云计算平台笔记
镜像包:
CentOS-7-X86_64-DVD-1804.iso
chinaskill_cloud_iaas.iso
网卡设置:
在 VMware 上准备两台虚拟机,作为 controller 以及 compute 节点。
虚拟机配置:2v_4G_50G(根据自己电脑配置来设置)
在虚拟网络编辑器中进行网络规划:
| 名称 | 类型 | 子网地址 |
| VMnet1 | 主机 | 192.168.100.0/24 |
| VMnet8 | NAT模式 | 192.168.200.0/24 |
同时 DHCP 也要进行相对应的设置
安装系统:
在虚拟机设置中点击 处理器 ,将虚拟化引擎 前两项 勾上
添加一块新网卡,将类型设置为 NAT 模式,原网卡类型为 主机模式
进入系统安装后,选择第一项,如何按住 Tab 键,在quite前输入 net.ifnames=0 和 biosdevname=0 将网卡名字设置为 eth0 和eth1
基础运维
配置网络:
| 节点 | 网络 |
| controller | eth0:192.168.100.10/24 |
| eth1:192.158.200.10/24 | |
| compute | eth0:192.168.100.20/24 |
| eth1:192.168.200.20/24 |
可以先搭建好 controller 节点,再将该节点进行克隆得到 compute 节点
root密码建议设置为 000000
- 利用vi文本编辑器去配置虚拟机的虚拟网卡;
[root@controller ~]#vi /etc/sysconfig/network-scripts/ifcfg-eth0
eth1同上
- 网卡配置如下:
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static #将类型改为 static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eth0
UUID=10ca8a0b-7bf2-4b05-b63e-0032137279d7
DEVICE=eth0
ONBOOT=yes#将 no 改成yes
IPADDR=192.168.100.10 #更改ip
PREFIX=24
IPV6_PRIVACY=no
- 网卡配置好后,关闭防火墙:
[root@controller ~]#systemctl stop firewalld #关闭防火墙
[root@controller ~]#systemctl disable firewalld #禁用防火墙
[root@controller ~]#setenforce 0 #临时关闭selinux防火墙
[root@controller ~]#vi /etc/selinux/config #进入配置文件更改selinux
- selinux配置如下:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=permissive #将enforcing改为Permissive
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
- 配置好后重启网络服务,使配置生效:
[root@controller ~]#systemctl restart network #重启网卡
[root@controller ~]#ip addr #查看ip
使用远程工具(Xshell,SecureCRT等)连接虚拟机(192.168.100.10)。
克隆compute节点:
- 对 controller 进行克隆,克隆类型选择 创建完整克隆 。
克隆前需要先关闭虚拟机:
[root@controller ~]#init 0
compute 节点启动后,需要修改两张网卡的ip以及uuid。
- 配置如下:(eth0与eth1同理)
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eth0
UUID=10ca8a0b-7bf2-4b05-b63e-0032137279d3 #uuid不能与controller的相同,随意修改一位数
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.100.20 #末位改成20
PREFIX=24
IPV6_PRIVACY=no
弄好后接下来步骤跟controller一样。
- 接下来设置各个节点名:
[root@controller ~]#hostanmectl set-hostname controller/compute
[root@controller ~]#logout #注销 重新手动连接
- 紧接着设置节点间映射关系:
[root@controller ~]# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.10 controller #节点1
192.168.100.20 compute #节点2
- 设置完成后两个节点之间互ping以及ping外部网络:
若ping不通。检查网卡配置
[root@compute ~]#ping controller
[root@compute ~]#ping www.baidu.com
- 将controller节点上的hosts配置文件传输到compute节点上将其替换
[root@controller ~]#scp /etc/hosts compute:/etc/hosts
镜像挂载:
- 移走本地网络yum源(两个节点都需要执行):
[root@controller ~]#mv /etc/yum.repos.d/* /media # 将网络yum源移到media目录下
- 上传镜像:CentOS-7-X86_64-DVD-1804.iso 和 chinaskill_cloud_iaas.iso 至controller 节点中的 root 目录。
- 在 controller 节点配置本地yum源:
[root@controller ~]#vi /etc/yum.repos.d/local.repo
配置文件如下:
[centos]
name=centos
baseurl=file:///opt/centos
gpgcheck=0
enabled=1
[openstack]
name=openstack
baseurl=file:///opt/openstack/iaas-repo
gpgcheck=0
enabled=1
- 创建两个挂载目录:
[root@controller ~]#mkdir /opt/{centos,openstack}
- 镜像挂载(关机后需重新挂载):
[root@controller ~]# mount -o loop CentOS-7.5-x86_64-DVD-1804.iso /opt/centos/
[root@controller ~]#mount -o loop chinaskills_cloud_iaas.iso /opt/openstack/
yum源配置:
- 清理yum源缓存,并列出yum仓库软件包
[root@controller ~]#yum clean all #清理缓存
[root@controller ~]#yum repolist all #列出软件包
- 在 controller 安装vsftpd,让compute节点通过ftp访问到controller节点上的镜像
[root@controller ~]# yum install -y vsftpd
- 修改vsftpd服务的配置文件:
[root@controller ~]#vi /etc/vsftpd/vsftpd.conf
配置文件如下:
# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anon_root=/opt #添加匿名访问
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
# When SELinux is enforcing check for SE bool ftp_home_dir
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
- 重启服务,使修改的配置生效,并设置开机自启
[root@controller ~]#systemctl restart vsftpd && systemctl enable vsftpd
- 用scp命令将controller节点的yum源传到compute节点:
[root@controller ~]#scp /etc/yum.repos.d/local.repo compute:/etc/yum.repos.d/
- 在 compute 修改local.repo:
[centos]
name=centos
baseurl=ftp://controller/centos #修改url
gpgcheck=0
enabled=1
[openstack]
name=openstack
baseurl=ftp://controller/openstack/iaas-repo ##修改url
gpgcheck=0
enabled=1
- 清理yum源缓存,并列出yum仓库软件包
[root@computer ~]#yum clean all #清理缓存
[root@compute ~]#yum repolist all #列出软件包
重启selinux会重新打开,需要再次关闭
若ftp无法连接controller,可以在controller节点再次关闭selinux
[root@controller ~]#setenforce 0
时间同步配置:
- 两个节点都需要安装 chrony:
可能已经自动安装
[root@controller ~]#yum install -y chrony
[root@compute ~]#yum install -y chrony
- 在 controller 节点配置:
[root@controller ~]#vi /etc/chrony.conf
配置文件如下:
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst #注释掉
#server 1.centos.pool.ntp.org iburst #注释掉
#server 2.centos.pool.ntp.org iburst #注释掉
#server 3.centos.pool.ntp.org iburst #注释掉
server controller iburst #添加自己的
allow 192.168.100.0/24 #允许时间网段
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.
#allow 192.168.0.0/16
# Serve time even if not synchronized to a time source.
#local stratum 10
# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys
# Specify directory for log files.
logdir /var/log/chrony
# Select which information is logged.
#log measurements statistics tracking
...
- 重启服务,使修改的配置生效,并设置开机自启
[root@controller ~]#systemctl restart chronyd && systemctl enable chronyd
- 在 compute 节点配置:
[root@compute ~]#vi /etc/chrony.conf
配置文件如下:
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst #注释掉
#server 1.centos.pool.ntp.org iburst #注释掉
#server 2.centos.pool.ntp.org iburst #注释掉
#server 3.centos.pool.ntp.org iburst #注释掉
server controller iburst #添加controller的
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.
#allow 192.168.0.0/16
# Serve time even if not synchronized to a time source.
#local stratum 10
# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys
# Specify directory for log files.
logdir /var/log/chrony
# Select which information is logged.
#log measurements statistics tracking
...
- 重启服务,使修改的配置生效,并设置开机自启
[root@compute ~]#systemctl restart chronyd && systemctl enable chronyd
- 最后在 compute 节点测试时间是否同步:
[root@compute ~]#chronyc sources -v
出现以下内容说明成功:
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? controller 0 6 0 - +0ns[ +0ns] +/- 0ns
平台搭建
安装iaas-xiandian:
(在两节点执行)
[root@controller ~]#yum -y install iaas-xiandian
[root@compute ~]#yum -y install iaas-xiandian
修改xiandian配置文件:
[root@controller ~]#vi /etc/xiandian/openrc.sh
# 进入配置文件后需要在命令行模式下敲
:%s/^#//g # 一行中只带有一个#注释的,作用去除#注释
:%s/PASS=/PASS=000000/g # 将PASS=全部替换成PASS=000000,这样省的我们自己手动敲很多代码了
配置文件如下:
#--------------------system Config--------------------##
#Controller Server Manager IP. example:x.x.x.x
HOST_IP=192.168.100.10 #controller节点的IP地址
#Controller HOST Password. example:000000
HOST_PASS=000000
#Controller Server hostname. example:controller
HOST_NAME=controller #controller节点的主机名
#Compute Node Manager IP. example:x.x.x.x
HOST_IP_NODE=192.168.100.20 #compute节点的IP地址
#Compute HOST Password. example:000000
HOST_PASS_NODE=000000
#Compute Node hostname. example:compute
HOST_NAME_NODE=compute #compute节点的主机名
#--------------------Chrony Config-------------------##
#Controller network segment IP. example:x.x.0.0/16(x.x.x.0/24)
network_segment_IP=192.168.100.0/24 #控制节点的网段
#--------------------Rabbit Config ------------------##
#user for rabbit. example:openstack
RABBIT_USER=openstack #rabbit用户名
#Password for rabbit user .example:000000
RABBIT_PASS=000000
#--------------------MySQL Config---------------------##
#Password for MySQL root user . exmaple:000000
DB_PASS=000000
#--------------------Keystone Config------------------##
#Password for Keystore admin user. exmaple:000000
DOMAIN_NAME=demo #OpenStack中登录页面的认证域名
ADMIN_PASS=000000
DEMO_PASS=000000
#Password for Mysql keystore user. exmaple:000000
KEYSTONE_DBPASS=000000
#--------------------Glance Config--------------------##
#Password for Mysql glance user. exmaple:000000
GLANCE_DBPASS=000000
#Password for Keystore glance user. exmaple:000000
GLANCE_PASS=000000
#--------------------Nova Config----------------------##
#Password for Mysql nova user. exmaple:000000
NOVA_DBPASS=000000
#Password for Keystore nova user. exmaple:000000
NOVA_PASS=000000
#--------------------Neturon Config-------------------##
#Password for Mysql neutron user. exmaple:000000
NEUTRON_DBPASS=000000
#Password for Keystore neutron user. exmaple:000000
NEUTRON_PASS=000000
#metadata secret for neutron. exmaple:000000
METADATA_SECRET=000000
#Tunnel Network Interface. example:x.x.x.x
INTERFACE_IP=192.168.100.10 #隧道接口的IP地址,填当前节点的IP地址
#External Network Interface. example:eth1
INTERFACE_NAME=eth1 #第二块网卡作为外网,对外提供服务(云主机实例)的网卡名
#External Network The Physical Adapter. example:provider
Physical_NAME=provider #物理适配器的外网
#First Vlan ID in VLAN RANGE for VLAN Network. exmaple:101
minvlan=5 #VLAN最小从5开始(自己根据需要来给定)
#Last Vlan ID in VLAN RANGE for VLAN Network. example:200
maxvlan=200 #VLAN最大到200
#--------------------Cinder Config--------------------##
#Password for Mysql cinder user. exmaple:000000
CINDER_DBPASS=000000
#Password for Keystore cinder user. exmaple:000000
CINDER_PASS=000000
#Cinder Block Disk. example:md126p3
BLOCK_DISK=sdb1 #compute节点增加的第一快磁盘名称(lsblk查看)
#--------------------Swift Config---------------------##
#Password for Keystore swift user. exmaple:000000
SWIFT_PASS=000000
#The NODE Object Disk for Swift. example:md126p4.
OBJECT_DISK=sdb2 #compute节点的增加的第二快磁盘名称
#The NODE IP for Swift Storage Network. example:x.x.x.x.
STORAGE_LOCAL_NET_IP=192.168.100.20 #对象存储的IP地址
#--------------------Heat Config----------------------##
#Password for Mysql heat user. exmaple:000000
HEAT_DBPASS=000000
#Password for Keystore heat user. exmaple:000000
HEAT_PASS=000000
#--------------------Zun Config-----------------------##
#Password for Mysql Zun user. exmaple:000000
ZUN_DBPASS=000000
#Password for Keystore Zun user. exmaple:000000
ZUN_PASS=000000
#Password for Mysql Kuryr user. exmaple:000000
KURYR_DBPASS=000000
#Password for Keystore Kuryr user. exmaple:000000
KURYR_PASS=000000
#--------------------Ceilometer Config----------------##
#Password for Gnocchi ceilometer user. exmaple:000000
CEILOMETER_DBPASS=000000
#Password for Keystore ceilometer user. exmaple:000000
CEILOMETER_PASS=000000
#--------------------AODH Config----------------##
#Password for Mysql AODH user. exmaple:000000
AODH_DBPASS=000000
#Password for Keystore AODH user. exmaple:000000
AODH_PASS=000000
#--------------------Barbican Config----------------##
#Password for Mysql Barbican user. exmaple:000000
BARBICAN_DBPASS=000000
#Password for Keystore Barbican user. exmaple:000000
BARBICAN_PASS=000000
- controller节点配置完后,使用scp将文件拷贝到compute节点:
[root@controller ~]#scp /etc/xiandian/openrc.sh compute:/etc/xiandian/openrc.sh
- 在compute节点中将xiandian配置文件修改第69行的IP地址,改成对应节点的IP地址(在compute节点只需修改这一行):
68 #Tunnel Network Interface. example:x.x.x.x
69 INTERFACE_IP=192.168.100.20
- 两个节点修改完后都要使用source生效:
[root@controller ~]#source /etc/xiandian/openrc.sh
[root@compute ~]#source /etc/xiandian/openrc.sh
安装组件:
每一次安装前记得保存快照。跑错了可以恢复到之前状态
controller节点执行脚本的顺序 [ mysql组件,keystone组件,glance组件,nova-controller组件,neutron-controller组件,dashboard组件,cinder-controller组件,swift-controller组件 ]
(跑完controller节点,再跑compute节点)
compute节点执行脚本的顺序 [ nova-compute组件,neutron-compute组件,cinder-compute组件,swift-compute组件 ]
- 安装iaas-pre-host.sh(两个节点都执行):
[root@controller ~]#iaas-pre-host.sh
[root@compute ~]#iaas-pre-host.sh
当两个节点都出现这一行需要重启虚拟机:
Please Reboot or Reconnect the terminal
重启命令:reboot, 重启后记得重新挂载镜像包
- 安装数据库:
[root@controller ~]# iaas-install-mysql.sh
- Keystone服务安装:
[root@controller ~]# iaas-install-keystone.sh
- Glance安装:
[root@controller ~]# iaas-install-glance.sh
- Nova安装:
两个节点脚本名字不一样!
[root@controller ~]# iaas-install-nova-controller.sh
[root@controller ~]# iaas-install-nova-compute.sh
- Neutron安装:
两个节点脚本名字不一样!
[root@controller ~]# iaas-install-neutron-controller.sh
[root@controller ~]# iaas-install-neutron-compute.sh
- dashboard安装:
[root@controller ~]# iaas-install-dashboard.sh
- Cinder安装:
[root@controller ~]# iaas-install-cinder-controller.sh
[root@compute ~]# iaas-install-cinder-compute.sh
