Openstack私有云平台搭建
这是一个系列笔记,欢迎各位大佬给与指导和交流
第一场:模块一 OpenSatck私有云平台搭建
第一场:模块二 OpenStack私有云服务运维
第一场:模块三 私有云Python运维开发
第二场:模块一 Kubernetes容器云平台搭建
第二场:模块二 Kubernetes容器云服务运维
第二场:模块三 Kubernetes容器云运维开发
第三场:模块一 边缘计算系统运维
第三场:模块二 边缘计算云应用开发
文章目录
- Openstack私有云平台搭建
- 前言
- 题目部分
- 【题目1】1.1.1 基础环境配置[0.2 分]
- 【题目2】1.1.2 Yum 源配置[0.2 分]
- 【题目 3】1.1.3 配置无秘钥 ssh[0.2 分]
- 【题目 4】1.1.4 基础安装[0.2 分]
- 【题目 5】1.1.5 数据库安装与调优[0.5 分]
- 【题目 6】1.1.6 Keystone 服务安装与使用[0.5 分]
- 【题目 7】1.1.7 Glance 安装与使用[0.5 分]
- 【题目 8】1.1.8 Nova 安装与优化[0.5 分]
- 【题目 9】1.1.9 Neutron 安装[0.2 分]
- 【题目 10】1.1.10 Dashboard 安装[0.5 分]
- 【题目 11】1.1.11 Swift 安装[0.5 分]
- 【题目 12】1.1.12 Cinder 创建硬盘[0.5 分]
- 【题目 13】1.1.13 配置主机禁 ping [0.5 分]
- 最后
前言
本节内容:OpenSatck私有云平台搭建
用到的资源和节点规划:
CentOS-7-x86_64-DVD-2009.iso
chinaskills_cloud_iaas_v2.0.3.iso
coreos_production_pxe.vmlinuz
| 节点名称 | ip | 网卡 | 备注 |
|---|---|---|---|
| controller | 192.168.25.100 | eth0 | 与我们交互用 |
| 192.168.200.10 | eth1(内) | 填脚本上 | |
| compute | 192.168.25.200 | eth0 | 与我们交互用 |
| 192.168.200.20 | eth1(内) | 填脚本上 |
做提前准备工作做过可跳过
准备:
1,关防火墙(俩节点都做):
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
临时更改SELinux的模式为Permissive(宽容模式)
Enforcing(强制模式):在这种模式下,SELinux会强制执行其安全策略,阻止不允许的行为,并记录相关的警告和违规行为。
Permissive(宽容模式):在宽容模式下,SELinux不会强制执行其安全策略,但会记录所有的违规行为,就好像它处于强制模式一样。这对于调试和确定哪些操作会被SELinux阻止很有帮助。
Disabled(禁用模式):SELinux完全被禁用,不会加载任何安全策略,也不会记录任何信息。
[root@localhost ~]# setenforce 0
[root@localhost ~]# getenforce 《《《查看
Permissive
永久设置宽容模式(也就是启动时直接以【宽容模式】运行,默认是【强制模式】
[root@localhost ~]# vi /etc/selinux/config
[root@localhost ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=Permissive
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
题目部分
【题目1】1.1.1 基础环境配置[0.2 分]
1.控制节点主机名为 controller,设置计算节点主机名compute;
2.hosts 文件将 IP 地址映射为主机名。
使用提供的用户名密码,登录提供的 OpenStack 私有云平台,在当前租户下,使用 CentOS7.9 镜像,创建两台云主机,云主机类型使用 4vCPU/12G/100G_50G 类型。当前租户下默认存在一张网卡,自行创建第二张网卡并连接至 controller 和 compute 节点(第二张网卡的网段为 10.10.X.0/24,X 为工位号,不需要创建路由)。自行检查安全组策略,以确保网络正常通信与 ssh 连接,然后按以下要求配置服务器:
(1) 设置控制节点主机名为 controller,设置计算节点主机名为 compute;
(2) 修改 hosts 文件将 IP 地址映射为主机名;
完成后提交控制节点的用户名、密码和 IP 地址到答题框。
1,设置控制节点主机名为 controller,设置计算节点主机名为 compute
controller节点:
[root@localhost ~]# hostnamectl set-hostname controller
[root@localhost ~]# bash
[root@controller ~]# hostnamectl set-hostname controller
compute节点:
[root@localhost ~]# hostnamectl set-hostname compute
[root@localhost ~]# bash
[root@compute~]# hostnamectl set-hostname compute
2,修改 hosts 文件将 IP 地址映射为主机名
两个节点一样的操作,此时以controller节点为例:
[root@controller ~]# vi /etc/hosts
[root@controller ~]# cat /etc/hosts
192.168.25.10 controller
192.168.25.20 compute
【题目2】1.1.2 Yum 源配置[0.2 分]
使用提供的http服务地址,分别设置controller 节点和compute 节点的yum源文件http.repo
使用提供的http服务地址,在http服务下,存在centos7.9和iaas的网络yum源使用该http源作为安装iaas平台的网络源。
分别设置 controller 节点和 compute 节点的yum 源文件 http.repo。完成后提交控制节点的用户名、密码和 IP 地址到答题框。
答:这里用的本地仓库,比赛时将其换成http的在线仓库(http://$ip/&src)
1,上传镜像(步骤省略)
2,controller节点:
切换到存放yum配置文件目录下,删除所有系统自带的配置文件,写一个配置本地yum仓库
[root@controller ~]# cd /etc/yum.repos.d
[root@controller yum.repos.d]# rm -rf ./*
[root@controller yum.repos.d]# vi http.repo
【展示】http.repo内容如下所示
[root@controller yum.repos.d]# cat http.repo
[centos]
name=centos
enabled=1
gpgcheck=0
baseurl=file:///opt/centos
[iaas]
name=iaas
enabled=1
gpgcheck=0
baseurl=file:///opt/iaas/iaas-repo
创建文件夹centos和iaas,当作我们的yum仓库
[root@controller yum.repos.d]# mkdir /opt/{centos,iaas}
[root@controller yum.repos.d]# ls /opt
centos iaas
挂载镜像文件至mnt,并复制到我们刚刚创建的仓库
[root@controller yum.repos.d]# mount /root/CentOS-7-x86_64-DVD-2009.iso /mnt/
mount: /dev/loop0 is write-protected, mounting read-only
[root@controller yum.repos.d]# cp -rf /mnt/* /opt/centos/
[root@controller yum.repos.d]# umount /mnt/
[root@controller yum.repos.d]# mount /root/chinaskills_cloud_iaas_v2.0.3.iso /mnt/
mount: /dev/loop0 is write-protected, mounting read-only
[root@controller yum.repos.d]# cp -rf /mnt/* /opt/iaas/
[root@controller yum.repos.d]# umount /mnt/
回到root目录下
[root@controller yum.repos.d]# cd
清除缓存,并验证软件仓库
[root@controller ~]# yum clean all
Loaded plugins: fastestmirror
Cleaning repos: centos iaas
[root@controller ~]# yum repolist
Loaded plugins: fastestmirror
Determining fastest mirrors
centos | 3.6 kB 00:00:00
iaas | 2.9 kB 00:00:00
(1/3): centos/group_gz | 153 kB 00:00:00
(2/3): centos/primary_db | 3.3 MB 00:00:00
(3/3): iaas/primary_db | 597 kB 00:00:00
repo id repo name status
centos centos 4,070
iaas iaas 954
repolist: 5,024
安装vsftpd,用于将controller的yum仓库共享给compute
vim是编辑器
[root@controller ~]# yum install -y vsftpd vim
配置vsftpd匿名访问根目录
[root@controller ~]# echo anon_root=/opt/ >> /etc/vsftpd/vsftpd.conf
重启vsftpd并设置自启动
[root@controller ~]# systemctl restart vsftpd
[root@controller ~]# systemctl enable vsftpd
Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.
3,compute节点:
同样是删除自带的、自己新建写一个http.repo
[root@compute ~]# cd /etc/yum.repos.d
[root@compute yum.repos.d]# rm -rf ./*
[root@compute yum.repos.d]# vi http.repo
【展示】http.repo内容如下所示
这里与controller有所不同,compute使用ftp服务(也就是controller上的vsftpd)访问controller上的软件仓库
[root@compute yum.repos.d]# cat http.repo
[centos]
name=centos
enabled=1
gpgcheck=0
baseurl=ftp://controller/centos
[iaas]name=iaas
enabled=1
gpgcheck=0
baseurl=ftp://controller/iaas/iaas-repo
清除yum缓存并验证
[root@compute yum.repos.d]# yum clean all
Loaded plugins: fastestmirror
Cleaning repos: centos iaas
Cleaning up list of fastest mirrors
[root@compute yum.repos.d]# yum repolist
Loaded plugins: fastestmirror
Determining fastest mirrorscentos | 3.6 kB 00:00:00 iaas | 2.9 kB 00:00:00 (1/3): centos/group_gz | 153 kB 00:00:00 (2/3): iaas/primary_db | 597 kB 00:00:00 (3/3): centos/primary_db | 3.3 MB 00:00:00 repo id repo name statuscentos centos 4,070iaas iaas 954
repolist: 5,024
[root@compute yum.repos.d]
【题目 3】1.1.3 配置无秘钥 ssh[0.2 分]
1,配置 controller 节点可以无秘钥访问 compute 节点。
配置 controller 节点可以无秘钥访问 compute 节点配置完成后,尝试 ssh 连接 compute 节点的 hostname 进行测试。完成后提交 controller 节点的用户名、密码和 IP 地址到答题框。
答:
第一步
[root@controller ~]# ssh-keygen
***********
*全部按回车*
***********
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:6ZOGnzYUirgVqE5NUFfI+j+I6Pr9C2zPeXBbIg8SW/o root@controller
The key`s randomart image is:
+---[RSA 2048]----+
| ....o. |
| . .o |
| ... |
| .oo . .. |
| .o..B .S. |
|...o*.=o+.. |
|o .o=o+B=+ |
| o.+ =E**o |
|+o. ..*++. |
+----[SHA256]-----+
第二步
[root@controller ~]# ssh-copy-id compute
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@compute`s password: ****在这里输入密码 000000 ****
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'compute'"
and check to make sure that only the key(s) you wanted were added.
[root@controller ~]# ssh 'compute'
Last login: Fri Feb 17 10:35:03 2023 from 192.168.25.10
[root@compute ~]# #<<<<<<<在controller通过ssh连接上了compute
!!!一定要退回controller!!!
点击 CTRL+D 或者输入 exit 即可退回controller节点
【题目 4】1.1.4 基础安装[0.2 分]
1,在控制节点和计算节点上分别安装 openstack-iaas 软件包
在控制节点和计算节点上分别安装 openstack-iaas 软件包,根据表 2 配置两个节点脚本文件中的基本变量(配置脚本文件为/etc/openstack/openrc.sh)
【根据提供的信息来配置,赛题上有】
技巧:
a,首先ctrl+v 然后shift+g 再delete,删除每行前1个字符(#号)
b, :%s/PASS=/PASS=000000 快速填充密码(其实就是替换)
答:
这一条命令俩节点都执行,安装openstack软件
[root@controller ~]# yum install -y openstack-iaas
在controller节点上修改配置文件
[root@controller ~]# vim /etc/openstack/openrc.sh
[root@controller ~]# cat /etc/openstack/openrc.sh
#--------------------system Config--------------------##
#Controller Server Manager IP. example:x.x.x.x
HOST_IP=192.168.25.100 《《《 填写自己的controller节点的ip
#Controller HOST Password. example:000000
HOST_PASS=000000
#Controller Server hostname. example:controller
HOST_NAME=controller
#Compute Node Manager IP. example:x.x.x.x
HOST_IP_NODE=192.168.25.200 《《《 填写自己的compte节点的ip
#Compute HOST Password. example:000000
HOST_PASS_NODE=000000
#Compute Node hostname. example:compute
HOST_NAME_NODE=compute
#--------------------Chrony Config-------------------##
#Controller network segment IP. example:x.x.0.0/16(x.x.x.0/24)
network_segment_IP=192.168.25.0/24 《《《 填写自己设置的网段
#--------------------Rabbit Config ------------------##
#user for rabbit. example:openstack
RABBIT_USER=openstack
#Password for rabbit user .example:000000
RABBIT_PASS=000000
#--------------------MySQL Config---------------------##
#Password for MySQL root user . exmaple:000000
DB_PASS=000000
#--------------------Keystone Config------------------##
#Password for Keystore admin user. exmaple:000000
DOMAIN_NAME=demo
ADMIN_PASS=000000
DEMO_PASS=000000
#Password for Mysql keystore user. exmaple:000000
KEYSTONE_DBPASS=000000
#--------------------Glance Config--------------------##
#Password for Mysql glance user. exmaple:000000
GLANCE_DBPASS=000000
#Password for Keystore glance user. exmaple:000000
GLANCE_PASS=000000
#--------------------Placement Config----------------------##
#Password for Mysql placement user. exmaple:000000
PLACEMENT_DBPASS=000000
#Password for Keystore placement user. exmaple:000000
PLACEMENT_PASS=000000
#--------------------Nova Config----------------------##
#Password for Mysql nova user. exmaple:000000
NOVA_DBPASS=000000
#Password for Keystore nova user. exmaple:000000
NOVA_PASS=000000
#--------------------Neutron Config-------------------##
#Password for Mysql neutron user. exmaple:000000
NEUTRON_DBPASS=000000
#Password for Keystore neutron user. exmaple:000000
NEUTRON_PASS=000000
#metadata secret for neutron. exmaple:000000
METADATA_SECRET=000000
#External Network Interface. example:eth1
INTERFACE_NAME=eth1 《《《 填写第二张网卡
#External Network The Physical Adapter. example:provider
Physical_NAME=provider
#First Vlan ID in VLAN RANGE for VLAN Network. exmaple:101
minvlan=101
#Last Vlan ID in VLAN RANGE for VLAN Network. example:200
maxvlan=200
#--------------------Cinder Config--------------------##
#Password for Mysql cinder user. exmaple:000000
CINDER_DBPASS=000000
#Password for Keystore cinder user. exmaple:000000
CINDER_PASS=000000
#Cinder Block Disk. example:md126p3
BLOCK_DISK=sdb1
#--------------------Swift Config---------------------##
#Password for Keystore swift user. exmaple:000000
SWIFT_PASS=000000
#The NODE Object Disk for Swift. example:md126p4.
OBJECT_DISK=sdb2
#The NODE IP for Swift Storage Network. example:x.x.x.x.
STORAGE_LOCAL_NET_IP=192.168.25.200 《《《 填写计算节点ip
#--------------------Trove Config----------------------##
#Password for Mysql trove user. exmaple:000000
TROVE_DBPASS=000000
#Password for Keystore trove user. exmaple:000000
TROVE_PASS=000000
#--------------------Heat Config----------------------##
#Password for Mysql heat user. exmaple:000000
HEAT_DBPASS=000000
#Password for Keystore heat user. exmaple:000000
HEAT_PASS=000000
#--------------------Ceilometer Config----------------##
#Password for Gnocchi ceilometer user. exmaple:000000
CEILOMETER_DBPASS=000000
#Password for Keystore ceilometer user. exmaple:000000
CEILOMETER_PASS=000000
#--------------------AODH Config----------------##
#Password for Mysql AODH user. exmaple:000000
AODH_DBPASS=000000
#Password for Keystore AODH user. exmaple:000000
AODH_PASS=000000
#--------------------ZUN Config----------------##
#Password for Mysql ZUN user. exmaple:000000
ZUN_DBPASS=000000
#Password for Keystore ZUN user. exmaple:000000
ZUN_PASS=000000
#Password for Keystore KURYR user. exmaple:000000
KURYR_PASS=000000
#--------------------OCTAVIA Config----------------##
#Password for Mysql OCTAVIA user. exmaple:000000
OCTAVIA_DBPASS=000000
#Password for Keystore OCTAVIA user. exmaple:000000
OCTAVIA_PASS=000000
#--------------------Manila Config----------------##
#Password for Mysql Manila user. exmaple:000000
MANILA_DBPASS=000000
#Password for Keystore Manila user. exmaple:000000
MANILA_PASS=000000
#The NODE Object Disk for Manila. example:md126p5.
SHARE_DISK=sdb3
#--------------------Cloudkitty Config----------------##
#Password for Mysql Cloudkitty user. exmaple:000000
CLOUDKITTY_DBPASS=000000
#Password for Keystore Cloudkitty user. exmaple:000000
CLOUDKITTY_PASS=000000
#--------------------Barbican Config----------------##
#Password for Mysql Barbican user. exmaple:000000
BARBICAN_DBPASS=000000
#Password for Keystore Barbican user. exmaple:000000
BARBICAN_PASS=000000
###############################################################
#####在vi编辑器中执行:%s/^.\{1\}// 删除每行前1个字符(#号)#####
###############################################################
*******************
* 发送至compute节点 *
*******************
[root@controller ~]# scp /etc/openstack/openrc.sh compute:/etc/openstack
配置文件完成后开始刷初始化脚本,controller和compute节点都要刷这个脚本,下面以controller为例
[root@controller ~]# iaas-pre-host.sh
. .....
Please Reboot or Reconnect the terminal
*******************************************************
*远程工具按CTRL+D断开终端 然后回车重连;或输入重启命令reboot重启虚拟机*
*******************************************************
【题目 5】1.1.5 数据库安装与调优[0.5 分]
1,在控制节点上使用安装 Mariadb、RabbitMQ 等服务。并进行相关操作
在 controller 节点上使用 iaas-install-mysql.sh 脚本安装 Mariadb、Memcached、RabbitMQ 等服务。安装服务完毕后,修改/etc/my.cnf 文件,完成下列要求:
1,设置数据库支持大小写;
2,设置数据库缓存 innodb 表的索引,数据,插入数据时的缓冲为 4G;
3,设置数据库的 log buffer 为 64MB;
4,设置数据库的 redo log 大小为 256MB;
5,设置数据库的 redo log 文件组为 2。
6,修改Memcached 的相关配置,将内存占用大小设置为 512MB,调整最大连接数参数为2048;
7. 调整 Memcached 的数据摘要算法(hash)为 md5;
完成后提交控制节点的用户名、密码和 IP 地址到答题框。
演示一下如何找参数,不属于做题步骤,刷题可直接下拉至【题目五答案】
*****************************
从此处开始演示如何看参数,了解即可
*****************************
[root@controller ~]# mysql -uroot -p000000
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 15
Server version: 10.3.20-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show variables like 'lower%';
+------------------------+-------+
| Variable_name | Value |
+------------------------+-------+
| lower_case_file_system | OFF |
| lower_case_table_names | 0 | <<<<< 1
+------------------------+-------+
MariaDB [(none)]> show variables like 'innodb_buffer_%';
+-------------------------------------+----------------+
| Variable_name | Value |
+-------------------------------------+----------------+
| innodb_buffer_pool_chunk_size | 134217728 |
| innodb_buffer_pool_dump_at_shutdown | ON |
| innodb_buffer_pool_dump_now | OFF |
| innodb_buffer_pool_dump_pct | 25 |
| innodb_buffer_pool_filename | ib_buffer_pool |
| innodb_buffer_pool_instances | 1 |
| innodb_buffer_pool_load_abort | OFF |
| innodb_buffer_pool_load_at_startup | ON |
| innodb_buffer_pool_load_now | OFF |
| innodb_buffer_pool_size | 134217728 | <<<<< 2 注意,确保这个值小于实际主机运存
+-------------------------------------+----------------+
MariaDB [(none)]> show variables like 'innodb_log%';
+-----------------------------+----------+
| Variable_name | Value |
+-----------------------------+----------+
| innodb_log_buffer_size | 16777216 | <<<<< 3
| innodb_log_checksums | ON |
| innodb_log_compressed_pages | ON |
| innodb_log_file_size | 50331648 | <<<<< 4
| innodb_log_files_in_group | 2 | <<<<< 5
| innodb_log_group_home_dir | ./ |
| innodb_log_optimize_ddl | ON |
| innodb_log_write_ahead_size | 8192 |
+-----------------------------+----------+
8 rows in set (0.001 sec)
*********
*演示结束*
*********
题目五答案
答:
第(1)题
[root@controller ~]# iaas-install-mysql.sh
第(2)(3)(4)(5)题
在/etc/my.cnf中添加参数
*************************
CTRL+C返回 controller
*************************
[root@controller ~]# vi /etc/my.cnf
进入/etc/my.cnf后,添加参数如下内容所示
[root@controller ~]# cat /etc/my.cnf
#
# This group is read both both by the client and the server
# use it for options that affect everything
#
[client-server]
#
# This group is read by the server
#
[mysqld]
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
max_connections=10000
*******************************
!!!添加后效果如下 !!!
*******************************
lower_case_table_names=1
innodb_buffer_pool_size=4G
innodb_log_buffer_size=64MB
innodb_log_file_size=256MB
innodb_log_files_in_group=2
#
# include all files from the config directory
#
!includedir /etc/my.cnf.d
重启mysql服务
[root@controller ~]# systemctl restart mariadb
第(6)(7)题
[root@controller ~]# vim /etc/sysconfig/memcached
进入文件后,修改|添加内容如下所示
[root@controller ~]# cat /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="2048" #自带的
CACHESIZE="512" #自带的
hash_algorithm=md5 #添加
OPTIONS="-l 127.0.0.1,::1,controller"
重启memcached服务
[root@controller ~]# systemctl restart memcached
【题目 6】1.1.6 Keystone 服务安装与使用[0.5 分]
1,在控制节点上安装 Keystone 服务并创建用户
如果用的是centos7.9和chinaskill2.0.3需要先执行iaas-pre-host.sh
在上一题刷过了,最晚要在这里刷
在 controller 节点上使用 iaas-install-keystone.sh 脚本安装 Keystone 服务。
然后创建 OpenStack 域 210Demo,其中包含 Engineering 与 Production 项目,在域210Demo 中创建组 Devops,其中需包含以下用户:
1,Robert 用户是 Engineering 项目的用户(member)与管理员(admin),email 地址为:Robert@lab.example.com。
2,George 用 户 是 Engineering 项 目 的 用 户 ( member ), email 地址为:George@lab.example.com。
3, William 用户是 Production 项目的用户(member)与管理员(admin),email 地址为:William@lab.example.com。
完成后提交控制节点的用户名、密码和 IP 地址到答题框。
答:
本题流程:先创建域,再创建项目、用户组,然后创建用户并归纳其领域,最后给用户赋予角色
[root@controller ~]# iaas-install-keystone.sh
加载环境变量
[root@controller ~]# source /etc/keystone/admin-openrc.sh
[root@controller ~]# openstack domain create 210Demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | 70e2158bb8514205a46f745889ce3cbf |
| name | 210Demo |
| options | {} |
| tags | [] |
+-------------+----------------------------------+
[root@controller ~]# openstack group create devops --domain 210Demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| domain_id | 70e2158bb8514205a46f745889ce3cbf |
| id | 8ef3c2447bb942338c297dc7283bc300 |
| name | devops |
+-------------+----------------------------------+
[root@controller ~]# openstack project create Engineering --domain 210Demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| domain_id | 70e2158bb8514205a46f745889ce3cbf |
| enabled | True |
| id | 81d43d1926c04c43b759cd106c49db99 |
| is_domain | False |
| name | Engineering |
| options | {} |
| parent_id | 70e2158bb8514205a46f745889ce3cbf |
| tags | [] |
+-------------+----------------------------------+
[root@controller ~]# openstack project create Production --domain 210Demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| domain_id | 70e2158bb8514205a46f745889ce3cbf |
| enabled | True |
| id | a00b46ac776a4b4b906f8a7416efec4a |
| is_domain | False |
| name | Production |
| options | {} |
| parent_id | 70e2158bb8514205a46f745889ce3cbf |
| tags | [] |
+-------------+----------------------------------+
[root@controller ~]# openstack user create --domain 210Demo --project Engineering Robert --email Robert@lab.example.com
No password was supplied, authentication will fail when a user does not have a password.
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | 81d43d1926c04c43b759cd106c49db99 |
| domain_id | 70e2158bb8514205a46f745889ce3cbf |
| email | Robert@lab.example.com |
| enabled | True |
| id | 35b8a0a9c9c24eb0aa4adfe34c88128f |
| name | Robert |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack user create --domain 210Demo --project Engineering George --email George@lab.example.com
No password was supplied, authentication will fail when a user does not have a password.
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | 81d43d1926c04c43b759cd106c49db99 |
| domain_id | 70e2158bb8514205a46f745889ce3cbf |
| email | George@lab.example.com |
| enabled | True |
| id | f78a82416cb94de29b89930c39bec2b7 |
| name | George |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack user create --domain 210Demo --project Production William --email William@lab.example.com
No password was supplied, authentication will fail when a user does not have a password.
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | a00b46ac776a4b4b906f8a7416efec4a |
| domain_id | 70e2158bb8514205a46f745889ce3cbf |
| email | William@lab.example.com |
| enabled | True |
| id | c1917d1cc59f48bbbf3478896eb6ab4f |
| name | William |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
创建完毕,开始归类
共有三个角色:
Robert > 是Engineering 项目的用户(member)与管理员(admin)
George > 是 Engineering 项 目 的 用 户 ( member )
William > William 用户是 Production 项目的用户(member)与管理员(admin)
[root@controller ~]# openstack role add --user Robert --project Engineering member
[root@controller ~]# openstack role add --user Robert --project Engineering admin
[root@controller ~]# openstack role add --user George --project Engineering member
[root@controller ~]# openstack role add --user William --project Production member
[root@controller ~]# openstack role add --user william --project Production admin
【题目 7】1.1.7 Glance 安装与使用[0.5 分]
1,在控制节点上安装 Glance 服务。上传镜像至平台,并设置镜像启动的要求参数
在 controller 节点上使用 iaas-install-glance.sh 脚本安装 glance 服务。然后使用提供的 coreos_production_pxe.vmlinuz 镜像(该镜像为 Ironic Deploy 镜像,是一个 AWS 内核格式的镜像,在 OpenStack Ironic 裸金属服务时需要用到)上传到 OpenStack 平台中,命名为 deploy-vmlinuz。完成后提交控制节点的用户名、密码和 IP 地址到答题框。
答:
(1)安装
[root@controller ~]# iaas-install-glance.sh
(2)命名:
[root@controller ~]# openstack image create deploy-vmlinuz --container-format aki < coreos_production_pxe.vmlinuz
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| checksum | 69ca72c134cac0def0e6a42b4f0fba67 |
| container_format | aki |
| created_at | 2023-02-25T05:31:25Z |
| disk_format | raw |
| file | /v2/images/07fed3c3-b1b6-4936-972b-f1520d96c4c3/file |
| id | 07fed3c3-b1b6-4936-972b-f1520d96c4c3 |
| min_disk | 0 |
| min_ram | 0 |
| name | deploy-vmlinuz |
| owner | 7fd5f1990385422b8adb9246656f5b78 |
| properties | os_hash_algo='sha512', os_hash_value='7241aeaf86a4f12dab2fccdc4b8ff592f16d13b37e8deda539c97798cdda47623002a4bddd0a89b5d17e6c7bc2eb9e81f4a031699175c11e73dc821030dfc7f4', os_hidden='False' |
| protected | False |
| schema | /v2/schemas/image |
| size | 43288240 |
| status | active |
| tags | |
| updated_at | 2023-02-25T05:31:26Z |
| virtual_size | None |
| visibility | shared |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
【题目 8】1.1.8 Nova 安装与优化[0.5 分]
1,在控制节点和计算节点上分别安装 Nova 服务。安装完成后,完成 Nova 相关配置
在 controller 节点和 compute 节点上分别使用 iaas-install-placement.sh 脚本、 iaas-install-nova -controller.sh 脚本、iaas-install-nova-compute.sh 脚本安装Nova服务。
在 OpenStack 中,修改相关配置文件,修改调度器规则采用缓存调度器,缓存主机信息,提升调度时间。配置完成后提交controller 点的用户名、密码和IP 地址到答题框。
答:
Controller:
[root@controller ~]# iaas-install-placement.sh
[root@controller ~]# iaas-install-nova-controller.sh
Compute:
[root@compute ~]# iaas-install-nova-compute.sh
Controller:
[root@compute ~]# vim /etc/nova/nova.conf
driver = caching_scheduler # 修改
【题目 9】1.1.9 Neutron 安装[0.2 分]
1,在控制和计算节点上正确安装 Neutron 服务
使用提供的脚本 iaas-install-neutron-controller.sh 和 iaas-install-neutron- compute.sh,在 controller 和 compute 节点上安装 neutron 服务。
完成后提交控制节点的用户名、密码和 IP 地址到答题框。
答:
[root@controller ~]# iaas-install-neutron-controller.sh
[root@compute ~]# iaas-install-neutron-compute.sh
【题目 10】1.1.10 Dashboard 安装[0.5 分]
1,在控制节点上安装 Dashboard 服务。安装完成后,将 Dashboard 中的 Django 数据修改为存储在文件中
在 controller 节点上使用 iaas-install-dashboard.sh 脚本安装 Dashboard 服务。安装完成后,修改相关配置文件,完成下列两个操作:
1,使得登录 Dashboard 平台的时候不需要输入域名;
2, 将 Dashboard 中的 Django 数据修改为存储在文件中。
完成后提交控制节点的用户名、密码和 IP 地址到答题框。
技巧:/$str 可以搜索$str,按n键是继续向下搜素
本题只需要操作controller
答:
(1)配置登陆不需要域名
[root@controller ~]# iaas-install-dashboard.sh
[root@controller ~]# vim /etc/openstack-dashboard/local_settings
[root@controller ~]# cat /etc/openstack-dashboard/local_settings |grep OPENSTACK_KEYSTONE_MUL
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False
(2) 将 Dashboard 中的 Django 数据修改为存储在文件中
[root@controller ~]# cat /etc/openstack-dashboard/local_settings |grep SESSION_ENG
# SESSION_ENGINE to django.contrib.sessions.backends.signed_cookies
#SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
SESSION_ENGINE = 'django.contrib.sessions.backends.file'
PS:可能会遇到登陆时,验证失败可能是http://t.csdnimg.cn/Pz0QR
这个问题也可能是数据库没能启动
[root@controller ~]# systemcrl restart httpd.service memcached.service
【题目 11】1.1.11 Swift 安装[0.5 分]
1,在控制节点和计算节点上分别安装 Swift 服务。安装完成后,将 cirros 镜像进行分片存储
在控制节点和计算节点上分别使用 iaas-install-swift-controller.sh 和 iaas- install-swift-compute.sh 脚本安装 Swift 服务。
安装完成后,使用命令创建一个名叫 examcontainer 的容器,将 cirros-0.3.4-x86_64-disk.img 镜像上传到 examcontainer 容器中,并设置分段存放,每一段大小为 10M。
完成后提交控制节点的用户名、密码和 IP 地址到答题框。
注意顺序,刷脚本之前看前面的主机名
答:
首先需要先给compute节点分盘
compute:
查看当前硬盘盘的情况,那个sdb盘50G就是我们添加的挂载盘
[root@compute ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 100G 0 disk
├─sda1 8:1 0 1G 0 part /boot
└─sda2 8:2 0 99G 0 part
├─centos-root 253:0 0 50G 0 lvm /
├─centos-swap 253:1 0 5.9G 0 lvm [SWAP]
└─centos-home 253:2 0 43.1G 0 lvm /home
sdb 8:16 0 50G 0 disk
sr0 11:0 1 4.4G 0 rom
使用fdisk进行分盘,一共分3个盘即可
[root@compute ~]# fdisk /dev/sdb
Welcome to fdisk (util-linux 2.23.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0x54f6f10e.
****分第1个盘****
Command (m for help): n 《《《《《《这里填写 n 意为继续的意思
Partition type:
p primary (0 primary, 0 extended, 4 free)
e extended
Select (default p): 《《《 回车,默认即可
Using default response p
Partition number (1-4, default 1): 《《《 回车,默认即可
First sector (2048-104857599, default 2048): 《《《 回车,默认即可,下一条要手写
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-104857599, default 104857599): +10G 《《《 写上+多少G
Partition 1 of type Linux and of size 10 GiB is set
****分第2个盘****
Command (m for help): n
Partition type:
p primary (1 primary, 0 extended, 3 free)
e extended
Select (default p):
Using default response p
Partition number (2-4, default 2):
First sector (20973568-104857599, default 20973568):
Using default value 20973568
Last sector, +sectors or +size{K,M,G} (20973568-104857599, default 104857599): +10G
Partition 2 of type Linux and of size 10 GiB is set
****分第3个盘****
Command (m for help): n
Partition type:
p primary (2 primary, 0 extended, 2 free)
e extended
Select (default p):
Using default response p
Partition number (3,4, default 3):
First sector (41945088-104857599, default 41945088):
Using default value 41945088
Last sector, +sectors or +size{K,M,G} (41945088-104857599, default 104857599): +10G
Partition 3 of type Linux and of size 10 GiB is set
Command (m for help): w 《《《 意为保存更改并退出
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
再次查看硬盘情况
[root@compute ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 100G 0 disk
├─sda1 8:1 0 1G 0 part /boot
└─sda2 8:2 0 99G 0 part
├─centos-root 253:0 0 50G 0 lvm /
├─centos-swap 253:1 0 5.9G 0 lvm [SWAP]
└─centos-home 253:2 0 43.1G 0 lvm /home
sdb 8:16 0 50G 0 disk
├─sdb1 8:17 0 10G 0 part
├─sdb2 8:18 0 10G 0 part
└─sdb3 8:19 0 10G 0 part
sr0 11:0 1 4.4G 0 rom
[root@compute ~]#
**************
分盘结束
**************
controller:
[root@controller ~]# iaas-install-swift-controller.sh
compute:
[root@compute ~]# iaas-install-swift-compute.sh
controller:
[root@controller ~]# source /etc/keystone/admin-openrc.sh
[root@controller ~]# swift post examcontainer
[root@controller ~]# openstack container list
+---------------+
| Name |
+---------------+
| examcontainer |
+---------------+
[root@controller ~]# ls
anaconda-ks.cfg cirros-0.3.4-x86_64-disk.img
CentOS-7-x86_64-DVD-2009.iso coreos_production_pxe.vmlinuz
chinaskills_cloud_iaas_v2.0.3.iso logininfo.txt
[root@controller ~]# swift upload -S 10M examcontainer cirros-0.3.4-x86_64-disk.img
cirros-0.3.4-x86_64-disk.img segment 1
cirros-0.3.4-x86_64-disk.img segment 0
cirros-0.3.4-x86_64-disk.img
【题目 12】1.1.12 Cinder 创建硬盘[0.5 分]
1,在控制节点和计算节点分别安装 Cinder 服务,请在计算节点,对块存储进行扩容操作
在控制节点和计算节点分别使用 iaas-install-cinder-controller.sh 、 iaas-install-cinder-compute.sh 脚本安装 Cinder 服务,请在计算节点,对块存储进行扩容操作,即在计算节点再分出一个 5G 的分区,加入到 cinder 块存储的后端存储中去。完成后提交计算节点的用户名、密码和 IP 地址到答题框。
先按照上一题的方法,在compute再分一个sdb4出来
答:
[root@controller ~]# iaas-install-cinder-controller.sh
[root@compute ~]# iaas-install-cinder-compute.sh
Compute节点:(我给加了15G的)
[root@compute ~]# pvcreate /dev/sdb4
WARNING: dos signature detected on /dev/sdb4 at offset 510. Wipe it? [y/n]: y
Wiping dos signature on /dev/sdb4.
Physical volume "/dev/sdb4" successfully created.
[root@compute ~]# vgextend cinder-volumes /dev/sdb4
Volume group "cinder-volumes" successfully extended
[root@compute ~]# vgs
VG #PV #LV #SN Attr VSize VFree
centos 1 3 0 wz--n- <99.00g 4.00m
cinder-volumes 2 0 0 wz--n- 39.99g 39.99g
【题目 13】1.1.13 配置主机禁 ping [0.5 分]
1,修改 controller 节点的相关配置文件,配置 controller 节点禁止其他节点可以 ping它
配置完之后。完成后提交 controller 节点的用户名、密码和 IP 地址到答题框。
答:
[root@compute ~]# vim /etc/sysctl.conf
[root@compute ~]# sysctl -p
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.icmp_echo_ignore_all = 1
最后
访问 controller的ip/dashboard即可访问到openstack界面
而且配置了免域名,使用admin/000000即可登陆
欢迎大家来一起交流和交换资源
1053
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
