用虚拟机搭建iaas先电私有云平台-阿里云开发者社区

某企业拟使用OpenStack搭建一个企业云平台，以实现资源池化弹性管理、企业应用集中管理、统一安全认证和授权等管理。

说明：

1．表中的 x，y 为vlan号，每人有两个vlan号；z为工位号；

2．根据图表给出的信息，检查硬件连线及网络设备配置，确保网络连接正常；

3．考试所需要的资源包与附件均在考位信息表中给出；

4．竞赛过程中，为确保服务器的安全，请自行修改服务器密码；在考试系统提交信息时，请确认自己的IP地址，用户名和密码。

为了方便实验，没有服务器的同学可以通过虚拟机来进行实验

1.配置网络，主机名（双节点）

controller：192.168.1.10 192.168.2.10
compute：192.168.1.20 192.168.2.20
controller配置：
[root@controller ~]# hostnamectl set-hostname controller
[root@controller ~]# logout
重连登录
[root@controller ~]# vi /etc/sysconfig/network-scripts/ifcfg-eno16777728 
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=eno16777728
UUID=33c092da-748f-4504-b735-d9dff2a49d33
DEVICE=eno16777728
ONBOOT=yes
IPADDR=192.168.1.10
PREFIX=24
GATEWAY=192.168.1.1
[root@controller ~]# cd /etc/sysconfig/network-scripts/
[root@controller network-scripts]# cp -a ifcfg-eno16777728 ifcfg-eno33554960
[root@controller network-scripts]# vi /etc/sysconfig/network-scripts/ifcfg-eno33554960 
DEVICE=eno33554960
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.168.2.10
PREFIX=24
[root@controller ~]# systemctl restart network
[root@controller ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eno16777728: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:01:7e:b7 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.10/24 brd 192.168.1.255 scope global eno16777728
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe01:7eb7/64 scope link 
       valid_lft forever preferred_lft forever
3: eno33554960: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP qlen 1000
    link/ether 00:0c:29:01:7e:c1 brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.10/24 brd 192.168.2.255 scope global eno33554960
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe01:7ec1/64 scope link 
       valid_lft forever preferred_lft forever
关机直接克隆compute
compute配置：
[root@compute ~]# hostnamectl set-hostname compute
[root@compute ~]# logout
重连登录
[root@compute ~]# vi /etc/sysconfig/network-scripts/ifcfg-eno16777728 
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=eno16777728
UUID=33c092da-748f-4504-b735-d9dff2a49d33
DEVICE=eno16777728
ONBOOT=yes
IPADDR=192.168.1.20
PREFIX=24
[root@compute ~]# cd /etc/sysconfig/network-scripts/
[root@compute network-scripts]# cp -a ifcfg-eno16777728 ifcfg-eno33554960
[root@compute network-scripts]# vi /etc/sysconfig/network-scripts/ifcfg-eno33554960 
DEVICE=eno33554960
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.168.2.20
PREFIX=24
[root@compute ~]# systemctl restart network
[root@compute ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eno16777728: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:01:7e:b7 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.20/24 brd 192.168.1.255 scope global eno16777728
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe01:7eb7/64 scope link 
       valid_lft forever preferred_lft forever
3: eno33554960: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP qlen 1000
    link/ether 00:0c:29:01:7e:c1 brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.20/24 brd 192.168.2.255 scope global eno33554960
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe01:7ec1/64 scope link 
       valid_lft forever preferred_lft forever
记得拉取两个镜像！！！（只需要在controller节点拉取）

2.永久闭防火墙和selinux（双节点）

[root@controller yum.repos.d]# systemctl stop firewalld
[root@controller yum.repos.d]# systemctl disable firewalld
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
[root@controller yum.repos.d]# setenforce 0
[root@controller yum.repos.d]# vi /etc/selinux/config 
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 
[root@compute yum.repos.d]# systemctl stop firewalld
[root@compute yum.repos.d]# systemctl disable firewalld
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
[root@compute yum.repos.d]# setenforce 0
[root@compute yum.repos.d]# vi /etc/selinux/config 
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

3.配置YUM源（双节点）

在controller节点上利用/opt/centos目录中的软件包安装httpd服务，设置开机自启动，并使用http提供yum仓库服务，在http服务默认工作目录下创建openstack和centos目录，将需要用到的源文件分别复制到这两个目录下。分别设置controller节点和compute节点的yum源文件http.repo

配置主机名映射
[root@controller ~]# vi /etc/hosts
192.168.1.10 controller
192.168.1.20 compute
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
[root@compute ~]# vi /etc/hosts
192.168.1.10 controller
192.168.1.20 compute
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
[root@controller ~]# cd /etc/yum.repos.d/
[root@controller yum.repos.d]# rm -rf *
[root@controller yum.repos.d]# cat local.repo 
[centos]
name=centos
baseurl=file:///opt/centos
gpgcheck=0
enabled=1
[iaas]
name=iaas
baseurl=file:///opt/iaas/iaas-repo
gpgcheck=0
enabled=1
[root@compute ~]# cd /etc/yum.repos.d/
[root@compute yum.repos.d]# rm -rf *
[root@compute yum.repos.d]# cat local.repo 
[centos]
name=centos
baseurl=ftp://controller/centos
gpgcheck=0
enabled=1
[iaas]
name=iaas
baseurl=ftp://controller/iaas/iaas-repo
gpgcheck=0
enabled=1

4.写入/etc/fstab,并挂载镜像

将提供的CentOS-7-x86_64-DVD-1804.iso和chinaskills_cloud_iaas.iso光盘镜像上传到controller节点/root目录下，然后在/opt目录下分别创建centos目录和openstack目录，并将镜像文件CentOS-7-x86_64-DVD-1804.iso挂载到centos目录下，将镜像文件chinaskills_cloud_iaas.iso挂载到openstack目录下。

[root@controller ~]# ls
anaconda-ks.cfg  CentOS-7-x86_64-DVD-1511.iso  XianDian-IaaS-v2.2.iso
[root@controller ~]# mkdir /opt/centos
[root@controller ~]# mkdir /opt/iaas
[root@controller ~]# cat /etc/fstab 
#
# /etc/fstab
# Created by anaconda on Thu Oct  1 06:46:45 2020
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=36615874-b25f-4539-b376-8a5c387c0212 /                       xfs     defaults        0 0
UUID=02223747-779a-4b6d-a300-2774ec29a144 /boot                   xfs     defaults        0 0
UUID=01956b4a-500a-4f23-8b60-75b3bb457ded swap                    swap    defaults        0 0
/root/CentOS-7-x86_64-DVD-1511.iso        /opt/centos           iso9660 defaults 0 0
/root/XianDian-IaaS-v2.2.iso              /opt/iaas           iso9660 defaults 0 0
[root@controller ~]# mount -a
mount: /dev/loop0 is write-protected, mounting read-only
mount: /dev/loop1 is write-protected, mounting read-only
[root@controller ~]# df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda3        98G  7.6G   90G   8% /
devtmpfs        904M     0  904M   0% /dev
tmpfs           913M     0  913M   0% /dev/shm
tmpfs           913M  8.5M  904M   1% /run
tmpfs           913M     0  913M   0% /sys/fs/cgroup
/dev/sda1       497M  118M  380M  24% /boot
tmpfs           183M     0  183M   0% /run/user/0
/dev/loop0      4.1G  4.1G     0 100% /opt/centos
/dev/loop1      2.7G  2.7G     0 100% /opt/iaas
[root@controller ~]# yum list
[root@controller ~]# yum install -y vim
[root@controller ~]# yum install -y vsftpd
[root@controller ~]# cat /etc/vsftpd/vsftpd.conf (在第一行添加下面内容，点点不用写)
anon_root=/opt/
...
...
[root@controller ~]# systemctl restart vsftpd
[root@controller ~]# systemctl enable vsftpd
Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.

5.安装iaas相关软件包

[root@controller ~]# yum install -y iaas-xiandian
[root@compute ~]# yum install -y iaas-xiandian

6.划分磁盘作为swift和cinder

[root@computer ~]# fdisk -l
Disk /dev/sda: 21.5 GB, 21474836480 bytes, 41943040 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x0002f10c
   Device Boot      Start         End      Blocks   Id  System
/dev/sda1            2048     4196351     2097152   82  Linux swap / Solaris
/dev/sda2   *     4196352    41943039    18873344   83  Linux
Disk /dev/sdb: 107.4 GB, 107374182400 bytes, 209715200 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
[root@computer ~]# fdisk /dev/sdb
Welcome to fdisk (util-linux 2.23.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0xa5eb8d25.
Command (m for help): n
Partition type:
   p   primary (0 primary, 0 extended, 4 free)
   e   extended
Select (default p): 
Using default response p
Partition number (1-4, default 1): 
First sector (2048-209715199, default 2048): 
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-209715199, default 209715199): +30G
Partition 1 of type Linux and of size 30 GiB is set
Command (m for help): n
Partition type:
   p   primary (1 primary, 0 extended, 3 free)
   e   extended
Select (default p): 
Using default response p
Partition number (2-4, default 2): 
First sector (62916608-209715199, default 62916608): 
Using default value 62916608
Last sector, +sectors or +size{K,M,G} (62916608-209715199, default 209715199): +30G
Partition 2 of type Linux and of size 30 GiB is set
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
[root@computer ~]# fdisk -l
Disk /dev/sda: 21.5 GB, 21474836480 bytes, 41943040 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x0002f10c
   Device Boot      Start         End      Blocks   Id  System
/dev/sda1            2048     4196351     2097152   82  Linux swap / Solaris
/dev/sda2   *     4196352    41943039    18873344   83  Linux
Disk /dev/sdb: 107.4 GB, 107374182400 bytes, 209715200 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0xa5eb8d25
   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1            2048    62916607    31457280   83  Linux
/dev/sdb2        62916608   125831167    31457280   83  Linux
[root@compute ~]# mkfs.xfs /dev/sdb1
[root@compute ~]# mkfs.xfs /dev/sdb2

7.修改环境变量

[root@controller ~]# cat /etc/xiandian/openrc.sh
cat /etc/xiandian/openrc.sh
##--------------------system Config--------------------##
##Controller Server Manager IP. example:x.x.x.x
HOST_IP=192.168.1.10
##Controller Server hostname. example:controller
HOST_NAME=controller
##Compute Node Manager IP. example:x.x.x.x
HOST_IP_NODE=192.168.1.20
##Compute Node hostname. example:compute
HOST_NAME_NODE=compute
##--------------------Rabbit Config ------------------##
##user for rabbit. example:openstack
RABBIT_USER=openstack
##Password for rabbit user .example:000000
RABBIT_PASS=a
##--------------------MySQL Config---------------------##
##Password for MySQL root user . exmaple:000000
DB_PASS=a
##--------------------Keystone Config------------------##
##Password for Keystore admin user. exmaple:000000
DOMAIN_NAME=lyb
ADMIN_PASS=a
DEMO_PASS=a
##Password for Mysql keystore user. exmaple:000000
KEYSTONE_DBPASS=a
##--------------------Glance Config--------------------##
##Password for Mysql glance user. exmaple:000000
GLANCE_DBPASS=a
##Password for Keystore glance user. exmaple:000000
GLANCE_PASS=a
##--------------------Nova Config----------------------##
##Password for Mysql nova user. exmaple:000000
NOVA_DBPASS=a
##Password for Keystore nova user. exmaple:000000
NOVA_PASS=a
##--------------------Neturon Config-------------------##
##Password for Mysql neutron user. exmaple:000000
NEUTRON_DBPASS=a
##Password for Keystore neutron user. exmaple:000000
NEUTRON_PASS=a
##metadata secret for neutron. exmaple:000000
METADATA_SECRET=a
##External Network Interface. example:eth1
INTERFACE_NAME=eno33554960
##First Vlan ID in VLAN RANGE for VLAN Network. exmaple:101
#minvlan=
##Last Vlan ID in VLAN RANGE for VLAN Network. example:200
#maxvlan=
##--------------------Cinder Config--------------------##
##Password for Mysql cinder user. exmaple:000000
CINDER_DBPASS=a
##Password for Keystore cinder user. exmaple:000000
CINDER_PASS=a
##Cinder Block Disk. example:md126p3
BLOCK_DISK=/dev/sdb1
##--------------------Trove Config--------------------##
##Password for Mysql Trove User. exmaple:000000
TROVE_DBPASS=a
##Password for Keystore Trove User. exmaple:000000
TROVE_PASS=a
##--------------------Swift Config---------------------##
##Password for Keystore swift user. exmaple:000000
SWIFT_PASS=a
##The NODE Object Disk for Swift. example:md126p4.
OBJECT_DISK=/dev/sdb2
##The NODE IP for Swift Storage Network. example:x.x.x.x.
STORAGE_LOCAL_NET_IP=192.168.1.20
##--------------------Heat Config----------------------##
##Password for Mysql heat user. exmaple:000000
HEAT_DBPASS=a
##Password for Keystore heat user. exmaple:000000
HEAT_PASS=a
##--------------------Ceilometer Config----------------##
##Password for Mysql ceilometer user. exmaple:000000
CEILOMETER_DBPASS=a
##Password for Keystore ceilometer user. exmaple:000000
CEILOMETER_PASS=a
##--------------------AODH Config----------------##
##Password for Mysql AODH user. exmaple:000000
AODH_DBPASS=a
##Password for Keystore AODH user. exmaple:000000
AODH_PASS=a
[root@controller ~]# scp /etc/xiandian/openrc.sh root@compute:/etc/xiandian/openrc.sh

8.配置NTP服务

新版本不用更改

9.通过脚本安装服务

控制节点

iaas-pre-host.sh
reboot
iaas-install-mysql.sh
iaas-install-keystone.sh
iaas-install-glance.sh
iaas-install-nova-controller.sh
iaas-install-neutron-controller.sh
iaas-install-dashboard.sh
计算节点
iaas-pre-host.sh
reboot
iaas-install-nova-compute.sh
iaas-install-neutron-compute.sh