Configuring the Deployment Environment

Configuring Hostnames

Perform the following operations on all hosts.

Change the hostname.

        
             hostnamectl set-hostname Hostname --static

Modify the /etc/hosts file.
1

vim /etc/hosts
Run the vim /etc/hosts and add the mapping between node IP addresses and hostnames in the hosts file.

Disabling the Firewall and SELinux

The SELinux security mechanism enabled by default on Linux intercepts OpenStack-related services and prevents communication between Ceph clusters. As a result, OpenStack and Ceph clusters cannot be deployed. This is the behavior of Linux itself, and Kunpeng BoostKit for Virtualization does not provide a solution to this issue. If you want to use SELinux in your own system, please find a solution by yourself.

We provide a method for quickly disabling SELinux. The SELinux configuration method provided in Kunpeng BoostKit for Virtualization is for reference only. You need to evaluate the method and bear related risks.

Disabling SELinux may cause security issues. If you do not plan to enable SELinux, it is recommended that an end-to-end solution be used to eliminate the risks caused by disabling SELinux. You shall bear the security risks by yourself. If you need to enable SELinux, configure fine-grained security rules based on actual SELinux issues to ensure system security.

Disable the firewall on the ceph1, ceph2, and ceph3 nodes.

        
             [root@ceph1 ~]# systemctl stop firewalld.service && systemctl disable firewalld.service
[root@ceph2 ~]# systemctl stop firewalld.service && systemctl disable firewalld.service
[root@ceph3 ~]# systemctl stop firewalld.service && systemctl disable firewalld.service

Disable SELinux on all nodes.
1

setenforce 0
This operation temporarily disables SELinux. To permanently disable the SELinux, edit the /etc/selinux/config configuration file and set SELINUX=disabled.

Configuring Time Synchronization

Install the NTP service on all the nodes.
1

yum -y install ntp ntpdate
Back up the original configuration on all nodes.
1

cd /etc && mv ntp.conf ntp.conf.bak

Run the following command to edit the /etc/ntp.conf file on ceph1:

        
             vim /etc/ntp.conf

Add the following content to the file:

         
              restrict 127.0.0.1
restrict ::1
restrict 192.168.21.0 mask 255.255.255.0
server 127.127.1.0
fudge 127.127.1.0 stratum 8

Edit the /etc/ntp.conf file on all nodes except ceph1.
1

vim /etc/ntp.conf
Add the following content to the file to synchronize the time of these nodes with that of ceph1:
```
server 192.168.21.1
```

Start the NTP service on all the nodes.

        
             systemctl enable ntpd && systemctl start ntpd

Run the following commands on nodes other than ceph1.
1 2

ntpdate ceph1 hwclock -w

Configuring SSH Password-Free Login

Generate a public key on ceph1 and send the public key to each server node and client node.

        
             ssh-keygen -t rsa

Press Enter to use the default settings.

        
             ssh-copy-id ceph1
ssh-copy-id ceph2
ssh-copy-id ceph3
ssh-copy-id controller
ssh-copy-id compute

Generate a public key on the OpenStack controller node and send the public key to each server node and client node.

        
             ssh-keygen -t rsa

Press Enter to use the default settings.

        
             ssh-copy-id ceph1 
ssh-copy-id ceph2
ssh-copy-id ceph3
ssh-copy-id controller
ssh-copy-id compute

Parent topic: OpenStack and Ceph Integrated Deployment Guide (CentOS 7.6 and openEuler 20.03)