OpenStack-Ocata版+CentOS7.6 云平台环境搭建 — 2.安装配置OpenStack基础服务

节点配置情况说明：

控制节点：controller： 
IP：192.168.164.128 
hostname&hosts：likeadmin

计算加点：Nova：

IP：192.168.164.129 
hostname&hosts：likenode

块存储节点:cinder：

IP：192.168.164.136 
hostname&hosts：likeblock

1.安装配置OpenStack包
需要分别在likeadmin，likenode，likeblock三台主机上安装OpenStack包和客户端

1）在CentOS中， ``extras``仓库提供用于启用 OpenStack 仓库的RPM包。 CentOS 默认启用``extras``仓库，因此你可以直接安装用于启用OpenStack仓库的包。
# yum install centos-release-openstack-ocata

在RHEL上，下载和安装RDO仓库RPM来启用OpenStack仓库。
# yum install https://rdoproject.org/repos/rdo-release.rpm

2）安装 OpenStack 客户端：
# yum install python-openstackclient

3）RHEL和 CentOS 默认启用 SELinux 。安装 openstack-selinux 包实现对OpenStack服务的安全策略进行自动管理：
# yum install openstack-selinux

2.安装并配置SQL数据库
注意：SQL只需要安装在controller节点上，即likeadmin计算机

1）安全并配置组件
安装软件包：
# yum install mariadb mariadb-server python2-PyMySQL

2）创建并编辑 /etc/my.cnf.d/openstack.cnf，然后完成如下动作：
可在/usr/share/mariadb/my-medium.cnf路径下复制OpenStack.cnf文件
cp /usr/share/mariadb/my-medium.cnf /etc/my.cnf.d/openstack.cnf

在[mysqld]中，设置“bind-address”值为控制节点的管理网络IP地址以是的其他节点可以通过管理网络访问访问数据库。设置其他关键字来设置一些有用的选项和UTF-8编码：
[mysqld]
bind-address = 192.168.164.128

default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

3）完成安装
启动数据库服务，并将其配置为开机自启：
# systemctl enable mariadb.service
# systemctl start mariadb.service

4）通过运行mysql_secure_installation脚本来保护数据库服务。 特别是，为数据库root帐户选择合适的密码：
# mysql_secure_installation

[root@likeadmin ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): *这里不需要输入root的密码，直接enter就可以*
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y *这里选设置root密码*
New password: djl18001
Re-enter new password: djl18001
Password updated successfully!
Reloading privilege tables..
... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
... Success!

Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!
[root@likeadmin ~]#

3. 安装并配置消息队列
OpenStack使用消息队列来协调服务之间的操作和状态信息。 消息队列服务通常在控制器节点上运行。 
OpenStack支持多种消息队列服务，包括RabbitMQ，Qpid和ZeroMQ。 但是，大多数打包OpenStack的发行版都支持特定的消息队列服务。 
本指南实现了RabbitMQ消息队列服务，因为大多数发行版都支持它。 如果您希望实现不同的消息队列服务，请查阅与其相关的文档。
1）安装包：
# yum install rabbitmq-server

2）启动消息队列服务并将其配置为随系统启动：
# systemctl enable rabbitmq-server.service
# systemctl start rabbitmq-server.service

3）添加 openstack 用户：
# rabbitmqctl add_user openstack RABBIT_PASS          *在实验环境下RABBIT_PASS设成：djl18001，在生产环境下请使用密文代替
Creating user "openstack" ...
用合适的密码替换 RABBIT_DBPASS。

4）给``openstack``用户配置写和读权限：
# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...

5）启动rabbitmq_management插件（可选做）
[root@likeadmin ~]# rabbitmq-plugins list 
Configured: E = explicitly enabled; e = implicitly enabled
| Status: * = running on rabbit@likeadmin
|/
[ ] amqp_client 3.6.5
[ ] cowboy 1.0.3
[ ] cowlib 1.0.1
[ ] mochiweb 2.13.1
[ ] rabbitmq_amqp1_0 3.6.5
[ ] rabbitmq_auth_backend_ldap 3.6.5
[ ] rabbitmq_auth_mechanism_ssl 3.6.5
[ ] rabbitmq_consistent_hash_exchange 3.6.5
[ ] rabbitmq_event_exchange 3.6.5
[ ] rabbitmq_federation 3.6.5
[ ] rabbitmq_federation_management 3.6.5
[ ] rabbitmq_jms_topic_exchange 3.6.5
[ ] rabbitmq_management 3.6.5
[ ] rabbitmq_management_agent 3.6.5
[ ] rabbitmq_management_visualiser 3.6.5
[ ] rabbitmq_mqtt 3.6.5
[ ] rabbitmq_recent_history_exchange 1.2.1
[ ] rabbitmq_sharding 0.1.0
[ ] rabbitmq_shovel 3.6.5
[ ] rabbitmq_shovel_management 3.6.5
[ ] rabbitmq_stomp 3.6.5
[ ] rabbitmq_top 3.6.5
[ ] rabbitmq_tracing 3.6.5
[ ] rabbitmq_trust_store 3.6.5
[ ] rabbitmq_web_dispatch 3.6.5
[ ] rabbitmq_web_stomp 3.6.5
[ ] rabbitmq_web_stomp_examples 3.6.5
[ ] sockjs 0.3.4
[ ] webmachine 1.10.3
[root@likeadmin ~]# 
[root@likeadmin ~]# rabbitmq-plugins enable rabbitmq_management
The following plugins have been enabled:
mochiweb
webmachine
rabbitmq_web_dispatch
amqp_client
rabbitmq_management_agent
rabbitmq_management

Applying plugin configuration to rabbit@likeadmin... started 6 plugins.
[root@likeadmin ~]# 
[root@likeadmin ~]# lsof -i:15672
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
beam.smp 22128 rabbitmq 54u IPv4 88245 0t0 TCP *:15672 (LISTEN)
[root@likeadmin ~]#

可通过浏览器访问RabbitMQ,访问地址是http://192.168.164.128:15672
默认账号密码：guest guest
登录后，在admin选项，为OpenStack账号设置登录密码，并添加administrator权限

4。安装并配置Memcached
各类服务的身份认证机制使用Memcached缓存令牌。缓存服务memecached通常运行在控制节点。在生产部署中，我们推荐联合启用防火墙、认证和加密保证它的安全。

1）安全并配置组件
安装软件包：
#yum install memcached python-memcached

2）编辑/etc/sysconfig/memcached文件并完成以下操作：
配置服务以使用控制器节点的管理IP地址。 这是为了通过管理网络启用其他节点的访问：
OPTIONS="-l 127.0.0.1,::1,likeadmin"

3）完成安装
启动Memcached服务，并且配置它随机启动。
# systemctl enable memcached.service
# systemctl start memcached.service

注：至此OpenStack基础环境已基本搭建完成。