Packstack 多种姿势安装OpenStack Stein
系统初始化
修改主机名,关闭防火墙,selinux
安装RDO packstack
更新操作系统至最新版本
安装openstack所依赖的yum源
如果系统无法访问互联网,请跳过该步骤,然后手动配置内部openstack stein版本的yum源
hostnamectl set-hostname controller1 --static
systemctl stop firewalld && systemctl disable firewalld
systemctl start iptables && systemctl enable iptables
systemctl stop ip6tables.service && systemctl disable ip6tables.service
systemctl disable NetworkManager && systemctl stop NetworkManager
iptables -F && service iptables save
\# 关闭selinuxsed -i "s/^SELINUX=enforcing$/SELINUX=disabled/g" /etc/selinux/config
\# 设置文件句柄sed -i "s/^#DefaultLimitNPROC=$/DefaultLimitNPROC=102400/g"
/etc/systemd/system.conf
sed -i "s/^#DefaultLimitNOFILE=$/DefaultLimitNOFILE=102400/g"
/etc/systemd/system.conf
sed -i "s/4096/102400/g" /etc/security/limits.d/20-nproc.conf
echo "* soft nofile 102400">>/etc/security/limits.conf
echo "* hard nofile 102400" >>/etc/security/limits.conf
echo "* soft nproc 102400" >>/etc/security/limits.conf
echo "* hard nproc 102400" >>/etc/security/limits.conf
yum update -y
yum install -y centos-release-openstack-stein
安装rdo packstack工具
RDO工具使用方式
SSH 免密认证
rdo安装openstack依赖于ssh免密钥登录,所以需要控制节点能够免ssh key登录所有节点,包括自身使用ssh-keygen生产公私钥,然后将公钥copy到所有节点。该步初始化是allinone安装以及多节点安装所必须依赖的步骤。
allinone 安装方式
该安装方式一般用于测试,默认会把所有服务安装在一个节点上,安装命令如下:
预计30min到60min能够安装完成,具体情况根据网速而定,安装完成后会生成packstack-answers文件以及keystonerc_admin等认证文件。该方式仅仅用于快速测试openstack功能以及版本,Stein版本默认使用的是OVN,网络类型为mgre。
多节点非HA安装方式(VLAN)
该方式适用于安装单个控制节点+多个网络节点+多个计算节点
安装步骤具体如下:
1. 使用命令生成自动安装应答文件
配置文件决定了如何安装以及安装那些服务,那些节点等信息。安装之前请确认配置无误。
2. openstack.txt 之服务确定
yum install -y openstack-packstack openstack-packstack-puppet
packstack --allinone
packstack --gen-answer-file=openstack.txt
3. openstack.txt之密码信息
rdo packstack会生成默认的密码,如果需要配置,具体如下:
密码不推荐更改,默认生成的密码已经具有一定的复杂度。每一个服务都有两个密码,一个是服务用户的密码,一个是服务数据库的密码,如下:
# 数据库安装,如果为no,请配置好对应的数据库地址以及密码 CONFIG_MARIADB_INSTALL=y
# glance服务安装,提供镜像服务 CONFIG_GLANCE_INSTALL=y
# cinder安装,默认使用loop 生成一共20g的lvm卷 CONFIG_CINDER_INSTALL=y
# manila,文件服务,推荐关闭 CONFIG_MANILA_INSTALL=n
# nova服务,必须安装 CONFIG_NOVA_INSTALL=y
# neutron网络服务,必须安装 CONFIG_NEUTRON_INSTALL=y
# dashboard界面,推荐安装
CONFIG_HORIZON_INSTALL=y
# swift对象存储服务,默认会使用loop生成5G空间的对象存储,可以关闭 CONFIG_SWIFT_INSTALL=n
# ceilometer 监控服务 CONFIG_CEILOMETER_INSTALL=n
# aodh告警服务 CONFIG_AODH_INSTALL=n
# panko 事件服务 CONFIG_PANKO_INSTALL=n
# sahara 大数据服务 CONFIG_SAHARA_INSTALL=n
# heat 编排服务 CONFIG_HEAT_INSTALL=n
# magum容器编排服务 CONFIG_MAGNUM_INSTALL=n
# trove 数据库管理服务 CONFIG_TROVE_INSTALL=n
# ironic裸机管理服务 CONFIG_IRONIC_INSTALL=n
# 安装openstack clien工具,默认安装 CONFIG_CLIENT_INSTALL=y
# LBAAS 负载均衡服务 CONFIG_LBAAS_INSTALL=n
# neutron FWAAS防火墙服务,SDN方案中需要打开该功能 CONFIG_NEUTRON_FWAAS=n
# neutron VPNAAS 站点ipsec vpn功能
CONFIG_NEUTRON_VPNAAS=n
# neutron metering服务,如果安装了ceilometer推荐打开,此处关闭 CONFIG_NEUTRON_METERING_AGENT_INSTALL=n
# heat默认模板,如果heat安装,本处推荐打开 CONFIG_HEAT_CFN_INSTALL=n
# 该配置项目默认为空,如果配置了话,那么所有密码都是该default值CONFIG_DEFAULT_PASSWORD=
经常修改的密码其实有如下两部分:
Keystone认证的用户以及密码
RDO 安装完成OpenStack后会默认生成admin以及demo两个用户,可以更改如下两个用户的密码:
MARIADB 默认root用户以及密码
如果已经存在了数据库,或者失望使用现有的数据,那么请修改如下配置:
4. openstack.txt之Cinder-volume卷配置
RDO默认会使用loop的方式在控制节点安装一个20G的lvm卷。如果关闭的话,请将y设置为n即可。
5. openstack.txt之安装节点选择
修改如下配置文件,HOST意味着只能使用一个节点,HOSTS意味着可以使用多节点。具体配置如下:
6. openstack.txt之vlan类型openvswitch网络配置
RDO安装S版本之前默认使用OVS的VXLAN类型的网络,Stein版本之后默认使用OVN的geneve类型网络。本次将修改为OVS类型的VLAN网络,具体配置项目如下:
# GLANCE数据库密码CONFIG_GLANCE_DB_PW=4d5c49c80f144c87
# GLANCE服务用户密码CONFIG_GLANCE_KS_PW=49db34da286b4e3b
CONFIG_KEYSTONE_ADMIN_USERNAME=admin
CONFIG_KEYSTONE_ADMIN_PW=aedd558752544f48
CONFIG_KEYSTONE_DEMO_PW=099e17ef7c174c98
# 不安装MARIADB数据库CONFIG_MARIADB_INSTALL=n
# 指定数据库地址CONFIG_MARIADB_HOST=114.118.28.117
# root 用户的数据库密码,确认root用户可以使用以下密码访问数据库CONFIG_MARIADB_PW=92bff38adeea4025
CONFIG_CINDER_BACKEND=lvm
CONFIG_CINDER_VOLUMES_CREATE=y
CONFIG_CINDER_VOLUME_NAME=cinder-volumes
CONFIG_CINDER_VOLUMES_SIZE=20G
# 配置控制节点IP,目前只能配置一个CONFIG_CONTROLLER_HOST=10.0.5.101
# 配置计算节点IP,目前可以配置多个CONFIG_COMPUTE_HOSTS=10.0.5.107,10.0.5.108,10.0.5.109
# 配置网络节点IP,目前可以配置多个,能恒泰为控制节点IPCONFIG_NETWORK_HOSTS=10.0.5.104,10.0.5.105,10.0.5.106
# 指定external provide网络的ovs名称,默认br-exCONFIG_NEUTRON_L3_EXT_BRIDGE=br-ex
# 指定ML2支持的网络类型,VLAN类型网络必须选上VLAN
上述的配置中默认有两种网络类型,extnet与physnet。extnet是作为外部网络使用的,对应的ovs为br-ex,网卡eno0。网络类型flat。
physnet是作为内部租户网络使用,对应的ovs为br-physnet,网卡eno1。网络类型vlan。
7. openstack.txt之安装
当openstack.txt应答模板文件编辑后好,使用如下命令进行安装:
推荐使用nohup将安装放到后台,防止意外中断
多节点HA安装方式
多节点HA安装方式基本复制上述的openstack.txt。只要在每个控制控制节点运行后进行调整即可。具体安装步骤如下:
1. 选择三个控制节点,进行系统初始化
初始化使用本文第一步的脚本,设置后每一台的hostname,同时添加hosts。
CONFIG_NEUTRON_ML2_TYPE_DRIVERS=flat,vlan
# 指定租户网络的类型,本次为vlanCONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES=vlan
# 指定ML2 driver,本处为openvswitchCONFIG_NEUTRON_ML2_MECHANISM_DRIVERS=openvswitch
# 指定FLAT网络可用形式,本次为任意CONFIG_NEUTRON_ML2_FLAT_NETWORKS=*
# 指定VLAN类型网络的范围,如果多个,请以逗号隔开CONFIG_NEUTRON_ML2_VLAN_RANGES=physnet:200:500
# 指定L2_agent类型,默认openvswitchCONFIG_NEUTRON_L2_AGENT=openvswitch
# 指定网络节点网卡桥接方式,多个以逗号隔开CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=extnet:br-ex,physnet:br-physnet
# 网络节点ovs桥接对应的物理端口CONFIG_NEUTRON_OVS_BRIDGE_IFACES=br-physnet:eno1,br-ex:eno0
# 计算节点ovs桥接对应的物理端口CONFIG_NEUTRON_OVS_BRIDGES_COMPUTE=br-physnet
# openstack 外部网络类型CONFIG_NEUTRON_OVS_EXTERNAL_PHYSNET=extnet
packstack --answer-file=openstack.txt
nohup packstack --answer-file=openstack.txt &
tailf -100 nohup.out
hostnamectl set-hostname --static controller1
hostnamectl set-hostname --static controller2
hostnamectl set-hostname --static controller3
cat >> /etc/hosts << EOF
10.0.5.100 controller
10.0.5.101 controller1
10.0.5.102 controller2
10.0.5.103 controller3
EOF
cat >> /etc/sysctl.conf << EOF
2. 三控制节点安装MariaDB galera,pacemaker,同时配置haproxy
3. 控制节点依次运行packstack,进行openstack安装
请将VIP切换到controller1(停止controller2与controller3 corosync服务即可)
上述脚本中修改packstack部分如下:
依次安装controller2与controller3,安装过程中可以随意选择一个网络节点以及计算节点
4. RabbitMQ与memcached调整(推荐使用ansible调整)
将三个控制节点的RabbitMQ服务配置为Cluster
将openstack所有配置文件中transport_url 修改为如下:
net.ipv4.ip_forward=1
net.ipv4.ip_nonlocal_bind = 1
net.ipv6.ip_nonlocal_bind = 1
EOF
listen mariadb
mode tcp
option clitcpka
timeout client 3600s
option srvtcpka
timeout server 3600s
option mysql-check user haproxy post-41
option tcplog
bind controller:3306
server controller1 10.0.5.101:3306 check inter 2000 rise 2 fall 5
server controller2 10.0.5.102:3306 check inter 2000 rise 2 fall 5 backup
server controller3 10.0.5.103:3306 check inter 2000 rise 2 fall 5 backup
# 数据库安装,如果为no,请配置好对应的数据库地址以及密码 CONFIG_MARIADB_INSTALL=n
# 指定数据库地址MARIADB hostCONFIG_MARIADB_HOST=10.0.5.100
# 配置控制节点IP,目前只能配置一个CONFIG_CONTROLLER_HOST=10.0.5.100
# 配置计算节点IP,目前可以配置多个CONFIG_COMPUTE_HOSTS=10.0.5.107,10.0.5.108,10.0.5.109
# 配置网络节点IP,目前可以配置多个,能恒泰为控制节点IPCONFIG_NETWORK_HOSTS=10.0.5.104,10.0.5.105,10.0.5.106
# on controller2
rabbitmqctl stop_app
rabbitmqctl join_cluster --ram rabbit@controller1
rabbitmqctl start_app
# on controller3
rabbitmqctl stop_app
rabbitmqctl join_cluster --disk rabbit@controller1
rabbitmqctl start_app
transport_url=rabbit://guest:guest@controller1:5672,guest:guest@controller2:
5672,guest:guest@controller3:5672
在所有keystone_authtoken下面添加memcached缓存
在keystone的cache配置下启用cache缓存
5. 修改控制节点openstack所有服务的文件,将监听地址改为本地管理IP(推荐ansible修改)
具体配置如下:
haproxy配置文件如下:
memcache_security_strategy = ENCRYPT
memcache_secret_key = I2Ws13eKT0cQIJJQzX2AtI2aQW6x4vSQdmsqCuBf
memcached_servers = controller1:11211,controller2:11211,controller3:11211
[cache]
backend = oslo_cache.memcache_pool
enabled = True
memcache_servers = controller1:11211,controller2:11211,controller3:11211
# /etc/httpd/conf/ports.conf
Listen controller101:8778
Listen controller101:35357
Listen controller101:5000
Listen controller101:80
# /etc/glance/glance-api.conf
[DEFAULT]
bind_host=controller101
registry_host=controller101
# /etc/glance/glance-registry.conf
[DEFAULT]
bind_host=controller201
# /etc/cinder/cinder.conf
[DEFAULT]
osapi_volume_listen=controller101
# /etc/neutron/neutron.conf
[DEFAULT]
bind_host=controller101
# /etc/nova/nova.conf
[DEFAULT]
osapi_compute_listen=controller101
metadata_listen=controller101
[VNC]
novncproxy_host=controller101
global
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
log 10.0.5.203:5140 local1
maxconn 4000
nbproc 1
stats socket /var/lib/haproxy/haproxy.sock group haproxy mode 660
defaults
log global
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout check 10s
balance roundrobin
listen stats
bind 10.0.5.103:1984
bind controller:1984
mode http
stats enable
stats uri /
stats refresh 15s
stats realm Haproxy\ Stats
stats auth openstack:tyun123
frontend status
bind 10.0.5.103:61313
bind controller:61313
mode http
monitor-uri /
listen mariadb
mode tcp
option clitcpka
timeout client 3600s
option srvtcpka
timeout server 3600s
option mysql-check user haproxy post-41
option tcplog
bind controller:3306
server controller101 10.0.5.101:3306 check inter 2000 rise 2 fall 5
server controller102 10.0.5.102:3306 check inter 2000 rise 2 fall 5
backup
server controller103 10.0.5.103:3306 check inter 2000 rise 2 fall 5
backup
listen keystone_internal
mode http
http-request del-header X-Forwarded-Proto
option httplog
option forwardfor
bind controller:5000
server controller101 controller101:5000 check inter 2000 rise 2 fall 5
server controller102 controller102:5000 check inter 2000 rise 2 fall 5
server controller103 controller103:5000 check inter 2000 rise 2 fall 5
listen keystone_admin
mode http
http-request del-header X-Forwarded-Proto
option httplog
option forwardfor
bind controller:35357
server controller101 controller101:35357 check inter 2000 rise 2 fall 5
server controller102 controller102:35357 check inter 2000 rise 2 fall 5
server controller103 controller103:35357 check inter 2000 rise 2 fall 5
listen glance_api
mode http
http-request del-header X-Forwarded-Proto
timeout client 6h
timeout server 6h
option httplog
option forwardfor
bind controller:9292
server controller101 controller101:9292 check inter 2000 rise 2 fall 5
server controller102 controller102:9292 check inter 2000 rise 2 fall 5
server controller103 controller103:9292 check inter 2000 rise 2 fall 5
listen cinder_api
mode http
http-request del-header X-Forwarded-Proto
option httplog
option forwardfor
bind controller:8776
server controller101 controller101:8776 check inter 2000 rise 2 fall 5
server controller102 controller102:8776 check inter 2000 rise 2 fall 5
server controller103 controller103:8776 check inter 2000 rise 2 fall 5
listen neutron_server
mode http
http-request del-header X-Forwarded-Proto
option http-tunnel
option httplog
option forwardfor
bind controller:9696
server controller1 controller1:9696 check inter 2000 rise 2 fall 5
server controller2 controller2:9696 check inter 2000 rise 2 fall 5
server controller3 controller3:9696 check inter 2000 rise 2 fall 5
listen nova_api
mode http
http-request del-header X-Forwarded-Proto
option httplog
option forwardfor
bind controller:8774
server controller1 controller1:8774 check inter 2000 rise 2 fall 5
server controller2 controller2:8774 check inter 2000 rise 2 fall 5
server controller3 controller3:8774 check inter 2000 rise 2 fall 5
listen nova_metadata
mode http
http-request del-header X-Forwarded-Proto
option httplog
option forwardfor
bind controller:8775
6. crontab调整
packstack安装后keystone会使用crontab进行 fernet key轮训,可以删除
而nova 的crontab可以进行调整,默认如下:
server controller1 controller1:8775 check inter 2000 rise 2 fall 5
server controller2 controller2:8775 check inter 2000 rise 2 fall 5
server controller3 controller3:8775 check inter 2000 rise 2 fall 5
listen nova_novncproxy
mode http
http-request del-header X-Forwarded-Proto
timeout tunnel 1h
option httplog
option forwardfor
bind controller:6080
server controller1 controller1:6080 check inter 2000 rise 2 fall 5
server controller2 controller2:6080 check inter 2000 rise 2 fall 5
server controller3 controller3:6080 check inter 2000 rise 2 fall 5
listen placement_api
mode http
http-request del-header X-Forwarded-Proto
option httplog
option forwardfor
bind controller:8778
server controller1 controller1:8778 check inter 2000 rise 2 fall 5
server controller2 controller2:8778 check inter 2000 rise 2 fall 5
server controller3 controller3:8778 check inter 2000 rise 2 fall 5
listen horizon
mode http
http-request del-header X-Forwarded-Proto
balance source
option httplog
option forwardfor
bind controller:80
server controller1 controller1:80 check inter 2000 rise 2 fall 5
server controller2 controller2:80 check inter 2000 rise 2 fall 5
server controller3 controller3:80 check inter 2000 rise 2 fall 5
crontab -u keystone -r
crontab -u nova -l
# HEADER: This file was autogenerated at 2019-07-07 15:09:42 +0800 by
puppet.
# HEADER: While it can still be managed manually, it is definitely not
recommended.
# HEADER: Note particularly that the comments starting with 'Puppet Name'
should
# HEADER: not be deleted, as doing so could cause duplicate cron jobs.
# Puppet Name: nova-manage db archive_deleted_rows
PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh
1 */12 * * * nova-manage db archive_deleted_rows --max_rows 100
>>/dev/null 2>&1
可以进行调整,使每个控制节点运行时间均匀分开,每8小时运行一次。
- Packstack 多种姿势安装OpenStack Stein
- 系统初始化
- 安装RDO packstack
- RDO工具使用方式
- SSH 免密认证
- allinone 安装方式
- 多节点非HA安装方式(VLAN)
- 多节点HA安装方式