目录

前文列表

• Openstack组件部署 — Overview和前期环境准备

Controller Node

控制节点是整个Openstack控制枢纽，可以将Database、Message queue、DNS、NTP、Keystone等服务集成到一起，当然Openstack实现了松耦合的架构思想，因此所有的组件都可以在任意Node中安装组合，视乎实际情况而定。

Install and configure components

Setup DNS Server

step1.

yum install -y bind bind-chroot

**Step2.**Edit the config file.

[root@controller ~]# cat /etc/named.conf | grep -v ^# | grep -v ^// | grep -v ^$
options {
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { any; };
    recursion yes;
    dnssec-enable yes;
    dnssec-validation yes;
    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";
    managed-keys-directory "/var/named/dynamic";
    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
    type hint;
    file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

**Step3.**Forward Domain
vim /etc/named.rfc1912.zones

zone "jmilk.com" IN {
        type master;
        file "jmilk.com.zone";
        allow-update { none; };
};

Create zone config file:

cp -p /var/named/named.localhost /var/named/jmilk.com.zone

vim /var/named/jmilk.com.zone

$TTL 1D
@       IN SOA  @ rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      controller.jmilk.com.
controller A    192.168.1.5
network A       192.168.1.6
compute1 A      192.168.1.10
compute2 A      192.168.1.11
block1 A        192.168.1.20
block2 A        192.168.1.21
object1 A       192.168.1.31
object2 A       192.168.1.32

vim /etc/resolv.conf

# Generated by NetworkManager
search jmilk.com
nameserver 127.0.0.1

注意：当需要联网安装软件包时，还是需要将DNSSERVER指向外网DNSSERVER

Restart the named service：

systemctl restart named
systemctl enable named

Setup NTP Server

Install the packages:

yum install chrony

Edit the /etc/chrony.conf:
vim /etc/chrony.conf

#注释其他以server开头的配置项，并添加下列配置，使用国内速度较快的NTP Server
server 1.cn.pool.ntp.org iburst  
allow 192.168.1.0/24

Start the NTP service and configure it to start when the system boots:

systemctl enable chronyd.service
systemctl start chronyd.service

CHECK:

[root@controller ~]# timedatectl status 
      Local time: Fri 2016-06-10 12:00:08 EDT
  Universal time: Fri 2016-06-10 16:00:08 UTC
        RTC time: Fri 2016-06-10 16:00:09
        Timezone: America/New_York (EDT, -0400)
     NTP enabled: yes               #YES
NTP synchronized: yes               #YES
 RTC in local TZ: no
      DST active: yes
 Last DST change: DST began at
                  Sun 2016-03-13 01:59:59 EST
                  Sun 2016-03-13 03:00:00 EDT
 Next DST change: DST ends (the clock jumps one hour backwards) at
                  Sun 2016-11-06 01:59:59 EDT
                  Sun 2016-11-06 01:00:00 EST

[root@controller ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* 202.118.1.130                 2   6    17    31   +307us[ +415us] +/-   82ms

Install SQL Database

Install the packages:

yum install mariadb mariadb-server python2-PyMySQL -y

Create and edit the /etc/my.cnf.d/openstack.cnf file
vim /etc/my.cnf.d/openstack.cnf

[mysqld]
bind-address = 192.168.1.5      #Controller Node IPAddress 设置
ip绑定
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
character-set-server = utf8    #默认数据库引擎及默认字符集为UTF-8

Start the database service and configure it to start when the system boots:

systemctl enable mariadb.service
systemctl start mariadb.service

初始化MySQL：

[root@controller ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

You already have a root password set, so you can safely answer 'n'.

Change the root password? [Y/n] 
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] 
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] 
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] 
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] 
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Setup Message queue

OpenStack使用message queue实现协调操作和服务之间的状态信息。Message queue service一般在Controller Node上运行。
OpenStack常用的消息代理软件：

• RabbitMQ(更加常用)
• Qpid
• ZeroMQ

Install the package:

yum install rabbitmq-server -y

Start the message queue service and configure it to start when the system boots:

systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service

Add the openstack user

rabbitmqctl add_user openstack fanguiju

Permit configuration, write, and read access for the openstack user:

rabbitmqctl set_permissions openstack ".*" ".*" ".*"

Setup Memcached

The Identity service authentication mechanism for services uses Memcached to cache tokens. Memcached缓存技术用于对Keystone组件的认证信息token进行缓存。一般安装在Controller Node上，在生产系统中，建议使用认证、防火墙、加密的手段来保证token缓存的安全。
Install the packages:

yum install memcached python-memcached -y

Start the Memcached service and configure it to start when the system boots:

systemctl enable memcached.service
systemctl start memcached.service