目录:
第一节 多节点OpenStack Charms 部署指南0.0.1.dev223–1--OpenStack Charms 部署指南
第二节 多节点OpenStack Charms 部署指南0.0.1.dev223–2-安装MAAS
第三节 多节点OpenStack Charms 部署指南0.0.1.dev223–3-安装Juju
第四节 多节点OpenStack Charms 部署指南0.0.1.dev223–4-安装openstack
第五节 多节点OpenStack Charms 部署指南0.0.1.dev223–5--使bundle安装openstack
第六节 多节点OpenStack Charms 部署指南0.0.1.dev223–6--配置vault和设置数字证书生命周期
第七节 多节点OpenStack Charms 部署指南0.0.1.dev223–7--juju 离线部署bundle
第八节 多节点OpenStack Charms 部署指南0.0.1.dev223–8--配置 OpenStack
附录 t 多节点OpenStack Charms 部署指南0.0.1.dev223–附录T–OpenStack 高可用性
第九节 多节点OpenStack Charms 部署指南0.0.1.dev223–9--网络拓扑
第十节 多节点OpenStack Charms 部署指南0.0.1.dev223–10–OpenStack 高可用基础架构实际
第十一节 多节点OpenStack Charms 部署指南0.0.1.dev223–11–访问Juju仪表板
第十二节 多节点OpenStack Charms 部署指南0.0.1.dev223–12–OpenStack 配置openstack失败后处理
第十三节 多节点OpenStack Charms 部署指南0.0.1.dev223–13–OpenStack配置高可用后无法登陆openstack dashboard
第十四节 多节点OpenStack Charms 部署指南0.0.1.dev223–14–ssh端口转发解决IDC机房国际线路不良问题
第十五节 多节点OpenStack Charms 部署指南0.0.1.dev299–15–OpenStack 实例高可用
第十六节 多节点OpenStack Charms 部署指南0.0.1.dev299–16–OpenStack基础架构高可用The easyrsa resource is missing. .
第十七节 多节点OpenStack Charms 部署指南0.0.1.dev303–17–修改实例数量等quota上限
第十八节 多节点OpenStack Charms 部署指南0.0.1.dev303–18–backup备份
第十九节 多节点OpenStack Charms 部署指南0.0.1.dev303–19–juju log
第二十节 多节点OpenStack Charms 部署指南0.0.1.dev303–20–控制器高可用性
第二十一节 多节点OpenStack Charms 部署指南0.0.1.dev303–21–控制器备份和还原
第二十二节 多节点OpenStack Charms 部署指南0.0.1.dev223–22-- Resource: res_masakari_haproxy not running
第二十三节 多节点OpenStack Charms 部署指南0.0.1.dev223–23-登录openstack-dashboad,SSLError(SSLCertVerificationError
第二十四节 多节点OpenStack Charms 部署指南0.0.1.dev223–24-Resource: res_masakari_f8b6bde_vip not running
第二十五节 多节点OpenStack Charms 部署指南0.0.1.dev223–25–rsyslog 日志服务器构建实际
第二十六节 多节点OpenStack Charms 部署指南0.0.1.dev223–26–跨model 建立关系构建rsyslog 日志服务器构建实际
第二十七节 多节点OpenStack Charms 部署指南0.0.1.dev223–27–Charm Hook
第二十八节 多节点OpenStack Charms 部署指南0.0.1.dev223–28–Command run
第三十节 多节点OpenStack Charms 部署指南0.0.1.–30–参考体系结构—Dell EMC硬件上的Canonical Charmed OpenStack(Ussuri)
第三十一节 多节点OpenStack Charms 部署指南0.0.1.–31–vm hosting-1
第三十二节 多节点OpenStack Charms 部署指南0.0.1.–32–vm hosting-2-VM host networking (snap/2.9/UI)
第三十三节 多节点OpenStack Charms 部署指南0.0.1.–33–vm hosting-3-Adding a VM host (snap/2.9/UI)
第三十四节 多节点OpenStack Charms 部署指南0.0.1.–34–vm hosting-4-VM host存储池和创建和删除vm (snap/2.9/UI)
第三十五节 多节点OpenStack Charms 部署指南0.0.1.–35–Command export-bundle备份opensack并重新部署openstack
第三十六节 多节点openstack charms 部署指南0.0.1-36-graylog实际-1
第三十七节 多节点openstack charms 部署指南0.0.1-37-graylog实际-2
第三十八节 多节点openstack charms 部署指南0.0.1-38-graylog实际-3
第三十九节 多节点openstack charms 部署指南0.0.1-39-graylog-4-filebeat
第四十节 多节点openstack charms 部署指南0.0.1-40-prometheus2
重新部署openstack-base70后很长时间,没进行配置,春节前想着配置下,然后在上面跑k8s,不幸的是,source openrcv3_project后,出错了:
source openrcv3_project
echo $OS_USERNAME
admin
openstack endpoint list --interface admin
Failed to discover available identity versions when contacting https://10.0.2.81:5000/v3. Attempting to parse version from URL.
SSL exception connecting to https://10.0.2.81:5000/v3/auth/tokens: HTTPSConnectionPool(host=‘10.0.2.81’, port=5000): Max retries exceeded with url: /v3/auth/tokens (Caused by SSLError(SSLError(“bad handshake: Error([(‘SSL routines’, ‘tls_process_server_certificate’, ‘certificate verify failed’)],)”,),))
再次source openrc:
source openrc
openstack endpoint list --interface admin
Could not find a suitable TLS CA certificate bundle, invalid path: /tmp/root-ca.crt
开始有些困惑,以为是需要做TLS配置,但是配置几次都出现问题,配置不通。
困惑了几天,然后去论坛提问,答疑者说希望我将bundle.yaml贴他给他看看。
贴了之后,答疑者回复说你的OS_CACERT=/home/ubuntu/snap/openstackclients/common/root-ca.crt啊,而不是在 /tmp/root-ca.crt
当时更加困惑了,以前看的文档里不是说产生的根证书在 /tmp/root-ca.crt 么。
然后再次看了看openrc,没发现什么特别的问题。
突然发现,openstack base怎么版本变openstack base#72了,笔者一直部署的#70。
后来直接再次部署了bundle openstack-base#72,在 juju run-action --wait vault/leader 'generate-root-ca'
前,将/root/snap/openstackclient/common/root-ca.crt和/tmp/root-ca.crt删除,然后 juju run-action --wait vault/leader ‘generate-root-ca’,发现果然在/tmp目录下没有生成root-ca.crt根证书文件,而是在/root/snap/openstackclient/common/root-ca.crt,再次source openrc
,顺利的部署成功openstack
openstack endpoint list --interface admin
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------------------+
| 075e5dbf0bf94c99b1863441ce7cab42 | RegionOne | swift | object-store | True | admin | https://10.0.2.103:443/swift |
| 2a91f454e99c47bbae6959be815e4f76 | RegionOne | cinderv2 | volumev2 | True | admin | https://10.0.2.110:8776/v2/$(tenant_id)s |
| 522bdd0accc64aeba73d1ad9414765da | RegionOne | s3 | s3 | True | admin | https://10.0.2.103:443/ |
| 5763f522530145ed90513f97fd734fdd | RegionOne | glance | image | True | admin | https://10.0.2.96:9292 |
| 5dcf573397954218917df491e7f868b9 | RegionOne | keystone | identity | True | admin | https://10.0.2.101:35357/v3 |
| a17a3f32438640f68dfce72763390765 | RegionOne | neutron | network | True | admin | https://10.0.2.113:9696 |
| daaa222120dc4ed2bbc7341590a3acdb | RegionOne | placement | placement | True | admin | https://10.0.2.99:8778 |
| dfab9da33a974dc1b15228a18fac90c7 | RegionOne | cinderv3 | volumev3 | True | admin | https://10.0.2.110:8776/v3/$(tenant_id)s |
| f4b5e242719a48088df20621dea5d643 | RegionOne | nova | compute | True | admin | https://10.0.2.105:8774/v2.1 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------------------+
。
看来是在bundle中,执行juju run-action --wait vault/leader 'generate-root-ca'
后,生成的根证书文件目录发生了变更。
对比下openrc:
openstack-base#70:
if [ ! -z $JUJU_MODEL ]; then
_juju_model_arg="-m $JUJU_MODEL"
fi
_keystone_major_version=$(juju status $_juju_model_arg keystone --format yaml| \
awk '/^ version:/ {print $2; exit}' | cut -f1 -d\.)
_keystone_preferred_api_version=$(juju config $_juju_model_arg keystone preferred-api-version)
_root_ca=/tmp/root-ca.crt
juju run $_juju_model_arg --unit vault/leader 'leader-get root-ca' > /tmp/root-ca.crt 2>/dev/null
if [ $_keystone_major_version -ge 13 -o \
"$_keystone_preferred_api_version" = '3' ]; then
echo Using Keystone v3 API
. $(dirname ${BASH_SOURCE[0]})/openrcv3_project
else
echo Using Keystone v2.0 API
. $(dirname ${BASH_SOURCE[0]})/openrcv2
fi
openstack-base#72:
if [ ! -z $JUJU_MODEL ]; then
_juju_model_arg="-m $JUJU_MODEL"
fi
_keystone_major_version=$(juju status $_juju_model_arg keystone --format yaml| \
awk '/^ version:/ {print $2; exit}' | cut -f1 -d\.)
_keystone_preferred_api_version=$(juju config $_juju_model_arg keystone preferred-api-version)
# The per user snap data directory is not created until first execution of snap
openstack --version 2>&1 > /dev/null || true
if [ -d ~/snap/openstackclients/common/ ]; then
# When using the openstackclients confined snap the certificate has to be
# placed in a location reachable by the clients in the snap.
_root_ca=~/snap/openstackclients/common/root-ca.crt
else
_root_ca=/tmp/root-ca.crt
fi
juju run $_juju_model_arg --unit vault/leader 'leader-get root-ca' > $_root_ca 2>/dev/null
if [ $_keystone_major_version -ge 13 -o \
"$_keystone_preferred_api_version" = '3' ]; then
echo Using Keystone v3 API
. $(dirname ${BASH_SOURCE[0]})/openrcv3_project
else
echo Using Keystone v2.0 API
. $(dirname ${BASH_SOURCE[0]})/openrcv2
fi
看来是在source openrc
设置环境变量时,本来要用 /tmp/root-ca.crt ,但是执行bundle openstack-base时,生成的根证书是在/root/snap/openstackclient/common/root-ca.crt目录,所以source失败。