邯城往事
hostnamectl set-hostname linux-node1
修改 host 文件
10.200.51.100 linux-node1 linux-node1.limi.com
10.200.51.31 linux-node2 linux-node2.limi.com
linux-node1 10.200.51.100 控制节点
linux-node2 10.200.51.31 计算节点
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
sed -i 's/$releasever/7.7.1908/g' /etc/yum.repos.d/CentOS-Base.repo
yum install chrony -y
timedatectl set-timezone Asia/Shanghai #配置时区
vim /etc/chrony.conf
...
allow 10.200.0.0/16
# systemctl enable chronyd.service
# systemctl start chronyd.service
server 192.168.51.208 iburst
[root@inside ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* linux-node1 3 6 37 43 -588ns[ -191us] +/- 16ms
更新内核后,重新启动机器
yum install centos-release-openstack-rocky -y
yum upgrade
yum install python-openstackclient
yum install openstack-selinux
yum install mariadb mariadb-server python2-PyMySQL -y
添加 openstack 配置文件
[root@linux-node1 my.cnf.d]# cat /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 0.0.0.0
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
# systemctl enable mariadb.service
# systemctl start mariadb.service
修改 maridb 初始密码
mysql_secure_installation
yum install rabbitmq-server -y
# systemctl enable rabbitmq-server.service
# systemctl start rabbitmq-server.service
创建 openstack 用户
[root@linux-node1 ~]# rabbitmqctl add_user openstack openstack
Creating user "openstack"
[root@linux-node1 ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/"
rabbitmqctl 命令参考
rabbitmq-plugins list 查看 rabbitmq 插件列表
rabbitmq-plugins enable rabbitmq_management 开启 web 管理功能
rabbitmqctl list_users 查看用户列表
rabbitmqctl set_user_tags admin administrator 修改用户角色
yum install memcached python-memcached
[root@linux-node1 ~]# cat !$
cat /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 0.0.0.0,::1" #此处授权主机允许所有的
[root@linux-node1 ~]# systemctl start memcached.service
[root@linux-node1 ~]# systemctl enable memcached.service
# yum install etcd
配置
[root@linux-node1 ~]# grep -v "^#\|^$" /etc/etcd/etcd.conf
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://10.200.51.100:2380"
ETCD_LISTEN_CLIENT_URLS="http://10.200.51.100:2379"
ETCD_NAME="controller"
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.200.51.100:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://10.200.51.100:2379"
ETCD_INITIAL_CLUSTER="controller=http://10.200.51.100:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
[root@linux-node1 ~]# systemctl start etcd
[root@linux-node1 ~]# systemctl enable etcd
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'keystone';
yum install openstack-keystone httpd mod_wsgi -y
/etc/keystone/keystone.conf 配置进行修改
[database]
...
connection = mysql+pymysql://keystone:keystone@10.200.51.100/keystone
[token]
...
provider = fernet
su -s /bin/sh -c "keystone-manage db_sync" keystone
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
keystone-manage bootstrap --bootstrap-password 598941324 \
--bootstrap-admin-url http://10.200.51.100:5000/v3 \
--bootstrap-internal-url http://10.200.51.100:5000/v3 \
--bootstrap-public-url http://10.200.51.100:5000/v3 \
--bootstrap-region-id RegionOne
vim /etc/httpd/conf/httpd.conf
...
ServerName 10.200.51.100:80
配置软链接
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
配置 SSL
配置环境变量:(#此密码用 boostrap 中的密码)
export OS_USERNAME=admin
export OS_PASSWORD=598941324
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://10.200.51.100:5000/v3
export OS_IDENTITY_API_VERSION=3
[root@linux-node1 ~]# openstack domain create --description "mystack" mystack
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | mystack |
| enabled | True |
| id | 4cbe80fad0b7460c8a7220fc63c0f130 |
| name | mystack |
| tags | [] |
+-------------+----------------------------------+
[root@linux-node1 ~]# openstack project create --domain default \
> --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 50b9efa71e704582ad667a8b98b5b770 |
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
[root@linux-node1 ~]# openstack user create --domain default \
> --password-prompt myuser
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 618ce6c96aa7462a9a2300d05379443f |
| name | myuser |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
password:598941324
[root@linux-node1 ~]# openstack role create demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| domain_id | None |
| id | f1b8bcab82964e3e8255d7ae4ababc0f |
| name | demo |
+-------------+----------------------------------+
[root@linux-node1 ~]# openstack role create myrole
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| domain_id | None |
| id | 1c425ddc2b7c4e9eacd2e561697eca90 |
| name | myrole |
+-------------+----------------------------------+
[root@linux-node1 ~]# openstack role add --project myproject --user myuser myrole
unset OS_AUTH_URL OS_PASSWORD
命令
openstack --os-auth-url http://10.200.51.100:5000/v3 \
--os-project-domain-name default \
--os-user-domain-name default \
--os-project-name demo \
--os-username admin token issue
[root@linux-node1 ~]# openstack --os-auth-url http://10.200.51.100:5000/v3 \
> --os-project-domain-name default \
> --os-user-domain-name default \
> --os-project-name demo \
> --os-username demo token issue
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2019-10-11T11:14:12+0000 |
| id | gAAAAABdoFX01swIecvosowJi-oGV8Y5fTHmPiGY4OtsAV2p1f0fkOWgc88v8QwmZtnKF83b501CTWBqdnIx1A78ZCN3SWufOHni24JVk1PP06JMzvtw8LFslGwYiJxtHCinCyxhW5fM9F3CxMYBGcq1xfRnkCV3PDJmoNCDS9ds8IdDREmXceQ |
| project_id | 4291d582710e407aa7abc46a64f2da57 |
| user_id | 9f702ce3021741918ad7b9e4ec63daff |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@linux-node1 ~]# openstack --os-auth-url http://10.200.51.100/v3 \
> --os-project-domain-name default \
> --os-user-domain-name default \
> --os-project-name myproject \
> --os-username myuser token issue
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2019-10-11T11:21:30+0000 |
| id | gAAAAABdoFeqLzi8NPoEwyiFAdbUhnZjVFS8avXsns9eQRWBFlPbouQfZOizXhh_cYn7iLMDmsrhL-d-Bw6UfjB4tB-PnowYcxckWhN3hEFSfd0gGbu9SzK3HUyNfw1pGuJ3E67Wxy7E_NR8QRMVG4yuooO-H-Y71-SCeNqAv1ak__xK4cBb54g |
| project_id | 7728319b685d4e5fb8aa8c9274fcb4b5 |
| user_id | 618ce6c96aa7462a9a2300d05379443f |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@linux-node1 ~]# cat admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=598941324
export OS_AUTH_URL=http://10.200.51.100:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@linux-node1 ~]# . admin-openrc
[root@linux-node1 ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2019-10-11T11:42:06+0000 |
| id | gAAAAABdoFx-gay2U7zVQHXIrVY4tYHvUzKc3XyLaB6VPgpjKEY3PjOfzSe81Wo7OdqHR4bC_KyPgJLtvEiz-YY-l46drqRRADDql4-I0Nf1sl2yfp7uaQNjokpJiRBi76JUhdpDEOMdeFEnLm3R0t4WO86a0fKDZIbkoM7ChKX4QkvoL7-6ce4 |
| project_id | 4291d582710e407aa7abc46a64f2da57 |
| user_id | 9f702ce3021741918ad7b9e4ec63daff |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
到头来 我们记住的 不是敌人的攻击 而是朋友的沉默 ---马丁·路德·金