文章分享
html
OpenStack是一个由NASA(美国国家航空航天局)和Rackspace合做研发并发起的,以Apache许可证受权的自由软件和开放源代码项目。
Openstack官网:https://www.openstack.org/
github地址:https://github.com/openstack/python
任何计算机信息系统无外乎三大核心,计算、存储、网络。大体罗列Openstack的一些核心项目,具体内容可去Openstack官网和Github上查看具体的项目内容。mysql
概念架构图:
linux
Nova(计算服务组件) :Nova组件主要有三个模块构成(nova-api,nova-scheduler,nova-compute),nova-api在表示层主要负责处理外部请求,nova-scheduler在逻辑控制层,主要负责选择那个主机建立VM,nova-compute虚拟机建立和资源分配,不提供虚拟化功能,可是支持kvm,LXC,xen等。三个组件经过rabbit MQ进行消息传递。(核心组件)git
Swift(对象存储服务模块) :主要功能:高可用分布式对象存储服务,特色是无限和扩展没有单点故障。(核心组件)github
Neutorn(网络服务组件) :为云计算提供虚拟的网络功能,为每一个不一样的租户创建独立的网路环境。三种不一样的网络模式(Flat模式 Flat DHCP模式,Vlan模式)web
Glance(镜像服务组件) :提供虚拟机镜像的存储,查询和检索功能,为nova进行服务,依赖于存储服务(存储镜像自己)和数据库服务(存储镜像相关的数据)sql
keystone(身份服务模块) :用户身份认证(Idemity)、访问请求控制(Token)、注册表服务(Catalog)、身份验证引擎(Policy)数据库
Cinder(块存储服务模块) :管理全部块存储设备,为VM服务。cinder-api处理发送过来的请求,处理结果发送到rabbit MQ,经过消息中间件把全部请求发送到cinder-scheduler,经过调度器决定存储到哪里,而且建立VM,cinder-volume管理存储模块的生命周期。vim
Ceilometer(监控服务组件) :Ceilometer 的目标是 计量 Metering 方面,为上层的计费、结算或者监控应用提供统一的资源使用数据收集功能。
Horizon :提供基于 Web 的自助服务门户,以便与底层 OpenStack 服务进行交互。
Heat :编排服务。
Trove :为关系数据库和非关系数据库引擎提供可伸缩和可靠的云数据库即服务功能。
Sahara :经过指定 Hadoop 版本,集群拓扑和节点硬件信息等参数,提供在 OpenStack 中配置和扩展 Hadoop 群集的功能。
实验环境:
1.controller 192.168.1.122 Centos7.4 Cpu:4C、内存:16G、硬盘:500G (控制节点)
2.compute1 192.168.1.123 Centos7.4 Cpu:4C、内存:16G、硬盘:500G (计算节点)
3.object1 192.168.1.124 Centos7.4 Cpu:4C、内存:16G、硬盘:500G (对象存储)
4.object2 192.168.1.125 Centos7.4 Cpu:4C、内存:16G、硬盘:500G (对象存储)
实验主机关闭Selinux、防火墙~~~
全部实验主机配置hosts文件以下:
192.168.1.122 controller
192.168.1.123 compute1
192.168.1.124 object1
192.168.1.125 object2
配置主机时间同步和yum
使用Chrony
选择服务端(controller)设备配置以下:
yum -y install chrony
vim /etc/chrony.conf
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
server controller iburst(增长)
allow 192.168.1.0/24(修改)
timedatectl set-timezone Asia/Shanghai
systemctl enable chronyd.service
systemctl start chronyd.service
配置客户端节点(compute一、object一、object2),配置以下:
yum -y install chrony
vim /etc/chrony.conf
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server controller iburst(增长)
timedatectl set-timezone Asia/Shanghai
systemctl enable chronyd.service
systemctl start chronyd.service
服务端测试以下:
客户端测试以下:
建议yum源修改到163~~、配置以下:
cd /etc/yum.repos.d
mv CentOS-Base.repo CentOS-Base-repo.bak
wget http://mirrors.163.com/.help/CentOS7-Base-163.repo
yum clean all
mv CentOS7-Base-163.repo CentOS-Base.repo
yum makecache
完成后以下图:
安装Openstack
安装客户端:
yum install -y python-openstackclient
yum install -y openstack-selinux
安装完成如图:
安装配置数据库(mysql):
yum install -y mariadb mariadb-server MySQL-python
cp /usr/share/mariadb/my-medium.cnf /etc/my.cnf
vim /etc/my.cnf
增长相应参数配置:
[mysqld]
bind-address = 192.168.1.122
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
max_connections=1000
systemctl enable mariadb.service && systemctl start mariadb.service
mysql_secure_installation(YES设置root密码、而后一路Y便可)
完成后以下图:
安装配置消息队列服务(RabbitMQ):
yum install -y rabbitmq-server
systemctl enable rabbitmq-server.service && systemctl start rabbitmq-server.service
设置用户openstack、密码、配置权限
rabbitmqctl add_user openstack ******
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
查看支持的插件且使用插件web管理
rabbitmq-plugins list
rabbitmq-plugins enable rabbitmq_management
systemctl restart rabbitmq-server.service
完成后如图,也可经过netstat命令查看端口:
完成后登陆:http://192.168.1.122:15672/ 用户:guest、密码:guest
登陆后以下:
以前新建的openstack用户在admin标签中:
点击openstack,点击图中设置,更新用户后、而后退出guest,再用openstack便可登陆成功。
安装和配置OpenStack身份认证服务(keystone):
在配置 OpenStack 身份认证服务前,必须建立一个数据库及权限受权。步骤以下:
mysql -u root -p******
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '******';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '******';
show databases;
select User,Password,Host from mysql.user where User like "keystone";
结果以下图:
安装服务:
yum install openstack-keystone httpd mod_wsgi memcached python-memcached -y
systemctl enable memcached.service && systemctl start memcached.service(配置启动服务开机)
netstat -tnlp|grep memcached(查看应用端口)
结果以下图:
建立管理员令牌、配置数据库访问地址、配置Memcached访问地址。
openssl rand -hex 10 (生成的内容请记录,后续要用到~~)
vi /etc/keystone/keystone.conf
修改下列内容:
DEFAULT]
admin_token = ****(以前记录内容)
[database]
connection = mysql://keystone:******@controller/keystone
[memcache]
servers = localhost:11211
[revoke]
driver = sql
[token]
provider = uuid
driver = memcache
完成后执行:
su -s /bin/sh -c "keystone-manage db_sync" keystone
查看日志输出:
tail /var/log/keystone/keystone.log
结果以下图:
配置Apache HTTP:
修改下列文件,设置服务、查看端口:
vi /etc/httpd/conf/httpd.conf
修改 ServerName controller
vi /etc/httpd/conf.d/wsgi-keystone.conf
编辑内容:
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
执行配置启动:
systemctl enable httpd.service && systemctl start httpd.service
查看端口状态:
netstat -tnlp|grep httpd
结果如图:
建立服务实体和API端点:
仔细以下命令,分别配置URL、认证API、配置认证令牌、建立身份认证服务建立服务实体、建立认证服务的 API 端点、建立 admin 项目、admin用户、角色、添加 admin 角色到 admin 项目和用户、建立demo 项目、建立 demo 用户,角色、添加 user 角色到 demo 项目和用户。
export OS_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_TOKEN=2a372436509e7381a1e0
openstack service create --name keystone --description "OpenStack Identity" identity
openstack endpoint create --region RegionOne identity public http://controller:5000/v2.0
openstack endpoint create --region RegionOne identity internal http://controller:5000/v2.0
openstack endpoint create --region RegionOne identity admin http://controller:35357/v2.0
openstack project create --domain default --description "Admin Project" admin
openstack user create --domain default --password-prompt admin
须要设置密码
openstack role create admin
openstack role add --project admin --user admin admin
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password-prompt demo
须要设置密码
openstack role create user
openstack role add --project demo --user demo user
结果以下图:
建立admin和demo项目和用户建立客户端环境变量脚本.
vi admin-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=******
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
vi demo-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=******
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
source admin-openrc.sh
openstack token issue
source demo-openrc.sh
openstack token issue
结果以下图:
镜像服务:
安装和配置镜像服务以前,必须建立建立一个数据库、服务凭证和API端点.
操做以下:
mysql -u root -p******
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '******';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '******';
退出mysql
source admin-openrc.sh
openstack user create --domain default --password-prompt glance
设置密码
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image service" image
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
完成以下图:
(未完待续)坑真多~~~~
http://docs.openstack.org/
http://www.javashuo.com/article/p-gqaspyvc-cb.html
https://blog.51cto.com/weiwendi/2161308
http://www.jb51.net/article/104511.htm
http://www.javashuo.com/article/p-yxsbnhfh-dx.html