OpenStack搭建日记(二)

前置准备

在上一集中,我们准备了五台服务器,并设置了ntp服务同步时间、安装了OpenStack库。

下面安装一些基础服务,主要包括数据库、消息中间件、Etcd等,再安装OpenStack的一些Service。

安装基础服务

参考:https://docs.openstack.org/install-guide/environment.html

以下组件均在控制节点安装。

密码设置

需要提前设置一些密码,后续通过环境变量的方式提供,生成随机密码可以使用以下命令:

1
openssl rand -hex 10

/etc/profile中设置环境变量:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
export ADMIN_PASS=fc05e1929b2c057a4098
export CINDER_DBPASS=openstack1
export CINDER_PASS=fc05e1929b2c057a4098
export DASH_DBPASS=fc05e1929b2c057a4098
export DEMO_PASS=fc05e1929b2c057a4098
export GLANCE_DBPASS=openstack1
export GLANCE_PASS=fc05e1929b2c057a4098
export KEYSTONE_DBPASS=openstack1
export METADATA_SECRET=fc05e1929b2c057a4098
export NEUTRON_DBPASS=openstack1
export NEUTRON_PASS=fc05e1929b2c057a4098
export NOVA_DBPASS=openstack1
export NOVA_PASS=fc05e1929b2c057a4098
export PLACEMENT_PASS=fc05e1929b2c057a4098
export RABBIT_PASS=fc05e1929b2c057a4098

使之生效:

1
source /etc/profile

安装RabbitMQ

RabbitMQ是一个遵守高级消息队列协议(Advanced Message Queuing Protocol,AMQP)的队列系统,允许在大规模分布式系统中保证消息的传递和顺序。OpenStack使用RabbitMQ消息服务作为它的默认队列系统,允许OpenStack组件间快速和有序消息的通信。

通过yum安装RabbitMQ:

1
yum install rabbitmq-server -y

启动RabbitMQ:

1
2
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service

添加用户:

1
rabbitmqctl add_user openstack $RABBIT_PASS

为 openstack 用户添加配置、读、写权限:

1
rabbitmqctl set_permissions openstack ".*" ".*" ".*"

安装MySQL

在控制节点上安装一个单节点的MySQL,作为后端配置的状态和存储。

安装yum库:

下载地址:https://dev.mysql.com/downloads/repo/yum/

或者直接使用命令下载:

1
wget https://dev.mysql.com/get/mysql80-community-release-el7-7.noarch.rpm

下载后,yum本地安装:

1
yum localinstall mysql80-community-release-el7-7.noarch.rpm

由于MySQL与mariadb冲突,先卸载mariadb:

1
yum -y remove mariadb-config*

然后安装MySQL:

1
yum install mysql-community-server -y

启动:

1
2
systemctl enable mysqld
systemctl start mysqld

查看初始密码

1
grep 'temporary password' /var/log/mysqld.log

进入命令行:

1
mysql -u root -p

MySQL5.6.6版本之后增加了密码强度验证插件validate_password,相关参数设置的较为严格。使用了该插件会检查设置的密码是否符合当前设置的强度规则,若不满足则拒绝设置。影响的语句和函数有:create user,grant,set password,password(),old password。

1
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

因此先设置为符合规范的密码: Abc123…

1
ALTER USER 'root'@'localhost' IDENTIFIED BY 'Abc123...';

然后查看当前默认规则:

1
SHOW VARIABLES LIKE 'validate_password%';
1
2
3
4
5
6
7
8
9
10
11
12
+--------------------------------------+--------+
| Variable_name                        | Value  |
+--------------------------------------+--------+
| validate_password.check_user_name    | ON     |
| validate_password.dictionary_file    |        |
| validate_password.length             | 8      |
| validate_password.mixed_case_count   | 1      |
| validate_password.number_count       | 1      |
| validate_password.policy             | MEDIUM |
| validate_password.special_char_count | 1      |
+--------------------------------------+--------+
7 rows in set (0.03 sec)

修改校验密码策略等级

1
set global validate_password.policy=LOW;

修改密码:

1
mysql> ALTER USER root@localhost identified by 'openstack1';

查看用户:

1
2
3
4
5
6
7
8
9
10
mysql> select user,host from mysql.user;
+------------------+-----------+
| user             | host      |
+------------------+-----------+
| mysql.infoschema | localhost |
| mysql.session    | localhost |
| mysql.sys        | localhost |
| root             | localhost |
+------------------+-----------+
4 rows in set (0.00 sec)

这里root仅允许localhost访问,下面让root允许外网访问:

1
2
3
4
mysql> use mysql;
mysql> UPDATE user SET `Host` = '%' WHERE `User` = 'root' LIMIT 1;
mysql> flush privileges;
mysql> select user,host from user;