MySQL主从复制同步延迟问题

背景

最近发现其中一套生产环境的MySQL集群主从数据同步延迟问题严重,从库积累了很多中继日志,导致分配数据库磁盘使用率超过90%告警。这问题从排查到处理过程耗费了很长时间,在这里记录下整个处理过程,希望能给其他遇到此类问题的朋友一点帮助。
先介绍下环境情况,这套MySQL集群使用的k8s容器化部署,使用的三节点MySQL MGR复制模式,数据存储使用的ceph rbd块存储
– MySQL版本:8.0.19
– Ceph版本:12.2.10(Luminous)

排查

最早发现主从数据库之间很多表数据不同步,MGR集群状态正常

检查操作系统负载情况

从库MySQL磁盘挂载(rbd0)IO情况,看到rbd0磁盘%util超过90%一直处在繁忙状态

查看防火墙规则,没什么限制

通过主库建立测试库操作来验证主从同步延迟情况,在test测试库下删除t2

从库查看test库下表情况,半小时过去后从库t2表依然未删除,从库事务执行差距很大,查询过事务队列在堆积

中继日志积压一大堆未完成,导致从库磁盘使用率超过90%爆满

继续阅读“MySQL主从复制同步延迟问题”

CentOS7制作rpm包升级OpenSSH

之前有写过编译安装的方式升级OpenSSH,为了能更好管理包版本,记录下CentOS制作rpm包升级OpenSSH的过程。网上也有很多关于制作OpenSSH的rpm包过程,也是根据各自需求记录分享一下。

系统环境

系统:CentOS7 x86_64
OpenSSH版本:7.4p1
OpenSSL版本:1.0.2k-fips

升级需求

  1. 升级OpenSSH到9.1p1
  2. 保留原版pam.d下的sshd文件权限
  3. 保留ssh-copy-id功能

前期准备

  • 升级前关闭selinux
# 修改如下配置,重启系统生效
vi /etc/selinx/config   
SELINUX=disabled
# 立即生效
setenforce  0
getenforce
  • 备份配置
cp /etc/pam.d/sshd /etc/pam.d/sshd_bak
cp /etc/pam.d/system-auth /etc/pam.d/system-auth_bak
cp /etc/ssh/sshd_config /etc/ssh/sshd_config_bak
cp /etc/ssh/ssh_config /etc/ssh/ssh_config_bak
cp -r /etc/ssh /etc/ssh_bak
  • 源码包准备
openssh-9.1p1下载地址:
curl -O https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.1p1.tar.gz

ssh-askpass下载链接(可选):
curl -O https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz
  • 安装依赖包
yum install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel unzip libXt-devel imake gtk2-devel

继续阅读“CentOS7制作rpm包升级OpenSSH”

CentOS7安装OpenStack(Queens版)——(七)cinder存储服务

cinder存储服务

安装配置(控制节点

  1. 创建cinder数据库并授权,自定义帐号密码cinder/cinder
mysql -uroot -p

MariaDB [(none)]> CREATE DATABASE cinder;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';
MariaDB [(none)]> FLUSH PRIVILEGES;
  1. 加载临时环境变量
. keystonerc_admin
  1. 创建服务凭据
    • 创建cinder用户,自定义密码为cinder
[root@controller-01 ~]# openstack user create --domain default --password-prompt cinder
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 586034dc84fa427baec593ed32501d28 |
| name                | cinder                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
  • 给cinder用户添加admin角色,命令不输出结果
openstack role add --project service --user cinder admin
  • 创建cinderv2和cinderv3服务实体:
[root@controller-01 ~]# openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Block Storage          |
| enabled     | True                             |
| id          | 08c72135ddcb46fda290c6ec94b270ed |
| name        | cinderv2                         |
| type        | volumev2                         |
+-------------+----------------------------------+

[root@controller-01 ~]# openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Block Storage          |
| enabled     | True                             |
| id          | 671d97addc654760be943446f9c158f6 |
| name        | cinderv3                         |
| type        | volumev3                         |
+-------------+----------------------------------+
  1. 创建块存储服务API端点:
[root@controller-01 ~]# openstack endpoint create --region RegionOne volumev2 public http://controller-01:8776/v2/%\(project_id\)s
+--------------+---------------------------------------------+
| Field        | Value                                       |
+--------------+---------------------------------------------+
| enabled      | True                                        |
| id           | 7a53221557e04a619dc0c32f8c7317d0            |
| interface    | public                                      |
| region       | RegionOne                                   |
| region_id    | RegionOne                                   |
| service_id   | 08c72135ddcb46fda290c6ec94b270ed            |
| service_name | cinderv2                                    |
| service_type | volumev2                                    |
| url          | http://controller-01:8776/v2/%(project_id)s |
+--------------+---------------------------------------------+

[root@controller-01 ~]# openstack endpoint create --region RegionOne volumev2 internal http://controller-01:8776/v2/%\(project_id\)s
+--------------+---------------------------------------------+
| Field        | Value                                       |
+--------------+---------------------------------------------+
| enabled      | True                                        |
| id           | 09a252a768084d889d512fcc9d2a654a            |
| interface    | internal                                    |
| region       | RegionOne                                   |
| region_id    | RegionOne                                   |
| service_id   | 08c72135ddcb46fda290c6ec94b270ed            |
| service_name | cinderv2                                    |
| service_type | volumev2                                    |
| url          | http://controller-01:8776/v2/%(project_id)s |
+--------------+---------------------------------------------+

[root@controller-01 ~]# openstack endpoint create --region RegionOne volumev2 admin http://controller-01:8776/v2/%\(project_id\)s
+--------------+---------------------------------------------+
| Field        | Value                                       |
+--------------+---------------------------------------------+
| enabled      | True                                        |
| id           | b9f21f762ce841bba9d54611bd2ecd42            |
| interface    | admin                                       |
| region       | RegionOne                                   |
| region_id    | RegionOne                                   |
| service_id   | 08c72135ddcb46fda290c6ec94b270ed            |
| service_name | cinderv2                                    |
| service_type | volumev2                                    |
| url          | http://controller-01:8776/v2/%(project_id)s |
+--------------+---------------------------------------------+
[root@controller-01 ~]# openstack endpoint create --region RegionOne volumev3 public http://controller-01:8776/v3/%\(project_id\)s
+--------------+---------------------------------------------+
| Field        | Value                                       |
+--------------+---------------------------------------------+
| enabled      | True                                        |
| id           | d7e6dffcafbb4c4f807808c834af160a            |
| interface    | public                                      |
| region       | RegionOne                                   |
| region_id    | RegionOne                                   |
| service_id   | 671d97addc654760be943446f9c158f6            |
| service_name | cinderv3                                    |
| service_type | volumev3                                    |
| url          | http://controller-01:8776/v3/%(project_id)s |
+--------------+---------------------------------------------+

[root@controller-01 ~]# openstack endpoint create --region RegionOne volumev3 internal http://controller-01:8776/v3/%\(project_id\)s
+--------------+---------------------------------------------+
| Field        | Value                                       |
+--------------+---------------------------------------------+
| enabled      | True                                        |
| id           | ac3c4e5395cc4b82b0ffa3af5548c69c            |
| interface    | internal                                    |
| region       | RegionOne                                   |
| region_id    | RegionOne                                   |
| service_id   | 671d97addc654760be943446f9c158f6            |
| service_name | cinderv3                                    |
| service_type | volumev3                                    |
| url          | http://controller-01:8776/v3/%(project_id)s |
+--------------+---------------------------------------------+

[root@controller-01 ~]# openstack endpoint create --region RegionOne volumev3 admin http://controller-01:8776/v3/%\(project_id\)s
+--------------+---------------------------------------------+
| Field        | Value                                       |
+--------------+---------------------------------------------+
| enabled      | True                                        |
| id           | a6479e61952b4e7a85719195c4ac5728            |
| interface    | admin                                       |
| region       | RegionOne                                   |
| region_id    | RegionOne                                   |
| service_id   | 671d97addc654760be943446f9c158f6            |
| service_name | cinderv3                                    |
| service_type | volumev3                                    |
| url          | http://controller-01:8776/v3/%(project_id)s |
+--------------+---------------------------------------------+

继续阅读“CentOS7安装OpenStack(Queens版)——(七)cinder存储服务”

CentOS7安装OpenStack(Queens版)——(六)horizon dashboard服务

horizon dashboard服务安装(控制节点

系统要求

Queens版本horizon具有以下依赖:
– Python 2.7
– Django 1.11
– Django 1.8 to 1.10 也是支持的,他们的支持将在Rocky后被移除。
– 一个可访问的 keystone 端点服务
– 所有其他服务都是可选的。从 Queens 版本开始,Horizo​​n 支持以下服务。如果配置了服务的 keystone 端点,horizo​​n 会检测到它并自动启用它的支持。
– cinder: Block Storage
– glance: Image Management
– neutron: Networking
– nova: Compute
– swift: Object Storage
– Horizon also supports many other OpenStack services via plugins. For more information, see the Plugin Registry.

安装并且配置

  1. 安装包
yum install openstack-dashboard
  1. 编辑/etc/openstack-dashboard/local_settings文件,修改如下配置:
OPENSTACK_HOST = "controller-01"
ALLOWED_HOSTS = ['horizon.example.com', 'localhost']   # 主机也可以填写为'*',但是存在安全风险

SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'controller-01:11211',
    }
}

OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 2,
}

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
    'enable_router': False,
    'enable_quotas': False,
    'enable_distributed_router': False,
    'enable_ha_router': False,
    'enable_lb': False,
    'enable_firewall': False,
    'enable_vpn': False,
    'enable_fip_topology_check': False,
}

TIME_ZONE = "TIME_ZONE"     # TIME_ZONE替换为具体时区,比如Asia/Shanghai
  1. 编辑/etc/httpd/conf.d/openstack-dashboard.conf文件,添加如下行:
WSGIApplicationGroup %{GLOBAL}

最后

  • 重启web服务与session存储服务
systemctl restart httpd.service memcached.service
systemctl status httpd.service memcached.service

验证操作(本机

  • 本机编辑hosts文件(Linux在/etc/hosts,Windows在C:\Windwos\System32\drivers\etc\hosts),添加测试的域名解析
192.168.1.10    horizon.example.com    # IP填写控制节点controller-01的IP,域名填写上面配置ALLOWED_HOSTS对应域名

本机浏览器打开http://horizon.example.com/dashboard访问,出现dashboard登录页面,Domain填写default,分别输入admindemo对应的帐号密码登录验证

参考文档

https://docs.openstack.org

CentOS7安装OpenStack(Queens版)——(五)neutron网络服务

neutron网络服务

控制节点

  1. 创建neutron数据库,自定义用户密码设置为neutron/neutron
mysql -uroot -proot
MariaDB [(none)]> CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
MariaDB [(none)]> FLUSH PRIVILEGES;
  1. 加载admin临时环境变量
source keystonerc_admin
  1. 在keystone上创建neutron用户,密码自定义为neutron
[root@controller-01 ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 6dba19fbf1e44fc5b38d81315ecd141e |
| name                | neutron                          |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
  1. 给neutron用户添加admin角色权限,执行结果无输出
openstack role add --project service --user neutron admin
  1. 创建neutron服务实体
[root@controller-01 ~]# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Networking             |
| enabled     | True                             |
| id          | 6d99c27e4ca74b4b80db2ea15d1214e1 |
| name        | neutron                          |
| type        | network                          |
+-------------+----------------------------------+
  1. 创建网络服务API端点(endpoint)
[root@controller-01 ~]# openstack endpoint create --region RegionOne network public http://controller-01:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | eaa491b4812a4f22892f8e31179e035b |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 6d99c27e4ca74b4b80db2ea15d1214e1 |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller-01:9696        |
+--------------+----------------------------------+

[root@controller-01 ~]# openstack endpoint create --region RegionOne network internal http://controller-01:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 071f2a4a84404310b10f9cb610766e4f |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 6d99c27e4ca74b4b80db2ea15d1214e1 |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller-01:9696        |
+--------------+----------------------------------+

[root@controller-01 ~]# openstack endpoint create --region RegionOne network admin http://controller-01:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 34016fc444894a7c887e0ae62ca264cf |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 6d99c27e4ca74b4b80db2ea15d1214e1 |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller-01:9696        |
+--------------+----------------------------------+

配置网络选项

您可以使用选项1和2表示的两种体系结构之一来部署网络服务。

  • 选项1、部署了最简单的架构,它只支持将实例附加到提供商(外部)网络。没有自助服务(专用)网络、路由器或浮动IP地址。只有admin特权用户或其他特权用户可以管理提供商网络。
  • 选项2、增加了选项1的第3层服务支持将实例附加到自助服务网络。该demo用户或其他非特权用户可以管理自助服务网络,包括在自助服务网络和提供商网络之间提供连接的路由器。此外,浮动IP地址使用来自外部网络(例如 Internet)的自助服务网络提供与实例的连接。

自助服务网络通常使用覆盖网络。诸如 VXLAN 之类的覆盖网络协议包括额外的标头,这些标头会增加开销并减少可用于有效负载或用户数据的空间。在不了解虚拟网络基础结构的情况下,实例会尝试使用 1500 字节的默认以太网最大传输单元 (MTU) 发送数据包。网络服务通过 DHCP 自动为实例提供正确的 MTU 值。但是,某些云映像不使用 DHCP 或忽略 DHCP MTU 选项,需要使用元数据或脚本进行配置。

根据自己需求,这里我选择的选项2自助服务网络。

这里开始网络组件可以选择linuxbridge或者openvswitch,根据需要选择其中一种

继续阅读“CentOS7安装OpenStack(Queens版)——(五)neutron网络服务”

CentOS7安装OpenStack(Queens版)——(四)nova计算服务

nova计算服务(控制节点

  1. 创建数据库
mysql -uroot -p
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
  1. 授权访问数据库,设置用户密码为:nova/nova
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';

GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova';

FLUSH PRIVILEGES;
  1. 在keystone上注册nova服务

– 创建nova用户,密码自定义为nova

openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | cf5b4a1ac9284483a8601ce212b2150b |
| name                | nova                             |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
  • 为nova用户的service项目添加admin角色权限,命令无输出
openstack role add --project service --user nova admin
  • 创建nova服务实体
openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Compute                |
| enabled     | True                             |
| id          | 91ef7780ac984136ac0a98a8382f97f0 |
| name        | nova                             |
| type        | compute                          |
+-------------+----------------------------------+
  1. 创建nova API服务端点(endpoint)
openstack endpoint create --region RegionOne compute public http://controller-01:8774/v2.1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 70039fd4b0434a79a3da46135a594e40 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 91ef7780ac984136ac0a98a8382f97f0 |
| service_name | nova                             |
| service_type | compute                          |
| url          | http://controller-01:8774/v2.1   |
+--------------+----------------------------------+

openstack endpoint create --region RegionOne compute internal http://controller-01:8774/v2.1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 71103854136c433e80868ed03405b3e3 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 91ef7780ac984136ac0a98a8382f97f0 |
| service_name | nova                             |
| service_type | compute                          |
| url          | http://controller-01:8774/v2.1   |
+--------------+----------------------------------+

openstack endpoint create --region RegionOne compute admin http://controller-01:8774/v2.1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 54f013b9691d4e7d88e6d49334e7d16b |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 91ef7780ac984136ac0a98a8382f97f0 |
| service_name | nova                             |
| service_type | compute                          |
| url          | http://controller-01:8774/v2.1   |
+--------------+----------------------------------+
  1. 创建Placement服务用户,密码自定义为placement
openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 46cd680656344258993928db3717f8ff |
| name                | placement                        |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

继续阅读“CentOS7安装OpenStack(Queens版)——(四)nova计算服务”

CentOS7安装OpenStack(Queens版)——(三)glance镜像服务

glance镜像服务(控制节点

  1. 创建glance数据库,用户密码设置为glance
mysql -uroot -p
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
FLUSH PRIVILEGES;
  1. 加载admin临时环境变量
source keystonerc_admin
  1. 在keystone上创建glance用户,密码自定义为glance
[root@controller-01 ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | d9dc186702da415db6b202327b73e08c |
| name                | glance                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
  1. 在keystone上给glance用户的service项目添加admin角色权限,命令不输出结果
[root@controller-01 ~]# openstack role add --project service --user glance admin
  1. 创建glance镜像服务实体
[root@controller-01 ~]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Image                  |
| enabled     | True                             |
| id          | c5fa51ca63b440bda5d277ee6dda23ec |
| name        | glance                           |
| type        | image                            |
+-------------+----------------------------------+
  1. 创建镜像服务API服务端点(endpoint)
[root@controller-01 ~]# openstack endpoint create --region RegionOne image public http://controller-01:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 580275b630f14f91903c90f0a46f260d |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | c5fa51ca63b440bda5d277ee6dda23ec |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller-01:9292        |
+--------------+----------------------------------+

[root@controller-01 ~]# openstack endpoint create --region RegionOne image internal http://controller-01:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 0f8142d6abd048fd8c72f1861f713bde |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | c5fa51ca63b440bda5d277ee6dda23ec |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller-01:9292        |
+--------------+----------------------------------+

[root@controller-01 ~]# openstack endpoint create --region RegionOne image admin http://controller-01:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | e40b8990bab5493a92469f2ffb7ad55e |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | c5fa51ca63b440bda5d277ee6dda23ec |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller-01:9292        |
+--------------+----------------------------------+

继续阅读“CentOS7安装OpenStack(Queens版)——(三)glance镜像服务”

CentOS7安装OpenStack(Queens版)——(二)keystone认证服务

keystone认证服务(控制节点

创建数据库

CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
FLUSH PRIVILEGES;

安装包

yum install openstack-keystone httpd mod_wsgi
  • 编辑/etc/keystone/keystone.conf修改如下配置
[database]
connection = mysql+pymysql://keystone:keystone@controller-01/keystone
[token]
provider = fernet

初始化同步keystone数据库

su -s /bin/sh -c "keystone-manage db_sync" keystone

初始化fernet

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

验证

[root@controller-01 ~]# mysql -ukeystone -pkeystone keystone -e 'show tables'
Enter password: 
+-----------------------------+
| Tables_in_keystone          |
+-----------------------------+
| access_token                |
| application_credential      |
| application_credential_role |
| assignment                  |
| config_register             |
| consumer                    |
| credential                  |
| endpoint                    |
| endpoint_group              |
| federated_user              |
| federation_protocol         |
| group                       |
| id_mapping                  |
| identity_provider           |
| idp_remote_ids              |
| implied_role                |
| limit                       |
| local_user                  |
| mapping                     |
| migrate_version             |
| nonlocal_user               |
| password                    |
| policy                      |
| policy_association          |
| project                     |
| project_endpoint            |
| project_endpoint_group      |
| project_tag                 |
| region                      |
| registered_limit            |
| request_token               |
| revocation_event            |
| role                        |
| sensitive_config            |
| service                     |
| service_provider            |
| system_assignment           |
| token                       |
| trust                       |
| trust_role                  |
| user                        |
| user_group_membership       |
| user_option                 |
| whitelisted_config          |
+-----------------------------+

继续阅读“CentOS7安装OpenStack(Queens版)——(二)keystone认证服务”

CentOS7安装OpenStack(Queens版)——(一)基础环境安装

做一个学习OpenStack的记录,先从安装部署开始。由于OpenStack需要安装部署的内容较多,按内容章节编写。因为是部署学习,都是在虚拟机下操作完成,节点配置都不是很高。系统上选择的CentOS,也可以根据自己喜好选择其他Linux版本。如无特殊说明,都是切换到root帐号在所有节点操作执行。

概念架构

概念架构

逻辑架构

逻辑架构

硬件要求

硬件要求

系统环境

操作系统:CentOS Linux release 7.9.2009 (Core)
控制节点controller:192.168.1.10、10.0.0.10
计算节点compute:192.168.1.11、10.0.0.11
存储节点storage:192.168.1.12、10.0.0.12

继续阅读“CentOS7安装OpenStack(Queens版)——(一)基础环境安装”

chrony时钟同步服务

介绍

Chrony 是一个开源的自由软件,它能帮助你保持系统时钟与时钟服务器同步,因此让你的时间保持精确。Chrony既可以作为时钟同步服务端,也可以作为时钟同步客户端,它由两个程序组成,分别是 chronyd 和 chronyc。

端口

Chrony启动会监听两个端口udp 323、udp 123,udp 323监听本地服务,udp 123是我们熟知的NTP(Network Time Protocol)协议,server/client之间通过udp 123端口进行网络时钟同步,如果设置防火墙规则,放行udp 123端口就行

iptables -I INPUT -p udp -m udp -s 10.111.56.0/24 --dport 123 -j ACCEPT

配置文件

chrony配置
继续阅读“chrony时钟同步服务”