通过Ceph-Deploy部署了3节点的Ceph分布式存储后,先要为openstack的集成做配置准备

配置Ceph集成准备

在ceph-node01上
创建卷池和镜像池,分别用来存放cinder卷,实例卷,和镜像

1
2
rados mkpool volumes
rados mkpool images

增加两个pool的复制水平,设置为两份
1
2
ceph osd pool set volumes size 2
ceph osd pool set images size 2

创建cephx安全认证的密钥
1
2
3
ceph auth get-or-create client.volumes mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rx pool=images'
ceph auth get-or-create client.images mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=images'
ceph auth get-or-create client.fuse mon 'allow r' mds 'allow' osd 'allow *'

配置Controller控制节点

配置Ceph支持

由于nova,glance,cinder都需要连接访问ceph存储,所以要现在controller节点上配置ceph的支持

安装ceph组件

1
yum install ceph -y

刚才创建了cephx的认证,这里在ceph-node01上要把key 文件指定
1
2
3
4
5
6
7
8
9
ceph auth get-or-create client.images | ssh controller  tee /etc/ceph/ceph.client.images.keyring
-------
[client.images]
	key = AQCJWRpVQNqnGhAADmHIpPonmBts1Yrf+IOmrA==

ceph auth get-or-create client.volumes | ssh controller  tee /etc/ceph/ceph.client.volumes.keyring
-------
[client.volumes]
	key = AQCEWRpVGDOsCBAAuGIEzp/FkCc6KPQSaFGAbw==

这里必须要记住volume的key值 AQCEWRpVGDOsCBAAuGIEzp/FkCc6KPQSaFGAbw==

配置MYSQL数据库

安装MYSQL数据库

1
yum install mysql mysql-server MySQL-python -y

vi /etc/my.cnf
在 [mysqld_safe] 前面添加以下

1
2
3
4
5
6
bind-address = 0.0.0.0
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8

启动服务
1
2
service mysqld start
chkconfig mysqld on

删除默认数据表,同时设置mysql密码
1
2
mysql_install_db
mysql_secure_installation

创建数据库与用户
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
mysql -u root -p
create database keystone;
create database glance;
create database nova;
create database cinder;
create database dashboard;
create database neutron;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS';
GRANT ALL PRIVILEGES ON dashboard.* TO 'dashboard'@'localhost' IDENTIFIED BY 'DASHBOARD_DBPASS';
GRANT ALL PRIVILEGES ON dashboard.* TO 'dashboard'@'%' IDENTIFIED BY 'DASHBOARD_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
quit;

配置Qpid消息队列服务

安装qpid服务

1
yum install qpid-cpp-server -y

修改配置文件,取消qpid认证
vi /etc/qpidd.conf
1
auth=no

启动服务
1
2
service qpidd start
chkconfig qpidd on

配置Keystone身份验证服务

安装keystone

1
yum install openstack-keystone python-keystoneclient -y

修改keystone配置文件,添加数据库相关设置
vi /etc/keystone/keystone.conf
1
2
[database]
connection = mysql://keystone:KEYSTONE_DBPASS@controller/keystone

同步导入keystone数据表

1
su -s /bin/sh -c "keystone-manage db_sync" keystone

使用SSL来创建一个随机的token并且保存在keystone配置文件,作为Identity服务与其他服务之间的共享认证
1
2
3
ADMIN_TOKEN=$(openssl rand -hex 10)
echo ADMIN_TOKEN
    9cc44d1fc319c33b6d12    #此为笔者环境输出,请参考实际

1
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token 9cc44d1fc319c33b6d12

默认情况下,keystone是用PKI即公钥基础设施来作为象征,这里要创建一个简单的密钥和证书,并且限定访问权限

1
2
3
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
chown -R keystone:keystone /etc/keystone/ssl
chmod -R o-rwx /etc/keystone/ssl

启动服务

1
2
service openstack-keystone start
chkconfig openstack-keystone on

定时记录keystone日志

1
(crontab -l -u keystone 2>&1 | grep -q token_flush) || echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' >> /var/spool/cron/keystone

创建admin token

1
2
3
4
5
6
7
8
9
10
11
12
13
14
export OS_SERVICE_TOKEN=$ADMIN_TOKEN
export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0
keystone user-create --name=admin --pass=ADMIN_PASS --email=ADMIN_EMAIL
keystone role-create --name=admin
keystone tenant-create --name=admin --description="Admin Tenant"
keystone tenant-create --name=service --description="Service Tenant"
keystone user-role-add --user=admin --tenant=admin --role=admin
keystone user-role-add --user=admin --role=_member_ --tenant=admin
keystone service-create --name=keystone --type=identity --description="OpenStack Identity"
keystone endpoint-create \
--service-id=$(keystone service-list | awk '/ identity / {print $2}') \
--publicurl=http://controller:5000/v2.0 \
--internalurl=http://controller:5000/v2.0 \
--adminurl=http://controller:35357/v2.0

创建导入admin用户的环境变量,注意在controller节点执行任何相关命令必须确保已经导入环境变量

vi admin-openrc.sh

1
2
3
4
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://controller:35357/v2.0

每次重启或者退出终端后都必须执行

1
source admin-openrc.sh

查看admin用户角色
1
2
3
4
5
6
keystone user-list
+----------------------------------+---------+---------+---------------------+
|                id                |   name  | enabled |        email        |
+----------------------------------+---------+---------+---------------------+
| 8c261c540a974f7ab81f883c9abed690 |  admin  |   True  |     ADMIN_EMAIL     |
+----------------------------------+---------+---------+---------------------+