构建openstack YUM源(openstack-kilo on centos7)
1.对于企业的openstack私有云,出于安全和某些因素的考虑,有些服务器无法访问公网,导致服务器无法更新某些RPM包,同时内部常有openstack新特性开发需求,版本的维护与升级,因此非常有必要构建企业私有的openstack YUM源;
1.1构建openstack YUM源有两个步骤:
1.同步(下载)官方的源至企业yum服务器中;
2.重新创建repo并通过nginx(apache)发布;
1.2设置用户名:
hostnamectl set-hostname cloud.htsec.com;
1.3修改/etc/sysconfig/network-scripts/ifcfg-enp0s3文件来设置静态IP:
TYPE=Ethernet #网络类型
DEVICE=enp0s3 #网卡地址代号/子代号
ONBOOT=yes #开机运行
BOOTPROTO=static #使用协议(静态)
IPADDR=192.168.10.200 #IP地址
NETMASK=255.255.255.0 #子网掩码
GATEWAY=192.168.10.1 #网关
HWADDR=00:16:3E:89:85:38 #MAC地址
BROADCAST=216.18.194.199 #广播地址
DNS1=8.8.8.8 #域名解析服务器1
DNS2=8.8.4.4 #域名解析服务器2
1.4手动修改/etc/hosts文件:
192.168.10.200 cloud.htsec.com cloud
1.5禁用selinux:
setenforce 0
1.6关闭防火墙:
systemctl stop firewalld.service
systemctl disable firewalld.service
systemctl status firewalld.service
1.7关闭网络管理:
service NetManager stop
1.8配置每个节点的公钥访问;
1.9配置NTP服务器;
2.YUM源下载:
2.1安装openstack需要用到8个repo,分两类:
1.Centos源:CentOS-Base.repo,CentOS-Debuginfo.repo,CentOS-Media.repo,CentOS-Vault.repo;
2.openstack源及相关依赖源(epel,foreman,puppet):epel.repo,foreman.repo,puppetlabs.repo,rdo-release.repo;
2.2openstack源地址:
1.所有版本的openstack源:https://repos.fedorapeople.org/repos/openstack/
2.openstack-kilo版本源:https://repos.fedorapeople.org/repos/openstack/openstack-kilo/
2.3下载openstack-kilo源:
wget -S -c -r -np -L https://repos.fedorapeople.org/repos/openstack/openstack-kilo/
wget -S -c -r -np -L https://repos.fedorapeople.org/repos/openstack/openstack-juno/
2.4下载epel源:
wget -S -c -r -np -L http://mirrors.yun-idc.com/epel/7/
2.5下载puppetlabs源:
wget -S -c -r -np -L https://yum.puppetlabs.com/el/7/
2.6下载foreman源:
wget -S -c -r -np -L http://yum.theforeman.org/plugins/1.10/el7/
wget -S -c -r -np -L http://yum.theforeman.org/releases/1.10/el7/
2.7下载nginx:
wget -S -c -r -np -L http://nginx.org/packages/centos/7/
2.8CentOS的源可以通过国内的镜像下载:
wget -S -c -r -np -L http://mirrors.sohu.com/centos/7
2.9调整目录结构:
2.9.1创建新的目录:
mkdir -p openstack-kilo openstack-juno epel puppetlabs foreman centos nginx;
2.9.2移动文件:
mv repos.fedorapeople.org/repos/openstack/openstack-kilo/* openstack-kilo/;
mv repos.fedorapeople.org/repos/openstack/openstack-juno/* openstack-juno/;
mv mirrors.yun-idc.com/epel/* epel/;
mv yum.puppetlabs.com/el/* puppetlabs/;
mv yum.theforeman.org/plugins foreman/;
mv yum.theforeman.org/releases foreman/;
mv mirrors.sohu.com/centos/* centos/
mv nginx.org/packages/centos/ nginx/
2.9.3删除不需要的软件包和文件:
find ./ -name index.html* -exec rm -rf {} \;
find ./ -name fedora-* -exec rm -rf {} \;
rm -rf repos.fedorapeople.org/
rm -rf mirrors.yun-idc.com/
rm -rf yum.puppetlabs.com/
rm -rf yum.theforeman.org/
rm -rf mirrors.sohu.com/
rm -rf nginx.org/
3.Nginx配置:
3.1安装nginx rpm包:
rpm -ivh /openstack/nginx/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
3.2修改/etc/yum.repos.d/nginx.repo文件,把yum源指向本地;
[nginx]
name=nginx repo
baseurl=file:///openstack/nginx/centos/7/x86_64
gpgcheck=0
enabled=1
3.3安装nginx:yum install -y nginx;
3.4修改/etc/nginx/conf.d/default.conf文件配置nginx:
server {
listen 80;
server_name cloud.htsec.com;
#charset koi8-r;
#access_log /var/log/nginx/log/host.access.log main;
location / {
#root /usr/share/nginx/html;
root /openstack;
autoindex on;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
3.5服务重启:
systemctl enable nginx
systemctl start nginx
systemctl check nginx
4.制作rdo-release.rpm:
4.1下载rdo-release-kilo-1.src.rpm源码包:
[root@cloud ~]# wget http://cloud.htsec.com/openstack-kilo/rdo-release-kilo-1.src.rpm
4.2创建alan用户和组:
useradd alan;
4.3解压rpm包,会在~目录生成一个rpmbuild目录(其中SOURCE目录下存放repo文件,SPECS目录下存放spec文件):
rpm -i rdo-release-kilo-1.src.rpm;
4.4修改并添加repo文件:
vi rdo-release.repo
[openstack-kilo]
name=OpenStack Kilo Repository
baseurl=http://cloud.htsec.com/openstack-kilo/el7/
skip_if_unavailable=0
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-RDO-kilo
vi rdo-testing.repo
[openstack-kilo-testing]
name=OpenStack Kilo Testing
baseurl=http://cloud.htsec.com/openstack-kilo/testing/el7
skip_if_unavailable=0
gpgcheck=0
enabled=0
vi epel.repo
[epel]
name=EPEL Repository
baseurl=http://cloud.htsec.com/epel/7/x86_64
skip_if_unavailable=0
enabled=1
gpgcheck=0
vi foreman.repo
[foreman-releases]
name=Foreman Releases Repository
baseurl=http://cloud.htsec.com/foreman/releases/1.10/el7/x86_64
enabled=1
gpgcheck=0
[foreman-releases-source]
name=Foreman Releases Source Repository
baseurl=http://cloud.htsec.com/foreman/releases/1.10/el7/source
enabled=1
gpgcheck=0
[foreman-plugins]
name=Foreman Plugins Repository
baseurl=http://cloud.htsec.com/foreman/plugins/1.10/el7/x86_64
enabled=1
gpgcheck=0
[foreman-plugins-source]
name=Foreman Plugins Source Repository
baseurl=http://cloud.htsec.com/foreman/plugins/1.10/el7/source
enabled=1
gpgcheck=0
vi puppetlabs.repo
[puppetlabs-products]
name=Puppet Labs Products
baseurl=http://cloud.htsec.com/puppetlabs/7/products/x86_64
enabled=1
gpgcheck=0
[puppetlabs-deps]
name=Puppet Labs Dependencies
baseurl=http://cloud.htsec.com/puppetlabs/7/dependencies/x86_64
enabled=1
gpgcheck=0
[puppetlabs-devel]
name=Puppet Labs Devel
baseurl=http://cloud.htsec.com/puppetlabs/7/devel/x86_64
enabled=1
gpgcheck=0
vi centos.repo
[base]
name=CentOS7 Base Repository
baseurl=http://cloud.htsec.com/centos/7/os/x86_64
enabled=1
gpgcheck=0
[updates]
name=CentOS7 Updates Repository
baseurl=http://cloud.htsec.com/centos/7/updates/x86_64
enabled=1
gpgcheck=0
[extras]
name=CentOS7 Extras Repository
baseurl=http://cloud.htsec.com/centos/7/extras/x86_64/
enabled=1
gpgcheck=0
[centosplus]
name=CentOS7 Plus Repository
baseurl=http://cloud.htsec.com/centos/7/centosplus/x86_64/
enabled=1
gpgcheck=0
4.5修改.spec文件内容:
vi rdo-release.spec
Name: rdo-release
Version: kilo
Release: 1
Summary: RDO repository configuration
Group: System Environment/Base
License: Apache2
URL: https://github.com/redhat-openstack/rdo-release
Source0: rdo-release.repo
Source2: rdo-testing.repo
Source1: RPM-GPG-KEY-RDO-kilo
Source3: epel.repo
Source4: foreman.repo
Source5: puppetlabs.repo
Source6: centos.repo
Source7: RPM-GPG-KEY-CentOS-7
BuildArch: noarch
%description
This package contains the RDO repository
%install
install -p -d %{buildroot}%{_sysconfdir}/yum.repos.d
install -p -m 644 %{SOURCE0} %{buildroot}%{_sysconfdir}/yum.repos.d
install -p -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/yum.repos.d
install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/yum.repos.d
install -p -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/yum.repos.d
install -p -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/yum.repos.d
install -p -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/yum.repos.d
#GPG Keys
install -p -d %{buildroot}%{_sysconfdir}/pki/rpm-gpg
install -Dpm 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pki/rpm-gpg
install -Dpm 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/pki/rpm-gpg
%files
%{_sysconfdir}/yum.repos.d/*.repo
%{_sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-*
%post
# Adjust repos as per dist and version
source /etc/os-release
DIST=$ID
RELEASEVER=$VERSION_ID
if [ "$DIST" != 'fedora' ]; then
DIST=el
FDIST=el
# $releasever doesn't seem to be a reliable way to get the major version on RHEL
# e.g. if distroverpkg isn't present in yum.conf mine was set to 6Server
# because this was the version of the package redhat-release-server-6Server
RELEASEVER=$(sed -e 's/.*release \([0-9]\+\).*/\1/' /etc/system-release)
else
FDIST=f
fi
for repo in rdo-release rdo-testing epel foreman puppetlabs centos ; do
for var in DIST FDIST RELEASEVER; do
sed -i -e "s/%$var%/$(eval echo \$$var)/g" %{_sysconfdir}/yum.repos.d/$repo.repo
done
done
4.6重新打包rpm:
[root@cloud ~]# rpmbuild -ba rpmbuild/SPECS/rdo-release.spec
4.7把生成的rpm放到指定的目录:
[root@cloud ~]# mv /root/rpmbuild/RPMS/noarch/rdo-release-kilo-1.noarch.rpm /openstack/openstack-kilo/rdo-release-kilo-1-ht.noarch.rpm
[root@cloud ~]# mv /root/rpmbuild/SRPMS/rdo-release-kilo-1.src.rpm /openstack/openstack-kilo/rdo-release-kilo-1-ht.src.rpm
5.安装openstack-kilo:
wget http://cloud.htsec.com/openstack-kilo/rdo-release-kilo-1-ht.noarch.rpm
rpm -ivh rdo-release-kilo-1-ht.noarch.rpm --replacefiles
yum update -y
yum install -y openstack-packstack
packstack --allinone