1.
网卡配置
[root@controller ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33 TYPE=Ethernet BOOTPROTO=none NAME=ens33 DEVICE=ens33 ONBOOT=yes IPADDR=10.0.0.11 GATEWAY=10.0.0.2 DNS1=114.114.114.114 [root@controller ~]#
关闭selinux 服务
[root@controller ~]# sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config [root@controller ~]# setenforce 0
配置yum源
echo '[local] name=local baseurl=file:///mnt gpgcheck=0 [openstack] name=openstack baseurl=file:///opt/repo gpgcheck=0' >/etc/yum.repos.d/local.repo
echo 'mount /dev/cdrom /mnt' >>/etc/rc.local ##设置开机自动挂载镜像
一、基础配置
1.时间同步配置
控制节点和计算节点均安装chrony
[root@controller ~]# yum install -y chrony [root@compute1 ~]# yum install -y chrony
服务端配置
[root@controller ~]# cat /etc/chrony.conf # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). server ntp1.aliyun.com iburst ###同步阿里云时间 # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift # Allow the system clock to be stepped in the first three updates # if its offset is larger than 1 second. makestep 1.0 3 # Enable kernel synchronization of the real-time clock (RTC). rtcsync # Enable hardware timestamping on all interfaces that support it. #hwtimestamp * # Increase the minimum number of selectable sources required to adjust # the system clock. #minsources 2 # Allow NTP client access from local network. #allow 192.168.0.0/16 allow 10.0.0.0/24 ###允许本地网络同步的段落 # Serve time even if not synchronized to a time source. #local stratum 10 # Specify file containing keys for NTP authentication. #keyfile /etc/chrony.keys # Specify directory for log files. logdir /var/log/chrony # Select which information is logged. #log measurements statistics tracking [root@controller ~]#
客户端配置
[root@compute1 ~]# cat /etc/chrony.conf # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). server 10.0.0.11 iburst ###指定同步的服务器即可 # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift # Allow the system clock to be stepped in the first three updates # if its offset is larger than 1 second. makestep 1.0 3 # Enable kernel synchronization of the real-time clock (RTC). rtcsync # Enable hardware timestamping on all interfaces that support it. #hwtimestamp * # Increase the minimum number of selectable sources required to adjust # the system clock. #minsources 2 # Allow NTP client access from local network. #allow 192.168.0.0/16 # Serve time even if not synchronized to a time source. #local stratum 10 # Specify file containing keys for NTP authentication. #keyfile /etc/chrony.keys # Specify directory for log files. logdir /var/log/chrony # Select which information is logged. #log measurements statistics tracking [root@compute1 ~]#
配置完成之后重启服务
[root@controller ~]# systemctl restart chronyd
[root@compute1 ~]# systemctl restart chronyd
注意:如果时间同步服务器防火墙是开启的,客户端同步时间时会失败,可将其关闭或允许放行端口
2.安装openstack 客户端和openstack-selinux
首先配置yum 网络源
https://developer.aliyun.com/mirror
所有节点安装
[root@controller ~]# yum install -y python-openstackclient openstack-selinux
[root@compute1 ~]# yum install -y python-openstackclient openstack-selinux
3.在控制节点安装 数据库
[root@controller ~]# yum install -y mariadb mariadb-server python2-PyMySQL -y
配置
echo '[mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8' >/etc/my.cnf.d/openstack.cnf
启动
[root@controller ~]# systemctl start mariadb
[root@controller ~]# systemctl enable mariadb
数据库安全初始化
[root@controller ~]# mysql_secure_installation
[root@controller ~]# mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] n ... skipping. By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB! [root@controller ~]#