OpenStack Is a cloud operating system , Can control large-scale computing throughout the data center 、 Storage and network resource pools , All resources pass through a with a universal authentication mechanism API Manage and configure .
Use the dashboard , Enable the administrator to control and authorize users to pass Web Interface configuration resources .
In addition to the standard infrastructure as a service function , Other components also provide orchestration 、 Fault management, service management and other services , To ensure high availability of user applications .
openstack Deploy the installation environment
Network topology :
Use software version :
- operating system :CentOS Linux release 8.5.2111, Host turns on Virtualization
- openstack edition :centos-release-openstack-victoria.noarch
Resource configuration of each host 、 The distribution of roles and deployment services is shown in the following table :
node | node1 | node2 | node3 | node4 | node5 |
network card 1 | 192.168.31.101 | 192.168.31.102 | 192.168.31.103 | 192.168.31.104 | 192.168.31.105 |
network card 2 | provider | provider | provider | provider | provider |
network card 3 | inside | inside | inside | inside | inside |
network card 4 | 172.16.100.11(ceph) | 172.16.100.12(ceph) | 172.16.100.13(ceph) | ||
cpu/mem/ System disk | 8/12G/200G | 8/12G/200G | 8/12G/200G | 8/12G/200G | 8/12G/200G |
Additional hard disk mounting | 100Gx3+100G | 100Gx3 | 100Gx3 | 200Gx2 | 200Gx2 |
role | The control node | Computing node | Computing node | Computing node / Storage nodes | Computing node / Storage nodes |
ceph service ( and cinder We have problems together ) | ceph( Use 3 A cluster of hard disks ) | ceph( Use 3 A cluster of hard disks ) | ceph( Use 3 A cluster of hard disks ) | ||
nfs service | Using the first node's 100G, The mount directory is /vmdata |
Detailed description of network and services :
- provider Virtual machine network : The network segment is 172.16.1.0/24, Use... When creating virtual machines , The physical network card does not need to be configured IP Address
- inside Virtual machine network : The network segment is 10.1.0.0/24, Use... When creating virtual machines , The physical network card does not need to be configured IP Address , and provider The network is not the same physical network card , There is network isolation
- ceph The Internet : Network segment 172.16.100.0/24, Installation and deployment ceph The internal network used by the cluster
- build nfs service : stay node1 On the node nfs The service and the external access path are 192.168.31.101:/vmdata
1. Set host name , Close the firewall and selinux,node1 Log in to other host settings ssh Unclassified
At the control node node1 Operation on top
# Configure hostname information to /etc/hosts
echo -e "192.168.31.101 node1\n192.168.31.102 node2\n192.168.31.103 node3\n192.168.31.104 node4\n192.168.31.105 node5" >> /etc/hosts
# Generate ssh Secret key
[[email protected] ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Oo8Sm2MPmK3dzSTZFbs9vjgFrR2v4wOlnN4G/fajuOA [email protected]
The key's randomart image is:
+---[RSA 3072]----+
| |
| |
| .. |
| .o+ |
| S.oO o |
| +. + .Bo+ . |
| o o+= oo.=oo |
| o*o O. +oB.o. |
| ...++ +E.*=*..o|
+----[SHA256]-----+
# All nodes do ssh Password free login 、 Set the host name and synchronization hosts file 、 Close the firewall and selinux
for i in $(seq 5);do ssh-copy-id -i /root/.ssh/id_rsa.pub node$i;done
for i in $(seq 5);do ssh node$i hostnamectl set-hostname node$i;done
for i in $(seq 5);do scp /etc/hosts node$i:/etc/hosts;done
for i in $(seq 5);do ssh node$i "systemctl stop firewalld && systemctl disable firewalld";done
for i in $(seq 5);do ssh node$i "setenforce 0 && sed -i "s/SELINUX=enforcing/SELINUX=disabled/" /etc/selinux/config";done2. Set time synchronization for all hosts
Other nodes are synchronized with the first node , Ensure that all node times are consistent
# stay node1 Install on all nodes chrony
# modify yum The source is aliyuan , because Centos8 stay 2021 year 12 month 31 Stop providing source services on the day
for i in $(seq 5);do ssh node$i "sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-* && sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://mirrors.aliyun.com/centos-vault|g' /etc/yum.repos.d/CentOS-*";done
for i in $(seq 5);do ssh node$i "yum -y install chrony" ;done
---------------------------------------------# The control node node1 Installation configuration
sed -i "[email protected]^#allow.*@allow 192.168.31.0/[email protected]" /etc/chrony.conf # Modify the configuration
systemctl start chronyd && systemctl enable chronyd # Start the service
---------------------------------------------# node1 Install configurations for other nodes
for i in $(seq 2 5);do ssh node$i 'sed -i "[email protected]*@pool node1 [email protected]" /etc/chrony.conf';done
for i in $(seq 2 5);do ssh node$i 'systemctl start chronyd && systemctl enable chronyd';done
---------------------------------------------# Check whether other nodes are timed
[[email protected] ~]# chronyc clients
Hostname NTP Drop Int IntL Last Cmd Drop Int Last
===============================================================================
node2 4 0 1 - 55 0 0 - -
node3 4 0 1 - 54 0 0 - -
node4 4 0 1 - 53 0 0 - -
node5 4 0 1 - 53 0 0 - -3. install openstack Software sources , Specify version as victoria
# stay node1 Install on all nodes openstack Source file
for i in $(seq 5);do ssh node$i yum -y install centos-release-openstack-victoria.noarch;done
# Revise again openstack The source service , Because of the installation of openstack The source file
for i in $(seq 5);do ssh node$i "sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-* && sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://mirrors.aliyun.com/centos-vault|g' /etc/yum.repos.d/CentOS-*";done
# Install the basic software
for i in $(seq 5);do ssh node$i yum -y install python3-openstackclient crudini;done4. install mysql database ( The control node node1,mysql The login password root/mysql)
yum -y install mariadb mariadb-server python2-PyMySQL
# Modify the configuration file
crudini --set /etc/my.cnf.d/mariadb-server.cnf mysqld bind-address 192.168.31.101
crudini --set /etc/my.cnf.d/mariadb-server.cnf mysqld default-storage-engine innodb
crudini --set /etc/my.cnf.d/mariadb-server.cnf mysqld innodb_file_per_table on
crudini --set /etc/my.cnf.d/mariadb-server.cnf mysqld max_connections 4096
crudini --set /etc/my.cnf.d/mariadb-server.cnf mysqld collation-server utf8_general_ci
crudini --set /etc/my.cnf.d/mariadb-server.cnf mysqld character-set-server utf8
# Start the service and initialize , The first one during initialization root Enter if the password is empty , And set up root The new password is mysql And allow remote login
systemctl enable mariadb.service && systemctl start mariadb.service
---------------------------------------------# Set up mysql service root User password is mysql, And set allow root Remote login
[[email protected] ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] n
... skipping.
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n
... skipping.
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] n
... skipping.
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
---------------------------------------------# see mysql Whether it works properly
[[email protected] ~]# netstat -tunlp | grep 3306
tcp 0 0 192.168.31.101:3306 0.0.0.0:* LISTEN 29356/mysqld
[[email protected] ~]# mysql -uroot -hnode1 -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 12
Server version: 10.3.28-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> 5. Install message queuing rabbitmq( The control node node1, Add user password opensack/openstack)
# Install and start rabbitmq
yum --enablerepo powertools -y install rabbitmq-server
systemctl enable rabbitmq-server && systemctl start rabbitmq-server
---------------------------------------------# Add user passwords and set permissions
rabbitmqctl add_user openstack openstack && rabbitmqctl set_permissions openstack ".*" ".*" ".*"
---------------------------------------------# see rabbitmq state , And view users and permissions
[[email protected] ~]# rabbitmqctl status
[[email protected] ~]# rabbitmqctl list_user_permissions openstack
Listing permissions for user "openstack" ...
vhost configure write read
/ .* .* .*
---------------------------------------------# see rabbitmq Listening port
[[email protected] ~]# netstat -tunlp | grep 5672
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 30155/beam.smp
tcp6 0 0 :::5672 :::* LISTEN 30155/beam.smp 6. Install cache service memcache( The control node node1)
# Install and start memcache service
yum -y install memcached python3-memcached
sed -i 's/^OPTIONS.*/OPTIONS="-l 0.0.0.0"/' /etc/sysconfig/memcached
systemctl enable memcached && systemctl start memcached
---------------------------------------------# see memcache Listening port
[[email protected] ~]# netstat -tunlp | grep memcached
tcp 0 0 0.0.0.0:11211 0.0.0.0:* LISTEN 33130/memcached 7. install nfs service ( The control node node1)
install nfs The service is to give... In the future cinder Component supply nfs Storage back end
# Install and start nfs service
yum -y install nfs-utils
systemctl status nfs-server && systemctl enable nfs-server
---------------------------------------------# format node1 Last piece on 100G Hard disk , Then mount to /vmdata Under the table of contents , And set boot up
[[email protected] ~]# fdisk /dev/sde
Welcome to fdisk (util-linux 2.32.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Device does not contain a recognized partition table.
Created a new DOS disklabel with disk identifier 0x2fb2433e.
Command (m for help): n
Partition type
p primary (0 primary, 0 extended, 4 free)
e extended (container for logical partitions)
Select (default p):
Using default response p.
Partition number (1-4, default 1):
First sector (2048-209715199, default 2048):
Last sector, +sectors or +size{K,M,G,T,P} (2048-209715199, default 209715199):
Created a new partition 1 of type 'Linux' and of size 100 GiB.
Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.
[[email protected] ~]# mkfs.xfs /dev/sde1
[[email protected] ~]# blkid | grep sde1
/dev/sde1: UUID="95bb36aa-5e44-4caf-b586-24a69cadf8d9" BLOCK_SIZE="512" TYPE="xfs" PARTUUID="2fb2433e-01"
[[email protected] ~]# mkdir /vmdata
[[email protected] ~]# vi /etc/fstab
UUID=95bb36aa-5e44-4caf-b586-24a69cadf8d9 /vmdata xfs defaults 0 0
[[email protected] ~]# df -h | grep vmdata
/dev/sde1 100G 746M 100G 1% /vmdata
---------------------------------------------# To configure nfs service
[[email protected] ~]# vi /etc/exports
/vmdata *(sync,rw,no_root_squash,no_subtree_check)
# Load the configuration and take effect
exportfs -r && exportfs -v
[[email protected] ~]# showmount -e node1
Export list for node1:
/vmdata *
