一、环境准备
1.1、服务器准备
主机名 | 系统 | 网卡 |
---|---|---|
ct(控制节点) | centos7 | 虚拟:172.16.100.254 nat:192.168.100.254 |
c2 (计算节点1) | centos7 | 虚拟:172.16.100.252 nat:192.168.100.252 |
虚拟机必须开启cpu虚拟化
1.2、关闭防火墙与selinux(两台主机都要进行操作)
目录
1.4、配置本地yum源使其用来安装基本操作命令(两台主机进行同样的操作)
1.5、安装wget命令,用以配置阿里源(两三台主机进行同样操作)
1.6、安装所需的软件,保证是最新版的(两台主机进行同样的操作)
二、安装openstack Train版(两台机器都要进行安装,保证是最新版)
systemctl stop firewalld #关闭防火墙 systemctl disable firewalld #永久关闭防火墙 setenforce 0 #关闭selinux vi /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled #改为disabled,开机自动关闭selinux # SELINUXTYPE= can take one of three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
1.3、修改主机名
控制节点
hostnamectl set-hostname ct su
计算节点1
hostnamectl set-hostname c2 su
1.4、配置本地yum源使其用来安装基本操作命令(两台主机进行同样的操作)
[root@c2 /]rm -rf /etc/yum.repos.d/* #先删除本地的网络源 [root@c2 /] [root@c2 /]vi /etc/yum.repos.d/centos.repo #编写新的本地源 [centos] name=centos baseurl=file:///mnt gpgcheck=0 enabled=1 :wq [root@c2 /]lsblk #查看磁盘镜像文件 NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 20G 0 disk ├─sda1 8:1 0 300M 0 part /boot ├─sda2 8:2 0 2G 0 part [SWAP] └─sda3 8:3 0 17.7G 0 part / sr0 11:0 1 1024M 0 rom // 镜像文件不存在,手动添加。 选择 虚拟机——>设置——>CD/DVD(IDE)——>设备状态全勾选——>连接(选择使用IOS镜像文件——>浏览找到存放在物理机上的镜像)——>确定 [root@c2 /]lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 20G 0 disk ├─sda1 8:1 0 300M 0 part /boot ├─sda2 8:2 0 2G 0 part [SWAP] └─sda3 8:3 0 17.7G 0 part / sr0 11:0 1 4.3G 0 rom [root@c2 /]mount /dev/sr0 /mnt/ mount: /dev/sr0 写保护,将以只读方式挂载 [root@c2 /]df -hT 文件系统 类型 容量 已用 可用 已用% 挂载点 /dev/sda3 xfs 18G 1.2G 17G 7% / devtmpfs devtmpfs 1.9G 0 1.9G 0% /dev tmpfs tmpfs 1.9G 0 1.9G 0% /dev/shm tmpfs tmpfs 1.9G 12M 1.9G 1% /run tmpfs tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup /dev/sda1 xfs 297M 120M 177M 41% /boot tmpfs tmpfs 378M 0 378M 0% /run/user/0 /dev/sr0 iso9660 4.3G 4.3G 0 100% /mnt //挂载成功 [root@c2 /] [root@c2 /]yum clean all // 清空yum源缓存 已加载插件:fastestmirror 正在清理软件源: centos [root@c2 /] [root@c2 /]yum repolist
// 生成新的缓存 已加载插件:fastestmirror Determining fastest mirrors centos | 3.6 kB 00:00:00 (1/2): centos/group_gz | 166 kB 00:00:00 (2/2): centos/primary_db | 3.1 MB 00:00:00 源标识 源名称 状态 centos centos 4,021 repolist: 4,021 // 出现数字代表生成缓存成功 [root@c2 /]
1.5、安装wget命令,用以配置阿里源(两三台主机进行同样操作)
[root@c2 /]yum install -y wget ………………………… ………………………… 正在安装 : wget-1.14-18.el7.x86_64 1/1 验证中 : wget-1.14-18.el7.x86_64 1/1 已安装: wget.x86_64 0:1.14-18.el7 [root@c2 /] cd /etc/yum.repos.d/ [root@c2 yum.repos.d]wget http://mirrors.aliyun.com/repo/Centos-7.repo
1.6、安装所需的软件,保证是最新版的(两台主机进行同样的操作)
[root@c2 /]yum -y install net-tools bash-completion vim gcc gcc-c++ make pcre pcre-devel expat-devel cmake bzip2 lrzsz --nogpgcheck 已加载插件:fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com 软件包 net-tools-2.0-0.25.20131004git.el7.x86_64 已安装并且是最新版本 软件包 1:bash-completion-2.1-8.el7.noarch 已安装并且是最新版本 软件包 2:vim-enhanced-7.4.629-8.el7_9.x86_64 已安装并且是最新版本 软件包 gcc-4.8.5-44.el7.x86_64 已安装并且是最新版本 软件包 gcc-c++-4.8.5-44.el7.x86_64 已安装并且是最新版本 软件包 1:make-3.82-24.el7.x86_64 已安装并且是最新版本 软件包 pcre-8.32-17.el7.x86_64 已安装并且是最新版本 软件包 pcre-devel-8.32-17.el7.x86_64 已安装并且是最新版本 软件包 expat-devel-2.1.0-14.el7_9.x86_64 已安装并且是最新版本 软件包 cmake-2.8.12.2-2.el7.x86_64 已安装并且是最新版本 软件包 bzip2-1.0.6-13.el7.x86_64 已安装并且是最新版本 软件包 lrzsz-0.12.20-36.el7.x86_64 已安装并且是最新版本 无须任何处理 [root@c2 /]yum -y install centos-release-openstack-train python-openstackclient openstack-selinux openstack-utils --nogpgcheck 已加载插件:fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * centos-ceph-nautilus: mirrors.tuna.tsinghua.edu.cn * centos-nfs-ganesha28: mirrors.aliyun.com * centos-openstack-train: mirrors.aliyun.com * centos-qemu-ev: mirrors.tuna.tsinghua.edu.cn * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com 软件包 centos-release-openstack-train-1-1.el7.centos.noarch 已安装并且是最新版本 软件包 python2-openstackclient-4.0.2-1.el7.noarch 已安装并且是最新版本 软件包 openstack-selinux-0.8.26-1.el7.noarch 已安装并且是最新版本 软件包 openstack-utils-2017.1-1.el7.noarch 已安装并且是最新版本 无须任何处理 [root@c2 /]
软件解释
net-tools:ifconfig命令行工具 bash-completion:辅助自动补全工具 vim:vim工具 gcc gcc-c++:编译环境 make:编译器 pcre pcre-devel:是一个Perl库,包括 perl 兼容的正则表达式库 expat-devel:Expat库,Expat是一个面向流的xml解析器 cmake:CMake是一个跨平台的编译工具,CMkae目前主要使用场景是作为make的上层工具,产生可移植的 makefile文件 lrzsz:可使用rz、sz命令上传、下载数据
OpenStack 的 train 版本仓库源安装包,同时安装 OpenStack 客户端和 openstack-selinux 安装包
1.7、配置主机映射(两台服务器进行同样的操作)
[root@c2 /]echo "172.16.100.252 c2" >> /etc/hosts [root@c2 /]echo "172.16.100.254 ct" >> /etc/hosts [root@c2 /]cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 172.16.100.252 ct 172.16.100.254 c2 [root@c2 /]
1.8、节点免交互(所有节点都要进行操作)
[root@c2 /]ssh-keygen -t rsa // 创建非对称密钥 Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): // 回车:默认密钥存放位置 Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): // 回车:无需密钥对密码 Enter same passphrase again: // 回车确认 Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:fO0ZiFxs4V0QVchxQmXCUB6fQFKhuJSs1H0mmHudFm8 root@c2 The key's randomart image is: +---[RSA 2048]----+ | ..*#@==| | oo*ooo=B.| | . O=+.+...| | .oo+oo= + | | .Soo.o+ E | | ....o. | | o | | | | | +----[SHA256]-----+ [root@c2 /] [root@c2 /]ssh-copy-id ct //上传公钥到ct控制节点 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host 'ct (172.16.100.252)' can't be established. ECDSA key fingerprint is SHA256:ghI++HlCm85UJ8SlEZgTONJlpZTiWWfzekzsP7Uk13I. ECDSA key fingerprint is MD5:42:c0:7f:24:9a:e3:0c:39:ce:11:30:e7:75:bd:c3:99. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@ct's password: // 密码 Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'ct'" and check to make sure that only the key(s) you wanted were added. [root@c2 /]
报错1、
[root@c2 .ssh]ssh-copy-id ct /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ ERROR: @ WARNING: POSSIBLE DNS SPOOFING DETECTED! @ ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ ERROR: The ECDSA host key for ct has changed, ERROR: and the key for the corresponding IP address 172.16.100.254 ERROR: is unknown. This could either mean that ERROR: DNS SPOOFING is happening or the IP address for the host ERROR: and its host key have changed at the same time. ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ ERROR: @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ ERROR: IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! ERROR: Someone could be eavesdropping on you right now (man-in-the-middle attack)! ERROR: It is also possible that a host key has just been changed. ERROR: The fingerprint for the ECDSA key sent by the remote host is ERROR: SHA256:i9DVGnRV1H8RZIHtt3d42oyJX2WY4G1fpocsqlZ+4CA. ERROR: Please contact your system administrator. ERROR: Add correct host key in /root/.ssh/known_hosts to get rid of this message. ERROR: Offending ECDSA key in /root/.ssh/known_hosts:1 ERROR: ECDSA host key for ct has changed and you have requested strict checking. ERROR: Host key verification failed.
输入以下指令:
[root@c2 .ssh]ssh-keygen -R 172.16.100.254 # Host 172.16.100.254 found: line 3 /root/.ssh/known_hosts updated. Original contents retained as /root/.ssh/known_hosts.old [root@c2 .ssh]ssh-copy-id ct /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host 'ct (172.16.100.254)' can't be established. ECDSA key fingerprint is SHA256:i9DVGnRV1H8RZIHtt3d42oyJX2WY4G1fpocsqlZ+4CA. ECDSA key fingerprint is MD5:aa:cc:3e:46:5c:83:3c:03:d6:1a:d0:14:00:2d:72:44. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@ct's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'ct'" and check to make sure that only the key(s) you wanted were added. [root@c2 .ssh]ssh ct Last login: Thu Jun 2 03:27:20 2022 from 192.168.100.1 -bash-4
版权声明:本文为ylqzlc原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。