二、部署openstack组件前准备

2.1、安装SQL 数据库(controller节点)

2.1.1、安装mariadb数据库

yum install mariadb mariadb-server python2-PyMySQL -y

此包用于openstack的控制端连接mysql所需要的模块，如果不安装，则无法连接数据库；此包只安装在控制端

yum -y install libibverbs

2.1.2、创建和编辑/etc/my.cnf.d/openstack.cnf文件

（/etc/my.cnf.d/如果需要，备份现有的配置文件）并完成以下操作：

vim /etc/my.cnf.d/openstack.cnf

[mysqld]

bind-address = 192.168.56.11 #绑定IP地址；即允许通过哪个地址进行访问数据库。

default-storage-engine = innodb #指定mysql存储引擎；详解见博客：https://zhuanlan.zhihu.com/p/91758633

innodb_file_per_table = on #配置独立表空间（on|off）；详解见博客：https://blog.csdn.net/paullinjie/article/details/80290390

max_connections = 4096 #设置MySQL的最大连接数；

collation-server = utf8_general_ci #配置MySQL的字符集；详解见博客：http://www.zzvips.com/article/24585.html

character-set-server = utf8 #配置MySQL的字符集；详解见博客：http://www.zzvips.com/article/24585.html

2.1.3、启动数据库服务并将其配置为在系统启动时启动

systemctl enable mariadb.service

systemctl start mariadb.service

2.1.4、通过运行脚本保护数据库服务

mysql_secure_installation也叫初始化数据库：

#mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL

SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MySQL to secure it, we'll need the current

password for the root user. If you've just installed MySQL, and

you haven't set the root password yet, the password will be blank,

so you should just press enter here.

Enter current password for root (enter for none):<–初次运行直接回车

OK, successfully used password, moving on…

Setting the root password ensures that nobody can log into the MySQL

root user without the proper authorisation.

Set root password? [Y/n] <– 是否设置root用户密码，输入y并回车或直接回车

New password: <– 设置root用户的密码

Re-enter new password: <– 再输入一次你设置的密码

Password updated successfully!

Reloading privilege tables..

… Success!

By default, a MySQL installation has an anonymous user, allowing anyone

to log into MySQL without having to have a user account created for

them. This is intended only for testing, and to make the installation

go a bit smoother. You should remove them before moving into a

production environment.

Remove anonymous users? [Y/n] <– 是否删除匿名用户,生产环境建议删除，可以直接回车

… Success!

Normally, root should only be allowed to connect from 'localhost'. This

ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] <–是否禁止root远程登录,根据自己的需求选择Y/n并回车,建议禁止

… Success!

By default, MySQL comes with a database named 'test' that anyone can

access. This is also intended only for testing, and should be removed

before moving into a production environment.

Remove test database and access to it? [Y/n] <– 是否删除test数据库,直接回车

- Dropping test database…

… Success!

- Removing privileges on test database…

… Success!

Reloading the privilege tables will ensure that all changes made so far

will take effect immediately.

Reload privilege tables now? [Y/n] <– 是否重新加载权限表，直接回车

… Success!

Cleaning up…

All done! If you've completed all of the above steps, your MySQL

installation should now be secure.

Thanks for using MySQL!

2.2、部署消息队列(controller节点)

2.2.1、安装rabbitmq

yum install rabbitmq-server -y

2.2.2、启动消息队列服务并将其配置为在系统启动时启动

systemctl enable rabbitmq-server.service

systemctl start rabbitmq-server.service

2.2.3、创建消息队列用户,用于controler和node节点连接rabbitmq的认证

rabbitmqctl add_user openstack openstack123

验证

rabbitmqctl list_users

2.2.4、配置openstack用户的操作权限(正则，配置读写权限）

rabbitmqctl set_permissions openstack ".*" ".*" ".*"

2.2.5、开启图形化界面

2.2.5.1、查看需要启动的服务，查看rabbitmq插件列表

[root@controller ~]# rabbitmq-plugins list

Configured: E = explicitly enabled; e = implicitly enabled

| Status: * = running on rabbit@controller

|/

[ ] amqp_client 3.6.16

[ ] cowboy 1.0.4

[ ] cowlib 1.0.2

[ ] rabbitmq_amqp1_0 3.6.16

[ ] rabbitmq_auth_backend_ldap 3.6.16

[ ] rabbitmq_auth_mechanism_ssl 3.6.16

[ ] rabbitmq_consistent_hash_exchange 3.6.16

[ ] rabbitmq_event_exchange 3.6.16

[ ] rabbitmq_federation 3.6.16

[ ] rabbitmq_federation_management 3.6.16

[ ] rabbitmq_jms_topic_exchange 3.6.16

[ ] rabbitmq_management 3.6.16

[ ] rabbitmq_management_agent 3.6.16

[ ] rabbitmq_management_visualiser 3.6.16

[ ] rabbitmq_mqtt 3.6.16

[ ] rabbitmq_random_exchange 3.6.16

[ ] rabbitmq_recent_history_exchange 3.6.16

[ ] rabbitmq_sharding 3.6.16

[ ] rabbitmq_shovel 3.6.16

[ ] rabbitmq_shovel_management 3.6.16

[ ] rabbitmq_stomp 3.6.16

[ ] rabbitmq_top 3.6.16

[ ] rabbitmq_tracing 3.6.16

[ ] rabbitmq_trust_store 3.6.16

[ ] rabbitmq_web_dispatch 3.6.16

[ ] rabbitmq_web_mqtt 3.6.16

[ ] rabbitmq_web_mqtt_examples 3.6.16

[ ] rabbitmq_web_stomp 3.6.16

[ ] rabbitmq_web_stomp_examples 3.6.16

[ ] sockjs 0.3.4

2.2.5.2、查看服务启动方式

[root@controller ~]# rabbitmq-plugins --help

Error: could not recognise command

Usage:

rabbitmq-plugins [-n ] []

Commands:

]

...

...

...

2.2.5.3、启动rabbitmq图形化界面

rabbitmq-plugins enable rabbitmq_management rabbitmq_management_agent

验证，浏览器输入：

http://192.168.56.11:15672

默认账号密码：guest/guest

2.2.5.4、rabbitmq端口详解

4369 (epmd), 25672 (Erlang distribution)

Epmd 是 Erlang Port Mapper Daemon 的缩写，在 Erlang 集群中相当于 dns 的作用，绑定在4369端口上。

5672, 5671 (AMQP 0-9-1 without and with TLS)

AMQP 是 Advanced Message Queuing Protocol 的缩写，一个提供统一消息服务的应用层标准高级消息队列协议，是应用层协议的一个开放标准，专为面向消息的中间件设计。基于此协议的客户端与消息中间件之间可以传递消息，并不受客户端/中间件不同产品、不同的开发语言等条件的限制。Erlang 中的实现有 RabbitMQ 等。

15672 (if management plugin is enabled)

通过 http://serverip:15672 访问 RabbitMQ 的 Web 管理界面，默认用户名密码都是 guest。（注意：RabbitMQ 3.0之前的版本默认端口是55672，下同）

61613, 61614 (if STOMP is enabled)

Stomp 是一个简单的消息文本协议，它的设计核心理念就是简单与可用性，官方文档，实践一下 Stomp 协议需要：

一个支持 stomp 消息协议的 messaging server (譬如activemq，rabbitmq）；

一个终端（譬如linux shell);

一些基本命令与操作（譬如nc，telnet)

1883, 8883 (if MQTT is enabled)

MQTT 只是 IBM 推出的一个消息协议，基于 TCP/IP 的。两个 App 端发送和接收消息需要中间人，这个中间人就是消息服务器（比如ActiveMQ/RabbitMQ），三者通信协议就是 MQTT。

2.3、部署memcached(controller节点)

2.3.1、安装memcached

yum install memcached python-memcached -y

2.3.2、编辑/etc/sysconfig/memcached文件并完成以下操作

vi /etc/sysconfig/memcached

……

5 OPTIONS=" -l 127.0.0.1,::1,controller1"

2.3.3、启动 Memcached 服务并将其配置为在系统启动时启动

systemctl enable memcached.service

systemctl start memcached.service

2.4、部署ETCD(controller节点)

2.4.1、安装ETCD

yum install etcd -y

2.4.2、编辑/etc/etcd/etcd.conf文件

将ETCD_INITIAL_CLUSTER, ETCD_INITIAL_ADVERTISE_PEER_URLS, ETCD_ADVERTISE_CLIENT_URLS, ETCD_LISTEN_CLIENT_URLS设置为控制器节点的管理 IP 地址，以允许其他节点通过管理网络访问

vi /etc/etcd/etcd.conf 详解见博客：https://www.csdn.net/tags/Mtjagg4sMTY1MzUtYmxvZwO0O0OO0O0O.html

3:ETCD_DATA_DIR="/var/lib/etcd/default.etcd" #ETCD设置数据保存的目录

6:ETCD_LISTEN_PEER_URLS="http://192.168.56.11:2380" #成员之间通信的地址

7:ETCD_LISTEN_CLIENT_URLS="http://192.168.56.11:2379" #对外提供服务的地址

10:ETCD_NAME="controller1" #ETCD的名称

22:ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.56.11:2380" #该节点成员对等URL地址，且会通告群集的其余成员节点

23:ETCD_ADVERTISE_CLIENT_URLS="http://192.168.56.11:2379" #对外公告的该节点客户端监听地址

29:ETCD_INITIAL_CLUSTER="controller1=http://192.168.56.11:2380" #初始化群集列表

31:ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01" #初始化名称

33:ETCD_INITIAL_CLUSTER_STATE="new" #初始化状态

2.4.3、启用并启动 etcd 服务

systemctl enable etcd.service

systemctl start etcd.service