 2023-04-13 15:00:04 0 [Warning] Could not i...9)
Apr 13 15:00:04 controller mysqld[48056]: 2023-04-13 15:00:04 0 [Warning] Changed lim...0)
Apr 13 15:00:04 controller systemd[1]: Started MariaDB 10.3 database server.
Hint: Some lines were ellipsized, use -l to show in full.
3.4初始化mariadb数据库
[root@controller my.cnf.d]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): #输入当前密码,没有则直接按【Enter】键
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] Y #是否设置新密码
New password: #输入新密码
Re-enter new password: #确认新密码
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y #是否去掉匿名用户
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y #是否禁止root用户远程登录
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y #是否去掉测试数据库
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y #是否重新加载权限表
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
3.5登录和使用数据库
# 登录数据库
[root@controller my.cnf.d]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 17
Server version: 10.3.20-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.000 sec)
MariaDB [(none)]> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [mysql]> show tables;
+---------------------------+
| Tables_in_mysql |
+---------------------------+
| column_stats |
| columns_priv |
| db |
| event |
| func |
| general_log |
| gtid_slave_pos |
| help_category |
| help_keyword |
| help_relation |
| help_topic |
| host |
| index_stats |
| innodb_index_stats |
| innodb_table_stats |
| plugin |
| proc |
| procs_priv |
| proxies_priv |
| roles_mapping |
| servers |
| slow_log |
| table_stats |
| tables_priv |
| time_zone |
| time_zone_leap_second |
| time_zone_name |
| time_zone_transition |
| time_zone_transition_type |
| transaction_registry |
| user |
+---------------------------+
31 rows in set (0.000 sec)
MariaDB [mysql]> exit;
Bye
4.RabbitMQ消息队列服务
消息队列(Message Queue,MQ)是一种应用间的通信方式,消息发送到消息队列后由消息队列来确保消息的可靠传递,即消息发布者和消息使用者之间并不产生直接关系。
OpenStack各个组件之间就是通过消息队列进行相互通信的。其中RabbitMQ是一个开源的、应用广泛的消息服务系统。
通常使用RabbitMQ为OpenStack提供消息队列服务。
# 安装RabbitMQ消息队列
[root@controller my.cnf.d]# yum install -y rabbitmq-server
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* centos-ceph-nautilus: ftp.sjtu.edu.cn
* centos-nfs-ganesha28: ftp.sjtu.edu.cn
* centos-openstack-train: ftp.sjtu.edu.cn
* centos-qemu-ev: mirrors.cqu.edu.cn
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package rabbitmq-server.noarch 0:3.6.16-1.el7 will be installed
--> Processing Dependency: erlang-eldap >= 18 for package: rabbitmq-server-3.6.16-1.el7.noarch
--> Processing Dependency: erlang-erts >= 18 for package: rabbitmq-server-3.6.16-1.el7.noarch
--> Processing Dependency: erlang-kernel >= 18 for package: rabbitmq-server-3.6.16-1.el7.noarch
--> Processing Dependency: erlang-mnesia >= 18 for package: rabbitmq-server-3.6.16-1.el7.noarch
--> Processing Dependency: erlang-os_mon >= 18 for package: rabbitmq-server-3.6.16-1.el7.noarch
--> Processing Dependency: erlang-public_key >= 18 for package: rabbitmq-server-3.6.16-1.el7.noarch
--> Processing Dependency: erlang-sasl >= 18 for package: rabbitmq-server-3.6.16-1.el7.noarch
--> Processing Dependency: erlang-ssl >= 18 for package: rabbitmq-server-3.6.16-1.el7.noarch
--> Processing Dependency: erlang-stdlib >= 18 for package: rabbitmq-server-3.6.16-1.el7.noarch
--> Processing Dependency: erlang-tools >= 18 for package: rabbitmq-server-3.6.16-1.el7.noarch
--> Processing Dependency: erlang-xmerl >= 18 for package: rabbitmq-server-3.6.16-1.el7.noarch
--> Processing Dependency: erlang-sd_notify for package: rabbitmq-server-3.6.16-1.el7.noarch
--> Running transaction check
---> Package erlang-eldap.x86_64 0:19.3.6.4-1.el7 will be installed
--> Processing Dependency: erlang-asn1(x86-64) = 19.3.6.4-1.el7 for package: erlang-eldap-19.3.6.4-1.el7.x86_64
---> Package erlang-erts.x86_64 0:19.3.6.4-1.el7 will be installed
--> Processing Dependency: lksctp-tools for package: erlang-erts-19.3.6.4-1.el7.x86_64
---> Package erlang-kernel.x86_64 0:19.3.6.4-1.el7 will be installed
---> Package erlang-mnesia.x86_64 0:19.3.6.4-1.el7 will be installed
---> Package erlang-os_mon.x86_64 0:19.3.6.4-1.el7 will be installed
--> Processing Dependency: erlang-otp_mibs(x86-64) = 19.3.6.4-1.el7 for package: erlang-os_mon-19.3.6.4-1.el7.x86_64
--> Processing Dependency: erlang-snmp(x86-64) = 19.3.6.4-1.el7 for package: erlang-os_mon-19.3.6.4-1.el7.x86_64
---> Package erlang-public_key.x86_64 0:19.3.6.4-1.el7 will be installed
--> Processing Dependency: erlang-crypto(x86-64) = 19.3.6.4-1.el7 for package: erlang-public_key-19.3.6.4-1.el7.x86_64
---> Package erlang-sasl.x86_64 0:19.3.6.4-1.el7 will be installed
---> Package erlang-sd_notify.x86_64 0:1.0-2.el7 will be installed
---> Package erlang-ssl.x86_64 0:19.3.6.4-1.el7 will be installed
--> Processing Dependency: erlang-inets(x86-64) = 19.3.6.4-1.el7 for package: erlang-ssl-19.3.6.4-1.el7.x86_64
---> Package erlang-stdlib.x86_64 0:19.3.6.4-1.el7 will be installed
--> Processing Dependency: erlang-compiler(x86-64) = 19.3.6.4-1.el7 for package: erlang-stdlib-19.3.6.4-1.el7.x86_64
---> Package erlang-tools.x86_64 0:19.3.6.4-1.el7 will be installed
--> Processing Dependency: erlang-runtime_tools(x86-64) = 19.3.6.4-1.el7 for package: erlang-tools-19.3.6.4-1.el7.x86_64
---> Package erlang-xmerl.x86_64 0:19.3.6.4-1.el7 will be installed
--> Running transaction check
---> Package erlang-asn1.x86_64 0:19.3.6.4-1.el7 will be installed
---> Package erlang-compiler.x86_64 0:19.3.6.4-1.el7 will be installed
--> Processing Dependency: erlang-hipe(x86-64) = 19.3.6.4-1.el7 for package: erlang-compiler-19.3.6.4-1.el7.x86_64
---> Package erlang-crypto.x86_64 0:19.3.6.4-1.el7 will be installed
---> Package erlang-inets.x86_64 0:19.3.6.4-1.el7 will be installed
---> Package erlang-otp_mibs.x86_64 0:19.3.6.4-1.el7 will be installed
---> Package erlang-runtime_tools.x86_64 0:19.3.6.4-1.el7 will be installed
---> Package erlang-snmp.x86_64 0:19.3.6.4-1.el7 will be installed
---> Package lksctp-tools.x86_64 0:1.0.17-2.el7 will be installed
--> Running transaction check
---> Package erlang-hipe.x86_64 0:19.3.6.4-1.el7 will be installed
--> Processing Dependency: erlang-syntax_tools(x86-64) = 19.3.6.4-1.el7 for package: erlang-hipe-19.3.6.4-1.el7.x86_64
--> Running transaction check
---> Package erlang-syntax_tools.x86_64 0:19.3.6.4-1.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
==========================================================================================
Package Arch Version Repository Size
==========================================================================================
Installing:
rabbitmq-server noarch 3.6.16-1.el7 centos-openstack-train 4.6 M
Installing for dependencies:
erlang-asn1 x86_64 19.3.6.4-1.el7 centos-openstack-train 737 k
erlang-compiler x86_64 19.3.6.4-1.el7 centos-openstack-train 1.1 M
erlang-crypto x86_64 19.3.6.4-1.el7 centos-openstack-train 122 k
erlang-eldap x86_64 19.3.6.4-1.el7 centos-openstack-train 120 k
erlang-erts x86_64 19.3.6.4-1.el7 centos-openstack-train 3.0 M
erlang-hipe x86_64 19.3.6.4-1.el7 centos-openstack-train 2.6 M
erlang-inets x86_64 19.3.6.4-1.el7 centos-openstack-train 766 k
erlang-kernel x86_64 19.3.6.4-1.el7 centos-openstack-train 1.1 M
erlang-mnesia x86_64 19.3.6.4-1.el7 centos-openstack-train 769 k
erlang-os_mon x86_64 19.3.6.4-1.el7 centos-openstack-train 118 k
erlang-otp_mibs x86_64 19.3.6.4-1.el7 centos-openstack-train 37 k
erlang-public_key x86_64 19.3.6.4-1.el7 centos-openstack-train 585 k
erlang-runtime_tools x86_64 19.3.6.4-1.el7 centos-openstack-train 214 k
erlang-sasl x86_64 19.3.6.4-1.el7 centos-openstack-train 293 k
erlang-sd_notify x86_64 1.0-2.el7 centos-openstack-train 9.9 k
erlang-snmp x86_64 19.3.6.4-1.el7 centos-openstack-train 1.6 M
erlang-ssl x86_64 19.3.6.4-1.el7 centos-openstack-train 788 k
erlang-stdlib x86_64 19.3.6.4-1.el7 centos-openstack-train 2.4 M
erlang-syntax_tools x86_64 19.3.6.4-1.el7 centos-openstack-train 408 k
erlang-tools x86_64 19.3.6.4-1.el7 centos-openstack-train 567 k
erlang-xmerl x86_64 19.3.6.4-1.el7 centos-openstack-train 1.0 M
lksctp-tools x86_64 1.0.17-2.el7 base 88 k
Transaction Summary
==========================================================================================
Install 1 Package (+22 Dependent packages)
Total download size: 23 M
Installed size: 40 M
Downloading packages:
(1/23): erlang-compiler-19.3.6.4-1.el7.x86_64.rpm | 1.1 MB 00:00:00
(2/23): erlang-crypto-19.3.6.4-1.el7.x86_64.rpm | 122 kB 00:00:00
(3/23): erlang-asn1-19.3.6.4-1.el7.x86_64.rpm | 737 kB 00:00:00
(4/23): erlang-eldap-19.3.6.4-1.el7.x86_64.rpm | 120 kB 00:00:00
(5/23): erlang-hipe-19.3.6.4-1.el7.x86_64.rpm | 2.6 MB 00:00:00
(6/23): erlang-erts-19.3.6.4-1.el7.x86_64.rpm | 3.0 MB 00:00:00
(7/23): erlang-inets-19.3.6.4-1.el7.x86_64.rpm | 766 kB 00:00:00
(8/23): erlang-mnesia-19.3.6.4-1.el7.x86_64.rpm | 769 kB 00:00:00
(9/23): erlang-os_mon-19.3.6.4-1.el7.x86_64.rpm | 118 kB 00:00:00
(10/23): erlang-kernel-19.3.6.4-1.el7.x86_64.rpm | 1.1 MB 00:00:00
(11/23): erlang-otp_mibs-19.3.6.4-1.el7.x86_64.rpm | 37 kB 00:00:00
(12/23): erlang-runtime_tools-19.3.6.4-1.el7.x86_64.rpm | 214 kB 00:00:00
(13/23): erlang-public_key-19.3.6.4-1.el7.x86_64.rpm | 585 kB 00:00:00
(14/23): erlang-sasl-19.3.6.4-1.el7.x86_64.rpm | 293 kB 00:00:00
(15/23): erlang-sd_notify-1.0-2.el7.x86_64.rpm | 9.9 kB 00:00:00
(16/23): erlang-ssl-19.3.6.4-1.el7.x86_64.rpm | 788 kB 00:00:00
(17/23): erlang-snmp-19.3.6.4-1.el7.x86_64.rpm | 1.6 MB 00:00:00
(18/23): erlang-syntax_tools-19.3.6.4-1.el7.x86_64.rpm | 408 kB 00:00:00
(19/23): erlang-tools-19.3.6.4-1.el7.x86_64.rpm | 567 kB 00:00:00
(20/23): erlang-stdlib-19.3.6.4-1.el7.x86_64.rpm | 2.4 MB 00:00:00
(21/23): erlang-xmerl-19.3.6.4-1.el7.x86_64.rpm | 1.0 MB 00:00:00
(22/23): lksctp-tools-1.0.17-2.el7.x86_64.rpm | 88 kB 00:00:00
(23/23): rabbitmq-server-3.6.16-1.el7.noarch.rpm | 4.6 MB 00:00:00
------------------------------------------------------------------------------------------
Total 10 MB/s | 23 MB 00:00:02
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : lksctp-tools-1.0.17-2.el7.x86_64 1/23
Installing : erlang-syntax_tools-19.3.6.4-1.el7.x86_64 2/23
Installing : erlang-hipe-19.3.6.4-1.el7.x86_64 3/23
Installing : erlang-compiler-19.3.6.4-1.el7.x86_64 4/23
Installing : erlang-crypto-19.3.6.4-1.el7.x86_64 5/23
Installing : erlang-stdlib-19.3.6.4-1.el7.x86_64 6/23
Installing : erlang-erts-19.3.6.4-1.el7.x86_64 7/23
Installing : erlang-kernel-19.3.6.4-1.el7.x86_64 8/23
Installing : erlang-mnesia-19.3.6.4-1.el7.x86_64 9/23
Installing : erlang-runtime_tools-19.3.6.4-1.el7.x86_64 10/23
Installing : erlang-snmp-19.3.6.4-1.el7.x86_64 11/23
Installing : erlang-asn1-19.3.6.4-1.el7.x86_64 12/23
Installing : erlang-public_key-19.3.6.4-1.el7.x86_64 13/23
Installing : erlang-inets-19.3.6.4-1.el7.x86_64 14/23
Installing : erlang-ssl-19.3.6.4-1.el7.x86_64 15/23
Installing : erlang-tools-19.3.6.4-1.el7.x86_64 16/23
Installing : erlang-sasl-19.3.6.4-1.el7.x86_64 17/23
Installing : erlang-eldap-19.3.6.4-1.el7.x86_64 18/23
Installing : erlang-otp_mibs-19.3.6.4-1.el7.x86_64 19/23
Installing : erlang-os_mon-19.3.6.4-1.el7.x86_64 20/23
Installing : erlang-xmerl-19.3.6.4-1.el7.x86_64 21/23
Installing : erlang-sd_notify-1.0-2.el7.x86_64 22/23
Installing : rabbitmq-server-3.6.16-1.el7.noarch 23/23
Verifying : erlang-snmp-19.3.6.4-1.el7.x86_64 1/23
Verifying : erlang-kernel-19.3.6.4-1.el7.x86_64 2/23
Verifying : erlang-otp_mibs-19.3.6.4-1.el7.x86_64 3/23
Verifying : erlang-xmerl-19.3.6.4-1.el7.x86_64 4/23
Verifying : erlang-mnesia-19.3.6.4-1.el7.x86_64 5/23
Verifying : erlang-runtime_tools-19.3.6.4-1.el7.x86_64 6/23
Verifying : erlang-syntax_tools-19.3.6.4-1.el7.x86_64 7/23
Verifying : erlang-asn1-19.3.6.4-1.el7.x86_64 8/23
Verifying : erlang-tools-19.3.6.4-1.el7.x86_64 9/23
Verifying : erlang-eldap-19.3.6.4-1.el7.x86_64 10/23
Verifying : lksctp-tools-1.0.17-2.el7.x86_64 11/23
Verifying : erlang-os_mon-19.3.6.4-1.el7.x86_64 12/23
Verifying : erlang-sd_notify-1.0-2.el7.x86_64 13/23
Verifying : erlang-public_key-19.3.6.4-1.el7.x86_64 14/23
Verifying : erlang-inets-19.3.6.4-1.el7.x86_64 15/23
Verifying : erlang-hipe-19.3.6.4-1.el7.x86_64 16/23
Verifying : erlang-compiler-19.3.6.4-1.el7.x86_64 17/23
Verifying : erlang-crypto-19.3.6.4-1.el7.x86_64 18/23
Verifying : erlang-stdlib-19.3.6.4-1.el7.x86_64 19/23
Verifying : rabbitmq-server-3.6.16-1.el7.noarch 20/23
Verifying : erlang-erts-19.3.6.4-1.el7.x86_64 21/23
Verifying : erlang-sasl-19.3.6.4-1.el7.x86_64 22/23
Verifying : erlang-ssl-19.3.6.4-1.el7.x86_64 23/23
Installed:
rabbitmq-server.noarch 0:3.6.16-1.el7
Dependency Installed:
erlang-asn1.x86_64 0:19.3.6.4-1.el7 erlang-compiler.x86_64 0:19.3.6.4-1.el7
erlang-crypto.x86_64 0:19.3.6.4-1.el7 erlang-eldap.x86_64 0:19.3.6.4-1.el7
erlang-erts.x86_64 0:19.3.6.4-1.el7 erlang-hipe.x86_64 0:19.3.6.4-1.el7
erlang-inets.x86_64 0:19.3.6.4-1.el7 erlang-kernel.x86_64 0:19.3.6.4-1.el7
erlang-mnesia.x86_64 0:19.3.6.4-1.el7 erlang-os_mon.x86_64 0:19.3.6.4-1.el7
erlang-otp_mibs.x86_64 0:19.3.6.4-1.el7 erlang-public_key.x86_64 0:19.3.6.4-1.el7
erlang-runtime_tools.x86_64 0:19.3.6.4-1.el7 erlang-sasl.x86_64 0:19.3.6.4-1.el7
erlang-sd_notify.x86_64 0:1.0-2.el7 erlang-snmp.x86_64 0:19.3.6.4-1.el7
erlang-ssl.x86_64 0:19.3.6.4-1.el7 erlang-stdlib.x86_64 0:19.3.6.4-1.el7
erlang-syntax_tools.x86_64 0:19.3.6.4-1.el7 erlang-tools.x86_64 0:19.3.6.4-1.el7
erlang-xmerl.x86_64 0:19.3.6.4-1.el7 lksctp-tools.x86_64 0:1.0.17-2.el7
Complete!
#启动RabbitMQ消息队列
# 开机启动
[root@controller my.cnf.d]# systemctl enable rabbitmq-server
Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.
# 立即启动
[root@controller my.cnf.d]# systemctl start rabbitmq-server
# 设置用户和密码
# 创建一个名为“rabbitmq”的用户,密码为“RABBIT_PASS”
[root@rabbitmq ~]# rabbitmqctl add_user openstack RABBIT_PASS
Creating user "openstack"
# 修改openstack用户密码为000000
[root@rabbitmq ~]# rabbitmqctl change_password openstack 000000
Changing password for user "openstack"
# 管理用户权限
# 3个“.*”分别对应配置、写入、读取权。给openstack用户赋予对RabbitMQ所有资源的配置、写入与读取权限
[root@rabbitmq ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/"
#查看用户权限
[root@rabbitmq ~]# rabbitmqctl list_user_permissions openstack
Listing permissions for user "openstack"
/ .* .* .*
5.Memcached内存缓存服务
内存缓存(Memcached)是一个高性能的分布式内存对象缓存系统,能够存储各种格式的数据,包括图像、视频、文件,以及数据库检索的结果等
5.1安装memcached服务
# “memcached”是内存缓存服务软件,
# “python-memcached”是对该服务进行管理的接口程序软件
[root@rabbitmq ~]# yum install -y memcached python-memcached
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* centos-ceph-nautilus: mirrors.bfsu.edu.cn
* centos-nfs-ganesha28: mirrors.ustc.edu.cn
* centos-openstack-train: mirrors.ustc.edu.cn
* centos-qemu-ev: mirrors.ustc.edu.cn
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package memcached.x86_64 0:1.5.6-1.el7 will be installed
--> Processing Dependency: libevent-2.0.so.5()(64bit) for package: memcached-1.5.6-1.el7.x86_64
---> Package python-memcached.noarch 0:1.58-1.el7 will be installed
--> Running transaction check
---> Package libevent.x86_64 0:2.0.21-4.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================================
Package Arch Version Repository Size
=============================================================================================
Installing:
memcached x86_64 1.5.6-1.el7 centos-openstack-train 124 k
python-memcached noarch 1.58-1.el7 centos-ceph-nautilus 38 k
Installing for dependencies:
libevent x86_64 2.0.21-4.el7 base 214 k
Transaction Summary
=============================================================================================
Install 2 Packages (+1 Dependent package)
Total download size: 376 k
Installed size: 1.1 M
Downloading packages:
(1/3): python-memcached-1.58-1.el7.noarch.rpm | 38 kB 00:00:00
(2/3): memcached-1.5.6-1.el7.x86_64.rpm | 124 kB 00:00:00
(3/3): libevent-2.0.21-4.el7.x86_64.rpm | 214 kB 00:00:01
---------------------------------------------------------------------------------------------
Total 367 kB/s | 376 kB 00:00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : libevent-2.0.21-4.el7.x86_64 1/3
Installing : memcached-1.5.6-1.el7.x86_64 2/3
Installing : python-memcached-1.58-1.el7.noarch 3/3
Verifying : python-memcached-1.58-1.el7.noarch 1/3
Verifying : libevent-2.0.21-4.el7.x86_64 2/3
Verifying : memcached-1.5.6-1.el7.x86_64 3/3
Installed:
memcached.x86_64 0:1.5.6-1.el7 python-memcached.noarch 0:1.58-1.el7
Dependency Installed:
libevent.x86_64 0:2.0.21-4.el7
Complete!
# 安装完成后,系统将自动创建名为“memcached”的用户
[root@rabbitmq ~]# cat /etc/passwd | grep memcached
memcached:x:995:993:Memcached daemon:/run/memcached:/sbin/nologin
5.2配置内存缓存服务
Memcached的配置文件为/etc/sysconfig/memcached
[root@rabbitmq ~]# vi /etc/sysconfig/memcached
[root@rabbitmq ~]# cat /etc/sysconfig/memcached
PORT="11211" # 服务端口
USER="memcached" # 用户名
MAXCONN="1024" # 允许的最大连接数
CACHESIZE="64" # 最大的缓存大小
OPTIONS="-l 127.0.0.1,::1,192.168.100.131" # 监听地址(默认监听本地)
5.3启动内存缓存服务
# 开机启动
[root@rabbitmq ~]# systemctl enable memcached
Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.
# 立即启动
[root@rabbitmq ~]# systemctl start memcached
# 检查服务是否启动
[root@rabbitmq ~]# netstat -tnlup | grep memcached
tcp 0 0 192.168.100.131:11211 0.0.0.0:* LISTEN 9988/memcached
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 9988/memcached
tcp6 0 0 ::1:11211 :::* LISTEN 9988/memcached
6.etcd分布式键值对存储系统
etcd是一个开源项目,它的目标是构建一个高可用的分布式键-值(Key-Value)数据库用于配置共享和服务发现。
这个软件的作用类似于分布式系统中“/etc”目录的功能,即存储大规模分布式系统的配置信息。
6.1安装配置
[root@rabbitmq ~]# yum install -y etcd
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* centos-ceph-nautilus: ftp.sjtu.edu.cn
* centos-nfs-ganesha28: mirrors.ustc.edu.cn
* centos-openstack-train: mirrors.ustc.edu.cn
* centos-qemu-ev: mirrors.ustc.edu.cn
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package etcd.x86_64 0:3.3.11-2.el7.centos will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================================
Package Arch Version Repository Size
=============================================================================================
Installing:
etcd x86_64 3.3.11-2.el7.centos extras 10 M
Transaction Summary
=============================================================================================
Install 1 Package
Total download size: 10 M
Installed size: 45 M
Downloading packages:
etcd-3.3.11-2.el7.centos.x86_64.rpm | 10 MB 00:00:35
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : etcd-3.3.11-2.el7.centos.x86_64 1/1
Verifying : etcd-3.3.11-2.el7.centos.x86_64 1/1
Installed:
etcd.x86_64 0:3.3.11-2.el7.centos
Complete!
# 备份配置文件
[root@rabbitmq ~]# cp /etc/etcd/etcd.conf /etc/etcd/etcd.conf.bak
# 修改配置
[root@rabbitmq ~]# vi /etc/etcd/etcd.conf
[root@rabbitmq ~]# cat /etc/etcd/etcd.conf
ETCD_LISTEN_PEER_URLS="http://192.168.100.131:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.100.131:2379,http://127.0.0.1:2379"
ETCD_NAME="controller"
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.100.131:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.100.131:2379"
ETCD_INITIAL_CLUSTER="controller=http://192.168.100.131:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
# 设置启动服务,启动服务,检查运行
[root@rabbitmq ~]# systemctl enable etcd
[root@rabbitmq ~]# systemctl start etcd
[root@rabbitmq ~]# netstat -tnlup| grep etcd
tcp 0 0 192.168.100.131:2379 0.0.0.0:* LISTEN 10571/etcd
tcp 0 0 127.0.0.1:2379 0.0.0.0:* LISTEN 10571/etcd
tcp 0 0 192.168.100.131:2380 0.0.0.0:* LISTEN 10571/etcd
三、集群配置
1.1克隆计算节点和配置计算节点
# 修改网络配置
[root@controller ~]# cd /etc/sysconfig/network-scripts/
# 生产新的uuid
[root@controller network-scripts]# uuidgen >> ifcfg-ens33
# 修改ifcfg-ens33配置
NAME=ens33
UUID=80d04405-642e-41f6-aa31-a33b79b92ca4 # 将新生成的uuid放这里替换
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.100.132 # 修改网卡地址
NETMASK=255.255.255.0
GATEWAY=192.168.100.2
DNS1=114.114.114.114
DNS2=8.8.8.8
# 重启网络
[root@controller network-scripts]# systemctl restart network
# 更改计算节点主机名
[root@rabbitmq ~]# hostnamectl set-hostname compute
[root@rabbitmq ~]# bash
1.2域名解析配置
# 修改控制节点本地域名解析
[root@controller ~]# echo '192.168.100.132 compute' >> /etc/hosts
[root@controller ~]# ping compute
PING compute (192.168.100.132) 56(84) bytes of data.
64 bytes from compute (192.168.100.132): icmp_seq=1 ttl=64 time=0.496 ms
64 bytes from compute (192.168.100.132): icmp_seq=2 ttl=64 time=0.385 ms
^C
--- compute ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.385/0.440/0.496/0.059 ms
# 修改计算节点本地域名解析
[root@compute ~]# echo '192.168.100.132 compute' >> /etc/hosts
[root@compute ~]# ping controller
PING mq (192.168.100.131) 56(84) bytes of data.
64 bytes from mq (192.168.100.131): icmp_seq=1 ttl=64 time=0.178 ms
64 bytes from mq (192.168.100.131): icmp_seq=2 ttl=64 time=0.246 ms
^C
--- mq ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.178/0.212/0.246/0.034 ms
1.3搭建本地软件仓库
不能访问外网的环境,需要搭建本地的YUM源。
没必要在每台机器上都配置同样的软件仓库,可以选择共享的方式为其他主机提供服务。
在控制节点配置YUM源,并搭建文件传输服务器为其他的计算节点提供服务。
1.3.1在控制节点配置YUM源
# 1.上传openStack-train.iso文件到/opt目录下
[root@controller opt]# ls
openStack-train.iso
# 2.将镜像文件挂载到文件夹中,即可访问镜像文件内容
[root@controller opt]# mkdir openstack
# 挂载命令:将镜像文件挂载到/opt/openstack
[root@controller opt]# mount openStack-train.iso openstack/
mount: /dev/loop0 is write-protected, mounting read-only
[root@controller opt]# df -H
Filesystem Size Used Avail Use% Mounted on
devtmpfs 942M 0 942M 0% /dev
tmpfs 954M 0 954M 0% /dev/shm
tmpfs 954M 9.9M 944M 2% /run
tmpfs 954M 0 954M 0% /sys/fs/cgroup
/dev/mapper/centos-root 29G 20G 9.1G 69% /
/dev/sda1 1.1G 196M 868M 19% /boot
tmpfs 191M 0 191M 0% /run/user/0
/dev/loop0 17G 17G 0 100% /opt/openstack
# 3.备份原有的yum的配置文件
[root@controller opt]# cd /etc/yum.repos.d/
[root@controller yum.repos.d]# ls
CentOS-Base.repo CentOS-Media.repo CentOS-Storage-common.repo
CentOS-Ceph-Nautilus.repo CentOS-NFS-Ganesha-28.repo CentOS-Vault.repo
CentOS-CR.repo CentOS-OpenStack-train.repo CentOS-x86_64-kernel.repo
CentOS-Debuginfo.repo CentOS-QEMU-EV.repo repo.bak
CentOS-fasttrack.repo CentOS-Sources.repo
# 将阿里源改名,避免覆盖官方源备份
[root@controller yum.repos.d]# mv CentOS-Base.repo CentOS-ALIBABA-Base.repo
# 移动repo文件到备份目录
[root@controller yum.repos.d]# mv -f *.repo repo.bak/
# 4.编写本地YUM源文件,指向本地文件
[root@controller yum.repos.d]# vi OpenStack.repo
[root@controller yum.repos.d]# cat OpenStack.repo
[base]
name=base
baseurl=file:///opt/openstack/base/
enable=1
gpgcheck=0
[extras]
name=extras
baseurl=file:///opt/openstack/extras/
enable=1
gpgcheck=0
[updates]
name=updates
baseurl=file:///opt/openstack/updates/
enable=1
gpgcheck=0
[train]
name=train
baseurl=file:///opt/openstack/train/
enable=1
gpgcheck=0
[virt]
name=virt
baseurl=file:///opt/openstack/virt/
enable=1
gpgcheck=0
# 5.清除原有的YUM源缓存并重建缓存
[root@controller yum.repos.d]# yum clean all
Loaded plugins: fastestmirror
Cleaning repos: base extras train updates virt
Cleaning up list of fastest mirrors
Other repos take up 11 M of disk space (use --verbose for details)
[root@controller yum.repos.d]# yum makecache
Loaded plugins: fastestmirror
Determining fastest mirrors
base | 2.9 kB 00:00:00
extras | 2.9 kB 00:00:00
train | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
virt | 2.9 kB 00:00:00
(1/15): base/filelists_db | 7.0 MB 00:00:00
(2/15): base/primary_db | 6.0 MB 00:00:00
(3/15): extras/filelists_db | 259 kB 00:00:00
(4/15): base/other_db | 2.5 MB 00:00:00
(5/15): extras/primary_db | 241 kB 00:00:00
(6/15): extras/other_db | 145 kB 00:00:00
(7/15): train/filelists_db | 3.6 MB 00:00:00
(8/15): train/primary_db | 1.2 MB 00:00:00
(9/15): train/other_db | 465 kB 00:00:00
(10/15): updates/filelists_db | 6.5 MB 00:00:00
(11/15): updates/primary_db | 14 MB 00:00:00
(12/15): updates/other_db | 914 kB 00:00:00
(13/15): virt/primary_db | 56 kB 00:00:00
(14/15): virt/filelists_db | 14 kB 00:00:00
(15/15): virt/other_db | 45 kB 00:00:00
Metadata Cache Created
[root@controller yum.repos.d]# yum repolist
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
repo id repo name status
base base 10,039
extras extras 500
train train 3,168
updates updates 3,182
virt virt 63
repolist: 16,952
# 长期挂载,避免重启丢失,在最后添加如下内容
/opt/openStack-train.iso /opt/openstack/ iso9660 defaults,loop 0 0
1.3.2控制节点配置FTP服务器
控制节点上已经有了本地YUM源文件,搭建一个FTP服务器,共享软件仓库为计算节点提供服务.
# 1.安装FTP服务
[root@controller yum.repos.d]# yum install -y vsftpd
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package vsftpd.x86_64 0:3.0.2-29.el7_9 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================================
Package Arch Version Repository Size
=============================================================================================
Installing:
vsftpd x86_64 3.0.2-29.el7_9 updates 173 k
Transaction Summary
=============================================================================================
Install 1 Package
Total download size: 173 k
Installed size: 353 k
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : vsftpd-3.0.2-29.el7_9.x86_64 1/1
Verifying : vsftpd-3.0.2-29.el7_9.x86_64 1/1
Installed:
vsftpd.x86_64 0:3.0.2-29.el7_9
Complete!
# 2.配置FTP主目录为软件仓库目录:添加如下信息
[root@controller yum.repos.d]# echo 'anon_root=/opt' >> /etc/vsftpd/vsftpd.conf
# 3.启动FTP服务
[root@controller yum.repos.d]# systemctl start vsftpd
[root@controller yum.repos.d]# systemctl enable vsftpd
Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.
1.3.3计算节点配置YUM源
修改yum配置文件,将YUM源指向控制节点FTP服务器的软件仓库。
# 1.备份YUM配置文件
[root@compute ~]# cd /etc/yum.repos.d/
[root@compute yum.repos.d]# mv CentOS-Base.repo CentOS-ALIBABA-Base.repo # 改名
[root@compute yum.repos.d]# mv -f *.repo repo.bak/ # 迁移到备份目录
# 2.从控制节点传输配置文件
[root@compute yum.repos.d]# scp root@controller:/etc/yum.repos.d/OpenStack.repo OpenStack.repo
The authenticity of host 'controller (192.168.100.131)' can't be established.
ECDSA key fingerprint is SHA256:PBtGVMglru206eEDbi9G1WgfQEtCgE78HO8doBP7hl4.
ECDSA key fingerprint is MD5:0e:4f:4f:70:7f:5f:1f:a2:a2:78:4f:37:a4:b3:fa:86.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'controller,192.168.100.131' (ECDSA) to the list of known hosts.
root@controller's password:
OpenStack.repo 100% 521 349.7KB/s 00:00
# 3.编辑YUM源文件
[root@compute yum.repos.d]# vi OpenStack.repo
[root@compute yum.repos.d]# cat OpenStack.repo
[base]
name=base
baseurl=ftp://controller/openstack/base/
enable=1
gpgcheck=0
[extras]
name=extras
baseurl=ftp://controller/openstack/extras/
enable=1
gpgcheck=0
[updates]
name=updates
baseurl=ftp://controller/openstack/updates/
enable=1
gpgcheck=0
[train]
name=train
baseurl=ftp://controller/openstack/train/
enable=1
gpgcheck=0
[virt]
name=virt
baseurl=ftp://controller/openstack/virt/
enable=1
gpgcheck=0
# 4.清除原有的YUM源缓存并重建缓存
[root@compute yum.repos.d]# yum clean all && yum makecache
Loaded plugins: fastestmirror
Cleaning repos: base extras train updates virt
Cleaning up list of fastest mirrors
Other repos take up 11 M of disk space (use --verbose for details)
Loaded plugins: fastestmirror
Determining fastest mirrors
base | 2.9 kB 00:00:00
extras | 2.9 kB 00:00:00
train | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
virt | 2.9 kB 00:00:00
(1/15): base/filelists_db | 7.0 MB 00:00:00
(2/15): base/primary_db | 6.0 MB 00:00:00
(3/15): base/other_db | 2.5 MB 00:00:00
(4/15): extras/filelists_db | 259 kB 00:00:00
(5/15): extras/primary_db | 241 kB 00:00:00
(6/15): extras/other_db | 145 kB 00:00:00
(7/15): train/filelists_db | 3.6 MB 00:00:00
(8/15): train/other_db | 465 kB 00:00:00
(9/15): train/primary_db | 1.2 MB 00:00:00
(10/15): updates/primary_db | 14 MB 00:00:00
(11/15): updates/filelists_db | 6.5 MB 00:00:00
(12/15): updates/other_db | 914 kB 00:00:00
(13/15): virt/filelists_db | 14 kB 00:00:00
(14/15): virt/other_db | 45 kB 00:00:00
(15/15): virt/primary_db | 56 kB 00:00:00
Metadata Cache Created
1.4局域网时间同步
实现控制节点和计算节点的时间同步,控制节点作为时间同步系统服务端,计算节点作为客户端。
# 1.配置控制节点为NTP时间服务器
[root@controller yum.repos.d]# vi /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
server ntp.aliyun.com iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.
allow 192.168.100.0/24
# Serve time even if not synchronized to a time source.
#local stratum 10
# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys
# Specify directory for log files.
logdir /var/log/chrony
# Select which information is logged.
#log measurements statistics tracking
# 2.配置计算节点时间同步
[root@compute yum.repos.d]# vi /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
server controller iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.
allow 192.168.100.0/24
# Serve time even if not synchronized to a time source.
#local stratum 10
# 3.重启时间同步服务让配置生效
[root@controller yum.repos.d]# systemctl restart chronyd
[root@compute yum.repos.d]# systemctl restart chronyd
# 4.检查时间同步状态
[root@compute yum.repos.d]# chronyc sources
210 Number of sources = 5
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^- time.cloudflare.com 3 6 17 19 -448us[-1237us] +/- 102ms
^- ntp6.flashdance.cx 2 6 17 16 -2052us[-2052us] +/- 172ms
^+ 119.28.206.193 2 6 17 19 +52us[ -738us] +/- 44ms
^* time.neu.edu.cn 1 6 17 20 +368us[ -421us] +/- 16ms
^- mq 3 6 17 16 -629us[ -629us] +/- 26ms
[root@compute yum.repos.d]# date
Thu Apr 13 16:36:22 CST 2023
[root@controller yum.repos.d]# date
Thu Apr 13 16:36:29 CST 2023
四、keystone组件部署
只在控制节点操作,建议操作前给控制节点拍摄快照。
# 1.安装keystone软件包
# wsgi:使web服务器支持WSGI的插件
# httpd:Apache软件包
# openstack-keystone:keystone的软件包
[root@controller yum.repos.d]# yum install -y openstack-keystone httpd mod_wsgi
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
.....
python2-cachetools.noarch 0:3.1.0-1.el7
python2-crypto.x86_64 0:2.6.1-15.el7
python2-defusedxml.noarch 0:0.5.0-2.el7
python2-eventlet.noarch 0:0.25.1-1.el7
python2-fasteners.noarch 0:0.14.1-6.el7
python2-flask.noarch 1:1.0.2-1.el7
python2-flask-restful.noarch 0:0.3.6-7.el7
python2-future.noarch 0:0.16.0-4.el7
python2-futurist.noarch 0:1.9.0-2.el7
python2-greenlet.x86_64 0:0.4.12-1.el7
python2-itsdangerous.noarch 0:0.24-14.el7
python2-jinja2.noarch 0:2.10.1-1.el7
python2-jwt.noarch 0:1.6.1-1.el7
python2-keystone.noarch 1:16.0.2-1.el7
python2-keystonemiddleware.noarch 0:7.0.1-2.el7
python2-kombu.noarch 1:4.6.3-3.el7
python2-ldap.x86_64 0:3.1.0-1.el7
python2-ldappool.noarch 0:2.4.0-2.el7
python2-oauthlib.noarch 0:2.0.1-8.el7
python2-oslo-cache.noarch 0:1.37.1-1.el7
python2-oslo-concurrency.noarch 0:3.30.1-1.el7
python2-oslo-db.noarch 0:5.0.2-2.el7
python2-oslo-messaging.noarch 0:10.2.4-1.el7
python2-oslo-middleware.noarch 0:3.38.1-2.el7
python2-oslo-policy.noarch 0:2.3.4-1.el7
python2-oslo-service.noarch 0:1.40.2-2.el7
python2-oslo-upgradecheck.noarch 0:0.3.2-1.el7
python2-osprofiler.noarch 0:2.8.2-1.el7
python2-passlib.noarch 0:1.7.0-4.el7
python2-pyasn1.noarch 0:0.3.7-6.el7
python2-pyasn1-modules.noarch 0:0.3.7-6.el7
python2-pycadf.noarch 0:2.10.0-2.el7
python2-pysaml2.noarch 0:4.6.5-1.el7
python2-qpid-proton.x86_64 0:0.26.0-2.el7
python2-scrypt.x86_64 0:0.8.0-2.el7
python2-sqlalchemy.x86_64 0:1.2.17-2.el7
python2-statsd.noarch 0:3.2.1-5.el7
python2-vine.noarch 0:1.2.0-2.el7
python2-webob.noarch 0:1.8.5-1.el7
python2-werkzeug.noarch 0:0.14.1-3.el7
python2-yappi.x86_64 0:1.0-1.el7
qpid-proton-c.x86_64 0:0.26.0-2.el7
Complete!
# 查看keystone用户信息
[root@controller yum.repos.d]# cat /etc/passwd | grep keystone
keystone:x:163:163:OpenStack Keystone Daemons:/var/lib/keystone:/sbin/nologin
# 查看keystone用户组
[root@controller yum.repos.d]# cat /etc/group | grep keystone
keystone:x:163:
# 2.创建keystone的数据库并授权
[root@controller yum.repos.d]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 12
Server version: 10.3.20-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
# 创建数据库
MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.007 sec)
# 授权本地登录keystone用户
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'qwerty';
Query OK, 0 rows affected (0.009 sec)
# 授权任意远程主机登录keystone用户
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'qwerty';
Query OK, 0 rows affected (0.000 sec)
# 退出数据库
MariaDB [(none)]> quit
Bye
# 3.修改keystone配置文件
[root@controller ~]# vi /etc/keystone/keystone.conf
# 找到[database] 部分,加入如下内容,配置数据库连接信息
connection=mysql+pymysql://keystone:000000@controller/keystone
# 找到[token] 部分,解开注释,配置令牌的加密方式
provider = fernet
# 4.初始化keytone数据库
# 同步数据库
# su keytone:表示切换到keytone用户
# '-s /bin/sh':表示指定使用什么编译器来执行命令
# '-c':表示具体执行的命令
[root@controller ~]# su keystone -s /bin/sh -c "keystone-manage db_sync"
# 检查数据库
[root@controller ~]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 14
Server version: 10.3.20-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> use keystone;
Database changed
MariaDB [keystone]> show tables;
Empty set (0.000 sec)
MariaDB [keystone]> quit;
Bye
1.2keystone组件初始化
keystone安装后,需要为keystone初始化密钥库、初始化用户身份认证信息、初始化服务....
# 1.初始化Fernet密钥库
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# 执行命令后创建/etc/keystone/fernet-keys,并在目录中生成两个fernet密钥,分别用于加密和解密
[root@controller ~]# cd /etc/keystone/fernet-keys
[root@controller fernet-keys]# pwd
/etc/keystone/fernet-keys
[root@controller fernet-keys]# du -sh *
4.0K 0
4.0K 1
[root@controller fernet-keys]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
# 执行命令后创建/etc/keystone/credential-keys目录,生成两个fetnet密钥,用于加密/解密用户凭证
[root@controller fernet-keys]# cd /etc/keystone/credential-keys
[root@controller credential-keys]# pwd
/etc/keystone/credential-keys
[root@controller credential-keys]# du -sh *
4.0K 0
4.0K 1
# 2.初始化用户身份认证信息
# openstack默认有一个admin用户,还没有对应的密码等登录所必须的信息。使用 `keystone-manage bootstrap` 初始化登录凭证。
[root@controller credential-keys]# keystone-manage bootstrap --bootstrap-password 000000 \
> --bootstrap-admin-url http://controller:5000/v3 \
> --bootstrap-internal-url http://controller:5000/v3 \
> --bootstrap-public-url http://controller:5000/v3 \
> --bootstrap-region-id RegionOne
设置区域ID
# 命令执行后,keystone数据库中就已经存放了登录需要的验证信息。
# 3.配置web服务
# (1)给apache增加wsgi支持
# 将wsgi-keystone.conf文件软链接到'/etc/httpd/conf.d/目录',作为apache的配置文件
[root@controller credential-keys]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[root@controller credential-keys]# ls /etc/httpd/conf.d/
autoindex.conf README userdir.conf welcome.conf wsgi-keystone.conf
# (2)修改apache服务器配置并启动
[root@controller credential-keys]# vi /etc/httpd/conf/httpd.conf
# 修改为web服务所在的IP地址或域名
96 ServerName controller
# (3)启动apache
[root@controller credential-keys]# systemctl start httpd
[root@controller credential-keys]# systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
1.3模拟登录验证
通过环境变量可以出传送用户名和密码等凭证给keystone,再由它验证。
# 创建一个文件存储身份凭证
[root@controller credential-keys]# vi admin-login
[root@controller credential-keys]# cat admin-login
export OS_USERNAME=admin
export OS_PASSWORD=000000
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
# 导入环境变量
[root@controller credential-keys]# source admin-login
# 查看现有环境信息
[root@controller credential-keys]# export -p
declare -x HADOOP_HOME="/usr/local/src/hadoop"
declare -x HISTCONTROL="ignoredups"
declare -x HISTSIZE="1000"
declare -x HOME="/root"
declare -x HOSTNAME="controller"
declare -x JAVA_HOME="/usr/local/src/jdk"
declare -x LANG="en_US.UTF-8"
declare -x LESSOPEN="||/usr/bin/lesspipe.sh %s"
declare -x LOGNAME="root"
declare -x LS_COLORS="rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36:"
declare -x MAIL="/var/spool/mail/root"
declare -x OLDPWD="/etc/keystone/fernet-keys"
declare -x OS_AUTH_URL="http://controller:5000/v3"
declare -x OS_IDENTITY_API_VERSION="3"
declare -x OS_IMAGE_API_VERSION="2"
declare -x OS_PASSWORD="000000"
declare -x OS_PROJECT_DOMAIN_NAME="Default"
declare -x OS_PROJECT_NAME="admin"
declare -x OS_USERNAME="admin"
declare -x OS_USER_DOMAIN_NAME="Default"
declare -x PATH="/usr/local/src/jdk/bin:/usr/local/src/hadoop/bin:/usr/local/src/hadoop/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin"
declare -x PWD="/etc/keystone/credential-keys"
declare -x SHELL="/bin/bash"
declare -x SHLVL="1"
declare -x SSH_CLIENT="192.168.100.1 13182 22"
declare -x SSH_CONNECTION="192.168.100.1 13182 192.168.100.131 22"
declare -x SSH_TTY="/dev/pts/0"
declare -x TERM="xterm"
declare -x USER="root"
declare -x XDG_RUNTIME_DIR="/run/user/0"
declare -x XDG_SESSION_ID="4"
1.4检测keystone服务
openstack平台所有对组件的操作都需要keystone认证才能进行,能执行openstack管理命令,说明keystone服务正常。
# 在default域创建名为 'project' 的项目
[root@controller credential-keys]# openstack project create --domain default project
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| domain_id | default |
| enabled | True |
| id | e3a549077f354998aa1a75677cfde62e |
| is_domain | False |
| name | project |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
# 查看现有项目列表
[root@controller ~]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 4188570a34464b938ed3fa7e08681df8 | admin |
| e3a549077f354998aa1a75677cfde62e | project |
+----------------------------------+---------+
# 创建名为user的角色
[root@controller ~]# openstack role create user
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| domain_id | None |
| id | 700ec993d3cf456fa591c03e72f37856 |
| name | user |
| options | {} |
+-------------+----------------------------------+
# 查看当前角色列表
[root@controller ~]# openstack role list
+----------------------------------+--------+
| ID | Name |
+----------------------------------+--------+
| 47670bbd6cc1472ab42db560637c7ebe | reader |
| 5eee0910aeb844a1b82f48100da7adc9 | admin |
| 700ec993d3cf456fa591c03e72f37856 | user |
| bc2c8147bbd643629a020a6bd9591eca | member |
+----------------------------------+--------+
# 查看现有域列表
[root@controller ~]# openstack domain list
+---------+---------+---------+--------------------+
| ID | Name | Enabled | Description |
+---------+---------+---------+--------------------+
| default | Default | True | The default domain |
+---------+---------+---------+--------------------+
# 查看现有用户列表
[root@controller ~]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| f4f16d960e0643d7b5a35db152c87dae | admin |
+----------------------------------+-------+