Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Performing Basic Configuration

Configuring DNS Settings

Perform the following operations on all nodes.

  1. Modify the /etc/hosts file.
    1. Open the hosts file. 
      1
      		 
      vim /etc/hosts
    2. Press i in the blank area and add the following content: 
      1
2
3
      		 
      <NIC IP address of the Management node > controller
<NIC IP address of the compute node> compute
<NIC IP address of the object storage node> object1
    3. Press Esc to exit the insert mode and input :wq to save the settings and exit.

      The following figure shows an example of the hosts file after modification. Modify the hosts files of all nodes.

  2. Run the following command to change the node name to controller (change the names of other nodes to the corresponding names):
    1
    		 
    hostnamectl set-hostname controller

    Run the hostname command to check whether the hostnames are correct. Example:

    After this command is successfully executed, the node name is changed. However, the new node name takes effect only after a new session is established.

Configuring NTP Settings

Perform the following operations on the controller node.

  1. Install chrony.
    1
    		 
    yum -y install chrony
  2. Set a unified time zone for all nodes, for example, set the time zone to Asia.
    1
    		 
    timedatectl set-timezone Asia/Shanghai
  3. Configure the controller node as the internal NTP server.

    Add allow 172.168.201.0/24 to the /etc/chrony.conf file.

    1
    		 
    vim /etc/chrony.conf

    1
2
    		 
    allow 172.168.201.0/24
local stratum 10

  4. Enable the chrony service and configure it to start as the system boots.
    1
2
    		 
    systemctl enable chronyd.service
systemctl start chronyd.service
  5. Enable NTP time synchronization.
    1
    		 
    timedatectl set-ntp yes

Perform the following operations on compute nodes and storage nodes.

  1. Install chrony.
    1
    		 
    yum -y install chrony
  2. Open the /etc/chrony.conf file, add server controller iburst, and delete or comment out other server options.
    1
2
    		 
    vim /etc/chrony.conf
server controller iburst

  3. Enable the chrony service and configure it to start as the system boots.
    1
2
    		 
    systemctl enable chronyd.service
systemctl restart chronyd.service
  4. Verify time synchronization.
    1
    		 
    chronyc sources
    • The external clock source is displayed on the controller node.

    • The controller time source is displayed on the compute and storage nodes.

Installing the OpenStack Client

Perform the following operation on all nodes.

Install the OpenStack client.

1
 
yum -y install python2-openstackclient

Installing and Configuring the Database

Perform the following operations on the controller node.

  1. Install the database.
    1
    		 
    yum -y install mariadb mariadb-server python2-PyMySQL

  2. Configure the database.
    1. Create and edit the /etc/my.cnf.d/openstack.cnf file. 
      1
      		 
      vim /etc/my.cnf.d/openstack.cnf
    2. Add the following to the file: 
      1
2
3
4
5
6
7
      		 
      [mysqld]
bind-address = 172.168.201.11
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

      bind-address indicates the management IP address of the controller node.

  3. Enable the database service and configure it to start as the system boots.
    1
2
    		 
    systemctl enable mariadb.service
systemctl start mariadb.service
  4. Configure the database.
    1
    		 
    mysql_secure_installation

    The default password of the root user for MariaDB is empty. During the initial installation of MariaDB, press Enter when you are prompted to enter the password. Then, you can set a password, for example 123456, for the root user. Perform other operations as shown in the following figure:

  5. Add the following to the [Service] section in the /usr/lib/systemd/system/mariadb.service file:
    1
2
    		 
    LimitNOFILE=65535
LimitNPROC=65535

    Perform 6 to 8 on each node.

  6. Add the following to the /etc/security/limits.conf file:
    1
2
    		 
    * soft nofile 65536
* hard nofile 65536

  7. Add the following to the /etc/pam.d/login file:
    1
    		 
    session required /lib64/security/pam_limits.so

  8. Add the following to the /etc/sysctl.conf file:
    1
    		 
    fs.file-max = 65536

    Run the following command:

    1
    		 
    sysctl -p

  9. Restart the database service.
    1
2
    		 
    systemctl daemon-reload
systemctl restart mariadb.service
  10. Check whether the modification takes effect.
    1. Connect to the MySQL database. 
      1
      		 
      mysql -u root -p

      Enter the database password.

    2. Query the maximum number of MySQL connections. 
      1
      		 
      show variables like 'max_connections';

    3. Query the number of current connections of the server. 
      1
      		 
      show global status like 'Max_used_connections';

    4. Run exit to exit the database.

Installing Message Queue

Perform the following operations on the controller node.

  1. Install rabbitmq-server.
    1
    		 
    yum -y install rabbitmq-server

  2. Enable and start the rabbitmq-server service.
    1
2
    		 
    systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service

  3. Add and configure the openstack user.
    1
2
    		 
    rabbitmqctl add_user openstack <PASSWORD>
rabbitmqctl set_permissions openstack ".*" ".*" ".*"

    PASSWORD indicates the password set by the RabbitMQ service for the openstack user. The password cannot contain a number sign (#).

  4. Start the rabbitmq-manager plugin.
    1
    		 
    rabbitmq-plugins enable rabbitmq_management

    After the plugin is started, you can access the RabbitMQ service using a browser. Enter http://<controller_IP>:15672 in the address box and enter guest as the user name and password.

  5. In the /usr/lib/systemd/system/rabbitmq-server.service file, add the following parameters to the [Service] section to modify RabbitMQ parameters:
    1
2
    		 
    [Service]
LimitNOFILE=16384
  6. Restart the message queue service.
    1
2
    		 
    systemctl daemon-reload
systemctl restart rabbitmq-server

Installing Memcached

Perform the following operations on the controller node.

  1. Install Memcached.
    1
    		 
    yum -y install memcached python-memcached
  2. Open the /etc/sysconfig/memcached file.
    1
    		 
    vim /etc/sysconfig/memcached
  3. Add controller and configure the service to use the management IP address of the controller node. This setting enables access to other nodes through the management network.

  4. Enable the Memcached service and configure it to start as the system boots.
    1
2
    		 
    systemctl enable memcached.service
systemctl start memcached.service

Installing etcd

Perform the following operations on the controller node.

  1. Install etcd.
    1
    		 
    yum -y install etcd
  2. Modify the following nine parameters in the /etc/etcd/etcd.conf file and comment out other parameters:
     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
    		 
    #[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://172.168.201.11:2380"
ETCD_LISTEN_CLIENT_URLS="http://172.168.201.11:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://172.168.201.11:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://172.168.201.11:2379"
ETCD_INITIAL_CLUSTER="controller=http://172.168.201.11:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"

    Ensure that all the IP addresses are the management IP addresses of the controller node.

  3. Start the etcd service.
    1
2
    		 
    systemctl enable etcd
systemctl start etcd

Disabling SELinux

The SELinux security mechanism enabled by default on Linux intercepts OpenStack-related services. As a result, OpenStack components cannot be deployed. This is the behavior of Linux itself, and Kunpeng BoostKit for Virtualization does not provide a solution to this issue. If you want to use SELinux in your own system, please find a solution by yourself.

We provide a method for quickly disabling SELinux. The SELinux configuration method provided in Kunpeng BoostKit for Virtualization is for reference only. You need to evaluate the method and bear related risks.

Disabling SELinux may cause security issues. If you do not plan to enable SELinux, it is recommended that an end-to-end solution be used to eliminate the risks caused by disabling SELinux. You shall bear the security risks by yourself. If you need to enable SELinux, configure fine-grained security rules based on actual SELinux issues to ensure system security.

Perform the following operation on all nodes.

  • To disable SELinux temporarily, run the following command: 
    1
    		 
    setenforce 0
  • To disable SELinux permanently, run the following command and restart the system for the setting to take effect: 
    1
    		 
    sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

Enabling Firewall Ports

Perform the following operations on all nodes.

  1. Enable the TCP ports.
     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
    		 
    firewall-cmd --zone=public --add-port=8082/tcp --permanent
firewall-cmd --zone=public --add-port=8773-8778/tcp --permanent
firewall-cmd --zone=public --add-port=6080-6082/tcp --permanent
firewall-cmd --zone=public --add-port=8386/tcp --permanent
firewall-cmd --zone=public --add-port=5000/tcp --permanent
firewall-cmd --zone=public --add-port=9292/tcp --permanent
firewall-cmd --zone=public --add-port=9191/tcp --permanent
firewall-cmd --zone=public --add-port=9696/tcp --permanent
firewall-cmd --zone=public --add-port=6000-6002/tcp --permanent
firewall-cmd --zone=public --add-port=6200-6202/tcp --permanent
firewall-cmd --zone=public --add-port=8000-8004/tcp --permanent
firewall-cmd --zone=public --add-port=8999/tcp --permanent
firewall-cmd --zone=public --add-port=8777/tcp --permanent
firewall-cmd --zone=public --add-port=8989/tcp --permanent
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=8080/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --zone=public --add-port=873/tcp --permanent
firewall-cmd --zone=public --add-port=3260/tcp --permanent
firewall-cmd --zone=public --add-port=3306/tcp --permanent
firewall-cmd --zone=public --add-port=5672/tcp --permanent
firewall-cmd --zone=public --add-port=6088/tcp --permanent
firewall-cmd --zone=public --add-port=6080/tcp --permanent
firewall-cmd --zone=public --add-port=15672/tcp --permanent
firewall-cmd --zone=public --add-port=323/tcp --permanent
firewall-cmd --zone=public --add-port=11211/tcp --permanent
firewall-cmd --zone=public --add-port=123/tcp --permanent
firewall-cmd --zone=public --add-port=69/tcp --permanent
firewall-cmd --zone=public --add-port=5900-5999/tcp --permanent
firewall-cmd --zone=public --add-port=2379-2380/tcp --permanent
firewall-cmd --zone=public --add-port=6640/tcp --permanent
firewall-cmd --zone=public --add-port=22/tcp --permanent
  2. Enable the UDP ports.
     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
    		 
    firewall-cmd --zone=public --add-port=6640/udp --permanent
firewall-cmd --zone=public --add-port=8082/udp --permanent
firewall-cmd --zone=public --add-port=8773-8778/udp --permanent
firewall-cmd --zone=public --add-port=6080-6082/udp --permanent
firewall-cmd --zone=public --add-port=8386/udp --permanent
firewall-cmd --zone=public --add-port=5000/udp --permanent
firewall-cmd --zone=public --add-port=9292/udp --permanent
firewall-cmd --zone=public --add-port=9191/udp --permanent
firewall-cmd --zone=public --add-port=9696/udp --permanent
firewall-cmd --zone=public --add-port=6000-6002/udp --permanent
firewall-cmd --zone=public --add-port=6200-6202/udp --permanent
firewall-cmd --zone=public --add-port=8000-8004/udp --permanent
firewall-cmd --zone=public --add-port=8999/udp --permanent
firewall-cmd --zone=public --add-port=8777/udp --permanent
firewall-cmd --zone=public --add-port=8989/udp --permanent
firewall-cmd --zone=public --add-port=80/udp --permanent
firewall-cmd --zone=public --add-port=8080/udp --permanent
firewall-cmd --zone=public --add-port=443/udp --permanent
firewall-cmd --zone=public --add-port=873/udp --permanent
firewall-cmd --zone=public --add-port=3260/udp --permanent
firewall-cmd --zone=public --add-port=3306/udp --permanent
firewall-cmd --zone=public --add-port=5672/udp --permanent
firewall-cmd --zone=public --add-port=6088/udp --permanent
firewall-cmd --zone=public --add-port=6080/udp --permanent
firewall-cmd --zone=public --add-port=15672/udp --permanent
firewall-cmd --zone=public --add-port=323/udp --permanent
firewall-cmd --zone=public --add-port=11211/udp --permanent
firewall-cmd --zone=public --add-port=123/udp --permanent
firewall-cmd --zone=public --add-port=69/udp --permanent
firewall-cmd --zone=public --add-port=5900-5999/udp --permanent
firewall-cmd --zone=public --add-port=2379-2380/udp --permanent
firewall-cmd --zone=public --add-port=22/udp --permanent
  3. Reload the firewall configuration for the settings to take effect.
    1
    		 
    firewall-cmd --reload