目录
前文列表
Controller Node
控制节点是整个Openstack控制枢纽,可以将Database、Message queue、DNS、NTP、Keystone等服务集成到一起,当然Openstack实现了松耦合的架构思想,因此所有的组件都可以在任意Node中安装组合,视乎实际情况而定。
Install and configure components
Setup DNS Server
step1.
yum install -y bind bind-chroot
**Step2.**Edit the config file.
[root@controller ~]# cat /etc/named.conf | grep -v ^# | grep -v ^// | grep -v ^$options { directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key";};logging { channel default_debug { file "data/named.run"; severity dynamic; };};zone "." IN { type hint; file "named.ca";};include "/etc/named.rfc1912.zones";include "/etc/named.root.key";
**Step3.**Forward Domain
vim /etc/named.rfc1912.zoneszone "jmilk.com" IN { type master; file "jmilk.com.zone"; allow-update { none; };};
Create zone config file:
cp -p /var/named/named.localhost /var/named/jmilk.com.zone
vim /var/named/jmilk.com.zone
$TTL 1D@ IN SOA @ rname.invalid. ( 0 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS controller.jmilk.com.controller A 192.168.1.5network A 192.168.1.6compute1 A 192.168.1.10compute2 A 192.168.1.11block1 A 192.168.1.20block2 A 192.168.1.21object1 A 192.168.1.31object2 A 192.168.1.32
vim /etc/resolv.conf
# Generated by NetworkManagersearch jmilk.comnameserver 127.0.0.1
注意:当需要联网安装软件包时,还是需要将DNSSERVER指向外网DNSSERVER
Restart the named service:
systemctl restart namedsystemctl enable named
Setup NTP Server
Install the packages:
yum install chrony
Edit the /etc/chrony.conf:
vim /etc/chrony.conf#注释其他以server开头的配置项,并添加下列配置,使用国内速度较快的NTP Serverserver 1.cn.pool.ntp.org iburst allow 192.168.1.0/24
Start the NTP service and configure it to start when the system boots:
systemctl enable chronyd.servicesystemctl start chronyd.service
CHECK:
[root@controller ~]# timedatectl status Local time: Fri 2016-06-10 12:00:08 EDT Universal time: Fri 2016-06-10 16:00:08 UTC RTC time: Fri 2016-06-10 16:00:09 Timezone: America/New_York (EDT, -0400) NTP enabled: yes #YESNTP synchronized: yes #YES RTC in local TZ: no DST active: yes Last DST change: DST began at Sun 2016-03-13 01:59:59 EST Sun 2016-03-13 03:00:00 EDT Next DST change: DST ends (the clock jumps one hour backwards) at Sun 2016-11-06 01:59:59 EDT Sun 2016-11-06 01:00:00 EST[root@controller ~]# chronyc sources210 Number of sources = 1MS Name/IP address Stratum Poll Reach LastRx Last sample===============================================================================^* 202.118.1.130 2 6 17 31 +307us[ +415us] +/- 82ms
Install SQL Database
Install the packages:
yum install mariadb mariadb-server python2-PyMySQL -y
Create and edit the /etc/my.cnf.d/openstack.cnf file
vim /etc/my.cnf.d/openstack.cnf[mysqld]bind-address = 192.168.1.5 #Controller Node IPAddress 设置ip绑定default-storage-engine = innodbinnodb_file_per_tablecollation-server = utf8_general_cicharacter-set-server = utf8 #默认数据库引擎及默认字符集为UTF-8
Start the database service and configure it to start when the system boots:
systemctl enable mariadb.servicesystemctl start mariadb.service
初始化MySQL:
[root@controller ~]# mysql_secure_installationNOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!In order to log into MariaDB to secure it, we'll need the currentpassword for the root user. If you've just installed MariaDB, andyou haven't set the root password yet, the password will be blank,so you should just press enter here.Enter current password for root (enter for none): OK, successfully used password, moving on...Setting the root password ensures that nobody can log into the MariaDBroot user without the proper authorisation.You already have a root password set, so you can safely answer 'n'.Change the root password? [Y/n] New password: Re-enter new password: Password updated successfully!Reloading privilege tables.. ... Success!By default, a MariaDB installation has an anonymous user, allowing anyoneto log into MariaDB without having to have a user account created forthem. This is intended only for testing, and to make the installationgo a bit smoother. You should remove them before moving into aproduction environment.Remove anonymous users? [Y/n] ... Success!Normally, root should only be allowed to connect from 'localhost'. Thisensures that someone cannot guess at the root password from the network.Disallow root login remotely? [Y/n] ... Success!By default, MariaDB comes with a database named 'test' that anyone canaccess. This is also intended only for testing, and should be removedbefore moving into a production environment.Remove test database and access to it? [Y/n] - Dropping test database... ... Success! - Removing privileges on test database... ... Success!Reloading the privilege tables will ensure that all changes made so farwill take effect immediately.Reload privilege tables now? [Y/n] ... Success!Cleaning up...All done! If you've completed all of the above steps, your MariaDBinstallation should now be secure.Thanks for using MariaDB!
Setup Message queue
OpenStack使用message queue实现协调操作和服务之间的状态信息。Message queue service一般在Controller Node上运行。
OpenStack常用的消息代理软件:- RabbitMQ(更加常用)
- Qpid
- ZeroMQ
Install the package:
yum install rabbitmq-server -y
Start the message queue service and configure it to start when the system boots:
systemctl enable rabbitmq-server.servicesystemctl start rabbitmq-server.service
Add the openstack user
rabbitmqctl add_user openstack fanguiju
Permit configuration, write, and read access for the openstack user:
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setup Memcached
The Identity service authentication mechanism for services uses Memcached to cache tokens. Memcached缓存技术用于对Keystone组件的认证信息token进行缓存。一般安装在Controller Node上,在生产系统中,建议使用认证、防火墙、加密的手段来保证token缓存的安全。
Install the packages:yum install memcached python-memcached -y
Start the Memcached service and configure it to start when the system boots:
systemctl enable memcached.servicesystemctl start memcached.service