Openstack组建部署 — Environment of Controller Node
目录
前文列表
Controller Node
控制节点是整个Openstack控制枢纽,可以将Database、Message queue、DNS、NTP、Keystone等服务集成到一起,当然Openstack实现了松耦合的架构思想,因此所有的组件都可以在任意Node中安装组合,视乎实际情况而定。
Install and configure components
Setup DNS Server
step1.
yum install -y bind bind-chroot
**Step2.**Edit the config file.
[root@controller ~]# cat /etc/named.conf | grep -v ^# | grep -v ^// | grep -v ^$
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
**Step3.**Forward Domain
vim /etc/named.rfc1912.zones
zone "jmilk.com" IN {
type master;
file "jmilk.com.zone";
allow-update { none; };
};
Create zone config file:
cp -p /var/named/named.localhost /var/named/jmilk.com.zone
vim /var/named/jmilk.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS controller.jmilk.com.
controller A 192.168.1.5
network A 192.168.1.6
compute1 A 192.168.1.10
compute2 A 192.168.1.11
block1 A 192.168.1.20
block2 A 192.168.1.21
object1 A 192.168.1.31
object2 A 192.168.1.32
vim /etc/resolv.conf
# Generated by NetworkManager
search jmilk.com
nameserver 127.0.0.1
注意:当需要联网安装软件包时,还是需要将DNSSERVER指向外网DNSSERVER
Restart the named service:
systemctl restart named
systemctl enable named
Setup NTP Server
Install the packages:
yum install chrony
Edit the /etc/chrony.conf:
vim /etc/chrony.conf
#注释其他以server开头的配置项,并添加下列配置,使用国内速度较快的NTP Server
server 1.cn.pool.ntp.org iburst
allow 192.168.1.0/24
Start the NTP service and configure it to start when the system boots:
systemctl enable chronyd.service
systemctl start chronyd.service
CHECK:
[root@controller ~]# timedatectl status
Local time: Fri 2016-06-10 12:00:08 EDT
Universal time: Fri 2016-06-10 16:00:08 UTC
RTC time: Fri 2016-06-10 16:00:09
Timezone: America/New_York (EDT, -0400)
NTP enabled: yes #YES
NTP synchronized: yes #YES
RTC in local TZ: no
DST active: yes
Last DST change: DST began at
Sun 2016-03-13 01:59:59 EST
Sun 2016-03-13 03:00:00 EDT
Next DST change: DST ends (the clock jumps one hour backwards) at
Sun 2016-11-06 01:59:59 EDT
Sun 2016-11-06 01:00:00 EST
[root@controller ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 202.118.1.130 2 6 17 31 +307us[ +415us] +/- 82ms
Install SQL Database
Install the packages:
yum install mariadb mariadb-server python2-PyMySQL -y
Create and edit the /etc/my.cnf.d/openstack.cnf file
vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.1.5 #Controller Node IPAddress 设置
ip绑定
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
character-set-server = utf8 #默认数据库引擎及默认字符集为UTF-8
Start the database service and configure it to start when the system boots:
systemctl enable mariadb.service
systemctl start mariadb.service
初始化MySQL:
[root@controller ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
You already have a root password set, so you can safely answer 'n'.
Change the root password? [Y/n]
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n]
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n]
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n]
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n]
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
Setup Message queue
OpenStack使用message queue实现协调操作和服务之间的状态信息。Message queue service一般在Controller Node上运行。
OpenStack常用的消息代理软件:
- RabbitMQ(更加常用)
- Qpid
- ZeroMQ
Install the package:
yum install rabbitmq-server -y
Start the message queue service and configure it to start when the system boots:
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
Add the openstack user
rabbitmqctl add_user openstack fanguiju
Permit configuration, write, and read access for the openstack user:
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setup Memcached
The Identity service authentication mechanism for services uses Memcached to cache tokens. Memcached缓存技术用于对Keystone组件的认证信息token进行缓存。一般安装在Controller Node上,在生产系统中,建议使用认证、防火墙、加密的手段来保证token缓存的安全。
Install the packages:
yum install memcached python-memcached -y
Start the Memcached service and configure it to start when the system boots:
systemctl enable memcached.service
systemctl start memcached.service
Openstack组建部署 — Environment of Controller Node的更多相关文章
- Openstack组建部署 — Glance Install
目录 目录 前文列表 Image service overview Openstack Image service包含的组件 Install and configure Prerequisites 先 ...
- Openstack组件部署 — Networking service_安装并配置Controller Node
目录 目录 前文列表 前提条件 网络环境 完成下面的步骤以创建数据库 创建service credentials服务凭证 创建Neutron的API Endpoints 配置自服务网络 安装网络组件 ...
- Openstack组件部署 — Nova_安装和配置Controller Node
目录 目录 前文列表 Prerequisites 先决条件 To create the databases To create the service credentials Create the C ...
- Openstack组件部署 — Networking service_Compute Node
目录 目录 前文列表 安装组件 配置通用组件 配置自服务网络选项 配置Linux 桥接代理 配置Nova使用网络 完成安装 验证操作Execute following commands on Cont ...
- Openstack组件部署 — Nova_Install and configure a compute node
目录 目录 前文列表 Prerequisites 先决条件 Install and configure a compute node Install the packages Edit the etc ...
- Openstack组件部署 — keystone(domain, projects, users, and roles)
目录 目录 前文列表 Create a domain projects users and roles domain projects users and roles的意义和作用 Create the ...
- Openstack组件部署 — Keystone Install & Create service entity and API endpoints
目录 目录 前文列表 Install and configure Prerequisites 先决条件 Create the database for identity service 生成一个随机数 ...
- Openstack组件部署 — Keystone功能介绍与认证实现流程
目录 目录 前文列表 Keystone认证服务 Keystone认证服务中的概念 Keystone的验证过程 简单来说 前文列表 Openstack组件部署 - Overview和前期环境准备 Ope ...
- Openstack组件部署 — Netwotking service组件介绍与网络基本概念
目录 目录 前文列表 Openstack Networking serivce 基本的Neutron概念 Neutron的抽象对象 网络networks 子网subnets 路由器routers 端口 ...
随机推荐
- socket 接收和发送缓冲区
问题产生: 在进行客户端向服务端发送数据时,每次发送一定数量数据后发送端就等不到send函数的返回,导致程序一直卡死在send函数. 通过抓包发现:发送端发送过快而接收端处理速度过慢,导致快速发送一定 ...
- 记录MNIST采用卷积方式实现与理解
从时间上来说,这篇文章写的完了,因为这个实验早就做完了:但从能力上来说,这篇文章出现的早了,因为很多地方我都还没有理解.如果不现在写,不知道什么时候会有时间是其一,另外一个原因是怕自己过段时间忘记. ...
- 用select实现多客户端连接
server.c 把accept也看成是一个read类型的函数, 于是我们可以把sockfd也放入到select中 maxi标记当前客户端连接数组的最大下标 select返回值为当前已经准备就绪的fd ...
- Java业务代理模式~
业务代理模式用于解耦表示层和业务层. 它基本上用于减少表示层代码中的业务层代码的通信或远程查找功能.在业务层有以下实体. 客户端(Client) - 表示层代码可以是JSP,servlet或UI ja ...
- HDU 1709 The Balance( DP )
The Balance Time Limit: 1000/1000 MS (Java/Others) Memory Limit: 32768/32768 K (Java/Others)Total ...
- 目录---Asp.NETCore轻松学系列【目录】
随笔分类 - Asp.NETCore轻松学系列 Asp.NETCore轻松学系列阅读指引目录 摘要: 耗时两个多月,坚持写这个入门系列文章,就是想给后来者更好更快的上手体验,这个系列可以说是从入门到进 ...
- 消息 245,级别 16,状态 1,第 1 行 在将 varchar 值 '2,8' 转换成数据类型 int 时失败。
错误问题: 消息 245,级别 16,状态 1,第 1 行在将 varchar 值 '2,8' 转换成数据类型 int 时失败. ps: 这是在后台分配菜单权限这个功能时出现的问题 一,解决方法: 将 ...
- 背包九讲(Orz)
P01: 01背包问题 题目 有\(N\)件物品和一个容量为\(V\)的背包.第\(i\)件物品的费用是\(c[i]\),价值是\(w[i]\).求解将哪些物品装入背包可使这些物品的费用总和不超过背包 ...
- vue证明题二,让vue跑起来
使用vue有很多连带产品,大多数入门的并非看不懂官方文档,也并非不会语法,而是卡在这些连带产品上 笔者刚刚入手这台电脑,什么都没装,就以此开始,从头构建一个vue项目吧,哪怕没有任何基础,跟着来应该是 ...
- Ubuntu中实现Docker内安装jenkins+jenkins远程触发
前面做了在ubuntu中安装jenkins+docker实现自动部署,但是得安装jdk8+tomcat8环境,比较麻烦,因此本文记录如何将jenkins直接装在dockers内并且实现远程触发功能. ...