Shulou(Shulou.com)06/01 Report--

II. Safety

The following table gives a list of services that require a password and their relationships in the guide:

Password

Password name

Description

Database password (variables cannot be used)

Root password of the database

ADMIN_PASS

Admin user password

CEILOMETER_DBPASS

Database password for the Telemetry service

CEILOMETER_PASS

Ceilometer user password for the Telemetry service

CINDER_DBPASS

Database password for block device storage service

CINDER_PASS

Cinder password for the block device storage service

DASH_DBPASS

Database password for the dashboard

DEMO_PASS

Password of the demo user

GLANCE_DBPASS

Database password of the mirroring service

GLANCE_PASS

Glance user password of the mirror service

HEAT_DBPASS

Database password for the Orchestration service

HEAT_DOMAIN_PASS

Password for the Orchestration domain

HEAT_PASS

Password of ``heat`` user in Orchestration service

KEYSTONE_DBPASS

Database password for authentication service

NEUTRON_DBPASS

Database password for network service

NEUTRON_PASS

Neutron user password for the network service

NOVA_DBPASS

The database password of the computing service

NOVA_PASS

Calculate the password of the ``nova`` user in the service

RABBIT_PASS

Guest user password for RabbitMQ

SWIFT_PASS

Password of the object storage service user ``swift``

IV. Host network

The example architecture assumes that the following networks are used:

Management uses 10.0.0.0amp 24 with gateway 10.0.0.1

This network requires a gateway to provide internal administrative access to all nodes, such as package installation, security updates, DNS, and NTP.

Provider network segment 192.168.9.0tic24, gateway 192.168.9.1

This network requires a gateway to provide access to internal instances in the environment.

Network time Protocol (NTP)

You should install Chrony, a solution that synchronizes the service implementation at different nodes: term: `NTP`. We recommend that you configure the controller node to reference a more accurate (lower stratum) NTP server, and then other nodes reference the control node.

VI. OpenStack package

Enable the openstack library

# apt-get install software-properties-common

# add-apt-repository cloud-archive:mitaka

Complete the installation

1. Upgrade the package on the host

# apt-get update & & apt-get dist-upgrade

2. Install the openstack client

# apt-get install python-openstackclient

7. MYSQL database

Most OpenStack services use SQL databases to store information. Typically, the database runs on the control node. The steps in the guide use MariaDB or MySQL depending on the distribution. The OpenStack service also supports other SQL databases, including `PostgreSQL `_ _.

1. Secure and configure components

# apt-get install mariadb-server python-pymysql

2. Set the appropriate password for the database user ``root``.

3. Create and edit / etc/mysql/conf.d/openstack.cnf, and then complete the following actions:

In the [mysqld] section, set the ``bind- address`` value to the management network IP address of the control node so that other nodes can access the database through the management network:

[mysqld]... bind-address = 10.0.0.11

In the ``[mysqld]`` section, set the following keys to enable a useful option and the UTF-8 character set: [mysqld]. Default-storage-engine = innodbinnodb_file_per_tablemax_connections = 4096collation-server = utf8_general_cicharacter-set-server = utf8

4. Complete the installation

Restart the database service

Service mysql restart

Execute the mysql_secure_installation script to secure the database.

Mysql_secure_installation

Message queuing

OpenStack uses messagequeue to coordinate operations and status information for each service. The message queuing service generally runs on the control node. OpenStack supports several message queuing services including RabbitMQ, Qpid, and ZeroMQ. However, most distributions of OpenStack packages support specific message queuing services. This guide installs the RabbitMQ message queuing service because it is supported by most distributions. If you want to install different message queuing services, query the documentation associated with it.

Secure and configure components

1. Install the package

Apt-get install rabbitmq-server

2. Add openstack users:

# rabbitmqctl add_user openstack RABBIT_PASSCreating user "openstack" .done.

Replace RABBIT_DBPASS with the appropriate password.

3. Configure write and read permissions for ``openstack`` users:

# rabbitmqctl set_permissions openstack ". *" Setting permissions for user "openstack" in vhost "/" .done.

9. Memcached cache token authentication service authentication cache uses Memcached cache token. The cache service memecached runs on the control node. In production deployment, we recommend that you jointly enable firewall, authentication, and encryption to ensure its security.

Secure and configure components

1. Install the soft package

Apt-get install memcached python-memcache

2. Edit / etc/memcached.conf file and configuration service use the control node to manage the IP address, so that other nodes can access the control node through the management network.

-l 10.0.0.11

3. Complete the installation

Restart the Memcached service:

Service memcached restart

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.