Packstack 多種姿勢安裝OpenStack Stein
系統初始化
修改主機名,關閉防火牆,selinux
安裝RDO packstack
更新操作系統至最新版本
安裝openstack所依賴的yum源
如果系統無法訪問互聯網,請跳過該步驟,然後手動配置內部openstack stein版本的yum源
hostnamectl set-hostname controller1 --static
systemctl stop firewalld && systemctl disable firewalld
systemctl start iptables && systemctl enable iptables
systemctl stop ip6tables.service && systemctl disable ip6tables.service
systemctl disable NetworkManager && systemctl stop NetworkManager
iptables -F && service iptables save
\# 關閉selinuxsed -i "s/^SELINUX=enforcing$/SELINUX=disabled/g" /etc/selinux/config
\# 設置文件句柄sed -i "s/^#DefaultLimitNPROC=$/DefaultLimitNPROC=102400/g"
/etc/systemd/system.conf
sed -i "s/^#DefaultLimitNOFILE=$/DefaultLimitNOFILE=102400/g"
/etc/systemd/system.conf
sed -i "s/4096/102400/g" /etc/security/limits.d/20-nproc.conf
echo "* soft nofile 102400">>/etc/security/limits.conf
echo "* hard nofile 102400" >>/etc/security/limits.conf
echo "* soft nproc 102400" >>/etc/security/limits.conf
echo "* hard nproc 102400" >>/etc/security/limits.conf
yum update -y
yum install -y centos-release-openstack-stein
安裝rdo packstack工具
RDO工具使用方式
SSH 免密認證
rdo安裝openstack依賴於ssh免密鑰登錄,所以需要控制節點能夠免ssh key登錄所有節點,包括自身使用ssh-keygen生產公私鑰,然後將公鑰copy到所有節點。該步初始化是allinone安裝以及多節點安裝所必須依賴的步驟。
allinone 安裝方式
該安裝方式一般用於測試,默認會把所有服務安裝在一個節點上,安裝命令如下:
預計30min到60min能夠安裝完成,具體情況根據網速而定,安裝完成後會生成packstack-answers文件以及keystonerc_admin等認證文件。該方式僅僅用於快速測試openstack功能以及版本,Stein版本默認使用的是OVN,網絡類型為mgre。
多節點非HA安裝方式(VLAN)
該方式適用於安裝單個控制節點+多個網絡節點+多個計算節點
安裝步驟具體如下:
1. 使用命令生成自動安裝應答文件
配置文件決定了如何安裝以及安裝那些服務,那些節點等信息。安裝之前請確認配置無誤。
2. openstack.txt 之服務確定
yum install -y openstack-packstack openstack-packstack-puppet
packstack --allinone
packstack --gen-answer-file=openstack.txt
3. openstack.txt之密碼信息
rdo packstack會生成默認的密碼,如果需要配置,具體如下:
密碼不推薦更改,默認生成的密碼已經具有一定的複雜度。每一個服務都有兩個密碼,一個是服務用戶的密碼,一個是服務數據庫的密碼,如下:
# 數據庫安裝,如果為no,請配置好對應的數據庫地址以及密碼 CONFIG_MARIADB_INSTALL=y
# glance服務安裝,提供鏡像服務 CONFIG_GLANCE_INSTALL=y
# cinder安裝,默認使用loop 生成一共20g的lvm卷 CONFIG_CINDER_INSTALL=y
# manila,文件服務,推薦關閉 CONFIG_MANILA_INSTALL=n
# nova服務,必須安裝 CONFIG_NOVA_INSTALL=y
# neutron網絡服務,必須安裝 CONFIG_NEUTRON_INSTALL=y
# dashboard界面,推薦安裝
CONFIG_HORIZON_INSTALL=y
# swift對象存儲服務,默認會使用loop生成5G空間的對象存儲,可以關閉 CONFIG_SWIFT_INSTALL=n
# ceilometer 監控服務 CONFIG_CEILOMETER_INSTALL=n
# aodh告警服務 CONFIG_AODH_INSTALL=n
# panko 事件服務 CONFIG_PANKO_INSTALL=n
# sahara 大數據服務 CONFIG_SAHARA_INSTALL=n
# heat 編排服務 CONFIG_HEAT_INSTALL=n
# magum容器編排服務 CONFIG_MAGNUM_INSTALL=n
# trove 數據庫管理服務 CONFIG_TROVE_INSTALL=n
# ironic裸機管理服務 CONFIG_IRONIC_INSTALL=n
# 安裝openstack clien工具,默認安裝 CONFIG_CLIENT_INSTALL=y
# LBAAS 負載均衡服務 CONFIG_LBAAS_INSTALL=n
# neutron FWAAS防火牆服務,SDN方案中需要打開該功能 CONFIG_NEUTRON_FWAAS=n
# neutron VPNAAS 站點ipsec vpn功能
CONFIG_NEUTRON_VPNAAS=n
# neutron metering服務,如果安裝了ceilometer推薦打開,此處關閉 CONFIG_NEUTRON_METERING_AGENT_INSTALL=n
# heat默認模板,如果heat安裝,本處推薦打開 CONFIG_HEAT_CFN_INSTALL=n
# 該配置項目默認為空,如果配置了話,那麼所有密碼都是該default值CONFIG_DEFAULT_PASSWORD=
經常修改的密碼其實有如下兩部分:
Keystone認證的用戶以及密碼
RDO 安裝完成OpenStack後會默認生成admin以及demo兩個用戶,可以更改如下兩個用戶的密碼:
MARIADB 默認root用戶以及密碼
如果已經存在了數據庫,或者失望使用現有的數據,那麼請修改如下配置:
4. openstack.txt之Cinder-volume卷配置
RDO默認會使用loop的方式在控制節點安裝一個20G的lvm卷。如果關閉的話,請將y設置為n即可。
5. openstack.txt之安裝節點選擇
修改如下配置文件,HOST意味著只能使用一個節點,HOSTS意味著可以使用多節點。具體配置如下:
6. openstack.txt之vlan類型openvswitch網絡配置
RDO安裝S版本之前默認使用OVS的VXLAN類型的網絡,Stein版本之後默認使用OVN的geneve類型網絡。本次將修改為OVS類型的VLAN網絡,具體配置項目如下:
# GLANCE數據庫密碼CONFIG_GLANCE_DB_PW=4d5c49c80f144c87
# GLANCE服務用戶密碼CONFIG_GLANCE_KS_PW=49db34da286b4e3b
CONFIG_KEYSTONE_ADMIN_USERNAME=admin
CONFIG_KEYSTONE_ADMIN_PW=aedd558752544f48
CONFIG_KEYSTONE_DEMO_PW=099e17ef7c174c98
# 不安裝MARIADB數據庫CONFIG_MARIADB_INSTALL=n
# 指定數據庫地址CONFIG_MARIADB_HOST=114.118.28.117
# root 用戶的數據庫密碼,確認root用戶可以使用以下密碼訪問數據庫CONFIG_MARIADB_PW=92bff38adeea4025
CONFIG_CINDER_BACKEND=lvm
CONFIG_CINDER_VOLUMES_CREATE=y
CONFIG_CINDER_VOLUME_NAME=cinder-volumes
CONFIG_CINDER_VOLUMES_SIZE=20G
# 配置控制節點IP,目前只能配置一個CONFIG_CONTROLLER_HOST=10.0.5.101
# 配置計算節點IP,目前可以配置多個CONFIG_COMPUTE_HOSTS=10.0.5.107,10.0.5.108,10.0.5.109
# 配置網絡節點IP,目前可以配置多個,能恆泰為控制節點IPCONFIG_NETWORK_HOSTS=10.0.5.104,10.0.5.105,10.0.5.106
# 指定external provide網絡的ovs名稱,默認br-exCONFIG_NEUTRON_L3_EXT_BRIDGE=br-ex
# 指定ML2支持的網絡類型,VLAN類型網絡必須選上VLAN
上述的配置中默認有兩種網絡類型,extnet與physnet。extnet是作為外部網絡使用的,對應的ovs為br-ex,網卡eno0。網絡類型flat。
physnet是作為內部租戶網絡使用,對應的ovs為br-physnet,網卡eno1。網絡類型vlan。
7. openstack.txt之安裝
當openstack.txt應答模板文件編輯後好,使用如下命令進行安裝:
推薦使用nohup將安裝放到後臺,防止意外中斷
多節點HA安裝方式
多節點HA安裝方式基本複製上述的openstack.txt。只要在每個控制控制節點運行後進行調整即可。具體安裝步驟如下:
1. 選擇三個控制節點,進行系統初始化
初始化使用本文第一步的腳本,設置後每一臺的hostname,同時添加hosts。
CONFIG_NEUTRON_ML2_TYPE_DRIVERS=flat,vlan
# 指定租戶網絡的類型,本次為vlanCONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES=vlan
# 指定ML2 driver,本處為openvswitchCONFIG_NEUTRON_ML2_MECHANISM_DRIVERS=openvswitch
# 指定FLAT網絡可用形式,本次為任意CONFIG_NEUTRON_ML2_FLAT_NETWORKS=*
# 指定VLAN類型網絡的範圍,如果多個,請以逗號隔開CONFIG_NEUTRON_ML2_VLAN_RANGES=physnet:200:500
# 指定L2_agent類型,默認openvswitchCONFIG_NEUTRON_L2_AGENT=openvswitch
# 指定網絡節點網卡橋接方式,多個以逗號隔開CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=extnet:br-ex,physnet:br-physnet
# 網絡節點ovs橋接對應的物理端口CONFIG_NEUTRON_OVS_BRIDGE_IFACES=br-physnet:eno1,br-ex:eno0
# 計算節點ovs橋接對應的物理端口CONFIG_NEUTRON_OVS_BRIDGES_COMPUTE=br-physnet
# openstack 外部網絡類型CONFIG_NEUTRON_OVS_EXTERNAL_PHYSNET=extnet
packstack --answer-file=openstack.txt
nohup packstack --answer-file=openstack.txt &
tailf -100 nohup.out
hostnamectl set-hostname --static controller1
hostnamectl set-hostname --static controller2
hostnamectl set-hostname --static controller3
cat >> /etc/hosts << EOF
10.0.5.100 controller
10.0.5.101 controller1
10.0.5.102 controller2
10.0.5.103 controller3
EOF
cat >> /etc/sysctl.conf << EOF
2. 三控制節點安裝MariaDB galera,pacemaker,同時配置haproxy
3. 控制節點依次運行packstack,進行openstack安裝
請將VIP切換到controller1(停止controller2與controller3 corosync服務即可)
上述腳本中修改packstack部分如下:
依次安裝controller2與controller3,安裝過程中可以隨意選擇一個網絡節點以及計算節點
4. RabbitMQ與memcached調整(推薦使用ansible調整)
將三個控制節點的RabbitMQ服務配置為Cluster
將openstack所有配置文件中transport_url 修改為如下:
net.ipv4.ip_forward=1
net.ipv4.ip_nonlocal_bind = 1
net.ipv6.ip_nonlocal_bind = 1
EOF
listen mariadb
mode tcp
option clitcpka
timeout client 3600s
option srvtcpka
timeout server 3600s
option mysql-check user haproxy post-41
option tcplog
bind controller:3306
server controller1 10.0.5.101:3306 check inter 2000 rise 2 fall 5
server controller2 10.0.5.102:3306 check inter 2000 rise 2 fall 5 backup
server controller3 10.0.5.103:3306 check inter 2000 rise 2 fall 5 backup
# 數據庫安裝,如果為no,請配置好對應的數據庫地址以及密碼 CONFIG_MARIADB_INSTALL=n
# 指定數據庫地址MARIADB hostCONFIG_MARIADB_HOST=10.0.5.100
# 配置控制節點IP,目前只能配置一個CONFIG_CONTROLLER_HOST=10.0.5.100
# 配置計算節點IP,目前可以配置多個CONFIG_COMPUTE_HOSTS=10.0.5.107,10.0.5.108,10.0.5.109
# 配置網絡節點IP,目前可以配置多個,能恆泰為控制節點IPCONFIG_NETWORK_HOSTS=10.0.5.104,10.0.5.105,10.0.5.106
# on controller2
rabbitmqctl stop_app
rabbitmqctl join_cluster --ram rabbit@controller1
rabbitmqctl start_app
# on controller3
rabbitmqctl stop_app
rabbitmqctl join_cluster --disk rabbit@controller1
rabbitmqctl start_app
transport_url=rabbit://guest:guest@controller1:5672,guest:guest@controller2:
5672,guest:guest@controller3:5672
在所有keystone_authtoken下面添加memcached緩存
在keystone的cache配置下啟用cache緩存
5. 修改控制節點openstack所有服務的文件,將監聽地址改為本地管理IP(推薦ansible修改)
具體配置如下:
haproxy配置文件如下:
memcache_security_strategy = ENCRYPT
memcache_secret_key = I2Ws13eKT0cQIJJQzX2AtI2aQW6x4vSQdmsqCuBf
memcached_servers = controller1:11211,controller2:11211,controller3:11211
[cache]
backend = oslo_cache.memcache_pool
enabled = True
memcache_servers = controller1:11211,controller2:11211,controller3:11211
# /etc/httpd/conf/ports.conf
Listen controller101:8778
Listen controller101:35357
Listen controller101:5000
Listen controller101:80
# /etc/glance/glance-api.conf
[DEFAULT]
bind_host=controller101
registry_host=controller101
# /etc/glance/glance-registry.conf
[DEFAULT]
bind_host=controller201
# /etc/cinder/cinder.conf
[DEFAULT]
osapi_volume_listen=controller101
# /etc/neutron/neutron.conf
[DEFAULT]
bind_host=controller101
# /etc/nova/nova.conf
[DEFAULT]
osapi_compute_listen=controller101
metadata_listen=controller101
[VNC]
novncproxy_host=controller101
global
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
log 10.0.5.203:5140 local1
maxconn 4000
nbproc 1
stats socket /var/lib/haproxy/haproxy.sock group haproxy mode 660
defaults
log global
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout check 10s
balance roundrobin
listen stats
bind 10.0.5.103:1984
bind controller:1984
mode http
stats enable
stats uri /
stats refresh 15s
stats realm Haproxy\ Stats
stats auth openstack:tyun123
frontend status
bind 10.0.5.103:61313
bind controller:61313
mode http
monitor-uri /
listen mariadb
mode tcp
option clitcpka
timeout client 3600s
option srvtcpka
timeout server 3600s
option mysql-check user haproxy post-41
option tcplog
bind controller:3306
server controller101 10.0.5.101:3306 check inter 2000 rise 2 fall 5
server controller102 10.0.5.102:3306 check inter 2000 rise 2 fall 5
backup
server controller103 10.0.5.103:3306 check inter 2000 rise 2 fall 5
backup
listen keystone_internal
mode http
http-request del-header X-Forwarded-Proto
option httplog
option forwardfor
bind controller:5000
server controller101 controller101:5000 check inter 2000 rise 2 fall 5
server controller102 controller102:5000 check inter 2000 rise 2 fall 5
server controller103 controller103:5000 check inter 2000 rise 2 fall 5
listen keystone_admin
mode http
http-request del-header X-Forwarded-Proto
option httplog
option forwardfor
bind controller:35357
server controller101 controller101:35357 check inter 2000 rise 2 fall 5
server controller102 controller102:35357 check inter 2000 rise 2 fall 5
server controller103 controller103:35357 check inter 2000 rise 2 fall 5
listen glance_api
mode http
http-request del-header X-Forwarded-Proto
timeout client 6h
timeout server 6h
option httplog
option forwardfor
bind controller:9292
server controller101 controller101:9292 check inter 2000 rise 2 fall 5
server controller102 controller102:9292 check inter 2000 rise 2 fall 5
server controller103 controller103:9292 check inter 2000 rise 2 fall 5
listen cinder_api
mode http
http-request del-header X-Forwarded-Proto
option httplog
option forwardfor
bind controller:8776
server controller101 controller101:8776 check inter 2000 rise 2 fall 5
server controller102 controller102:8776 check inter 2000 rise 2 fall 5
server controller103 controller103:8776 check inter 2000 rise 2 fall 5
listen neutron_server
mode http
http-request del-header X-Forwarded-Proto
option http-tunnel
option httplog
option forwardfor
bind controller:9696
server controller1 controller1:9696 check inter 2000 rise 2 fall 5
server controller2 controller2:9696 check inter 2000 rise 2 fall 5
server controller3 controller3:9696 check inter 2000 rise 2 fall 5
listen nova_api
mode http
http-request del-header X-Forwarded-Proto
option httplog
option forwardfor
bind controller:8774
server controller1 controller1:8774 check inter 2000 rise 2 fall 5
server controller2 controller2:8774 check inter 2000 rise 2 fall 5
server controller3 controller3:8774 check inter 2000 rise 2 fall 5
listen nova_metadata
mode http
http-request del-header X-Forwarded-Proto
option httplog
option forwardfor
bind controller:8775
6. crontab調整
packstack安裝後keystone會使用crontab進行 fernet key輪訓,可以刪除
而nova 的crontab可以進行調整,默認如下:
server controller1 controller1:8775 check inter 2000 rise 2 fall 5
server controller2 controller2:8775 check inter 2000 rise 2 fall 5
server controller3 controller3:8775 check inter 2000 rise 2 fall 5
listen nova_novncproxy
mode http
http-request del-header X-Forwarded-Proto
timeout tunnel 1h
option httplog
option forwardfor
bind controller:6080
server controller1 controller1:6080 check inter 2000 rise 2 fall 5
server controller2 controller2:6080 check inter 2000 rise 2 fall 5
server controller3 controller3:6080 check inter 2000 rise 2 fall 5
listen placement_api
mode http
http-request del-header X-Forwarded-Proto
option httplog
option forwardfor
bind controller:8778
server controller1 controller1:8778 check inter 2000 rise 2 fall 5
server controller2 controller2:8778 check inter 2000 rise 2 fall 5
server controller3 controller3:8778 check inter 2000 rise 2 fall 5
listen horizon
mode http
http-request del-header X-Forwarded-Proto
balance source
option httplog
option forwardfor
bind controller:80
server controller1 controller1:80 check inter 2000 rise 2 fall 5
server controller2 controller2:80 check inter 2000 rise 2 fall 5
server controller3 controller3:80 check inter 2000 rise 2 fall 5
crontab -u keystone -r
crontab -u nova -l
# HEADER: This file was autogenerated at 2019-07-07 15:09:42 +0800 by
puppet.
# HEADER: While it can still be managed manually, it is definitely not
recommended.
# HEADER: Note particularly that the comments starting with 'Puppet Name'
should
# HEADER: not be deleted, as doing so could cause duplicate cron jobs.
# Puppet Name: nova-manage db archive_deleted_rows
PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh
1 */12 * * * nova-manage db archive_deleted_rows --max_rows 100
>>/dev/null 2>&1
可以進行調整,使每個控制節點運行時間均勻分開,每8小時運行一次。
- Packstack 多種姿勢安裝OpenStack Stein
- 系統初始化
- 安裝RDO packstack
- RDO工具使用方式
- SSH 免密認證
- allinone 安裝方式
- 多節點非HA安裝方式(VLAN)
- 多節點HA安裝方式
