zoukankan      html  css  js  c++  java
  • openstack(liberty):部署实验平台(二,简单版本软件安装 part1)

    软件安装过程中,考虑到现在是一个实验环境,且也考虑到规模不大,还有,网络压力不会大,出于简单考虑,将各个节点的拓扑结构改了一下,主要体现在网络节点和控制节点并在了一起。在一个服务器上安装! 到目前位置,我的这个平台,只有keystone,glance,neutron,dashboard以及nova几个服务。省出的那个服务器,打算也作为计算节点。所以,最新规划topo如下了:

    绿色节点表示目前已经安装了openstack的模块软件,灰色部分,表示下一步即将安装的部分。

    下面简要说下安装的过程,重点记录一下我在Centos7下的安装中遇到的问题和解决办法。我若没有说在那个节点上安装,就表示是在控制节点node0上

    1. 安装NTP,官网安装用的是chrony,我折腾了半天,没有配置好,最终选择Linux系统自带的NTPD.相关的配置,参考我的博文NTP配置

    2. 安装yum repo以及openstack的CLI安装包程序以及selinux相关的openstack插件。

    1 yum install centos-release-openstack-liberty

    上一步安装完毕后,记得要执行下面一步,并且一定,最好,将操作系统重启,我在这一步没有做重启,直接继续,遇到了不少的问题,安装得我都要抓狂。。。

    1 yum upgrade

    客户端命令行插件,selinux的openstack插件

    1 yum install python-openstackclient
    2 yum install openstack-selinux

    3. SQL database安装。

    1 yum install mariadb mariadb-server MySQL-python

    相关的配置/etc/my.cnf.d/mariadb_openstack.cnf:

     1 [mysqld]
     2 datadir=/var/lib/maria
     3 socket=/var/lib/maria/maria.sock
     4 # Disabling symbolic-links is recommended to prevent assorted security risks
     5 symbolic-links=0
     6 # Settings user and group are ignored when systemd is used.
     7 # If you need to run mysqld under a different user or group,
     8 # customize your systemd unit file for mariadb according to the
     9 # instructions in http://fedoraproject.org/wiki/Systemd
    10 
    11 bind-address = localhost
    12 default-storage-engine = innodb
    13 innodb_file_per_table
    14 collation-server = utf8_general_ci
    15 init-connect = 'SET NAMES utf8'
    16 character-set-server = utf8
    17 
    18 [mysqld_safe]
    19 log-error=/var/log/mariadb/mariadb.log
    20 pid-file=/var/run/mariadb/mariadb.pid
    View Code

    启动mariadb,由于mariadb和mysql是完全兼容的,可以说如何使用mysql的习惯,在mariadb上完全可以用上。启动后登录,执行mysql_secure_installation进行root密码的配置。

    1 systemctl enable mariadb.service
    2 systemctl start mariadb.service

    4。 MongoDB的安装与配置 (version: 2.9.11)

    1 yum install mongodb-server mongodb

    配置/etc/mongod.conf:

      1 ##
      2 ### Basic Defaults
      3 ##
      4 
      5 # Comma separated list of ip addresses to listen on (all local ips by default)
      6 bind_ip = 127.0.0.1
      7 
      8 # Specify port number (27017 by default)
      9 #port = 27017
     10 
     11 # Fork server process (false by default)
     12 #fork = true
     13 
     14 # Full path to pidfile (if not set, no pidfile is created)
     15 pidfilepath = /var/run/mongodb/mongod.pid
     16 
     17 # Log file to send write to instead of stdout - has to be a file, not directory
     18 logpath = /var/log/mongodb/mongod.log
     19 
     20 # Alternative directory for UNIX domain sockets (defaults to /tmp)
     21 unixSocketPrefix = /var/run/mongodb
     22 
     23 # Directory for datafiles (defaults to /data/db/)
     24 dbpath = /var/lib/mongodb
     25 
     26 # Enable/Disable journaling (journaling is on by default for 64 bit)
     27 #journal = true
     28 nojournal = true
     29 
     30 ##
     31 ### General options
     32 ##
     33 
     34 # Be more verbose (include multiple times for more verbosity e.g. -vvvvv) (v by default)
     35 #verbose = v
     36 
     37 # Max number of simultaneous connections (1000000 by default)
     38 #maxConns = 1000000              
     39 
     40 # Log to system's syslog facility instead of file or stdout (false by default)
     41 #syslog = true
     42 
     43 # Syslog facility used for monogdb syslog message (user by defautl)
     44 #syslogFacility = user
     45 
     46 # Append to logpath instead of over-writing (false by default)
     47 #logappend = true
     48 
     49 # Desired format for timestamps in log messages (One of ctime, iso8601-utc or iso8601-local) (iso8601-local by default)
     50 #timeStampFormat = arg  
     51 
     52 # Private key for cluster authentication
     53 #keyFile = arg
     54 
     55 # Set a configurable parameter
     56 #setParameter = arg
     57 
     58 # Enable http interface (false by default)
     59 #httpinterface = true
     60 
     61 # Authentication mode used for cluster authentication. Alternatives are (keyFile|sendKeyFile|sendX509|x509) (keyFile by default)
     62 #clusterAuthMode = arg
     63 
     64 # Disable listening on unix sockets (false by default)
     65 #nounixsocket = true
     66 
     67 # Run with/without security (without by default)
     68 #auth = true
     69 #noauth = true
     70 
     71 # Enable IPv6 support (disabled by default)
     72 #ipv6 = true
     73 
     74 # Allow JSONP access via http (has security implications) (false by default)
     75 #jsonp = true
     76 
     77 # Turn on simple rest api (false by default)
     78 #rest = true
     79 
     80 # Value of slow for profile and console log (100 by default)
     81 #slowms = 100
     82 
     83 # 0=off 1=slow, 2=all (0 by default)
     84 #profile = 0
     85 
     86 # Periodically show cpu and iowait utilization (false by default)
     87 #cpu = true
     88 
     89 # Print some diagnostic system information (false by default)
     90 #sysinfo = true
     91 
     92 # Each database will be stored in a separate directory (false by default)
     93 #directoryperdb = true
     94 
     95 # Don't retry any index builds that were interrupted by shutdown (false by default)
     96 #noIndexBuildRetry = true
     97 
     98 # Disable data file preallocation - will often hurt performance (false by default)
     99 #noprealloc = true
    100 
    101 # .ns file size (in MB) for new databases (16 MB by default)
    102 #nssize = 16
    103 
    104 # Limits each database to a certain number of files (8 default)
    105 #quota
    106 
    107 # Number of files allowed per db, implies --quota (8 by default)
    108 #quotaFiles = 8
    109 
    110 # Use a smaller default file size (false by default)
    111 #smallfiles = true
    112 
    113 # Seconds between disk syncs (0=never, but not recommended) (60 by default)
    114 #syncdelay = 60
    115 
    116 # Upgrade db if needed (false by default)
    117 #upgrade = true
    118 
    119 # Run repair on all dbs (false by default)
    120 #repair = true
    121 
    122 # Root directory for repair files (defaults to dbpath)
    123 #repairpath = arg
    124 
    125 # Disable scripting engine (false by default)
    126 #noscripting = true
    127 
    128 # Do not allow table scans (false by default)
    129 #notablescan = true
    130 
    131 # Journal diagnostic options (0 by default)
    132 #journalOptions = 0
    133 
    134 # How often to group/batch commit (ms) (100 or 30 by default)
    135 #journalCommitInterval = 100 
    136 
    137 
    138 
    139 ##
    140 ### Replication options
    141 ##
    142 
    143 # Size to use (in MB) for replication op log (default 5% of disk space - i.e. large is good)
    144 #oplogSize = arg
    145 
    146 
    147 
    148 ##
    149 ### Master/slave options (old; use replica sets instead)
    150 ##
    151 
    152 # Master mode
    153 #master = true
    154 
    155 # Slave mode
    156 #slave = true
    157 
    158 # When slave: specify master as <server:port>
    159 #source = arg
    160 
    161 # When slave: specify a single database to replicate
    162 #only = arg
    163 
    164 # Specify delay (in seconds) to be used when applying master ops to slave
    165 #slavedelay = arg
    166 
    167 # Automatically resync if slave data is stale
    168 #autoresync = true
    169 
    170 
    171 
    172 ##
    173 ### Replica set options
    174 ##
    175 
    176 # Arg is <setname>[/<optionalseedhostlist>]
    177 #replSet = arg
    178 
    179 # Specify index prefetching behavior (if secondary) [none|_id_only|all] (all by default)
    180 #replIndexPrefetch = all
    181 
    182 
    183 
    184 ##
    185 ### Sharding options
    186 ##
    187 
    188 # Declare this is a config db of a cluster (default port 27019; default dir /data/configdb) (false by default)
    189 #configsvr = true
    190 
    191 # Declare this is a shard db of a cluster (default port 27018)  (false by default)
    192 #shardsvr = true
    193 
    194 
    195 
    196 ##
    197 ### SSL options
    198 ##
    199 
    200 # Use ssl on configured ports
    201 #sslOnNormalPorts = true
    202 
    203 # Set the SSL operation mode (disabled|allowSSL|preferSSL|requireSSL)
    204 # sslMode = arg
    205 
    206 # PEM file for ssl
    207 #sslPEMKeyFile = arg
    208 
    209 # PEM file password
    210 #sslPEMKeyPassword = arg
    211 
    212 # Key file for internal SSL authentication
    213 #sslClusterFile = arg
    214 
    215 # Internal authentication key file password
    216 #sslClusterPassword = arg
    217 
    218 # Certificate Authority file for SSL
    219 #sslCAFile = arg
    220 
    221 # Certificate Revocation List file for SSL
    222 #sslCRLFile = arg
    223 
    224 # Allow client to connect without presenting a certificate
    225 #sslWeakCertificateValidation = true
    226 
    227 # Allow server certificates to provide non-matching hostnames
    228 #sslAllowInvalidHostnames = true
    229 
    230 # Allow connections to servers with invalid certificates
    231 #sslAllowInvalidCertificates = true
    232 
    233 # Activate FIPS 140-2 mode at startup
    234 #sslFIPSMode = true
    View Code

    启动

    1 systemctl enable mongod.service
    2 systemctl start mongod.service

    5. RabbitMQ安装

    1 yum install rabbitmq-server
    1 systemctl enable rabbitmq-server.service
    2 systemctl start rabbitmq-server.service

    创建用户openstack并修改其在vhost下的配置,读写权限

    1 rabbitmqctl add_user openstack RABBIT_PASS  
    1 rabbitmqctl set_permissions openstack ".*" ".*" ".*"

    我为了操作方便简单,易于记忆,将所有的和密码相关的信息,设置了同一个密码,都是openstack。

    以上是一些基本的环境的准备,接下来,就是要安装具体的openstack的组成部件了。第一个是keystone的安装。

    k1。 创建keystone数据库,设置访问权限(密码也是openstack,偷懒)

    1 mysql -u root -p
    2 CREATE DATABASE keystone;
    3 GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost'   IDENTIFIED BY 'KEYSTONE_DBPASS';
    4 GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'   IDENTIFIED BY 'KEYSTONE_DBPASS';

    k2. 安装keystone,httpd,缓存以及wsgi并启动

    1 yum install openstack-keystone httpd mod_wsgi  memcached python-memcached
    2 
    3 systemctl enable memcached.service
    4 systemctl start memcached.service

    配置/etc/keystone/keystone.conf:

     1 [DEFAULT]
     2 admin_token = 613ae457d94da5033c92
     3 verbose = true
     4 
     5 [database]
     6 connection = mysql://keystone:openstack@192.168.1.100/keystone
     7 
     8 [memcache]
     9 servers = localhost:11211
    10 
    11 [revoke]
    12 driver = sql
    13 
    14 [token]
    15 provider = uuid
    16 driver = memcache
    View Code

    接下来就是数据库keystone的同步操作,对于第一次操作这个命令,可能会遇到问题,就是No handlers could be found for logger "oslo_config.cfg"

    1 su -s /bin/sh -c "keystone-manage db_sync" keystone

    在我的部署过程中,这个无关大局。就让它在那吧。。

    配置httpd /etc/httpd/conf/httpd.conf ,其他的都默认不改。就修改一下下面这行。

    1 ServerName 192.168.1.100

    配置wsgi /etc/httpd/conf.d/wsgi-keystone.conf:

     1 Listen 5000
     2 Listen 35357
     3 
     4 <VirtualHost *:5000>
     5     WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
     6     WSGIProcessGroup keystone-public
     7     WSGIScriptAlias / /usr/bin/keystone-wsgi-public
     8     WSGIApplicationGroup %{GLOBAL}
     9     WSGIPassAuthorization On
    10     <IfVersion >= 2.4>
    11       ErrorLogFormat "%{cu}t %M"
    12     </IfVersion>
    13     ErrorLog /var/log/httpd/keystone-error.log
    14     CustomLog /var/log/httpd/keystone-access.log combined
    15 
    16     <Directory /usr/bin>
    17         <IfVersion >= 2.4>
    18             Require all granted
    19         </IfVersion>
    20         <IfVersion < 2.4>
    21             Order allow,deny
    22             Allow from all
    23         </IfVersion>
    24     </Directory>
    25 </VirtualHost>
    26 
    27 <VirtualHost *:35357>
    28     WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    29     WSGIProcessGroup keystone-admin
    30     WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    31     WSGIApplicationGroup %{GLOBAL}
    32     WSGIPassAuthorization On
    33     <IfVersion >= 2.4>
    34       ErrorLogFormat "%{cu}t %M"
    35     </IfVersion>
    36     ErrorLog /var/log/httpd/keystone-error.log
    37     CustomLog /var/log/httpd/keystone-access.log combined
    38 
    39     <Directory /usr/bin>
    40         <IfVersion >= 2.4>
    41             Require all granted
    42         </IfVersion>
    43         <IfVersion < 2.4>
    44             Order allow,deny
    45             Allow from all
    46         </IfVersion>
    47     </Directory>
    48 </VirtualHost>
    View Code

    最后启动httpd,这个是支持后端rest api调用的服务器。

    1 systemctl enable httpd.service
    2 systemctl start httpd.service

    k3. 创建keystone的service.首先配置环境变量,这里,我将这个简单版本的安装过程中涉及到的所有环境变量,都列在这里:

     1 export MARIA_DB_ROOT_PW=openstack
     2 export RABBIT_MQ_PASS=openstack
     3 export KEYSTONE_DBPASS=openstack
     4 export keystone_user_pw=openstack
     5 
     6 export ADMIN_TOKEN=613ae457d94da5033c92
     7 export OS_TOKEN=$ADMIN_TOKEN
     8 export OS_URL=http://192.168.1.100:35357/v3
     9 export OS_IDENTITY_API_VERSION=3
    10 
    11 export GLANCE_DBPASS=openstack
    12 export glance_user_pw=openstack
    13 
    14 export NOVA_DBPASS=openstack
    15 export nova_user_pw=openstack
    16 
    17 export NEUTRON_DBPASS=openstack
    18 export neutron_user_pw=openstack
    19 
    20 export METADATA_SECRET=openstack

    接下来,创建服务,以及对应的endpoint。

    1 openstack service create  --name keystone --description "OpenStack Identity" identity
    2 openstack endpoint create --region RegionOne identity public http://node0:5000/v2.0
    3 openstack endpoint create --region RegionOne identity internal http://node0:5000/v2.0
    4 openstack endpoint create --region RegionOne identity admin http://node0:5000/v2.0

    上面的第一步,创建keystone这个服务时,就遇到错误:

    1 [root@node0 opt]# openstack service create --name keystone --description "OpenStack Identity" identity
    2 Internal Server Error (HTTP 500)

    其实,这个通过查看keystone的日志,注意,在httpd目录下哟,会发现访问数据库出错了。这个错误,是因为keystone-manage db_sync keystone没有做成功。我通过多次重新安装keystone组件,最终成功了。汗。。。

    k4. 创建project admin以及用户以及角色

    1 openstack project create --domain default --description "Admin Project" admin 
    2 openstack user create --domain default  --password-prompt admin
    3 openstack role create admin
    4 openstack role add --project admin --user admin admin

    k5. 创建project service

    1 openstack project create --domain default --description "Service Project" service

    k6. 创建project demo以及用户和角色

    1 openstack project create --domain default  --description "Demo Project" demo
    2 openstack user create --domain default  --password-prompt demo
    3 openstack role create user
    4 openstack role add --project demo --user demo user

    k7. 验证keystone的安装正确性。

    首先要修改/usr/share/keystone/keystone-dist-paste.ini,关闭临时token的auth机制。将下面红色的部分去掉。其实,在我的配置中,没有做这个操作,最终也可以达到创建instance,且可以操作新建的instance。【我将集群机器的防火墙都关闭了。。。】

     1 [pipeline:public_api]
     2 # The last item in this pipeline must be public_service or an equivalent
     3 # application. It cannot be a filter.
     4 pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension user_crud_extension public_service
     5 
     6 [pipeline:admin_api]
     7 # The last item in this pipeline must be admin_service or an equivalent
     8 # application. It cannot be a filter.
     9 pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension s3_extension crud_extension admin_service
    10 
    11 [pipeline:api_v3]
    12 # The last item in this pipeline must be service_v3 or an equivalent
    13 # application. It cannot be a filter.
    14 pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension federation_extension oauth1_extension endpoint_filter_extension service_v3

    验证一下吧:

    1 openstack --os-auth-url http://node0:35357/v3 --os-project-domain-id default --os-user-domain-id default  --os-project-name admin --os-username admin --os-auth-type password   token issue

    是正确的,有数据显示,没有报错!通过demo这个用户操作,也是没有问题的。

    k8. 为了操作时方便,将需要的参数source为环境变量吧。admin-openrc.sh/demo-openrc.sh,我这里,两个的文件内容一样。

     1 #!/bin/bash
     2 
     3 export OS_PROJECT_DOMAIN_ID=default
     4 export OS_USER_DOMAIN_ID=default
     5 export OS_PROJECT_NAME=admin
     6 export OS_TENANT_NAME=admin
     7 export OS_USERNAME=admin
     8 export OS_PASSWORD=openstack
     9 export OS_AUTH_TYPE=password
    10 export OS_AUTH_URL=http://node0:35357/v3
    11 export OS_IDENTITY_API_VERSION=3
    12 
    13 #for glance
    14 export OS_IMAGE_API_VERSION=2

    这里,要注意了,将上面的第9行去掉,执行下面的命令,你会遇到一个奇怪的错误。

    1 openstack token issue

    错误如下:

    1 [root@node0 opt]# openstack token issue
    2 'NoneType' object has no attribute 'service_catalog'

    呵呵,这个问题,我也google才找到原因的,就是官网的guide中少了那个OS_AUTH_TYPE。

    到此,所有的keystone的基本配置都完成了。

    开始安装image模块glance吧。很简单,这步!

    g1. 创建数据库glance并建用户glance(密码还是openstack)

    1 mysql -u root -p
    2 CREATE DATABASE glance;
    3 GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost'  IDENTIFIED BY 'GLANCE_DBPASS';
    4 GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%'  IDENTIFIED BY 'GLANCE_DBPASS';

    接下来创建用户glance

    1 openstack user create --domain default --password-prompt glance
    2 openstack role add --project service --user glance admin

    g2. 创建glance服务和endpoint

    1 openstack service create --name glance --description "OpenStack Image service" image
    2 openstack endpoint create --region RegionOne image public http://node0:9292
    3 openstack endpoint create --region RegionOne image internal http://node0:9292
    4 openstack endpoint create --region RegionOne image admin http://node0:9292

    g3. 安装组件。

    1 yum install openstack-glance python-glance python-glanceclient

    g4. 配置/etc/glance/glance-api.conf以及/etc/glance/glance-registry.conf,两个的配置一样,其他的都采用默认值。

     1 [DEFAULT]
     2 notification_driver = noop
     3 verbose = True
     4 
     5 [database]
     6 connection = mysql://glance:openstack@node0/glance
     7 
     8 [keystone_authtoken]
     9 auth_uri = http://node0:5000
    10 auth_url = http://node0:35357
    11 auth_plugin = password
    12 project_domain_id = default
    13 user_domain_id = default
    14 project_name = service
    15 username = glance
    16 password = openstack
    17 
    18 [paste_deploy]
    19 flavor = keystone
    20 
    21 [glance_store]
    22 default_store = file
    23 filesystem_store_datadir = /var/lib/glance/images/
    View Code

    g5. 数据库同步以及启动服务

    1 su -s /bin/sh -c "glance-manage db_sync" glance
    2 
    3 systemctl enable openstack-glance-api.service openstack-glance-registry.service
    4 systemctl start openstack-glance-api.service openstack-glance-registry.service

    g6. 验证。给glance上传一个cirros的镜像

    1 wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
    2 
    3 glance image-create --name "cirros" --file cirros-0.3.4-x86_64-disk.img  --disk-format qcow2 --container-format bare  --visibility public --progress

    同样,没有问题,很正常,glance image-list命令可以检测。

    好了,今天就到这里吧,不早了,要回去收拾一下,要过年了。。。后面的部分,年后,我再将其补上。

  • 相关阅读:
    HDU 2236 无题Ⅱ
    Golden Tiger Claw(二分图)
    HDU 5969 最大的位或 (思维,贪心)
    HDU 3686 Traffic Real Time Query System (图论)
    SCOI 2016 萌萌哒
    Spring Boot支持控制台Banner定制
    构建第一个Spring Boot程序
    Spring Boot重要模块
    Java fastjson JSON和String互相转换
    BCompare 4 Windows激活方法【试用期30天重置】
  • 原文地址:https://www.cnblogs.com/shihuc/p/5183406.html
Copyright © 2011-2022 走看看