环境

HP ESXi 6.7

vm_name

hostname

password

ip

openstcontroller_99

openstcontroller

password

私有ip：10.203.1.99

集群ip：192.168.11.99

openstcompute_100

openstcompute

password

私有ip：10.203.1.100

集群ip：192.168.11.100

安装

安装前配置

修改静态ip

使用netplan进行修改

sudo vi /etc/netplan/01-netcfg.yaml
#添加以下内容
network:
  version: 2
  renderer: networkd
  ethernets:
    ens33:
      dhcp4: no
      addresses: [10.203.1.99/24]
      gateway4: 10.203.1.1
      nameservers:
              addresses: [223.5.5.5,114.114.114.114]
    ens160:
      dhcp4: no
      addresses: [192.168.11.99/24]
      gateway4: 192.168.11.1
      nameservers:
              addresses: [223.5.5.5,114.114.114.114]
#注意网卡名称，以及内容的格式，缩进，冒号之后有一个空格

保存退出之后输入以下内容生效

sudo netplan apply

主机名解析

在两个虚拟机进行以下操作

sudo vi /etc/hosts

增加以下内容

192.168.11.99 openstcontroller
192.168.11.100 openstcompute

配置时间同步（NTP：Network Time Protocol）

In openstcontroller

apt install chrony
vi /etc/chrony/chrony.conf
#添加以下内容
server openstcontroller iburst
allow 192.168.11.0/24
#保存退出

输入“service chrony restart”让NTP service生效

Other node

apt install chrony
vi /etc/chrony/chrony.conf
#添加以下内容
server openstcontroller iburst

输入“service chrony restart”让NTP service生效

执行“chronyc sources”检查时间是否同步

root@openstcompute:/home/openstcontroller# chronyc sources
210 Number of sources = 9
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^- chilipepper.canonical.com     2   6   137    91  +7765us[+7620us] +/-  134ms
^- alphyn.canonical.com          2   6   275    34  +3934us[+3934us] +/-  179ms
^- golem.canonical.com           2   6   335    36  +2324us[+2324us] +/-  142ms
^- pugot.canonical.com           2   6   275    34  -3503us[-3503us] +/-  160ms
^? tock.ntp.infomaniak.ch        1   7   340   495    +19ms[  +19ms] +/-  117ms
^- ntp6.flashdance.cx            2   6   361    39  +3285us[+3285us] +/-  151ms
^? stratum2-1.ntp.led01.ru.>     2   7   340   496    +33ms[  +33ms] +/-  107ms
^- amy.chl.la                    2   6   355    34    +40us[  +40us] +/-  120ms
^* openstcontroller              3   6   377    41   -289us[ -457us] +/-   28ms

下载OpenStack package

添加apt源

All nodes

#添加stein版本的
add-apt-repository cloud-archive:stein
apt update
apt dist-upgrade

Install the OpenStack client

apt install python3-openstackclient

SQL database

Most OpenStack services use an SQL database to store information. The database typically runs on the controller node. The procedures in this guide use MariaDB or MySQL depending on the distribution. OpenStack services also support other SQL databases including PostgreSQL.

安装和配置

In openstcontroller

apt install mariadb-server python-pymysql
vi /etc/mysql/mariadb.conf.d/99-openstack.cnf
#输入以下内容
[mysqld]
bind-address = 192.168.11.99
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
#保存退出

重启数据库服务

service mysql restart

通过运行mysql_secure_installation 脚本来保护数据库服务，为数据库root帐户创建合适的密码

mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] n
 ... skipping.

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] n
 ... skipping.

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] 
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] 
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Message queue 消息队列

OpenStack uses a <u>message queue</u> to coordinate operations and status information among services. The message queue service typically runs on the controller node. OpenStack supports several message queue services including <u>RabbitMQ</u>, <u>Qpid</u>, and <u>ZeroMQ</u>. However, most distributions that package OpenStack support a particular message queue service. This guide implements the RabbitMQ message queue service because most distributions support it. If you prefer to implement a different message queue service, consult the documentation associated with it.

OpenStack使用<u>消息队列</u>来协调服务之间的操作和状态信息。消息队列服务通常在控制器节点上运行。OpenStack支持多种消息队列服务，包括<u>RabbitMQ</u>， <u>Qpid</u>和<u>ZeroMQ</u>。但是，OpenStack的大多数发行版都支持特定的消息队列服务。本指南实现了RabbitMQ消息队列服务，因为大多数发行版都支持它。如果您希望实施其他消息队列服务，请查阅与其相关的文档。

安装和配置

安装软件包

apt install rabbitmq-server

添加openstack用户

rabbitmqctl add_user openstack password
#password可以替换成想要的密码

配置读写权限

rabbitmqctl set_permissions openstack ".*" ".*" ".*"

Memcached

The Identity service authentication mechanism for services uses Memcached to cache tokens. The memcached service typically runs on the controller node. For production deployments, we recommend enabling a combination of firewalling, authentication, and encryption to secure it.

服务身份验证机制使用Memcached来缓存令牌。memcached服务通常在控制器节点上运行。对于生产部署，我们建议使用防火墙，身份验证和加密的组合以保护其安全。

安装软件包

apt install memcached python-memcache

编辑/etc/memcached.conf文件并将服务配置为使用控制器节点的管理IP地址。这是为了允许其他节点通过管理网络进行访问

vi /etc/memcached.conf
#将-l这一行的ip改成controller的ip

重启服务

service memcached restart

Etcd

OpenStack services may use Etcd, a distributed reliable key-value store for distributed key locking, storing configuration, keeping track of service live-ness and other scenarios.

OpenStack服务可以使用Etcd（分布式可靠键值存储）进行分布式键锁定，存储配置，跟踪服务活动性和其他情况。etcd服务在控制器节点上运行

安装etcd软件包

apt install etcd

配置

编辑/etc/default/etcd文件，并设置ETCD_INITIAL_CLUSTER， ETCD_INITIAL_ADVERTISE_PEER_URLS，ETCD_ADVERTISE_CLIENT_URLS， ETCD_LISTEN_CLIENT_URLS为控制器节点ip，以使其他节点经由管理网络访问

vi /etc/default/etcd
#添加以下内容
ETCD_NAME="controller"
ETCD_DATA_DIR="/var/lib/etcd"
ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER="controller=http://192.168.11.99:2380"
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.11.99:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.11.99:2379"
ETCD_LISTEN_PEER_URLS="http://0.0.0.0:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.11.99:2379"
#保存退出

启用并重新启动etcd服务

systemctl enable etcd
systemctl restart etcd