Openstack組建部署 — Environment of Controller Node

目錄

• 目錄
• 前文列表
• Controller Node
• Install and configure components
  • Setup DNS Server
  • Setup NTP Server
  • Install SQL Database
  • Setup Message queue
  • Setup Memcached

前文列表

• Openstack組件部署 — Overview和前期環境準備

Controller Node

控制節點是整個Openstack控制樞紐，能夠將Database、Message queue、DNS、NTP、Keystone等服務集成到一塊兒，固然Openstack實現了鬆耦合的架構思想，所以全部的組件均可以在任意Node中安裝組合，視乎實際狀況而定。

Install and configure components

Setup DNS Server

step1.

yum install -y bind bind-chroot

**Step2.**Edit the config file.

[root@controller ~]# cat /etc/named.conf | grep -v ^# | grep -v ^// | grep -v ^$
options {
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { any; };
    recursion yes;
    dnssec-enable yes;
    dnssec-validation yes;
    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";
    managed-keys-directory "/var/named/dynamic";
    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
    type hint;
    file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

**Step3.**Forward Domain
vim /etc/named.rfc1912.zones

zone "jmilk.com" IN {
        type master;
        file "jmilk.com.zone";
        allow-update { none; };
};

Create zone config file:

cp -p /var/named/named.localhost /var/named/jmilk.com.zone

vim /var/named/jmilk.com.zone

$TTL 1D
@       IN SOA  @ rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      controller.jmilk.com.
controller A    192.168.1.5
network A       192.168.1.6
compute1 A      192.168.1.10
compute2 A      192.168.1.11
block1 A        192.168.1.20
block2 A        192.168.1.21
object1 A       192.168.1.31
object2 A       192.168.1.32

vim /etc/resolv.conf

# Generated by NetworkManager
search jmilk.com
nameserver 127.0.0.1

注意：當須要聯網安裝軟件包時，仍是須要將DNSSERVER指向外網DNSSERVER

Restart the named service：

systemctl restart named
systemctl enable named

Setup NTP Server

Install the packages:

yum install chrony

Edit the /etc/chrony.conf:
vim /etc/chrony.conf

#註釋其餘以server開頭的配置項，並添加下列配置，使用國內速度較快的NTP Server
server 1.cn.pool.ntp.org iburst  
allow 192.168.1.0/24

Start the NTP service and configure it to start when the system boots:

systemctl enable chronyd.service
systemctl start chronyd.service

CHECK:

[root@controller ~]# timedatectl status 
      Local time: Fri 2016-06-10 12:00:08 EDT
  Universal time: Fri 2016-06-10 16:00:08 UTC
        RTC time: Fri 2016-06-10 16:00:09
        Timezone: America/New_York (EDT, -0400)
     NTP enabled: yes               #YES
NTP synchronized: yes               #YES
 RTC in local TZ: no
      DST active: yes
 Last DST change: DST began at
                  Sun 2016-03-13 01:59:59 EST
                  Sun 2016-03-13 03:00:00 EDT
 Next DST change: DST ends (the clock jumps one hour backwards) at
                  Sun 2016-11-06 01:59:59 EDT
                  Sun 2016-11-06 01:00:00 EST

[root@controller ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* 202.118.1.130                 2   6    17    31   +307us[ +415us] +/-   82ms

Install SQL Database

Install the packages:

yum install mariadb mariadb-server python2-PyMySQL -y

Create and edit the /etc/my.cnf.d/openstack.cnf file
vim /etc/my.cnf.d/openstack.cnf

[mysqld]
bind-address = 192.168.1.5      #Controller Node IPAddress 設置
ip綁定
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
character-set-server = utf8    #默認數據庫引擎及默認字符集爲UTF-8

Start the database service and configure it to start when the system boots:

systemctl enable mariadb.service
systemctl start mariadb.service

初始化MySQL：

[root@controller ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

You already have a root password set, so you can safely answer 'n'.

Change the root password? [Y/n] 
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] 
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] 
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] 
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] 
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Setup Message queue

OpenStack使用message queue實現協調操做和服務之間的狀態信息。Message queue service通常在Controller Node上運行。
OpenStack經常使用的消息代理軟件：

• RabbitMQ(更加經常使用)
• Qpid
• ZeroMQ

Install the package:

yum install rabbitmq-server -y

Start the message queue service and configure it to start when the system boots:

systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service

Add the openstack user

rabbitmqctl add_user openstack fanguiju

Permit configuration, write, and read access for the openstack user:

rabbitmqctl set_permissions openstack ".*" ".*" ".*"

Setup Memcached

The Identity service authentication mechanism for services uses Memcached to cache tokens. Memcached緩存技術用於對Keystone組件的認證信息token進行緩存。通常安裝在Controller Node上，在生產系統中，建議使用認證、防火牆、加密的手段來保證token緩存的安全。
Install the packages:

yum install memcached python-memcached -y

Start the Memcached service and configure it to start when the system boots:

systemctl enable memcached.service
systemctl start memcached.service