openstack--2--控制節點安裝mysql和rabbitmq

生產中能夠把mysql數據庫單獨安裝到一臺機器上，這裏由於實驗機器有限，就把mysql安裝到了控制節點

其實openstack每一個組件均可以安裝到單獨的機器上。

 

RabbitMQ介紹

---

 

RabbitMQ是一個消息隊列產品

MQ全稱爲Message Queue, 消息隊列（MQ）是一種應用程序對應用程序的通訊方法。應用程序經過讀寫出入隊列的消息（針對應用程序的數據）來通訊，而無需專用鏈接來連接它們。
消息傳遞指的是程序之間經過在消息中發送數據進行通訊，而不是經過直接調用彼此來通訊，直接調用一般是用於諸如遠程過程調用的技術。排隊指的是應用程序經過 隊列來通訊。
隊列的使用除去了接收和發送應用程序同時執行的要求

MQ是消費-生產者模型的一個典型的表明，一端往消息隊列中不斷寫入消息，而另外一端則能夠讀取或者訂閱隊列中的消息。
消息隊列讓程序作到異步處理，而這種異步處理的方式大大的節省了服務器的請求響應時間，從而提升了系統的吞吐量。

使用rabbitmq最多的一個子項目是nova

 

除了控制面板Dashboard的Horizon沒用到mysql，其他組件都須要鏈接mysql，所以mysql數據尤其重要，生產中要作好主從以及備份

 

 

 

安裝和配置mariadb

---

 

大多數 OpenStack 服務使用 SQL 數據庫來存儲信息。 典型地，數據庫運行在控制節點上。OpenStack 服務也支持其餘 SQL 數據庫，包括PostgreSQL
安裝下面3個包。mariadb這裏精確到版本號了，是由於最新版的（mariadb-server-10.1.18-3.el7.x86_64.rpm） 安裝和一些lib文件有衝突

[root@linux-node1 ~]# yum install mariadb-5.5.52-1.el7.x86_64  -y
Package 1:mariadb-5.5.52-1.el7.x86_64 already installed and latest version
Nothing to do
[root@linux-node1 ~]# yum install mariadb-server-5.5.52-1.el7.x86_64  -y
Package 1:mariadb-server-5.5.52-1.el7.x86_64 already installed and latest version
Nothing to do
[root@linux-node1 ~]# yum install  python2-PyMySQL -y
Package python2-PyMySQL-0.7.9-2.el7.noarch already installed and latest version
Nothing to do

　　

最後一行看到主配置文件會include下面目錄，所以能夠把openstack本次實驗須要的參數放到此目錄下，固然也能夠放到主配置文件裏。

!includedir /etc/my.cnf.d

[root@linux-node1 ~]# cat /etc/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd

[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid

#
# include all files from the config directory
#
!includedir /etc/my.cnf.d

[root@linux-node1 ~]# 

 

須要在mariadb配置文件里加入如下參數，進行一些優化

default-storage-engine = innodb   默認存儲引擎innodb
innodb_file_per_table        設置獨享的表空間，若是不設置，會是共享表空間
collation-server = utf8_general_ci     校對規則
init-connect = 'SET NAMES utf8'    連接字符集
character-set-server = utf8         數據庫建庫字符集
max_connections = 4096      最大鏈接數
bind-address              mysql監聽地址

　　

 

這裏咱們單首創建配置文件，放到此目錄下

[root@linux-node1 ~]# touch /etc/my.cnf.d/openstack.cnf
[root@linux-node1 ~]# vim /etc/my.cnf.d/openstack.cnf
[root@linux-node1 ~]# cat /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 0.0.0.0
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
[root@linux-node1 ~]# 

 

啓動數據庫服務，並將其配置爲開機自啓：

[root@linux-node1 ~]# systemctl enable mariadb.service
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@linux-node1 ~]# systemctl start mariadb.service
[root@linux-node1 ~]# 

查看啓動狀況

[root@linux-node1 ~]# netstat -lntp | grep 3306
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      1965/mysqld         
[root@linux-node1 ~]# 

　　

 

爲了保證數據庫服務的安全性，運行mysql_secure_installation腳本，進行一些安全方面的配置，刪除匿名用戶，刪除test庫，設置root密碼等

[root@linux-node1 ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] Y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!
[root@linux-node1 ~]# 

　　

 

Openstack組件建庫和受權

---

 

建庫和受權，以前說過，除了Horizon，其它組件都用到了數據庫。 能夠在安裝響應組件以前建庫和受權。

這裏咱們提早建好，複製下面語句，直接在命令行執行便可，注意root密碼根據本身的密碼。

這裏M版本的openstack，除了新建nova庫，還須要新建一個nova_api庫。

mysql -u root -p123456 -e "CREATE DATABASE keystone;"
mysql -u root -p123456 -e "GRANT ALL  ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';"
mysql -u root -p123456 -e "GRANT ALL  ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';"

mysql -u root -p123456 -e "CREATE DATABASE glance;"
mysql -u root -p123456 -e "GRANT ALL  ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';"
mysql -u root -p123456 -e "GRANT ALL  ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';"

mysql -u root -p123456 -e "CREATE DATABASE nova;"
mysql -u root -p123456 -e "GRANT ALL  ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';"
mysql -u root -p123456 -e "GRANT ALL  ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';"
mysql -u root -p123456 -e "CREATE DATABASE nova_api;"
mysql -u root -p123456 -e "GRANT ALL  ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';"
mysql -u root -p123456 -e "GRANT ALL  ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';"

mysql -u root -p123456 -e "CREATE DATABASE neutron;"
mysql -u root -p123456 -e "GRANT ALL  ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';"
mysql -u root -p123456 -e "GRANT ALL  ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';"

 

檢查庫和用戶

[root@linux-node1 ~]# mysql -u root -p123456 -e "show databases ;" |egrep "glance|keystone|neutron|nova|nova_api"
glance
keystone
neutron
nova
nova_api
[root@linux-node1 ~]# mysql -u root -p123456 -e "select user,host from mysql.user ;" |egrep "cinder|glance|keystone|neutron|nova"
glance	%
keystone	%
neutron	%
nova	%
glance	localhost
keystone	localhost
neutron	localhost
nova	localhost
[root@linux-node1 ~]# 

　　

　

 

安裝和配置RabbitMQ

---

OpenStack 使用 message queue 協調操做和各服務的狀態信息。消息隊列服務通常運行在控制節點上。OpenStack支持好幾種消息隊列服務包括 RabbitMQ, Qpid, 和 ZeroMQ。
不過，大多數發行版本的OpenStack包支持特定的消息隊列服務。本指南安裝 RabbitMQ 消息隊列服務，由於大部分發行版本都支持它。

 

1. 安裝包：

yum install rabbitmq-server  -y

　　

2. 啓動消息隊列服務並將其配置爲隨系統啓動：

systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service

　　

3. 添加 openstack 用戶，並設置密碼（這裏我實驗環境設置密碼也是openstack）：

rabbitmqctl add_user openstack openstack

　　

4. 給openstack用戶配置寫和讀權限：

rabbitmqctl set_permissions openstack ".*" ".*" ".*"

　　

操做過程以下

[root@linux-node1 ~]# systemctl enable rabbitmq-server.service
Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.
[root@linux-node1 ~]# systemctl start rabbitmq-server.service
[root@linux-node1 ~]# rabbitmqctl add_user openstack openstack
Creating user "openstack" ...
[root@linux-node1 ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...
[root@linux-node1 ~]# 

　　

查看端口：rabbitmq的端口是5672

[root@linux-node1 ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:25672           0.0.0.0:*               LISTEN      2607/beam.smp       
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      1580/mysqld         
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd           
tcp        0      0 0.0.0.0:4369            0.0.0.0:*               LISTEN      1/systemd           
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      1656/dnsmasq        
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1158/sshd           
tcp6       0      0 :::5672                 :::*                    LISTEN      2607/beam.smp       
tcp6       0      0 :::111                  :::*                    LISTEN      1/systemd           
tcp6       0      0 :::22                   :::*                    LISTEN      1158/sshd           
[root@linux-node1 ~]# 

　　

rabbitmq默認帶了個web的插件，能夠經過web來看rabbit的狀態
它有下面這麼多插件
列出rabbitmq的插件：

[root@linux-node1 ~]#  rabbitmq-plugins list
 Configured: E = explicitly enabled; e = implicitly enabled
 | Status:   * = running on rabbit@linux-node1
 |/
[  ] amqp_client                       3.6.5
[  ] cowboy                            1.0.3
[  ] cowlib                            1.0.1
[  ] mochiweb                          2.13.1
[  ] rabbitmq_amqp1_0                  3.6.5
[  ] rabbitmq_auth_backend_ldap        3.6.5
[  ] rabbitmq_auth_mechanism_ssl       3.6.5
[  ] rabbitmq_consistent_hash_exchange 3.6.5
[  ] rabbitmq_event_exchange           3.6.5
[  ] rabbitmq_federation               3.6.5
[  ] rabbitmq_federation_management    3.6.5
[  ] rabbitmq_jms_topic_exchange       3.6.5
[  ] rabbitmq_management               3.6.5
[  ] rabbitmq_management_agent         3.6.5
[  ] rabbitmq_management_visualiser    3.6.5
[  ] rabbitmq_mqtt                     3.6.5
[  ] rabbitmq_recent_history_exchange  1.2.1
[  ] rabbitmq_sharding                 0.1.0
[  ] rabbitmq_shovel                   3.6.5
[  ] rabbitmq_shovel_management        3.6.5
[  ] rabbitmq_stomp                    3.6.5
[  ] rabbitmq_top                      3.6.5
[  ] rabbitmq_tracing                  3.6.5
[  ] rabbitmq_trust_store              3.6.5
[  ] rabbitmq_web_dispatch             3.6.5
[  ] rabbitmq_web_stomp                3.6.5
[  ] rabbitmq_web_stomp_examples       3.6.5
[  ] sockjs                            0.3.4
[  ] webmachine                        1.10.3
[root@linux-node1 ~]# 

開機自啓動rabbitmq的管理插件（這些官方文檔沒有）：

[root@linux-node1 ~]#  rabbitmq-plugins enable rabbitmq_management
The following plugins have been enabled:
  mochiweb
  webmachine
  rabbitmq_web_dispatch
  amqp_client
  rabbitmq_management_agent
  rabbitmq_management

Applying plugin configuration to rabbit@linux-node1... started 6 plugins.
[root@linux-node1 ~]# 

從新啓動rabbitmq:

[root@linux-node1 ~]# systemctl restart rabbitmq-server.service
[root@linux-node1 ~]# 

再次查看監聽的端口：web管理端口:15672

[root@linux-node1 ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:25672           0.0.0.0:*               LISTEN      3455/beam.smp       
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      1965/mysqld         
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd           
tcp        0      0 0.0.0.0:4369            0.0.0.0:*               LISTEN      1/systemd           
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      1337/dnsmasq        
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1153/sshd           
tcp        0      0 0.0.0.0:15672           0.0.0.0:*               LISTEN      3455/beam.smp       
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1277/master         
tcp6       0      0 :::5672                 :::*                    LISTEN      3455/beam.smp       
tcp6       0      0 :::111                  :::*                    LISTEN      1/systemd           
tcp6       0      0 :::22                   :::*                    LISTEN      1153/sshd           
tcp6       0      0 ::1:25                  :::*                    LISTEN      1277/master         
[root@linux-node1 ~]# 

　　

rabbitmq監控5672端口

它的web頁面監控在15672頁面

web端打開http://192.168.56.11:15672
用戶名 guest 密碼 guest

guest是超級管理員，你能夠給guest改個密碼

如今使用openstack用戶是沒法登陸的

 

guest登陸後的頁面

 

rabbitmq在openstack通訊過程當中扮演通訊的交通樞紐的做用，它也是支持集羣的

不少地方都用到了它，好比你下完訂單，查詢訂單時提示訂單正在處理中，頗有可能就是寫到了消息隊列裏，還沒寫到數據庫裏面，這樣能夠緩解數據庫壓力的問題

雙十一，一下訂單就寫到數據庫裏，什麼數據庫也扛不住的。它們就可使用分佈式消息隊列

使用消息隊列還能夠用於分佈式的事務，12306很明顯就用到消息隊列了。訂單處理中

 

 

怎麼讓openstack也能登錄呢，點擊Admin

 

點擊openstack這個用戶，tags設置爲下面這種，密碼改爲openstack

 

點擊update以後

 

退出使用openstack登陸

 

登陸成功

也就是說只容許標籤是administrator的登陸

 

既然rabbitmq這麼重要，怎麼監控rabbitmq呢，能夠經過http api監控它

 

點擊進去，看到以下所示，暫時和咱們的實驗無關。就不深刻研究它了

 

 

不少時候，時間不一致沒法建立虛擬機。 再次給機器作下時間同步

[root@linux-node1 ~]# yum install ntpdate -y
[root@linux-node1 ~]# ntpdate time1.aliyun.com
17 Feb 16:32:15 ntpdate[3951]: adjust time server 115.28.122.198 offset 0.010747 sec
[root@linux-node1 ~]# ntpdate time1.aliyun.com
17 Feb 16:32:28 ntpdate[3962]: adjust time server 115.28.122.198 offset 0.007115 sec
[root@linux-node1 ~]# date
Fri Feb 17 16:32:29 CST 2017
[root@linux-node1 ~]#