23年 第一部分(题目整理)
私有云
一.私有云环境
基础环境配置
使用CentOS镜像创建两台云主机,第一张网卡使用提供的网络,第二张网卡使用的网络自行创建。创建完云主机后确保网络正常通信,然后按以下要求配置服务器:
-
配置ip
-
设置控制节点主机名为controller,设置计算节点主机名为compute
-
修改hosts文件将IP地址映射为主机名
-
关闭防火墙并设置为开机不启动
-
设置SELinux为Permissive模式并设置永久 关闭并用getenforce命令查看
-
请查看控制节点和计算节点主机名,使用命令查看SELinux状态,使用head命令、tail命令和cut命令提取出永久关闭SELinux的关键信息
1.配置ip
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens34
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens34
UUID=5afd7d48-8870-4f02-bf26-4c432250cf9b
DEVICE=ens34
ONBOOT=yes
IPADDR=192.168.20.10
PREFIX=24
GATEWAY=192.168.20.1
2.设置控制节点主机名为controller,设置计算节点主机名为compute
[root@localhost ~]# hostnamectl set-hostname controller
[root@localhost ~]# hostnamectl set-hostname compute
[root@localhost ~]# bash
3.修改hosts文件将IP地址映射为主机名
[root@controller ~]# echo -e "192.168.10.100 controller\n192.168.10.200 compute">>/etc/hosts
[root@controller ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.10.100 controller
192.168.10.200 compute
4.关闭防火墙并设置为开机不启动
[root@controller ~]# systemctl stop firewalld
[root@controller ~]# systemctl disable firewalld
5.设置SELinux为Permissive模式并设置永久 关闭并用getenforce命令查看
[root@controller ~]# sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
#临时设置生效(因为没有重启生效)
[root@controller ~]# setenforce 0
[root@controller ~]# getenforce
Permissive
6.请查看控制节点和计算节点主机名,使用命令查看SELinux状态,使用head命令、tail命令和cut命令提取出永久关闭SELinux的关键信息
[root@controller ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted 配置无秘钥ssh
无秘钥连接controller节点和compute节点,配置完成后并完成ssh连接两个节点的hostname进行测试。
[root@controller ~]# ssh-keygen
[root@controller ~]# ssh-copy-id root@controller
[root@controller ~]# ssh-copy-id root@compute
[root@compute ~]# ssh-keygen
[root@compute ~]# ssh-copy-id root@controller
[root@compute ~]# ssh-copy-id root@compute
[root@controller ~]# ssh root@compute
Last login: Thu Sep 7 04:31:56 2023 from gateway
[root@compute ~]# ssh root@controller
Last login: Thu Sep 7 04:47:34 2023 from gateway挂载安装光盘镜像
将提供的相关镜像上传到Controller节点/root目录下,然后在/opt目录下使用一条命令创建/centos目录和/iaas目录,并将系统镜像文件挂载到/centos目录下,将镜像文件比赛包挂载到/iaas目录下。
[root@controller ~]# mkdir /opt/{centos,iaas}
[root@controller ~]# mount -O loop CentOS-7-x86_64-DVD-1810.iso /mnt/
mount: /dev/loop0 is write-protected, mounting read-only
[root@controller ~]# cp -rf /mnt/* /opt/centos/
[root@controller ~]# umount /mnt/
[root@controller ~]# mount -O loop chinaskills_cloud_iaas.iso /mnt/
mount: /dev/loop0 is write-protected, mounting read-only
[root@controller ~]# cp /mnt/* /opt/iaas/
[root@controller ~]# cp -rf /mnt/* /opt/iaas/
[root@controller ~]# umount /mnt/搭建文件共享服务器
在 Controller 节点上安装 vsftp 服务器,将/opt目录设为共享,然后重启服务生效。设置开机自启动
[root@controller ~]# mkdir yum
[root@controller ~]# mv /etc/yum.repos.d/* yum/
[root@controller ~]# vi /etc/yum.repo.d/local.repo
[centos]
name=centos
baseurl=file:///opt/centos
gpgcheck=0
enabled=1
[iaas]
name=iaas
baseurl=file:///opt/iaas/iaas-repo
gpgcheck=0
enabled=1
[root@controller ~]# yum clean all
[root@controller ~]# yum repolist
[root@controller ~]# yum -y install vsftpd
[root@controller ~]# echo "anon_root=/opt">>/etc/vsftpd/vsftpd.conf
[root@controller ~]# systemctl restart vsftpd
[root@controller ~]# systemctl enable vsftpd Yum源配置
使用提供的http服务地址,在http服务下,存在centos7.5和iaas的网络yum源,使用该ftp源作为安装iaas平台的网络源。分别设置controller节点和compute节点的yum源文件ftp.repo。配置ftp源时不要写IP地址。yum list | grep xiandian
[root@controller ~]# mkdir yum
[root@controller ~]# mv /etc/yum.repos.d/* yum/
[root@controller ~]# vi /etc/yum.repos.d/ftp.repo
[centos]
name=centos
baseurl=ftp://controller/centos
gpgcheck=0
enabled=1
[iaas]
name=iaas
baseurl=ftp://controller/iaas/iaas-repo
gpgcheck=0
enabled=1
[root@controller ~]# yum clean all
[root@controller ~]# yum repolist
[root@compute ~]# mkdir yum
[root@compute ~]# mv /etc/yum.repos.d/* yum/
[root@controller ~]# scp /etc/yum.repos.d/ftp.repo root@compute:/etc/yum.repos.d/ftp.repo
[root@compute ~]# yum clean all
[root@compute ~]# yum repolist时间同步配置
在controller节点上部署chrony服务器,允许其他节点同步时间,启动服务并设置为开机启动;在compute节点上指定controller节点为上游NTP服务器,重启服务并设为开机启动。在控制节点上使用chronyc命令同步控制节点的系统时间。
[root@controller ~]# yum -y install chrony
[root@controller ~]# vi /etc/chrony.conf
#server 192.168.10.100 iburst
allow 192.168.10.0/24
local stratum 10
[root@controller ~]# systemctl restart chronyd
[root@controller ~]# systemctl enable chronyd
[root@compute ~]# vi /etc/chrony.conf
server 192.168.10.100 iburst
[root@compute ~]# systemctl restart chronyd
[root@compute ~]# systemctl enable chronyd
#成功的^*
[root@compute ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* controller 10 6 37 2 +3306ns[ +754us] +/- 792us
#失败的^?
[root@compute ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? controller 0 6 0 - +0ns[ +0ns] +/- 0ns计算节点分区
1.在compute节点上利用空白分区划分2个20G分区。
2.要求分区格式为 gpt, 使用 mkfs.xfs 命令对文件系统格式化。lsblk -f
[root@compute ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 200G 0 disk
├─sda1 8:1 0 1G 0 part /boot
└─sda2 8:2 0 197.9G 0 part
├─centos-root 253:0 0 190G 0 lvm /
└─centos-swap 253:1 0 7.9G 0 lvm [SWAP]
sdb 8:16 0 100G 0 disk
sr0 11:0 1 4.3G 0 rom
[root@compute ~]# fdisk /dev/sdb
Welcome to fdisk (util-linux 2.23.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0xa15490cf.
Command (m for help): g
Building a new GPT disklabel (GUID: 6F23948E-6A74-4C5E-8282-CF3F04E4238A)
Command (m for help): n
Partition number (1-128, default 1):
First sector (2048-209715166, default 2048):
Last sector, +sectors or +size{K,M,G,T,P} (2048-209715166, default 209715166): +20G
Created partition 1
Command (m for help): n
Partition number (2-128, default 2):
First sector (41945088-209715166, default 41945088):
Last sector, +sectors or +size{K,M,G,T,P} (41945088-209715166, default 209715166): +20G
Created partition 2
Command (m for help): p
Disk /dev/sdb: 107.4 GB, 107374182400 bytes, 209715200 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: gpt
Disk identifier: 6F23948E-6A74-4C5E-8282-CF3F04E4238A
# Start End Size Type Name
1 2048 41945087 20G Linux filesyste
2 41945088 83888127 20G Linux filesyste
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
[root@compute ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 200G 0 disk
├─sda1 8:1 0 1G 0 part /boot
└─sda2 8:2 0 197.9G 0 part
├─centos-root 253:0 0 190G 0 lvm /
└─centos-swap 253:1 0 7.9G 0 lvm [SWAP]
sdb 8:16 0 100G 0 disk
├─sdb1 8:17 0 20G 0 part
└─sdb2 8:18 0 20G 0 part
sr0 11:0 1 4.3G 0 rom
[root@compute ~]# parted /dev/sdb print
Model: VMware, VMware Virtual S (scsi)
Disk /dev/sdb: 107GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:
Number Start End Size File system Name Flags
1 1049kB 21.5GB 21.5GB
2 21.5GB 43.0GB 21.5GB
[root@compute ~]# mkfs.xfs /dev/sdb1
meta-data=/dev/sdb1 isize=512 agcount=4, agsize=1310720 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=0, sparse=0
data = bsize=4096 blocks=5242880, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=1
log =internal log bsize=4096 blocks=2560, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
[root@compute ~]# mkfs.xfs /dev/sdb2
meta-data=/dev/sdb2 isize=512 agcount=4, agsize=1310720 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=0, sparse=0
data = bsize=4096 blocks=5242880, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=1
log =internal log bsize=4096 blocks=2560, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
[root@compute ~]# parted /dev/sdb print
Model: VMware, VMware Virtual S (scsi)
Disk /dev/sdb: 107GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:
Number Start End Size File system Name Flags
1 1049kB 21.5GB 21.5GB xfs
2 21.5GB 43.0GB 21.5GB xfsLinux系统调优(sysctl.conf相关)
系统调优-脏数据回写
-
Linux系统内存中会存在脏数据,一般系统默认脏数据30秒后会回写磁盘,修改系统配置文件,要求将回写磁盘的时间临时调整为60秒。
临时调整:sysctl -w [参数] 中间的等于两边不要有空格
-
Linux 系统内存中会存在脏数据,一般系统默认脏数据占用内存30%时会回写磁盘,修改系统配置文件,要求将回写磁盘的大小调整为 60%
sysctl -p
[root@controller ~]# sysctl -a | grep dirty
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.ens33.stable_secret"
sysctl: reading key "net.ipv6.conf.ens36.stable_secret"
sysctl: reading key "net.ipv6.conf.lo.stable_secret"
vm.dirty_background_bytes = 0
vm.dirty_background_ratio = 10
vm.dirty_bytes = 0
vm.dirty_expire_centisecs = 3000
vm.dirty_ratio = 30
vm.dirty_writeback_centisecs = 500
1.Linux系统内存中会存在脏数据,一般系统默认脏数据30秒后会回写磁盘,修改系统配置文件,要求将回写磁盘的时间临时调整为60秒。(不清楚是周期还是最大时间,可以考虑都改)
[root@controller ~]# vi /etc/sysctl.conf
vm.dirty_expire_centisecs = 6000 最大时间
vm.dirty_writeback_centisecs = 6000 周期
2.Linux 系统内存中会存在脏数据,一般系统默认脏数据占用内存30%时会回写磁盘,修改系统配置文件,要求将回写磁盘的大小调整为 60%。 sysctl -p
[root@controller ~]# vi /etc/sysctl.conf
vm.dirty_ratio = 60
[root@controller ~]# sysctl -p
vm.dirty_writeback_centisecs = 6000
vm.dirty_ratio = 60
[root@controller ~]# sysctl -a | grep dirty
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.ens33.stable_secret"
sysctl: reading key "net.ipv6.conf.ens36.stable_secret"
sysctl: reading key "net.ipv6.conf.lo.stable_secret"
vm.dirty_background_bytes = 0
vm.dirty_background_ratio = 10
vm.dirty_bytes = 0
vm.dirty_expire_centisecs = 6000
vm.dirty_ratio = 60
vm.dirty_writeback_centisecs = 500
[root@compute ~]# echo -e "vm.dirty_background_ratio = 60\nvm.dirty_writeback_centisecs = 6000">>/etc/sysctl.conf
[root@compute ~]# sysctl -p
vm.dirty_background_bytes = 0:
- 这个设置表示在后台开始写回脏数据到磁盘的阈值,以字节为单位。0表示禁用了这个阈值,系统会使用
vm.dirty_background_ratio来确定后台写入的触发点。vm.dirty_background_ratio = 10:
- 这个参数表示系统内存中脏数据的百分比阈值。当脏数据占用系统内存的百分比达到10%时,系统会开始后台写回脏数据到磁盘,除非
vm.dirty_background_bytes已被设置。vm.dirty_bytes = 0:
- 与
vm.dirty_background_bytes类似,这个参数表示允许脏数据的最大数量。0表示禁用该限制。vm.dirty_expire_centisecs = 6000:
- 这个设置表示脏数据的过期时间,以百分之一秒为单位。当脏数据在内存中存留时间达到6000百分之一秒(即60秒)时,系统会考虑将其写回磁盘。(最大时间)
vm.dirty_ratio = 60:
- 表示脏数据占用系统内存的最大百分比。当达到60%时,系统会强制写回脏数据到磁盘,除非
vm.dirty_bytes已被设置。vm.dirty_writeback_centisecs = 500:
- 这个设置表示脏数据回写到磁盘的时间间隔,以百分之一秒为单位。每500百分之一秒(即5秒),系统会尝试写回脏数据到磁盘。(周期频率)
调整这些参数可以影响系统对待脏数据的管理方式,包括何时开始写回脏数据、写回的频率以及写回的触发条件等。这些参数的设置需要根据具体的系统需求和性能考量来调整,以达到最佳的性能和数据保护。
修改文件句柄数
Linux服务器大并发时,往往需要预先调优Linux参数。默认情况下, Linux最大文件句柄数为1024个。当你的服务器在大并发达到极限时, 就会报出"too many open files"。创建一台云主机,修改相关配置,将控制节点的最大文件句柄数永久修改为65535。
# 临时修改,用户级别
ulimit -n 65535
# 永久修改,用户级别
[root@controller ~]# vi /etc/security/limits.conf
* soft nofile 65535
* hard nofile 65535
# 系统级别修改
[root@controller ~]# sysctl -a | grep file
fs.file-max = 788291
fs.file-nr = 1088 0 788291
fs.xfs.filestream_centisecs = 3000
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.ens33.stable_secret"
sysctl: reading key "net.ipv6.conf.ens36.stable_secret"
sysctl: reading key "net.ipv6.conf.lo.stable_secret"
[root@controller ~]# echo -e "fs.file-max = 65535">>/etc/sysctl.conf
[root@controller ~]# sysctl -p
#临时设置(因为没有重启生效)
[root@controller ~]# ulimit -n 65535
#验证
[root@controller ~]# ulimit -n
65535Linux系统调优防止SYN攻击
修改controller节点的相关配置文件,开启SYN cookie,防止SYN 洪水攻击。
1.开启 Cookies
[root@controller ~]# sysctl -a | grep cookies
net.ipv4.tcp_syncookies = 1
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.ens33.stable_secret"
sysctl: reading key "net.ipv6.conf.ens36.stable_secret"
sysctl: reading key "net.ipv6.conf.lo.stable_secret"
[root@controller ~]# echo -e "net.ipv4.tcp_syncookies = 1">>/etc/sysctl.conf
[root@controller ~]# sysctl -p
vm.dirty_writeback_centisecs = 6000
vm.dirty_background_ratio = 60
fs.file-max = 65535
net.ipv4.tcp_syncookies = 1Linux内核优化
在使用Linux服务器的时候,TCP 协议规定,对于已经建立的连接,网络双方要进行四次挥手才能成功断开连接,如果缺少了其中某个步骤,将会使连接处于假死状态,连接本身占用的资源不会被释放。因为服务器程序要同时管理大量连接,所以很有必要保证无用的连接完全断 开,否则大量僵死的连接会浪费许多服务器姿源。创建一台CentOS7.9云主机,修改相应的配害文件
-
开启 Cookies (SYN cookie防洪)
-
允许将TIME.WAIT sockets重新用于新的TCP连接;开启TCP连接中TIME-WAIT sockets的快速回收;
-
修改系统默认的TIMEOUT 时间为30
1.开启 Cookies
[root@controller ~]# sysctl -a | grep cookies
net.ipv4.tcp_syncookies = 1
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.ens33.stable_secret"
sysctl: reading key "net.ipv6.conf.ens36.stable_secret"
sysctl: reading key "net.ipv6.conf.lo.stable_secret"
[root@controller ~]# echo -e "net.ipv4.tcp_syncookies = 1">>/etc/sysctl.conf
2.允许将TIME.WAIT sockets重新用于新的TCP连接;开启TCP连接中TIME-WAIT sockets的快速回收;
[root@controller ~]# sysctl -a | grep tw
net.ipv4.tcp_max_tw_buckets = 32768
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_tw_reuse = 0
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.ens33.stable_secret"
sysctl: reading key "net.ipv6.conf.ens36.stable_secret"
sysctl: reading key "net.ipv6.conf.lo.stable_secret"
#查看默认配置
#net.ipv4.tcp_tw_reuse =1 表示开启重用,允许将TIME-WAIT sockets重新用于新的TCP连接,默认为0,表示关闭。
#net.ipv4.tcp_tw_recycle = 1 #表示开启TCP连接中TIME-WAIT sockets快速回收,默认为0,表示关闭。(可以同时开启,谨慎使用,可能引发问题)
[root@controller ~]# echo -e "net.ipv4.tcp_tw_recycle = 1\nnet.ipv4.tcp_tw_reuse = 1">>/etc/sysctl.conf
3.修改系统默认的TIMEOUT 时间为30
[root@controller ~]# sysctl -a | grep timeout
kernel.hung_task_timeout_secs = 120
net.ipv4.route.gc_timeout = 300
net.ipv4.tcp_fin_timeout = 60
net.ipv4.tcp_thin_linear_timeouts = 0
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.ens33.stable_secret"
sysctl: reading key "net.ipv6.conf.ens36.stable_secret"
sysctl: reading key "net.ipv6.conf.lo.stable_secret"
net.ipv6.route.gc_timeout = 60
[root@controller ~]# echo -e "net.ipv4.tcp_fin_timeout = 30">>/etc/sysctl.conf
[root@controller ~]# sysctl -p
vm.dirty_writeback_centisecs = 6000
vm.dirty_background_ratio = 60
fs.file-max = 65535
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30配置主机禁ping
修改controller节点的/etc/sysctl.conf文件,配置controller节点禁止其他节点可以ping它
[root@controller ~]# sysctl -a | grep icmp
net.ipv4.icmp_echo_ignore_all = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_errors_use_inbound_ifaddr = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.icmp_msgs_burst = 50
net.ipv4.icmp_msgs_per_sec = 1000
net.ipv4.icmp_ratelimit = 1000
net.ipv4.icmp_ratemask = 6168
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.ens33.stable_secret"
sysctl: reading key "net.ipv6.conf.ens34.stable_secret"
sysctl: reading key "net.ipv6.conf.lo.stable_secret"
net.ipv6.icmp.ratelimit = 1000
[root@controller ~]# vi /etc/sysctl.conf
net.ipv4.icmp_echo_ignore_all = 1
sysctl -p
# 注意这个设置后controller被禁ping,可能会影响下面操作二.私有云搭建与运维
基础安装
在控制节点和计算节点上分别安装iaas软件包,配置两个节点脚本文件中的基本变量修改完成后使用命令生效该变量文件,然后执行echo $INTERFACE IP 命令
echo $HOST_NAME $HOST_NAME_NODE
find / -name "*iaas*"
find / -name "*xiandian*"
find / -name "*openstack*"
yum -y install openstack-iaas
yum -y install iaas-xiandian
#tar -xf openstack-train.tar.gz /opt
yum -y install openstack-shell
vi /etc/openstack/openrc.sh
vi /etc/xiandian/openrc.sh
vi variable.sh
:%s/^#//g
:%s/PASS=/PASS=000000/g
source /etc/xiandian/openrc.sh
source /etc/xiandian/openrc.sh
source variable.sh
[root@controller ~]# echo $INTERFACE_IP
192.168.10.100
[root@controller ~]# echo $HOST_NAME $HOST_NAME_NODE
controller compute
[root@controller ~]# ls /usr/local/bin/
[root@controller ~]# iaas-pre-host.sh
[root@compute ~]# iaas-pre-host.sh
[root@controller ~]# openstack-completion.sh
[root@compute ~]# openstack-completion.sh MySQL(数据库)
在controller节点上使用脚本安装Mariadb、Memcached、RabbitMQ等服务
数据库操作相关
-
请使用数据库命令将所有数据库备份到/root 路径下,备份文件名为 openstack.sql,完成后使用命令查看文件属性其中文件大小以 mb 显示。
ll -h openstack.sql
-
进入数据库,创建本地用户 examuser,密码为 000000,然后查询 mysql 数据库中的 user 表的 user,host,password 字段。然后赋予这个用户所有数据库的“查询”“删除”“更新”“创建”的权限
select User, Select_priv,Update_priv,Delete_priv,Create_priv from user;
-
创建库test,并在库test中创建表company(表结构如(id int not null primary key,name varchar(50),addr varchar(255))所示),在表company中插入一条数据(1,"alibaba","china")
[root@controller ~]# mysqldump -uroot -p000000 --all-databases > openstack.sql
# help <命令关键词> 查询命令用法 如 help create
mysql -uroot -p000000
create user "examuser"@"localhost" identified by "000000";
grant select,delete,update,create on *.* to "examuser"@"localhost";
flush privileges;
# 检查
show grants for "examuser"@"localhost";
use mysql;
select user,host,password from user;
select User,Select_priv,Update_priv,Delete_priv,Create_priv from user;
[root@controller ~]# mysql -uroot -p000000
MariaDB [(none)]> create database test;
Query OK, 1 row affected (0.00 sec)
MariaDB [test]> create table company(id int not null primary key, name varchar(50),addr varchar(255));
Query OK, 0 rows affected (0.02 sec)
MariaDB [test]> insert into company (id,name,addr) values (1,"alibaba","china");
Query OK, 1 row affected (0.00 sec)
# 检查
select * from company; /etc/my.cnf相关
- 设置数据库支持大小写
- 设置数据库缓存 innodb 表的索引,数据,插入数据时的缓冲为 4G
- 设置数据库的 log buffer 为 64MB
- 设置数据库的 redo log 大小为 256MB
- 设置数据库的 redo log 文件组为 2
- 设置数据库的最大连接数为5000
- 设置最大连接失败次数为200
- 设置数据库的packet值为30M
[root@controller ~]# vi /etc/my.cnf
或
[root@controller ~]# mysql -uroot -p000000
show variables; #检查数据库配置信息。
show variables like 'innodb%'; #使用like筛选固定的信息,%和*相当。
#lower
#innodb_
#max
#可以根据要求的调优来专门查找信息然后配置进入my.cnf配置文件。
show variables like 'name%';
lower_case_table_names=1
#数据库支持大小写
show variables like 'innodb_log%';
show variables like 'innodb_buffer%';
innodb_buffer_pool_size=4G
#设置innodb表的索引,数据,插入数据时的缓冲为4G
innodb_log_buffer_size=64M
#设置数据库日志缓冲。
innodb_log_file_size=256M
#设置redo log(物理日志)文件大小。
innodb_log_files_in_group=2
#设置redo log(物理日志)文件组为2
show variables like 'max%';
SET GLOBAL max_connections = 5000;
或
max_connections=5000
#最大连接(用户)数。每个连接 MySQL 的用户均算作一个连接
SET GLOBAL max_connect_errors = 30;
或
max_connect_errors=30
#最大失败连接限制
SET GLOBAL max_allowed_packet = 30 * 1024 * 1024;
或
max_allowed_packet = 30M
#设置数据库的packet值为30/etc/sysconfig/memcached相关
-
修改配置文件将Memcached的最大连接数修改为2048,将内存占用大小设置为 512MB
-
执行完成后修改配置文件将缓存 CACHESIZE 修改为 128,并重启相应服务
ps aux|grep memcached
-
调整 Memcached 的数据摘要算法(hash)为 md5(不确定)
[root@controller ~]# vi /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="2048" #memcached最大连接数
CACHESIZE="512" #memcached缓存大小
OPTIONS="-l 127.0.0.1,::1,controller"
#修改为md5
OPTIONS="-l 127.0.0.1,::1,controller -o hash_algorithm=md5"
hash_algorithm=md5
#可以使用如下命令查询
#memcached --help |grep hash
[root@controller ~]# systemctl restart memcached mariadbrabbitmq相关
- 使用RabbitMQ服务的相关命令创建用户chinaskill,密码为chinapd,并赋予该用户administrator权限
- 使用rabbitmqctl命令查询集群状态
- 使用命令对chinaskill用户进行授权,对本机所有资源可写可读权限,然后查询chinaskill用户的授权信息
- 使用rabbitmqctl命令,查看队列信息,所包含的信息包括name,arguments,messages,memory
# 查询 rabbitmqctl --help | grep user
[root@controller ~]# rabbitmqctl add_user chinaskill chinapd
[root@controller ~]# rabbitmqctl list_users
Listing users
openstack []
chinaskill []
guest [administrator]
[root@controller ~]# rabbitmqctl set_user_tags chinaskill administrator
[root@controller ~]# rabbitmqctl list_users
Listing users
openstack []
chinaskill [administrator]
guest [administrator]
# 查询 rabbitmqctl --help | grep status
[root@controller ~]# rabbitmqctl cluster_status
Cluster status of node rabbit@controller
[{nodes,[{disc,[rabbit@controller]}]},
{running_nodes,[rabbit@controller]},
{cluster_name,<<"rabbit@controller">>},
{partitions,[]},
{alarms,[{rabbit@controller,[]}]}]
# 查询 rabbitmqctl --help | grep set
[root@controller ~]# rabbitmqctl set_permissions chinaskill ".*" ".*" ".*"
Setting permissions for user "chinaskill" in vhost "/"
[root@controller ~]# rabbitmqctl list_permissions
Listing permissions in vhost "/"
guest .* .* .*
openstack .* .* .*
chinaskill .* .* .*
# 查询 rabbitmqctl --help | grep list
# rabbitmqctl --help | grep queueinfoitem -n10
[root@controller ~]# rabbitmqctl list_queues name arguments messages memoryrabbitmq配置相关
- OpenStack 各服务内部通信都是通过 RPC 来交互,各 agent 都需要去连接 RabbitMQ;随着各服务agent 增多,MQ 的连接数会随之增多,最终可能会到达上限,成为瓶颈。使用自行搭建的OpenStack私有云平台,分别通过用户级别、系统级别、配置文件来设置RabbitMQ 服务的最大连接数为 10240
[root@controller ~]# vim /etc/security/limits.conf
#* soft core 0
#* hard rss 10000
#@student hard nproc 20
#@faculty soft nproc 20
#@faculty hard nproc 50
#ftp hard nproc 0
#@student - maxlogins 4
rabbitmq soft nofile 10240
rabbitmq hard nofile 10240
#系统级别
[root@controller ~]# vim /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
fs.file-max=10240
[root@controller ~]# sysctl -p /etc/sysctl.d/99-sysctl.conf
fs.file-max = 10240
[root@controller ~]# ulimit -n 10240
[root@controller ~]# ulimit -n
10240
#配置文件
[root@controller ~]# vim /usr/lib/systemd/system/rabbitmq-server.service
#在[service]下添加
LimitNOFILE=10240
[root@controller ~]# systemctl daemon-reload
[root@controller ~]# systemctl restart rabbitmq-server
# 检查
[root@controller ~]# rabbitmqctl status
{file_descriptors,
[{total_limit,10140}, #检查这里是否改变,有100个已经被使用
{total_used,27},
{sockets_limit,9124},
{sockets_used,25}]},
#修改前
# {file_descriptors,
# [{total_limit,924}, #1024
# {total_used,37},
# {sockets_limit,829},
# {sockets_used,35}]},Keystone服务安装
在controller节点上使用脚本安装Keystone服务
用户操作相关
- 使用openstack 命令创建一个chinaskill的用户,密码为000000
- 创建用户 testuser,密码为 password。创建好之后,使用 命令修改 testuser 密码为 000000,并查看 testuser 的详细信息。添加将该用户添加到 admin 项目并赋予普通用户权限
- 使用 openstack 命令,创建一个名为 tom 的账户,密码为 tompassword123,邮箱为 tom@example.com
#1.使用openstack 命令创建一个chinaskill的用户,密码为000000
[root@controller ~]# openstack user create chinaskill --password 000000
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | da2b35cc6dc94c87a3f973156aabdedb |
| name | chinaskill |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
#2.1创建用户 testuser,密码为 password
[root@controller ~]# openstack user create testuser --password password
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | dd31acb9d385476491c7e16e51ba817e |
| name | testuser |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
#2.2创建好之后,使用 命令修改 testuser 密码为 000000,并查看 testuser 的详细信息
[root@controller ~]# openstack user set testuser --password 000000
[root@controller ~]# openstack user show testuser
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | dd31acb9d385476491c7e16e51ba817e |
| name | testuser |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
#2.3添加将该用户添加到 admin 项目并赋予普通用户权限
[root@controller ~]# openstack role add --project admin --user testuser user
#3.使用 openstack 命令,创建一个名为 tom 的账户,密码为 tompassword123,邮箱为 tom@example.com
[root@controller ~]# openstack user create tom --password tompassword123 --email tom@example.com
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| email | tom@example.com |
| enabled | True |
| id | c8ed57f94da14f06971903c2800c95cc |
| name | tom |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+项目操作相关
-
在 keystone 中创建 shop 项目添加描述为”Hello shop”,完成后使用 openstack 命令禁用该项目,然后使用 openstack 命令查看该项目的详细信息
openstack project show shop
#1.1在 keystone 中创建 shop 项目添加描述为”Hello shop”
[root@controller ~]# openstack project create shop --description "Hello shop"
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Hello shop |
| domain_id | default |
| enabled | True |
| id | f78a94f10d3d4152a257b7a090d1a1cf |
| is_domain | False |
| name | shop |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
#1.2完成后使用 openstack 命令禁用该项目,然后使用 openstack 命令查看该项目的详细信息
[root@controller ~]# openstack project set shop --disable
[root@controller ~]# openstack project show shop
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Hello shop |
| domain_id | default |
| enabled | False |
| id | f78a94f10d3d4152a257b7a090d1a1cf |
| is_domain | False |
| name | shop |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+查询相关
- 使用 openstack 命令请求一个 token
- 使用openstack命令查看当前用户列表
#1.使用 openstack 命令请求一个 token
[root@controller ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2023-10-23T13:23:11+0000 |
| id | gAAAAABlNmWvLAI_l1-aJeTAXLN-pvGRkSJkYEdBuCN_99RN4kYJfqXZiZ60JK6O5tNdUU077iPn4K5THQyt-_bcfjs7LdCNSDeHPufnvp56M4vwGXiwM4K1JoR3NUSThZuvbwGHabtraCAyN5keDbPAkB3rg6DyGne9WyQfM9g8cqlotrjCIcY |
| project_id | 3ffd1bc6a22b49aab5ff826d457f7409 |
| user_id | 80b4e69f7fe34dcb8c6b2bf1d95be2a2 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
#2.使用openstack命令查看当前用户列表
[root@controller ~]# openstack user list
+----------------------------------+-------------------+
| ID | Name |
+----------------------------------+-------------------+
| 80b4e69f7fe34dcb8c6b2bf1d95be2a2 | admin |
| 0b8e9a3674d14c9d82091108bd479c4d | demo |
| 00afa4e870744b7eab8746b177854d16 | glance |
| 253fe315810e43ec8f40b2405c158bdf | nova |
| 30d4cc488eea4c658411fe94b7d98b76 | placement |
| d7c60e10575a49f0a8cea8372690c8ec | neutron |
| 72509a67c3bd454eba6be1a0e807cead | cinder |
| ee4d2eab88a142e9b28d021cb447f204 | swift |
| 7de49acb55af4453a1bdeab51cae8ffe | heat |
| 7ecacd0368c34dfbb63cd78b8e2833ec | heat_domain_admin |
| da2b35cc6dc94c87a3f973156aabdedb | chinaskill |
| dd31acb9d385476491c7e16e51ba817e | testuser |
| c8ed57f94da14f06971903c2800c95cc | tom |
+----------------------------------+-------------------+综合任务
- 创建OpenStack域210Demo,其中包含Engineering与Production项目,在域 210Demo 中创建组 Devops,其中需包含以下用户:
- Robert 用户是 Engineering 项目的用户(member)与管理员(admin),email 地址为:Robert@lab.example.com。
- George 用户是 Engineering 项目的用户(member),email 地址为:George@lab.example.com。
- William 用户是 Production 项目的用户(member)与管理员(admin),email 地址为:William@lab.example.com。
- John 用户是 Production 项目的用户( member ) , email 地址为:John@lab.example.com。
#1.1创建OpenStack域210Demo
[root@controller ~]# openstack domain create 210Demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | 781b641732504dc39a07998f95180a14 |
| name | 210Dome |
| options | {} |
| tags | [] |
+-------------+----------------------------------+
#1.2其中包含Engineering与Production项目
[root@controller ~]# openstack project create --domain 210Demo Engineering
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| domain_id | 781b641732504dc39a07998f95180a14 |
| enabled | True |
| id | b000852a11904a929092d6fe21c218b1 |
| is_domain | False |
| name | Engineering |
| options | {} |
| parent_id | 781b641732504dc39a07998f95180a14 |
| tags | [] |
+-------------+----------------------------------+
[root@controller ~]# openstack project create --domain 210Demo Production
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| domain_id | 781b641732504dc39a07998f95180a14 |
| enabled | True |
| id | fca1f926d09440819c8ce79fb675db0d |
| is_domain | False |
| name | Production |
| options | {} |
| parent_id | 781b641732504dc39a07998f95180a14 |
| tags | [] |
+-------------+----------------------------------+
#1.3在域 210Demo 中创建组 Devops
[root@controller ~]# openstack group create --domain 210Demo Devops
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| domain_id | 781b641732504dc39a07998f95180a14 |
| id | 15cc9d0439df42dfb92738c400277e5b |
| name | Devops |
+-------------+----------------------------------+
#2.Robert 用户是 Engineering 项目的用户(member)与管理员(admin),email 地址为:Robert@lab.example.com
[root@controller ~]# openstack user create Robert --password 000000 --domain 210Demo --email Robert@lab.example.com
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | 781b641732504dc39a07998f95180a14 |
| email | Robert@lab.example.com |
| enabled | True |
| id | cb6f212036324000b0fabae0a2ae126b |
| name | Robert |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack group add user Devops Robert
[root@controller ~]# openstack role add --project Engineering --user Robert member
[root@controller ~]# openstack role add --project Engineering --user Robert admin
#3.George 用户是 Engineering 项目的用户(member),email 地址为:George@lab.example.com
[root@controller ~]# openstack user create George --password 000000 --domain 210Demo --email George@lab.example.com
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | 781b641732504dc39a07998f95180a14 |
| email | George@lab.example.com |
| enabled | True |
| id | 516dcd8ce4a441139126f3fb1b8e36aa |
| name | George |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack group add user Devops George
[root@controller ~]# openstack role add --project Engineering --user George member
#4.William 用户是 Production 项目的用户(member)与管理员(admin),email 地址为:William@lab.example.com
[root@controller ~]# openstack user create William --password 000000 --domain 210Demo --email William@lab.example.com
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | 781b641732504dc39a07998f95180a14 |
| email | William@lab.example.com |
| enabled | True |
| id | 57c24b5254a2468c8bd7931bfbf387dc |
| name | William |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack group add user Devops William
[root@controller ~]# openstack role add --project Production --user William member
[root@controller ~]# openstack role add --project Production --user William admin
#5.John 用户是 Production 项目的用户( member ) , email 地址为:John@lab.example.com
[root@controller ~]# openstack user create John --password 000000 --domain 210Demo --email John@lab.example.com
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | 781b641732504dc39a07998f95180a14 |
| email | John@lab.example.com |
| enabled | True |
| id | becbb2fbcf7a44cd998d246106e8e1e1 |
| name | John |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
Glance安装
在controller节点上使用脚本安装glance服务
配置文件修改相关(/etc/glance/glance-api.conf,/etc/glance/policy.json)
-
请修改 glance 后端配置文件,将项目的映像存储限制为 10GB,完成后重启 glance 服务
cat /etc/glance/glance-api.conf |grep user_storage
-
在Glance服务的配置文件中,有一个glance响应最大返回项数,该参数默认设置过短,可能导致响应数据被截断,修改该参数为1000
-
与nova配置中的osapi_max_limit意义相同;最大返回数据长度限制,如果设置过短,会导致部分响应数据被截断
-
在OpenStack平台中,glance-api处理请求的子进程数量默认是0,只有一个主进程,请修改相关配置文件,将子进程数量相应的配置修改成2,这样的话有一个主进程加2个子进程来并发处理请求
-
使用自行搭建的OpenStack私有云平台,修改普通用户权限,使普通用户不能对镜像进行创建和删除操作
[root@controller ~]# vi /etc/glance/glance-api.conf
#user_
user_storage_quota = 10737418240 #不能写单位
#default =
limit_param_default = 1000
#api
api_limit_max=1000
#workers
workers = 2
[root@controller ~]# vi /etc/glance/policy.json
"add_image": "",
"delete_image": "",
#修改
"add_image": "role:admin",
"delete_image": "role:admin",
#这样修改后就只有admin可以加入删除镜像了
#创建用户,或者把用户加入非admin就实现了镜像操作相关
- 使用openstack命令将cirros-0.3.3-x86 64-disk.img镜像上传至openstack平台,上传最小硬盘为5G,最小内存为512MB的镜像,并将该镜像命名为cirros,并打标签为small
- 上传cirros-0.3.3-x86_64-disk.img镜像,请使用 qemu 相关命令,将镜像转换为raw格式镜像,转换后的镜像命名为cirros.raw并存放在/root 目录下
- 在 HTTP 服务中存在一个镜像为CentOS7.5-compress.qcow2 的镜像,请使用 qemu 相关命令,对该镜像进行压缩,压缩后的镜像命名为 chinaskill-js-compress.qcow2并存放在/root 目录下
- 使用自己搭建的openstack云平台,使用cirros-0.3.3-x86_64-disk.img镜像,使用命令创建一个名为cirros的镜像。然后使用 openstack 命令修改这个镜像名 改为 examimage ,然后给这个镜像打一个标签,标签名字为 lastone 改完后使用 openstack 命令查看镜像列表,登录MySQL数据库,使用数据库命令查看该镜像的后台存储地址和创建时间,使用数据库命令查看该镜像的标签内容和创建时间
- 登录 controller节点,使用 glance 相关命令,上传镜像,源使用 CentOS 7.5 x86 64 XD.qcow2, 名字为 centos7.5,修改这个共享状态,并设置最小磁盘为20G
- 使用 OpenStack 私有云平台,在 OpenStack 平台的 admin 项目中使用 cirros-0.3.4-x86_64-disk.img镜像文件创建名为 glance-cirros 的镜像,通过 OpenStack 命令将 glance-cirros 镜像指定 demo 项目进行共享使用
- 使用自己搭建的openstack云平台,使用cirros-0.3.4-x86_64-disk.img镜像,使用命令创建一个名为cirros的镜像。然后使用 openstack 命令修改这个镜像名 改为 examimage ,然后给这个镜像打一个标签,标签名字为 lastone 改完后使用 openstack 命令查看镜像列表
- 使用提供的coreos_production_pxe.vmlinuz 镜像(该镜像为 Ironic Deploy 镜像,是一个 AWS 内核格式的镜像,在 OpenStack Ironic 裸金属服务时需要用到)上传到 OpenStack 平台中,命名为 deploy-vmlinuz
#1.使用openstack命令将cirros-0.3.3-x86 64-disk.img镜像上传至openstack平台,上传最小硬盘为5G,最小内存为512MB的镜像,并将该镜像命名为cirros
[root@controller ~]# openstack image create --disk-format qcow2 --min-disk 5 --min-ram 512 cirros < cirros-0.3.3-x86_64-disk.img
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2023-10-23T13:18:30Z |
| disk_format | qcow2 |
| file | /v2/images/3caae173-66ce-4d83-a603-484bf1cb3b44/file |
| id | 3caae173-66ce-4d83-a603-484bf1cb3b44 |
| min_disk | 5 |
| min_ram | 512 |
| name | cirros |
| owner | 3ffd1bc6a22b49aab5ff826d457f7409 |
| properties | os_hash_algo='sha512', os_hash_value='1b03ca1bc3fafe448b90583c12f367949f8b0e665685979d95b004e48574b953316799e23240f4f739d1b5eb4c4ca24d38fdc6f4f9d8247a2bc64db25d6bbdb2', os_hidden='False' |
| protected | False |
| schema | /v2/schemas/image |
| size | 13287936 |
| status | active |
| tags | |
| updated_at | 2023-10-23T13:18:31Z |
| virtual_size | None |
| visibility | shared |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
#2.上传cirros-0.3.4-x86_64-disk.img镜像,请使用 qemu 相关命令,将镜像转换为raw格式镜像,转换后的镜像命名为cirros.raw并存放在/root 目录下
[root@controller ~]# qemu-img convert -f qcow2 -O raw cirros-0.3.3-x86_64-disk.img /root/cirros.raw
[root@controller ~]# qemu-img info cirros.raw
image: cirros.raw
file format: raw
virtual size: 39M (41126400 bytes)
disk size: 18M
#3.镜像压缩
[root@controller ~]# qemu-img convert -c -O qcow2 cirros-0.3.3-x86_64-disk.img cirros.img
[root@controller ~]# qemu-img info cirros.img
image: cirros.img
file format: qcow2
virtual size: 39M (41126400 bytes)
disk size: 13M
cluster_size: 65536
Format specific information:
compat: 1.1
lazy refcounts: false
refcount bits: 16
corrupt: false
#4.1使用自己搭建的openstack云平台,使用cirros-0.3.3-x86_64-disk.img镜像,使用命令创建一个名为cirros的镜像
[root@controller ~]# openstack image create --disk-format qcow2 cirros < cirros-0.3.3-x86_64-disk.img
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2023-10-23T13:34:46Z |
| disk_format | qcow2 |
| file | /v2/images/4bd3eb17-2296-42c3-af19-508a01f9021c/file |
| id | 4bd3eb17-2296-42c3-af19-508a01f9021c |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | 3ffd1bc6a22b49aab5ff826d457f7409 |
| properties | os_hash_algo='sha512', os_hash_value='1b03ca1bc3fafe448b90583c12f367949f8b0e665685979d95b004e48574b953316799e23240f4f739d1b5eb4c4ca24d38fdc6f4f9d8247a2bc64db25d6bbdb2', os_hidden='False' |
| protected | False |
| schema | /v2/schemas/image |
| size | 13287936 |
| status | active |
| tags | |
| updated_at | 2023-10-23T13:34:47Z |
| virtual_size | None |
| visibility | shared |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
#4.2然后使用 openstack 命令修改这个镜像名 改为 examimage ,然后给这个镜像打一个标签,标签名字为 lastone 改完后使用 openstack 命令查看镜像列表
[root@controller ~]# openstack image set cirros --name examimage --tag lastone
[root@controller ~]# openstack image list
+--------------------------------------+-----------+--------+
| ID | Name | Status |
+--------------------------------------+-----------+--------+
| 4bd3eb17-2296-42c3-af19-508a01f9021c | examimage | active |
+--------------------------------------+-----------+--------+
#4.3登录MySQL数据库,使用数据库命令查看该镜像的后台存储地址和创建时间,使用数据库命令查看该镜像的标签内容和创建时间
[root@controller ~]# mysql -uroot -p000000
MariaDB [mysql]> use glance
MariaDB [glance]> select * from image_tags;
+----+--------------------------------------+---------+---------------------+---------------------+------------+---------+
| id | image_id | value | created_at | updated_at | deleted_at | deleted |
+----+--------------------------------------+---------+---------------------+---------------------+------------+---------+
| 1 | 4bd3eb17-2296-42c3-af19-508a01f9021c | lastone | 2023-10-23 13:35:42 | 2023-10-23 13:35:42 | NULL | 0 |
+----+--------------------------------------+---------+---------------------+---------------------+------------+---------+
1 row in set (0.000 sec)
#5.登录 controller节点,使用 glance 相关命令,上传镜像,源使用 CentOS 7.5 x86 64 XD.qcow2, 名字为 centos7.5,修改这个共享状态,并设置最小磁盘为20G
pulic(公共的)
shared(共享的)
openstack image create --disk-format qcow2 cirros_1 < cirros-0.3.3-x86_64-disk.img
openstack image set --shared --min-disk 20 cirros_1
[root@controller ~]# openstack image create --disk-format qcow2 --shared cirros_1 < cirros-0.3.3-x86_64-disk.img
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2023-10-23T15:45:52Z |
| disk_format | qcow2 |
| file | /v2/images/0ddde5e2-9b17-495d-b33a-1a6235d94a0c/file |
| id | 0ddde5e2-9b17-495d-b33a-1a6235d94a0c |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros_1 |
| owner | 3ffd1bc6a22b49aab5ff826d457f7409 |
| properties | os_hash_algo='sha512', os_hash_value='1b03ca1bc3fafe448b90583c12f367949f8b0e665685979d95b004e48574b953316799e23240f4f739d1b5eb4c4ca24d38fdc6f4f9d8247a2bc64db25d6bbdb2', os_hidden='False' |
| protected | False |
| schema | /v2/schemas/image |
| size | 13287936 |
| status | active |
| tags | |
| updated_at | 2023-10-23T15:45:53Z |
| virtual_size | None |
| visibility | shared |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
#6.使用 OpenStack 私有云平台,在 OpenStack 平台的 admin 项目中使用 cirros-0.3.4-x86_64-disk.img镜像文件创建名为 glance-cirros 的镜像,通过 OpenStack 命令将 glance-cirros 镜像指定 demo 项目进行共享使用
[root@controller ~]# openstack image create --disk-format qcow2 --project admin glance-cirros < cirros-0.3.3-x86_64-disk.img
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2023-10-23T15:49:36Z |
| disk_format | qcow2 |
| file | /v2/images/42146ab3-6651-4228-a412-47a5546c694f/file |
| id | 42146ab3-6651-4228-a412-47a5546c694f |
| min_disk | 0 |
| min_ram | 0 |
| name | glance-cirros |
| owner | 3ffd1bc6a22b49aab5ff826d457f7409 |
| properties | os_hash_algo='sha512', os_hash_value='1b03ca1bc3fafe448b90583c12f367949f8b0e665685979d95b004e48574b953316799e23240f4f739d1b5eb4c4ca24d38fdc6f4f9d8247a2bc64db25d6bbdb2', os_hidden='False' |
| protected | False |
| schema | /v2/schemas/image |
| size | 13287936 |
| status | active |
| tags | |
| updated_at | 2023-10-23T15:49:37Z |
| virtual_size | None |
| visibility | shared |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
openstack image set --property visibility=shared glance-cirros #不必要
openstack image add project glance-cirros demo
[root@controller ~]# openstack image add project glance-cirros demo
+------------+--------------------------------------+
| Field | Value |
+------------+--------------------------------------+
| created_at | 2023-10-23T15:51:00Z |
| image_id | 42146ab3-6651-4228-a412-47a5546c694f |
| member_id | 30f1d7509c7a46988714a7e5fd28758d |
| schema | /v2/schemas/member |
| status | pending |
| updated_at | 2023-10-23T15:51:00Z |
+------------+--------------------------------------+
glance member-update <IMAGE_ID> <MEMBER_ID> #更新,不必要
#查看镜像共享给了那些项目
[root@controller ~]# glance member-list --image-id c4667caa-0413-4894-9fc9-9bb22b953560
+--------------------------------------+----------------------------------+---------+
| Image ID | Member ID | Status |
+--------------------------------------+----------------------------------+---------+
| c4667caa-0413-4894-9fc9-9bb22b953560 | 805f34f3ef044a0ba8aa86c1fe07b2f1 | pending |
| c4667caa-0413-4894-9fc9-9bb22b953560 | dd2abc2110c74c169c3940cfb51dd2e9 | pending |
+------------
[root@controller ~]# openstack image member list test2
+--------------------------------------+----------------------------------+---------+
| Image ID | Member ID | Status |
+--------------------------------------+----------------------------------+---------+
| 74c5e5db-9a2a-46c3-b34f-860173595a69 | 027e00d036304d44b5b27948c6fe0205 | pending |
| 74c5e5db-9a2a-46c3-b34f-860173595a69 | 11c36fdf5079488ab0d70f379128cf98 | pending |
+--------------------------------------+----------------------------------+---------+
#7.使用提供的coreos_production_pxe.vmlinuz 镜像(该镜像为 Ironic Deploy 镜像,是一个 AWS 内核格式的镜像,在 OpenStack Ironic 裸金属服务时需要用到)上传到 OpenStack 平台中,命名为 deploy-vmlinuz
#暂时没有这个镜像
#8.使用赛项提供的 OpenStack 私有云平台,创建一台云主机(镜像使用 CentOS7.5,flavor使用带临时磁盘 50G 的),配置该主机为 nfs 的 server 端,将该云主机中的/mnt/test 目录进行共享(目录不存在可自行创建)。然后配置 controller 节点为 nfs 的 client 端,要求将/mnt/test目录作为 glance 后端存储的挂载目录(高级运维)
查询相关
- 进入到 glance 后端存储目录中,使用 qemu 命令查看任意的一个镜像信息。使用 du 命令查看 nova 主配置文件大小
#1.进入到 glance 后端存储目录中,使用 qemu 命令查看任意的一个镜像信息。使用 du 命令查看 nova 主配置文件大小
[root@controller images]# qemu-img info 0ddde5e2-9b17-495d-b33a-1a6235d94a0c
image: 0ddde5e2-9b17-495d-b33a-1a6235d94a0c
file format: qcow2
virtual size: 39M (41126400 bytes)
disk size: 13M
cluster_size: 65536
Format specific information:
compat: 0.10
refcount bits: 16
[root@controller images]# du -h 0ddde5e2-9b17-495d-b33a-1a6235d94a0c
13M 0ddde5e2-9b17-495d-b33a-1a6235d94a0cNova安装
在controller节点和compute节点上分别使用脚本安装Nova服务
/etc/nova/nova.conf相关
- 请修改 nova 相关配置⽂件,解决因等待时间过长而导致虚拟机启动超时从而获取不到 IP 地址而报错失败的问题
- 预留前2个物理CPU,把后面的所有CPU分配给虚拟机使用(假设vcpu为16个)(不清楚)
- 设置cpu超售比例为4倍
- 设置内存超售比例为1.5倍
- 预留2048mb内存,这部分内存不能被虚拟机使用
- 预留10240mb磁盘,这部分磁盘不能被虚拟机使用
- 安装完成后,修改云平台中默认每个tenant的实例配额为20个
- 设置nova服务心跳检查时间为120秒
- 由于Python的单进程不能真正的并发,所以RPC请求可能不能及时响应,尤其是目标节点在执行耗时较长的定时任务时,所以需要综合考虑超时时间和等待容忍时间。修改Nova的相关配置文件,将超时时间延长至300
- 在OpenStack平台的一台计算节点创建虚拟机,若是第一次在该节点创建次虚拟机,会先将镜像文件复 制到该计算节点目录/varlib/nova/instances/ base。长期下来,该目录会占用比较大的磁盘空间而要清 理。可以通过修改nova 的配置文件来自动清理该缓存目录,即在该节点没有使用某镜像启动的云主机,那么这个镜像在过一定的时间后会披自动删除
- OpenStack平台若意外断电,在电力系统恢复后,OpenStack平台可以自启动,但是运行的云主机需要管理员手动开启,在OpenStack平台中配置虚拟机自启动,当宿主机启动后,把虚拟机恢复到之前的状态,如果虚拟机之前是关机,则宿主机启动后,虚拟机也是关机状态;如果虚拟机之前是开机状态,则宿主机启动后,虚拟机还是开机状态中运行的虚拟机
- openstack使用的虚拟主机的网络都使用半虚拟化类型(设置在资源节点即可)///修改相关配置文件,启用-device virtio-net-pci in kvm
- 在 OpenStack 中,修改相关配置文件,修改调度器规则采用缓存调度器,缓存主机信息,提升调度时间。(不确定)
- 设置可以调整虚拟机flavor大小
[root@controller ~]# vi /etc/nova/nova.conf
#vif
vif_plugging_is_fatal=false
#vcpu
vcpu_pin_set="0-15,^0,^1"
reserved_host_cpus=2
#cpu_a
#ram_a
cpu_allocation_ratio=4.0
ram_allocation_ratio=1.5
#_host_
#_host_
reserved_host_memory_mb=2048
reserved_host_disk_mb=10240
#ins
#instances=
instances=20
#down_time=
service_down_time=120
#rpc_r
rpc_response_timeout=300
#remove_
remove_unused_base_images=true
#remove_unused_original_minimum_age_seconds=3
#image_cache_manager_interval=5
#不一定需要修改,这个修改只是为了缩短测试时间
#resu
resume_guests_state_on_host_boot=true
#use_vi
#bri
#bridges=
use_virtio_for_bridges=true
#dri
#driver=filter_scheduler
driver=simple_scheduler
driver=caching_scheduler
--libvirt_use_virtio_for_bridges=true
#resize
allow_resize_to_same_host=true计算服务操作相关
- 创建一个私有Flavor,该flavor的id为1、名称为test1、内存为1024、磁盘为20、vcpu为1。完成后使用nvoa命令设置改flavor仅允许admin项目和demo项目访问,设置完成后使用nova命令查看该flavor访问列表
- 请使用nova命令列出所有租户的默认配额,使用命令查看admin租户的当前配额值。请使用nova命令将admin租户的实例配额提升到20,再次使用命令查看admin租户的当前配额值
- 请将控制节点的计算资源也加入集群
#1.创建一个私有Flavor,该flavor的id为1、名称为test1、内存为1024、磁盘为20、vcpu为1。完成后使用nvoa命令设置改flavor仅允许admin项目和demo项目访问,设置完成后使用nova命令查看该flavor访问列表
[root@controller ~]# openstack flavor create test1 --id 1 --ram 1024 --disk 20 --private
+----------------------------+-------+
| Field | Value |
+----------------------------+-------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 20 |
| id | 1 |
| name | test1 |
| os-flavor-access:is_public | False |
| properties | |
| ram | 1024 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+-------+
[root@controller ~]# openstack project list
+----------------------------------+-------------+
| ID | Name |
+----------------------------------+-------------+
| 2fdc80ff4f814ef38c67cf208a7c6ecb | service |
| 30f1d7509c7a46988714a7e5fd28758d | demo |
| 3ffd1bc6a22b49aab5ff826d457f7409 | admin |
| b000852a11904a929092d6fe21c218b1 | Engineering |
| f78a94f10d3d4152a257b7a090d1a1cf | shop |
| fca1f926d09440819c8ce79fb675db0d | Production |
+----------------------------------+-------------+
# 授权 admin 项目访问
nova flavor-access-add MyPrivateFlavor admin(id)
# 授权 demo 项目访问
nova flavor-access-add MyPrivateFlavor demo(id)
#注意project部分只能写id
[root@controller ~]# nova flavor-access-add test1 3ffd1bc6a22b49aab5ff826d457f7409
+-----------+----------------------------------+
| Flavor_ID | Tenant_ID |
+-----------+----------------------------------+
| 1 | 3ffd1bc6a22b49aab5ff826d457f7409 |
+-----------+----------------------------------+
[root@controller ~]# nova flavor-access-add test1 30f1d7509c7a46988714a7e5fd28758d
+-----------+----------------------------------+
| Flavor_ID | Tenant_ID |
+-----------+----------------------------------+
| 1 | 30f1d7509c7a46988714a7e5fd28758d |
| 1 | 3ffd1bc6a22b49aab5ff826d457f7409 |
+-----------+----------------------------------+
[root@controller ~]# nova flavor-access-list --flavor test1
+-----------+----------------------------------+
| Flavor_ID | Tenant_ID |
+-----------+----------------------------------+
| 1 | 30f1d7509c7a46988714a7e5fd28758d |
| 1 | 3ffd1bc6a22b49aab5ff826d457f7409 |
+-----------+----------------------------------+
#2.请使用nova命令列出所有租户的默认配额,使用命令查看admin租户的当前配额值。请使用nova命令将admin租户的实例配额提升到20,再次使用命令查看admin租户的当前配额值
[root@controller ~]# nova quota-defaults
+----------------------+-------+
| Quota | Limit |
+----------------------+-------+
| instances | 10 |
| cores | 20 |
| ram | 51200 |
| metadata_items | 128 |
| key_pairs | 100 |
| server_groups | 10 |
| server_group_members | 10 |
+----------------------+-------+
[root@controller ~]# openstack quota show admin
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| backup-gigabytes | 1000 |
| backups | 10 |
| cores | 20 |
| fixed-ips | -1 |
| floating-ips | 50 |
| gigabytes | 1000 |
| gigabytes___DEFAULT__ | -1 |
| groups | 10 |
| health_monitors | None |
| injected-file-size | 10240 |
| injected-files | 5 |
| injected-path-size | 255 |
| instances | 10 |
| key-pairs | 100 |
| l7_policies | None |
| listeners | None |
| load_balancers | None |
| location | Munch({'project': Munch({'domain_name': 'demo', 'domain_id': None, 'name': 'admin', 'id': u'3ffd1bc6a22b49aab5ff826d457f7409'}), 'cloud': '', 'region_name': '', 'zone': None}) |
| name | None |
| networks | 100 |
| per-volume-gigabytes | -1 |
| pools | None |
| ports | 500 |
| project | 3ffd1bc6a22b49aab5ff826d457f7409 |
| project_name | admin |
| properties | 128 |
| ram | 51200 |
| rbac_policies | 10 |
| routers | 10 |
| secgroup-rules | 100 |
| secgroups | 10 |
| server-group-members | 10 |
| server-groups | 10 |
| snapshots | 10 |
| snapshots___DEFAULT__ | -1 |
| subnet_pools | -1 |
| subnets | 100 |
| volumes | 10 |
| volumes___DEFAULT__ | -1 |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]# openstack quota set admin --instances 20
[root@controller ~]# openstack quota show admin
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| backup-gigabytes | 1000 |
| backups | 10 |
| cores | 20 |
| fixed-ips | -1 |
| floating-ips | 50 |
| gigabytes | 1000 |
| gigabytes___DEFAULT__ | -1 |
| groups | 10 |
| health_monitors | None |
| injected-file-size | 10240 |
| injected-files | 5 |
| injected-path-size | 255 |
| instances | 20 |
| key-pairs | 100 |
| l7_policies | None |
| listeners | None |
| load_balancers | None |
| location | Munch({'project': Munch({'domain_name': 'demo', 'domain_id': None, 'name': 'admin', 'id': u'3ffd1bc6a22b49aab5ff826d457f7409'}), 'cloud': '', 'region_name': '', 'zone': None}) |
| name | None |
| networks | 100 |
| per-volume-gigabytes | -1 |
| pools | None |
| ports | 500 |
| project | 3ffd1bc6a22b49aab5ff826d457f7409 |
| project_name | admin |
| properties | 128 |
| ram | 51200 |
| rbac_policies | 10 |
| routers | 10 |
| secgroup-rules | 100 |
| secgroups | 10 |
| server-group-members | 10 |
| server-groups | 10 |
| snapshots | 10 |
| snapshots___DEFAULT__ | -1 |
| subnet_pools | -1 |
| subnets | 100 |
| volumes | 10 |
| volumes___DEFAULT__ | -1 |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
#3.请将控制节点的计算资源也加入集群
[root@controller ~]# vi variable.sh
#--------------------system Config--------------------##
#控制节点ip. 示例:x.x.x.x
HOST_IP=192.168.10.10
#控制节点密码. 示例:000000
HOST_PASS=000000
#控制节点主机名. 示例:controller
HOST_NAME=controller
#计算节点ip. 示例:x.x.x.x
HOST_IP_NODE=192.168.10.10
#计算节点密码. 示例:000000
HOST_PASS_NODE=000000
#计算节点主机名. 示例:compute
HOST_NAME_NODE=controller
#--------------------Chrony Config-------------------##
#控制节点网段ip. 示例:x.x.0.0/16(x.x.x.0/24)
network_segment_IP=192.168.10.0/24
"variable.sh" 141L, 3811C written
[root@controller ~]# source variable.sh
[root@controller ~]# openstack-compute-nova.sh
[root@controller ~]# openstack compute service list
+----+----------------+------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+----------------+------------+----------+---------+-------+----------------------------+
| 5 | nova-conductor | controller | internal | enabled | up | 2023-10-23T21:11:51.000000 |
| 6 | nova-scheduler | controller | internal | enabled | up | 2023-10-23T21:11:53.000000 |
| 10 | nova-compute | compute | nova | enabled | up | 2023-10-23T21:11:53.000000 |
| 11 | nova-compute | controller | nova | enabled | up | 2023-10-23T21:11:50.000000 |
+----+----------------+------------+----------+---------+-------+----------------------------+
[root@controller ~]# vi variable.sh
#--------------------system Config--------------------##
#控制节点ip. 示例:x.x.x.x
HOST_IP=192.168.10.10
#控制节点密码. 示例:000000
HOST_PASS=000000
#控制节点主机名. 示例:controller
HOST_NAME=controller
#计算节点ip. 示例:x.x.x.x
HOST_IP_NODE=192.168.10.20
#计算节点密码. 示例:000000
HOST_PASS_NODE=000000
#计算节点主机名. 示例:compute
HOST_NAME_NODE=compute
#--------------------Chrony Config-------------------##
#控制节点网段ip. 示例:x.x.0.0/16(x.x.x.0/24)
network_segment_IP=192.168.10.0/24
"variable.sh" 141L, 3808C written
[root@controller ~]# source variable.sh 计算服务查询相关
- 使用openstack命令列出能提供计算资源的节点
[root@controller ~]# openstack compute service list
+----+----------------+------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+----------------+------------+----------+---------+-------+----------------------------+
| 5 | nova-conductor | controller | internal | enabled | up | 2023-10-23T21:12:41.000000 |
| 6 | nova-scheduler | controller | internal | enabled | up | 2023-10-23T21:12:43.000000 |
| 10 | nova-compute | compute | nova | enabled | up | 2023-10-23T21:12:43.000000 |
| 11 | nova-compute | controller | nova | enabled | up | 2023-10-23T21:12:40.000000 |
+----+----------------+------------+----------+---------+-------+----------------------------+Neutron安装
- 在controller节点和compute节点上分别使用脚本分别安装Neutron服务
- 在controller节点和compute节点上分别修改使用脚本分别安装Neutron服务,执行完脚本后,网络默认是vlan模式
网络创建相关
- 创建云主机外 部网络 ext-net,子网为 ext-subnet,云主机浮动IP可用网段为 x.x.x.100~x.x.x.200 ,网关为 x.x.x.1
- 创建云主机内部网络int-net 1,子网为int-subnet 1,云主机子网IP可用网段为10.0.0.100~10.0.0.200 ,网关为 10.0.0.1
- 创建云主机内部网络int-net 2,子网为int-subnet 2,云主机子网IP可用网段为10.0.1.100~10.0.1.200 ,网关为 10.0.1.1
- 添加名为ext-router的路由器,添加网关在ext-net网络,添加内部端口到int-net 1网络,完成内部网络 int-net 1和外部网络的连通
- 使用命令将int-net 2网络设置为共享,然后查看int-net 2网络的详细信息
- 使用自己搭建的openstack云平台,创建云主机网络extnet,子网extsubnet,虚拟机网段为x.x.x.0/24, 网关为x.x.x.1,段ID默认写100 (默认创建就是这样的)
#1.创建云主机外 部网络 ext-net,子网为 ext-subnet,云主机浮动IP可用网段为 x.x.x.100~x.x.x.200 ,网关为 x.x.x.1
[root@controller ~]# openstack network create ext-net --external --share
+---------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+---------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2023-10-23T21:28:51Z |
| description | |
| dns_domain | None |
| id | bf3c0a44-a23e-409c-8a95-dcbf3d0d30dc |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| location | cloud='', project.domain_id=, project.domain_name='demo', project.id='3ffd1bc6a22b49aab5ff826d457f7409', project.name='admin', region_name='', zone= |
| mtu | 1450 |
| name | ext-net |
| port_security_enabled | True |
| project_id | 3ffd1bc6a22b49aab5ff826d457f7409 |
| provider:network_type | vxlan |
| provider:physical_network | None |
| provider:segmentation_id | 100 |
| qos_policy_id | None |
| revision_number | 1 |
| router:external | External |
| segments | None |
| shared | True |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2023-10-23T21:28:52Z |
+---------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]# openstack subnet create ext-subnet --subnet-range 192.168.20.0/24 --gateway 192.168.20.1 --network ext-net --allocation-pool start=192.168.20.100,end=192.168.20.200
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
| allocation_pools | 192.168.20.100-192.168.20.200 |
| cidr | 192.168.20.0/24 |
| created_at | 2023-10-23T21:33:47Z |
| description | |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 192.168.20.1 |
| host_routes | |
| id | be0409a4-fccf-4c3d-809a-3b18681ed11e |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| location | cloud='', project.domain_id=, project.domain_name='demo', project.id='3ffd1bc6a22b49aab5ff826d457f7409', project.name='admin', region_name='', zone= |
| name | ext-subnet |
| network_id | bf3c0a44-a23e-409c-8a95-dcbf3d0d30dc |
| prefix_length | None |
| project_id | 3ffd1bc6a22b49aab5ff826d457f7409 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2023-10-23T21:33:47Z |
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
#2.创建云主机内部网络int-net 1,子网为int-subnet 1,云主机子网IP可用网段为10.0.0.100~10.0.0.200 ,网关为 10.0.0.1
[root@controller ~]# openstack network create int-net1 --internal
+---------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+---------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2023-10-23T21:34:59Z |
| description | |
| dns_domain | None |
| id | 01ff61b5-49a8-45e9-910e-11a4e8304912 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| location | cloud='', project.domain_id=, project.domain_name='demo', project.id='3ffd1bc6a22b49aab5ff826d457f7409', project.name='admin', region_name='', zone= |
| mtu | 1450 |
| name | int-net1 |
| port_security_enabled | True |
| project_id | 3ffd1bc6a22b49aab5ff826d457f7409 |
| provider:network_type | vxlan |
| provider:physical_network | None |
| provider:segmentation_id | 101 |
| qos_policy_id | None |
| revision_number | 1 |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2023-10-23T21:34:59Z |
+---------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]# openstack subnet create int-subnet1 --subnet-range 10.0.0.0/24 --gateway 10.0.0.1 --network int-net1 --allocation-pool start=10.0.0.100,end=10.0.0.200
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
| allocation_pools | 10.0.0.100-10.0.0.200 |
| cidr | 10.0.0.0/24 |
| created_at | 2023-10-23T21:36:08Z |
| description | |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 10.0.0.1 |
| host_routes | |
| id | 845d9e5e-b183-416f-a6be-9312df6721d4 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| location | cloud='', project.domain_id=, project.domain_name='demo', project.id='3ffd1bc6a22b49aab5ff826d457f7409', project.name='admin', region_name='', zone= |
| name | int-subnet1 |
| network_id | 01ff61b5-49a8-45e9-910e-11a4e8304912 |
| prefix_length | None |
| project_id | 3ffd1bc6a22b49aab5ff826d457f7409 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2023-10-23T21:36:08Z |
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
#3.创建云主机内部网络int-net 2,子网为int-subnet 2,云主机子网IP可用网段为10.0.1.100~10.0.1.200 ,网关为 10.0.1.1
[root@controller ~]# openstack network create int-net2 --internal +---------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+---------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2023-10-23T21:36:18Z |
| description | |
| dns_domain | None |
| id | a63a06c6-086c-4f8f-821c-9deaee037283 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| location | cloud='', project.domain_id=, project.domain_name='demo', project.id='3ffd1bc6a22b49aab5ff826d457f7409', project.name='admin', region_name='', zone= |
| mtu | 1450 |
| name | int-net2 |
| port_security_enabled | True |
| project_id | 3ffd1bc6a22b49aab5ff826d457f7409 |
| provider:network_type | vxlan |
| provider:physical_network | None |
| provider:segmentation_id | 102 |
| qos_policy_id | None |
| revision_number | 1 |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2023-10-23T21:36:18Z |
+---------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]# openstack subnet create int-subnet2 --subnet-range 10.0.1.0/24 --gateway 10.0.1.1 --network int-net2 --allocation-pool start=10.0.1.100,end=10.0.1.200
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
| allocation_pools | 10.0.1.100-10.0.1.200 |
| cidr | 10.0.1.0/24 |
| created_at | 2023-10-23T21:36:36Z |
| description | |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 10.0.1.1 |
| host_routes | |
| id | 1f5f1019-6afe-4c96-8399-1d93fc7ac920 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| location | cloud='', project.domain_id=, project.domain_name='demo', project.id='3ffd1bc6a22b49aab5ff826d457f7409', project.name='admin', region_name='', zone= |
| name | int-subnet2 |
| network_id | a63a06c6-086c-4f8f-821c-9deaee037283 |
| prefix_length | None |
| project_id | 3ffd1bc6a22b49aab5ff826d457f7409 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2023-10-23T21:36:36Z |
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
#4.添加名为ext-router的路由器,添加网关在ext-net网络,添加内部端口到int-net 1网络,完成内部网络 int-net 1和外部网络的连通
[root@controller ~]# openstack router create ext-router
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2023-10-23T21:39:16Z |
| description | |
| distributed | False |
| external_gateway_info | null |
| flavor_id | None |
| ha | False |
| id | 791f1871-ef1a-4640-91a5-d7e4d69b5e75 |
| location | cloud='', project.domain_id=, project.domain_name='demo', project.id='3ffd1bc6a22b49aab5ff826d457f7409', project.name='admin', region_name='', zone= |
| name | ext-router |
| project_id | 3ffd1bc6a22b49aab5ff826d457f7409 |
| revision_number | 1 |
| routes | |
| status | ACTIVE |
| tags | |
| updated_at | 2023-10-23T21:39:16Z |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]# openstack router add subnet ext-router int-subnet1
[root@controller ~]# openstack router set --external-gateway ext-net ext-router
[root@controller ~]# openstack router add subnet ext-router int-subnet2
#5.使用命令将int-net 2网络设置为共享,然后查看int-net 2网络的详细信息
[root@controller ~]# openstack network set int-net2 --share
[root@controller ~]# openstack network show int-net2
+---------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+---------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | nova |
| created_at | 2023-10-23T21:36:18Z |
| description | |
| dns_domain | None |
| id | a63a06c6-086c-4f8f-821c-9deaee037283 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | None |
| is_vlan_transparent | None |
| location | cloud='', project.domain_id=, project.domain_name='demo', project.id='3ffd1bc6a22b49aab5ff826d457f7409', project.name='admin', region_name='', zone= |
| mtu | 1450 |
| name | int-net2 |
| port_security_enabled | True |
| project_id | 3ffd1bc6a22b49aab5ff826d457f7409 |
| provider:network_type | vxlan |
| provider:physical_network | None |
| provider:segmentation_id | 102 |
| qos_policy_id | None |
| revision_number | 3 |
| router:external | Internal |
| segments | None |
| shared | True |
| status | ACTIVE |
| subnets | 1f5f1019-6afe-4c96-8399-1d93fc7ac920 |
| tags | |
| updated_at | 2023-10-23T21:42:53Z |
+---------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
#6.使用自己搭建的openstack云平台,创建云主机网络extnet,子网extsubnet,虚拟机网段为x.x.x.0/24, 网关为x.x.x.1,段ID默认写100 (默认创建就是这样的)
[root@controller ~]# openstack network create --share --external --provider-network-type vlan --provider-physical-network provider --provider-segment 100 extnet
或
[root@controller ~]# openstack network create --share --external extnet安全组相关
-
使用命令创建名称为 group web 的安全组该安全组的描述为工位号,为该安全组添加一 条规则允许任意 ip 地址访问 web 流量,完成后查看该安全组的详细信息。
-
使用命令创建名称为 group_web 的安全组该安全组的描述为” Custom security group”, 用 openstack 命令为安全组添加 icmp 规则和 ssh 规则允许任意 ip 地址访问 web,完成后查看该安全组的详细信息
openstack security group show group_web
#1.使用命令创建名称为 group web 的安全组该安全组的描述为工位号,为该安全组添加一 条规则允许任意 ip 地址访问 web 流量,完成后查看该安全组的详细信息。
[root@controller ~]# openstack security group create group_web --description "工位号"
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2023-10-23T22:01:03Z |
| description | 工位号 |
| id | 34305e9f-83dc-4729-99cf-c64ee8869096 |
| location | cloud='', project.domain_id=, project.domain_name='demo', project.id='3ffd1bc6a22b49aab5ff826d457f7409', project.name='admin', region_name='', zone= |
| name | group_web |
| project_id | 3ffd1bc6a22b49aab5ff826d457f7409 |
| revision_number | 1 |
| rules | created_at='2023-10-23T22:01:03Z', direction='egress', ethertype='IPv4', id='3baf1688-8f2f-474d-8ce3-99c6414bead4', updated_at='2023-10-23T22:01:03Z' |
| | created_at='2023-10-23T22:01:03Z', direction='egress', ethertype='IPv6', id='a5ae1cb4-2403-41c9-94d1-29e187957c99', updated_at='2023-10-23T22:01:03Z' |
| tags | [] |
| updated_at | 2023-10-23T22:01:03Z |
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
--protocol <protocol>
IP protocol (ah, dccp, egp, esp, gre, icmp, igmp,
ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt,
ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp,
udp, udplite, vrrp and integer representations [0-255]
or any; default: any (all protocols))
协议类型
--ingress Rule applies to incoming network traffic (default)
--egress Rule applies to outgoing network traffic
规则进/出
[root@controller ~]# openstack security group rule create group_web --protocol tcp --dst-port 80
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2023-10-23T22:02:00Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 3b5c14a1-8199-4251-9856-86bd14cbbee7 |
| location | cloud='', project.domain_id=, project.domain_name='demo', project.id='3ffd1bc6a22b49aab5ff826d457f7409', project.name='admin', region_name='', zone= |
| name | None |
| port_range_max | 80 |
| port_range_min | 80 |
| project_id | 3ffd1bc6a22b49aab5ff826d457f7409 |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 34305e9f-83dc-4729-99cf-c64ee8869096 |
| tags | [] |
| updated_at | 2023-10-23T22:02:00Z |
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]# openstack security group show group_web
+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2023-10-23T22:01:03Z |
| description | 工位号 |
| id | 34305e9f-83dc-4729-99cf-c64ee8869096 |
| location | cloud='', project.domain_id=, project.domain_name='demo', project.id='3ffd1bc6a22b49aab5ff826d457f7409', project.name='admin', region_name='', zone= |
| name | group_web |
| project_id | 3ffd1bc6a22b49aab5ff826d457f7409 |
| revision_number | 2 |
| rules | created_at='2023-10-23T22:02:00Z', direction='ingress', ethertype='IPv4', id='3b5c14a1-8199-4251-9856-86bd14cbbee7', port_range_max='80', port_range_min='80', protocol='tcp', remote_ip_prefix='0.0.0.0/0', updated_at='2023-10-23T22:02:00Z' |
| | created_at='2023-10-23T22:01:03Z', direction='egress', ethertype='IPv4', id='3baf1688-8f2f-474d-8ce3-99c6414bead4', updated_at='2023-10-23T22:01:03Z' |
| | created_at='2023-10-23T22:01:03Z', direction='egress', ethertype='IPv6', id='a5ae1cb4-2403-41c9-94d1-29e187957c99', updated_at='2023-10-23T22:01:03Z' |
| tags | [] |
| updated_at | 2023-10-23T22:02:00Z |
+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
#2.使用命令创建名称为 group_web 的安全组该安全组的描述为” Custom security group”, 用 openstack 命令为安全组添加 icmp 规则和 ssh 规则允许任意 ip 地址访问 web,完成后查看该安全组的详细信息
[root@controller ~]# openstack security group create group_web --description "Custom security group"
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2023-10-23T22:03:39Z |
| description | Custom security group |
| id | ec658d4e-af22-4cb7-8753-37e0417fd884 |
| location | cloud='', project.domain_id=, project.domain_name='demo', project.id='3ffd1bc6a22b49aab5ff826d457f7409', project.name='admin', region_name='', zone= |
| name | group_web |
| project_id | 3ffd1bc6a22b49aab5ff826d457f7409 |
| revision_number | 1 |
| rules | created_at='2023-10-23T22:03:39Z', direction='egress', ethertype='IPv4', id='10afd4cd-3550-4533-a885-a2ff844bb819', updated_at='2023-10-23T22:03:39Z' |
| | created_at='2023-10-23T22:03:39Z', direction='egress', ethertype='IPv6', id='e27b8cd7-c072-4ca7-8f4f-7051462af77a', updated_at='2023-10-23T22:03:39Z' |
| tags | [] |
| updated_at | 2023-10-23T22:03:39Z |
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]# openstack security group rule create group_web --protocol icmp
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2023-10-23T22:04:00Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 953467d7-4630-412c-afd9-2f70c0826f1e |
| location | cloud='', project.domain_id=, project.domain_name='demo', project.id='3ffd1bc6a22b49aab5ff826d457f7409', project.name='admin', region_name='', zone= |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | 3ffd1bc6a22b49aab5ff826d457f7409 |
| protocol | icmp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | ec658d4e-af22-4cb7-8753-37e0417fd884 |
| tags | [] |
| updated_at | 2023-10-23T22:04:00Z |
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]# openstack security group rule create group_web --protocol tcp --dst-port 80
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2023-10-23T22:04:16Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | a2368300-ee47-4028-a789-d746cba5dd1c |
| location | cloud='', project.domain_id=, project.domain_name='demo', project.id='3ffd1bc6a22b49aab5ff826d457f7409', project.name='admin', region_name='', zone= |
| name | None |
| port_range_max | 80 |
| port_range_min | 80 |
| project_id | 3ffd1bc6a22b49aab5ff826d457f7409 |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | ec658d4e-af22-4cb7-8753-37e0417fd884 |
| tags | [] |
| updated_at | 2023-10-23T22:04:16Z |
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]# openstack security group rule create group_web --protocol tcp --dst-port 22
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2023-10-23T22:04:23Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 712ff0c7-cc04-4c45-b48c-4c5cdfcdc449 |
| location | cloud='', project.domain_id=, project.domain_name='demo', project.id='3ffd1bc6a22b49aab5ff826d457f7409', project.name='admin', region_name='', zone= |
| name | None |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | 3ffd1bc6a22b49aab5ff826d457f7409 |
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | ec658d4e-af22-4cb7-8753-37e0417fd884 |
| tags | [] |
| updated_at | 2023-10-23T22:04:23Z |
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]# openstack security group show group_web +-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2023-10-23T22:03:39Z |
| description | Custom security group |
| id | ec658d4e-af22-4cb7-8753-37e0417fd884 |
| location | cloud='', project.domain_id=, project.domain_name='demo', project.id='3ffd1bc6a22b49aab5ff826d457f7409', project.name='admin', region_name='', zone= |
| name | group_web |
| project_id | 3ffd1bc6a22b49aab5ff826d457f7409 |
| revision_number | 4 |
| rules | created_at='2023-10-23T22:03:39Z', direction='egress', ethertype='IPv4', id='10afd4cd-3550-4533-a885-a2ff844bb819', updated_at='2023-10-23T22:03:39Z' |
| | created_at='2023-10-23T22:04:23Z', direction='ingress', ethertype='IPv4', id='712ff0c7-cc04-4c45-b48c-4c5cdfcdc449', port_range_max='22', port_range_min='22', protocol='tcp', remote_ip_prefix='0.0.0.0/0', updated_at='2023-10-23T22:04:23Z' |
| | created_at='2023-10-23T22:04:00Z', direction='ingress', ethertype='IPv4', id='953467d7-4630-412c-afd9-2f70c0826f1e', protocol='icmp', remote_ip_prefix='0.0.0.0/0', updated_at='2023-10-23T22:04:00Z' |
| | created_at='2023-10-23T22:04:16Z', direction='ingress', ethertype='IPv4', id='a2368300-ee47-4028-a789-d746cba5dd1c', port_range_max='80', port_range_min='80', protocol='tcp', remote_ip_prefix='0.0.0.0/0', updated_at='2023-10-23T22:04:16Z' |
| | created_at='2023-10-23T22:03:39Z', direction='egress', ethertype='IPv6', id='e27b8cd7-c072-4ca7-8f4f-7051462af77a', updated_at='2023-10-23T22:03:39Z' |
| tags | [] |
| updated_at | 2023-10-23T22:04:23Z |
+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
云主机网络相关(浮动ip)
自行创建云主机,并绑定int-net1网络。使用openstack命令从ext-net外部网络创建浮动 IP ,完成后使用命令将该浮动ip与自行创建的云主机进行关联,完成后查看该浮动IP的详细信息。
openstack server create --flavor <flavor_id> --image <image_id> --network int-net1 --security-group <security_group_id> <server_name>
其中 <flavor_id>、<image_id>、<security_group_id> 和 <server_name> 需要替换成具体的值。
安全组不是必要的,没有使用默认的
openstack server create cirros-1 --flavor test --image cirros-0.3.3 --network int-net1
openstack floating ip create ext-net
openstack server add floating ip my-server 203.0.113.10
#203.0.113.10为floating_ip
openstack floating ip show
[root@controller ~]# openstack server add floating ip cirros-1 192.168.20.140
[root@controller ~]# openstack server list
+--------------------------------------+----------+--------+-------------------------------------+--------------+--------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+----------+--------+-------------------------------------+--------------+--------+
| 6aa790d4-55e8-424f-b063-7dba29a97438 | cirros-1 | ACTIVE | int-net1=10.0.0.153, 192.168.20.140 | cirros-0.3.3 | test |
+--------------------------------------+----------+--------+-------------------------------------+--------------+--------+查询相关
- 检查 neutron 服务的 linuxbridge 网桥服务启动正确
[root@controller ~]# lsmod | grep br_netfilter
br_netfilter 22256 0
bridge 155432 1 br_netfilter
openstack network agent listDoshboard安装
在controller节点上使用脚本安装dashboad服务
修改配置文件相关(/etc/nova/nova.conf,/etc/openstack-dashboard/local_settings )
- 请修改nova配置文件,使之能通过公网IP访问dashboard首页信息
- 使得登录 Dashboard 平台的时候不需要输入域名(demo,defualt那个)
- 安装dashboad服务后,将Dashboard 中的Djingo数据修改为存储在文件中(此种修改解决了ALL-in-one快照在其他云平台Dashboard不 能访问的问题)
root@controller ~]# vi /etc/nova/nova.conf
my_ip = 192.168.10.100
[root@controller ~]# vi /etc/openstack-dashboard/local_settings
#GG
#django
SESSION_ENGINE = 'django.contrib.sessions.backends.file'
#KEYSTONE
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False
查询相关
- 使用curl指令获取dashboard首页信息
[root@controller ~]# curl 192.168.10.100
[root@controller ~]# curl http://192.168.10.10/auth/login/?next=/
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /auth/login/ was not found on this server.</p>
</body></html>
#curl -v 可以看到详细信息可以看到些问题所在
#应该是正确方法
[root@controller ~]# curl -u admin:000000 http://192.168.10.10/dashboard/auth/login/?next=/dashboard/
或者
[root@controller ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2023-10-31T17:08:21+0000 |
| id | gAAAAABlQSZ1MeNSnbUQ5zyTndTtdSTqqvnFoCuLf9vDHUl37XEKx9_7js6y_Iq2-r3P6KoJItRgD7MoJlhQoC7VWjTY9a-3WTcxoLMDDkG9lFq1xDlUZrMHNKgenZ5zTxUAFYf7C_pkaOcA9R50TMWYnS7kwkwN_t7JucCUuYqK4W7YCjLpzkk |
| project_id | 11c36fdf5079488ab0d70f379128cf98 |
| user_id | c3f3430509b9480fa71da04c863f28f4 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
curl -H "Authorization: Bearer gAAAAABlQSXS6mnA5y3pTJFLSwEJ3qoDgJzODC2tCUtPxsd4u-RMURInqaszOHzWkTTBiPdYGwhqQZO9BiuYF17i35oW_Q4j27ZbjVKPkq6_nhfirqV5u2dKLp_1AOZiUjAqNpBa7WzleayVsUZliiNLiBSB5HjYqFIIC7TVLMzKb2YxIk9HlpI" http://192.168.10.10/dashboard/auth/login/?next=/dashboard/
Swift安装
在控制节点和计算节点上分别使用脚本安装Swift服务
容器操作相关
- 新建名为chinaskill的容器,将cirros-0.3.3-x86_64-disk.img镜像上传到chinaskill容器中,并设置分段存放,每一段大小为10M
- 使用 swift 命令创建一个名为 file 的容器并查看,然后把 cirros-0.3.3-x86_64-disk.img 上传到 file 容器中,上传完毕后,使用命令查看容器
#1.新建名为chinaskill的容器,将cirros-0.3.3-x86_64-disk.img镜像上传到chinaskill容器中,并设置分段存放,每一段大小为10M
[root@controller ~]# swift post chinaskill
[root@controller ~]# swift list
chinaskill
#可以不执行上面的,直接执行也可以生成chinaskill容器
[root@controller ~]# swift upload chinaskill -S 10M cirros-0.3.4-x86_64-disk.img
cirros-0.3.4-x86_64-disk.img segment 0
cirros-0.3.4-x86_64-disk.img segment 1
cirros-0.3.4-x86_64-disk.img
[root@controller ~]# swift list
chinaskill
chinaskill_segments
[root@controller ~]# swift list chinaskill_segments
cirros-0.3.4-x86_64-disk.img/1605761034.000000/13287936/10485760/00000000
cirros-0.3.4-x86_64-disk.img/1605761034.000000/13287936/10485760/00000001
openstack的容器操作命令
opestack container
要删除容器要先删除容器内容
openstack object list
openstack object delete
#2.使用 swift 命令创建一个名为 file 的容器并查看,然后把 cirros-0.3.3-x86_64-disk.img 上传到 file 容器中,上传完毕后,使用命令查看容器
[root@controller ~]# swift upload file cirros-0.3.4-x86_64-disk.img
cirros-0.3.4-x86_64-disk.img
[root@controller ~]# swift list file
cirros-0.3.4-x86_64-disk.img
swift stat file
#查看查询相关
-
使用swift相关命令,查询 swift 对象存储服务可以存储的单个文件大小的最大值
swift capabilities | grep max_file_size
[root@controller ~]# swift capabilities | grep max_file_size
max_file_size: 5368709122Cinder安装
在控制节点和计算节点上分别使用脚本安装cinder服务
/etc/cinder/cinder.conf相关
- 为了减缓来自实例的数据访问速度的减慢,OpenStack Block Storage 支持对卷数据复制带宽的速率限制。请修改cinder后端配置文件将卷 复制带宽限制为最高100 MiB/s
vi /etc/cinder/cinder.conf
volume_copy_bps_limit = 104857600
#这里的参数不能给单位,只能写值cinder改配置(有问题)
用于开启租户QoS,即在使用Cinder存储服务时,可以为不同的租户分配不同的服务质量(QoS),从而为不同的业务应用提供适当的服务质量保障。
若没有开启此选项,则无法使用租户QoS功能。
backend_allow_tenant_qos = True
选项不一致,如果实在要改可以都开
#qos
# Allow tenants to specify QOS on create (boolean value)
#instorage_mcs_allow_tenant_qos = false
# Allow tenants to specify QOS on create (boolean value)
#storwize_svc_allow_tenant_qos = false
# Allow tenants to specify QOS on create (boolean value)
#sf_allow_tenant_qos = falsecinder操作相关
- 请在计算节点,对块存储进行扩容操作,即在计算节点再分出一个5G 的分区,加入到cinder块存储的后端存储中去
[root@compute ~]# pvcreate /dev/sdb4
WARNING: xfs signature detected on /dev/sdb4 at offset 0. Wipe it? [y/n]: y
Wiping xfs signature on /dev/sdb4.
Physical volume "/dev/sdb4" successfully created.
#将物理磁盘 /dev/sdb4 初始化为物理卷
[root@compute ~]# vgs
VG #PV #LV #SN Attr VSize VFree
centos 1 2 0 wz--n- <197.88g 4.00m
cinder-volumes 1 1 0 wz--n- <20.00g 980.00m
[root@compute ~]# vgextend cinder-volumes /dev/sdb4
Volume group "cinder-volumes" successfully extended
[root@compute ~]# vgs
VG #PV #LV #SN Attr VSize VFree
centos 1 2 0 wz--n- <197.88g 4.00m
cinder-volumes 2 1 0 wz--n- 39.99g 20.95g
[root@compute ~]# vgdisplay
--- Volume group ---
VG Name centos
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 3
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 2
Open LV 2
Max PV 0
Cur PV 1
Act PV 1
VG Size <197.88 GiB
PE Size 4.00 MiB
Total PE 50657
Alloc PE / Size 50656 / <197.88 GiB
Free PE / Size 1 / 4.00 MiB
VG UUID juOf1s-LYr3-gpbk-xX8q-RsxP-ZkOG-s6SBWa
--- Volume group ---
VG Name cinder-volumes
System ID
Format lvm2
Metadata Areas 2
Metadata Sequence No 5
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 1
Open LV 0
Max PV 0
Cur PV 2
Act PV 2
VG Size 39.99 GiB
PE Size 4.00 MiB
Total PE 10238
Alloc PE / Size 4874 / <19.04 GiB
Free PE / Size 5364 / 20.95 GiB
VG UUID 9cl02C-I4lE-s85O-2ztO-fBMi-Q0c8-mI8tfe卷操作相关
-
请使用 openstack 命令创建一个名为 test 的 cinder 卷,卷大小为 1G。完成后使用 cinder 命令列出卷列表并查看 test 卷的详细信息
-
创建一个名为 lvm 的卷类型,创建该类型规格键值对,要求 lvm 卷类型对应 cinder 后端驱动 lvm 所管理的存储资源,名字 lvm_test,大小1G 的云硬盘并查询该云硬盘的详细信息。
cinder show lvm_test
#1.请使用 openstack 命令创建一个名为 test 的 cinder 卷,卷大小为 1G。完成后使用 cinder 命令列出卷列表并查看 test 卷的详细信息
[root@controller ~]# openstack volume create --size 1 test
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2023-10-24T11:10:57.000000 |
| description | None |
| encrypted | False |
| id | 58660379-1c78-42d6-abe5-359c2d7fb153 |
| migration_status | None |
| multiattach | False |
| name | test |
| properties | |
| replication_status | None |
| size | 1 |
| snapshot_id | None |
| source_volid | None |
| status | creating |
| type | __DEFAULT__ |
| updated_at | None |
| user_id | 80b4e69f7fe34dcb8c6b2bf1d95be2a2 |
+---------------------+--------------------------------------+
[root@controller ~]# openstack volume show test
+--------------------------------+--------------------------------------+
| Field | Value |
+--------------------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2023-10-24T11:10:57.000000 |
| description | None |
| encrypted | False |
| id | 58660379-1c78-42d6-abe5-359c2d7fb153 |
| migration_status | None |
| multiattach | False |
| name | test |
| os-vol-host-attr:host | compute@lvm#LVM |
| os-vol-mig-status-attr:migstat | None |
| os-vol-mig-status-attr:name_id | None |
| os-vol-tenant-attr:tenant_id | 3ffd1bc6a22b49aab5ff826d457f7409 |
| properties | |
| replication_status | None |
| size | 1 |
| snapshot_id | None |
| source_volid | None |
| status | available |
| type | __DEFAULT__ |
| updated_at | 2023-10-24T11:10:58.000000 |
| user_id | 80b4e69f7fe34dcb8c6b2bf1d95be2a2 |
+--------------------------------+--------------------------------------+
#2.创建一个名为 lvm 的卷类型,创建该类型规格键值对,要求 lvm 卷类型对应 cinder 后端驱动 lvm 所管理的存储资源,名字 lvm_test,大小1G 的云硬盘并查询该云硬盘的详细信息。 cinder show lvm_test
openstack volume type create lvm --property volume_backend_name=lvm
[root@controller ~]# openstack volume type create lvm
+-------------+--------------------------------------+
| Field | Value |
+-------------+--------------------------------------+
| description | None |
| id | b43fb549-2677-4d1b-9c8c-e5c037c54013 |
| is_public | True |
| name | lvm |
+-------------+--------------------------------------+
[root@controller ~]# openstack volume create --size 1 --type lvm lvm_test
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2023-10-24T11:17:16.000000 |
| description | None |
| encrypted | False |
| id | f1fb59b3-3687-4b01-aa7a-7e8dcb6ab92b |
| migration_status | None |
| multiattach | False |
| name | lvm_test |
| properties | |
| replication_status | None |
| size | 1 |
| snapshot_id | None |
| source_volid | None |
| status | creating |
| type | lvm |
| updated_at | None |
| user_id | 80b4e69f7fe34dcb8c6b2bf1d95be2a2 |
+---------------------+--------------------------------------+
[root@controller ~]# openstack volume show lvm_test
+--------------------------------+--------------------------------------+
| Field | Value |
+--------------------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2023-10-24T11:17:16.000000 |
| description | None |
| encrypted | False |
| id | f1fb59b3-3687-4b01-aa7a-7e8dcb6ab92b |
| migration_status | None |
| multiattach | False |
| name | lvm_test |
| os-vol-host-attr:host | compute@lvm#LVM |
| os-vol-mig-status-attr:migstat | None |
| os-vol-mig-status-attr:name_id | None |
| os-vol-tenant-attr:tenant_id | 3ffd1bc6a22b49aab5ff826d457f7409 |
| properties | |
| replication_status | None |
| size | 1 |
| snapshot_id | None |
| source_volid | None |
| status | available |
| type | lvm |
| updated_at | 2023-10-24T11:17:17.000000 |
| user_id | 80b4e69f7fe34dcb8c6b2bf1d95be2a2 |
+--------------------------------+--------------------------------------+云主机卷相关
-
请自行创建两个实例并保证实例处在正常运行状态,请使用cinder创建一个名为multiattach的卷类型,完成后使用cinder命令将该卷类型设置为允许多重连接。使用cinder命令创建名为test的卷,卷类型设置为multiattach,完成后使用nova命令将该卷连接到两个实例上。完后使用cinder命令查看卷的详细信息(有问题)
-
创建一个卷类型,然后创建一块带这个卷类型标识的云硬盘,查询该云硬盘的详细信息。 将该云硬盘挂载到虚拟机中,将该云硬盘格式化为 xfs 。创建一个文件文件名为工位号内容 为工位号,然后将该云硬盘卸载,使用 openstack 命令将该云硬盘修改为只读状态,再次挂载后查看是否存在原始文件,然后再次向该云硬盘中创建一个文件,文件名为工位号
-
使用命令创建一个 5GB 的云硬盘,名称为 disk-2 ,将云硬盘挂载到云虚拟机内,然后格式化为 ext4,挂载到虚拟机的 /mnt/ 目录下,使用 df -h 将命令和返回信息提交到答题框。 将该云硬盘使用命令卸载,使用命令将该云硬盘扩容到 10GB ,使用命令将云硬盘挂载到云主机上,将命令及返回信息提交到答题框。进入云主机使用命令扩容文件系统,扩容后再次挂载到 /mnt/。使用 df -hT 命令查看(有问题)
#1.请自行创建两个实例并保证实例处在正常运行状态,请使用cinder创建一个名为multiattach的卷类型,完成后使用cinder命令将该卷类型设置为允许多重连接。使用cinder命令创建名为test的卷,卷类型设置为multiattach,完成后使用nova命令将该卷连接到两个实例上。完后使用cinder命令查看卷的详细信息
openstack volume type create multiattach --property multiattach="<is> True"
#卷类型,默认打开多重连接,必须这样写
openstack volume create --type multiattach --size 1 test10
#将块卷附加到任何可用的实例中
openstack server add volume server_name test10
openstack volume show test
#2.创建一个卷类型,然后创建一块带这个卷类型标识的云硬盘,查询该云硬盘的详细信息。 将该云硬盘挂载到虚拟机中,将该云硬盘格式化为 xfs 。创建一个文件文件名为工位号内容 为工位号,然后将该云硬盘卸载,使用 openstack 命令将该云硬盘修改为只读状态,再次挂载后查看是否存在原始文件,然后再次向该云硬盘中创建一个文件,文件名为工位号
openstack volume create --size 10 mydisk
openstack server add volume test30 mydisk
sudo -i #提升权限,否则无法格式化
lsblk
fdisk /dev/xxx
mkfs.xfs /dev/xxx1
mkdir /data
mount /dev/sdb1 /data
touch /data/test
echo "xxx">/data/test
umount /data
openstack server remove volume server_name mydisk
openstack volume set --read-only mydisk
openstack server add volume server_name mydisk
mount /dev/sdb1 /data
ls /data
#3.使用命令创建一个 5GB 的云硬盘,名称为 disk-2 ,将云硬盘挂载到云虚拟机内,然后格式化为 ext4,挂载到虚拟机的 /mnt/ 目录下,使用 df -h 将命令和返回信息提交到答题框。 将该云硬盘使用命令卸载,使用命令将该云硬盘扩容到 10GB ,使用命令将云硬盘挂载到云主机上,将命令及返回信息提交到答题框。进入云主机使用命令扩容文件系统,扩容后再次挂载到 /mnt/。使用 df -hT 命令查看
openstack volume create --size 5 disk-2
openstack server add volume server_name disk-2
fdisk /dev/vdc
mkfs.ext4 /dev/vdc1
# 挂载到 /mnt/
mkdir /mnt/disk-2
mount /dev/vdc /mnt/disk-2
# 使用 df -h 检查挂载状态
df -h
umount /mnt
openstack server remove volume server_name disk-2
openstack volume set set --size 10 disk-2
openstack server add volume server_name disk-2
#sudo growpart /dev/vdc 1 #注意此处空格
sudo resize2fs /dev/vdc1
#partprobe
#如果lsblk 查看不了 reboot
# 再次挂载到 /mnt/
sudo mount /dev/vdc /mnt/disk-2
# 使用 df -hT 检查挂载状态
df -hTheat安装
在controller节点使用脚本安装heat服务
-
使用自己搭建的openstack云平台,在/root目录下编写模板server.yaml,创建名为“m1.flavor”、 ID 为 1234、内存为1024MB、硬盘为20GB、vcpu数量为 1的云主机类型
-
创建create_flavor.yaml文件:指定cpu:2,磁盘:20G、内存:2048、id:999999、为公共项目
-
在自行搭建的 OpenStack 私有云平台,在/root 目录下编写 Heat 模板 create_net.yaml,创建名为 Heat-Network 网络,选择不共享;创建子网名为Heat-Subnet,子网网段设置为10.20.2.0/24,开启DHCP服务,地址池为10.20.2.20-10.20.2.100。(在提交信息前请准备好 yaml模板执行的环境)
-
在自行搭建的 OpenStack 私有云平台或赛项提供的 all-in-one 平台上,在/root 目录下编 写 Heat 模板create_user.yaml,创建名为 heat-user 的用户,属于 admin 项目,并赋予 heat-user 用户 admin 的权限,配置用户密码为123456
-
使 用 自 己 搭 建 的 OpenStack 私 有 云 平 台 , 使 用 heat 编写摸板(heat_template_version: 2016-04-08)创建名为”chinaskills”的 domain,在此 domain下创建名为 beijing_group 的租户,在此租户下创建名为 cloud 的用户,将此文件命名及保存在/root/user_create.yml。(竞赛系统会执行 yaml 文件,请确保执行的环境)
-
在自行搭建的 OpenStack 私有云平台上,在 /root 目录下编写 Heat 模板 create_container.yaml,要求执行 yaml 文件可以创建名为 heat-swift 的容器。(在提交信息前请准备好 yaml 模板执行的环境)
-
在自行搭建的 OpenStack 私有云平台,swift做image对接外部存储创建一个镜像名为exanimage 最小硬盘为10G,最小内存为512M。(在提交信息前请准备好 yaml模板执行的环境)
swift做image对接外部存储 vim /etc/glance/glance-api.conf [glance_store] default_store = swift 默认为file 改为swift stores = file, http 默认不用动 swift_store_auth_version = 2 默认版本为2 stores=glance.store.swift.Store,glance.store.filesystem.Store 此项一定要加上,不然无法上传 swift_store_auth_address = http://controller:5000/v2.0 controller的keystone认证 swift_store_user = service:swift 使用swift用户 swift_store_key = swift 密码 swift_store_container = glance 将要被创建的容器 swift_store_create_container_on_put = True 上传开
swift_store_multi_tenant=True
swift_store_admin_tenants=service
swift是对象存储,创建一个容器,容器里创建一个个的对象,当我们把swift作为存储的时候,则当我们上传一个镜像的时候,会为glance用户创建一个glance容器,上传的镜像会保存在这个glance容器里。
-
创建镜像
-
创建云主机
resource-type-list
resource-type-template
template-version-list
get_resource:(获取容器内)
get_param:(获取容器外)
#1.使用自己搭建的openstack云平台,在/root目录下编写模板server.yaml,创建名为“m1.flavor”、 ID 为 1234、内存为1024MB、硬盘为20GB、vcpu数量为 1的云主机类型。
[root@controller ~]# vi server.yaml
heat_template_version: 2018-08-31
resources:
NovaFlavor:
properties:
disk: 20
flavorid: 1234
name: m1.flavor
ram: 1024
vcpus: 1
type: OS::Nova::Flavor
[root@controller ~]# openstack stack create -t server.yaml flavor
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| id | 4c4bd9a7-fcbd-424d-a2dd-17c1616f654e |
| stack_name | flavor |
| description | No description |
| creation_time | 2023-10-24T20:41:57Z |
| updated_time | None |
| stack_status | CREATE_IN_PROGRESS |
| stack_status_reason | Stack CREATE started |
+---------------------+--------------------------------------+
#2.创建create_flavor.yaml文件:指定cpu:2,磁盘:20G、内存:2048、id:999999、为公共项目
[root@controller ~]# vi create_flavor.yaml
heat_template_version: 2018-08-31
resources:
NovaFlavor:
properties:
disk: 20
flavorid: 999999
is_public: true
name: flavor
ram: 2048
vcpus: 2
type: OS::Nova::Flavor
[root@controller ~]# openstack stack create -t create_flavor.yaml flavor_1
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| id | a91ef6f7-41cf-45fa-ac9d-4373fa564c18 |
| stack_name | flavor_1 |
| description | No description |
| creation_time | 2023-10-24T20:54:46Z |
| updated_time | None |
| stack_status | CREATE_IN_PROGRESS |
| stack_status_reason | Stack CREATE started |
+---------------------+--------------------------------------+
#3.在自行搭建的 OpenStack 私有云平台,在/root 目录下编写 Heat 模板 create_net.yaml,创建名为 Heat-Network 网络,选择不共享;创建子网名为Heat-Subnet,子网网段设置为10.20.2.0/24,开启DHCP服务,地址池为10.20.2.20-10.20.2.100。(在提交信息前请准备好 yaml模板执行的环境)
[root@controller ~]# vi create_net.yaml
heat_template_version: 2018-08-31
resources:
Net:
properties:
name: Heat-Network
shared: false
type: OS::Neutron::Net
Subnet:
properties:
allocation_pools:
- start: 10.20.2.20
end: 10.20.2.100
cidr: 10.20.2.0/24
enable_dhcp: true
gateway_ip: 10.20.2.1
name: Heat-Subnet
network: { get_resource: Net }
type: OS::Neutron::Subnet
[root@controller ~]# openstack stack create -t create_net.yaml network
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| id | cab9e496-f4b5-4caa-9193-5fce216baa25 |
| stack_name | network |
| description | No description |
| creation_time | 2023-10-24T20:50:24Z |
| updated_time | None |
| stack_status | CREATE_IN_PROGRESS |
| stack_status_reason | Stack CREATE started |
+---------------------+--------------------------------------+
#4.在自行搭建的 OpenStack 私有云平台或赛项提供的 all-in-one 平台上,在/root 目录下编 写 Heat 模板create_user.yaml,创建名为 heat-user 的用户,属于 admin 项目,并赋予 heat-user 用户 admin 的权限,配置用户密码为123456。
[root@controller ~]# vi create_user.yaml
heat_template_version: 2018-08-31
resources:
KeystoneUser:
properties:
name: heat-user
password: 123456
roles:
- role: admin
project: admin
type: OS::Keystone::User
[root@controller ~]# openstack stack create -t create_user.yaml user
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| id | 30b8f29e-9385-46fd-b3f5-7837fc6a8dad |
| stack_name | user |
| description | No description |
| creation_time | 2023-10-24T21:03:09Z |
| updated_time | None |
| stack_status | CREATE_IN_PROGRESS |
| stack_status_reason | Stack CREATE started |
+---------------------+--------------------------------------+
#5.使用自己搭建的 OpenStack 私有云平台 , 使用heat 编写摸板(heat_template_version: 2016-04-08)创建名为”chinaskills”的 domain,在此 domain下创建名为 beijing_group 的租户,在此租户下创建名为 cloud 的用户,将此文件命名及保存在/root/user_create.yml。(竞赛系统会执行 yaml 文件,请确保执行的环境)
[root@controller ~]# vi user_create.yml
heat_template_version: 2016-04-08
resources:
KeystoneDomain:
properties:
name: chinaskills
type: OS::Keystone::Domain
KeystoneGroup:
properties:
domain: { get_resource: KeystoneDomain }
name: beijing_group
type: OS::Keystone::Group
KeystoneUser:
properties:
domain: { get_resource: KeystoneDomain }
groups:
- { get_resource: KeystoneGroup }
name: cloud
password: 000000
type: OS::Keystone::User
[root@controller ~]# openstack stack create -t user_create.yml user_1
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| id | f8e18736-263a-4b20-8a8c-fa14b02b5b19 |
| stack_name | user_1 |
| description | No description |
| creation_time | 2023-10-24T21:20:45Z |
| updated_time | None |
| stack_status | CREATE_IN_PROGRESS |
| stack_status_reason | Stack CREATE started |
+---------------------+--------------------------------------+
#6.在自行搭建的 OpenStack 私有云平台上,在 /root 目录下编写 Heat 模板 create_container.yaml,要求执行 yaml 文件可以创建名为 heat-swift 的容器。(在提交信息前请准备好 yaml 模板执行的环境)
[root@controller ~]# vi create_container.yaml
heat_template_version: 2018-08-31
resources:
SwiftContainer:
properties:
name: heat-swift
type: OS::Swift::Container
[root@controller ~]# openstack stack create -t create_container.yaml swift
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| id | 1d241a22-0fd7-4556-a620-b167075b1ace |
| stack_name | swift |
| description | No description |
| creation_time | 2023-10-24T21:23:21Z |
| updated_time | None |
| stack_status | CREATE_IN_PROGRESS |
| stack_status_reason | Stack CREATE started |
+---------------------+--------------------------------------+
快速写入配置文件的一种方法
[root@controller ~]# heat resource-type-template OS::Keystone::Domain > /root/user_create.yml
[root@controller ~]# heat resource-type-template OS::Keystone::Project >> /root/user_create.yml
[root@controller ~]# heat resource-type-template OS::Keystone::User >> /root/user_create.yml
#创建镜像
[root@controller ~]# vi image.yaml
heat_template_version: 2018-08-31
resources:
GlanceImage:
properties:
disk_format: qcow2
container_format: bare
name: heat_cirros
location: /root/cirros-0.3.3-x86_64-disk.img
type: OS::Glance::Image
[root@controller ~]# openstack stack create -t image.yaml image
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| id | 240e877f-2213-4f4a-bcf9-67edacdef56b |
| stack_name | image |
| description | No description |
| creation_time | 2023-10-31T18:11:14Z |
| updated_time | None |
| stack_status | CREATE_IN_PROGRESS |
| stack_status_reason | Stack CREATE started |
+---------------------+--------------------------------------+
#创建云主机
[root@controller ~]# vi server.yaml
heat_template_version: 2018-08-31
resources:
Server:
properties:
flavor: cirros_flavor
image: cirros
name: cirros_3
networks:
- network: int-net1
type: OS::Nova::Server
[root@controller ~]# openstack stack create -t server.yaml server
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| id | 4f29ac04-f786-442d-8e82-575c2a9051d2 |
| stack_name | server |
| description | No description |
| creation_time | 2023-10-31T18:19:23Z |
| updated_time | None |
| stack_status | CREATE_IN_PROGRESS |
| stack_status_reason | Stack CREATE started |
+---------------------+--------------------------------------+
Barbican
在controller节点使用脚本安装 barbican 服务,安装服务完毕后
使用 openstack命令创建一个名为 secret01 的密钥
iaas-install-barbican.sh
openstack secret store --name secret01Manila
在controller节点和compute节点上分别使用脚本分别安装 manila 服务
安装服务后创建 default_share_type 共享类型(不使用驱动程序支持),接着创建一个大小为 2G 的共享存储名为 share01 并开放 share01 目录对 OpenStack 管理网段使用权限
iaas-install-manila-controller.sh
iaas-install-manila-compute.sh
manila type-create default_share_type false
manila create NFS 2 --name share01
manila access-allow share01 ip 192.168.73.0/24
#管理网段
[root@controller ~]# manila show share01 | grep path
| | path =
192.168.73.50:/var/lib/manila/mnt/share-da6ffb02-78e3-4895-a181-6cbbdb883815 |
[root@controller ~]# mount -t nfs 192.168.73.50:/var/lib/manila/mnt/share-da6ffb02-78e3-4895-a181-6cbbdb883815 /mnt
#这里是将share01挂载到本地mnt目录,作用不清楚CloudKitty
在controller节点使用脚本安装 cloudkitty 服务
安装完毕后,启用 hashmap 评级模块,接着创建 volume_thresholds 组,创建服务匹配规则 volume.size,并设置每 GB 的价格为 0.01。接下来对应大量数据设置应用折扣,在组 volume_thresholds 中创建阈值,设置若超过 50GB 的阈值,应用 2%的折扣(0.98)
cloudkitty module list
#列出可用评级模块,不必要
openstack rating module enable hashmap
#启用hashmap
openstack rating hashmap service create volume.size
+--------+--------------------------------------+
| Name | Service ID |
+--------+--------------------------------------+
| volume.size | 09da4a8b-b849-4715-a8e3-7cd12dfcf46e |
+--------+--------------------------------------+
#创建hashmap service
openstack rating hashmap group create volume_thresholds
+-------------------+--------------------------------------+
| Name | Group ID |
+-------------------+--------------------------------------+
| volume_thresholds | 8b3dfe73-5efb-46ab-a93b-dc9519063ed6 |
+-------------------+--------------------------------------+
#创建hashmap service group
openstack rating hashmap mapping create -s 09da4a8b-b849-4715-a8e3-7cd12dfcf46e -g 8b3dfe73-5efb-46ab-a93b-dc9519063ed6 -t flat 0.01
#创建volume单价
openstack rating hashmap threshold create -s 09da4a8b-b849-4715-a8e3-7cd12dfcf46e -g 8b3dfe73-5efb-46ab-a93b-dc9519063ed6 -t rate 50 0.98
#创建service rule三.私有云高级运维与服务搭建
shell脚本
- 编写shell脚本,输出OpenStack云平台所有服务的状态
- 编写shell脚本,输出某个虚拟机的宿主机以及在宿主机上的vnc端口号
- 编写shell脚本,找到所有error的虚拟机,并对虚拟机执行删除操作
#!/bin/bash
nova service-list
cinder service-list
neutron agent-list
swift stat#!/bin/bash
openstack server show $1 | grep hypervisor_hostname | awk -F "|" '{print $3}'
nova get-vnc-console $1 novnc#!/bin/bash
for i in `openstack server list -c ID -c Status | awk -F " | " '/ERROR/{print $2}'`
do
openstack server delete $i
donerabbitmq
rabbitmq基础操作
- 使用RabbitMQ服务的相关命令创建用户chinaskill,密码为chinapd,并赋予该用户administrator权限
- 使用rabbitmqctl命令查询集群状态
- 使用命令对chinaskill用户进行授权,对本机所有资源可写可读权限,然后查询chinaskill用户的授权信息
- 使用rabbitmqctl命令,查看队列信息,所包含的信息包括name,arguments,messages,memory
[root@controller ~]# rabbitmqctl add_user chinaskill chinapd
[root@controller ~]# rabbitmqctl list_users
Listing users
openstack []
chinaskill []
guest [administrator]
[root@controller ~]# rabbitmqctl set_user_tags chinaskill administrator
[root@controller ~]# rabbitmqctl list_users
Listing users
openstack []
chinaskill [administrator]
guest [administrator]
[root@controller ~]# rabbitmqctl cluster_status
Cluster status of node rabbit@controller
[{nodes,[{disc,[rabbit@controller]}]},
{running_nodes,[rabbit@controller]},
{cluster_name,<<"rabbit@controller">>},
{partitions,[]},
{alarms,[{rabbit@controller,[]}]}]
[root@controller ~]# rabbitmqctl set_permissions chinaskill ".*" ".*" ".*"
Setting permissions for user "chinaskill" in vhost "/"
[root@controller ~]# rabbitmqctl list_permissions
Listing permissions in vhost "/"
guest .* .* .*
openstack .* .* .*
chinaskill .* .* .*
[root@controller ~]# rabbitmqctl list_queues name arguments messages memoryRabbitMQ集群
使用提供的OpenStack私有云平台,创建三个centos7.5系统的云主机,使用RabbitMQ.tar.gz中的软件包安装RabbitMQ服务,安装完毕后,搭建RabbitMQ集群,并打开RabbitMQ服务的图形化监控页面插件。集群使用普通集群模式,其中第一台做磁盘节点,另外两台做内存节点。
【master】节点
[root@node ~]# hostnamectl set-hostname master
【node1】节点
[root@node ~]# hostnamectl set-hostname node1
【node2】节点
[root@node ~]# hostnamectl set-hostname node2
#添加两行
[root@master ~]# vi /etc/hosts
192.168.100.10 master
192.168.100.20 node1
192.168.100.30 node2
[root@controller ~]# systemctl stop firewalld && systemctl disable firewalld
[root@controller ~]# setenforce 0
[root@controller ~]# vi /etc/selinux/config
#修改第7行
SELINUX=permissive
[root@master ~]# tar xf rabbitmq-repo.tar.gz -C /opt/
####【master】节点
[root@master ~]# cat /etc/yum.repos.d/local.repo
[centos]
name=centos
baseurl=file:///opt/centos
gpgcheck=0
enabled=1
[rabbitmq]
name=rabbitmq
baseurl=file:///opt/rabbitmq-repo
gpgcheck=0
enabled=1
####【node】节点
[root@node1 yum.repos.d]# cat local.repo
[centos]
name=centos
baseurl=ftp://192.168.100.10/centos
gpgcheck=0
enabled=1
[rabbitmq]
name=rabbitmq
baseurl=ftp://192.168.100.10/rabbitmq-repo
gpgcheck=0
enabled=1
[root@所有的节点 ~]# yum -y install rabbitmq-server
[root@所有的节点 ~]# systemctl enable rabbitmq-server --now
【master】
[root@master ~]# scp /var/lib/rabbitmq/.erlang.cookie node1:/var/lib/rabbitmq/
[root@master ~]# scp /var/lib/rabbitmq/.erlang.cookie node2:/var/lib/rabbitmq/
#######################在所有节点上操作
[root@node1 yum.repos.d]# rabbitmq-plugins enable rabbitmq_management
The following plugins have been enabled:
mochiweb
webmachine
rabbitmq_web_dispatch
amqp_client
rabbitmq_management_agent
rabbitmq_management
Plugin configuration has changed. Restart RabbitMQ for changes to take effect.
[root@node1 yum.repos.d]# systemctl restart rabbitmq-server //重启rabbitmq-server服务
#加入集群
########################在node1,node2上操作
[root@node1 yum.repos.d]# rabbitmqctl stop_app //停掉rabbit应用
Stopping node rabbit@node1 ...
...done.
[root@node1 yum.repos.d]# rabbitmqctl join_cluster --ram rabbit@master //加入到磁盘节点
Clustering node rabbit@node1 with rabbit@master ...
...done.
[root@node1 yum.repos.d]# rabbitmqctl start_app //启动rabbit应用
Starting node rabbit@node1 ...
...done.
[root@node2 ~]# rabbitmqctl stop_app //停掉rabbit应用
[root@node2 ~]# rabbitmqctl join_cluster --ram rabbit@master //加入到磁盘节点
[root@node2 ~]# rabbitmqctl start_app //启动rabbit应用
【master】
[root@master ~]# rabbitmqctl cluster_status
Cluster status of node rabbit@master ...
[{nodes,[{disc,[rabbit@master]},{ram,[rabbit@node2,rabbit@node1]}]},
{running_nodes,[rabbit@node2,rabbit@node1,rabbit@master]},
{cluster_name,<<"rabbit@master">>},
{partitions,[]}]
...done.
浏览器访问:IP地址:15672 默认用户名:guest 默认密码:guest
PabbitMQ集群搭建成功!!!!mysql
数据库高可用集群与负载均衡
使用赛项提供的OpenStack私有云平台,申请三台CentOS7.5系统的云主机,分别命令为node1、node2、node3,(使用提供的mariadb-repo.tar.gz软件包在http服务下),在这三个节点上安装数据库服务,数据库密码设置为123456。将这三个节点配置为数据库高可用集群即MariaDB_Galera_Cluster。配置完高可用服务后,安装haproxy负载均衡服务。配置node1节点为负载均衡的窗口,配置负载均衡为轮询算法;HA服务监听的端口为node1节点的3307端口;配置访问三个节点的权重依次为1,2,4。配置完成后提交node1节点的用户名、密码和IP地址到答题框。
3个节点同时:
配置yum 配置映射
安装 yum install MariaDB-server
启动systemctl start mariadb
mysql_secure_installation
修改三个节点的数据库配置文件/etc/my.cnf.d/server.cnf(3个ip不同设置)
[galera]
wsrep_on=ON
wsrep_provider=/usr/lib64/galera/libgalera_smm.so
wsrep_cluster_address="gcomm://192.168.200.11,192.168.200.12,192.168.200.13"
wsrep_node_name= node1
wsrep_node_address=192.168.200.11
binlog_format=row
default_storage_engine=InnoDB
innodb_autoinc_lock_mode=2
wsrep_slave_threads=1
innodb_flush_log_at_trx_commit=0
innodb_buffer_pool_size=120M
wsrep_sst_method=rsync
wsrep_causal_reads=ON
bind-address=192.168.200.11
三个节点都登录数据库,并赋予root用户远程权限
mysql -uroot -p000000
MariaDB [(none)]> grant all privileges on *.* to root@'%' identified by '000000';
systemctl stop mariadb
[root@node1 ~]# galera_new_cluster
[root@node2 ~]# systemctl start mariadb
HAProxy负载均衡服务
三个节点安装 yum install haproxy -y
配置第一个节点文件
配置文件/etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
maxconn 4000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
defaults
log global
maxconn 4000
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout check 10s
listen stats
bind 192.168.200.11:9000
mode http
stats enable
stats uri /stats
stats auth admin:admin
stats admin if TRUE
listen mariadb
bind 192.168.200.11:3307
balance roundrobin
mode tcp
option tcplog
option tcpka
server node1 192.168.200.11:3306 check weight 1
server node2 192.168.200.12:3306 check weight 1
server node3 192.168.200.13:3306 check weight 1
配置id(换id和ip)
mysql -h 192.168.200.11 -uroot -p000000 -e "SET GLOBAL server_id=11"
查看验证(每次不同)
mysql -h 192.168.200.11 -P 3307 -uroot -p000000 -e "show云主机相关
云主机快照保存
快照管理
-
使用自己搭建的openstack云平台,自行创建一台虚拟机并保证该虚拟机为正常运行中,将云主机VM1保存为qcow2格式的快照并保存到controller节点/root/cloudsave目录下,保存名字为csccvm.qcow2
-
在openstack私有云平台上,创建云主机VM1,镜像使用CentOS7.5,flavor使用2vcpu/4G内存/40G硬盘。创建成功后,将云主机打快照并保存到controller节点/root/cloudsave目录下,保存名字为csccvm.qcow2。最后使用qemu-img相关命令,将镜像的compat版本修改为0.10(该操作是为了适配某些低版本的云平台)
openstack server image create VM1 --name csccvm
openstack image save csccvm --file /root/csccvm.qcow2
[root@controller ~]# cd /var/lib/glance/images/
[root@controller images]# ls
847ae1ad‐498c‐4f90‐88fa‐746b551c5479
[root@controller images]# qemu-img amend -f qcow2 -o compat=0.10 847ae1ad‐498c‐4f90‐88fa‐746b551c5479nfs共享存储
使用赛项提供的 OpenStack 私有云平台,创建一台云主机(镜像使用 CentOS7.5,flavor使用带临时磁盘 50G 的),配置该主机为 nfs 的 server 端,将该云主机中的/mnt/test 目录进行共享(目录不存在可自行创建)。然后配置 controller 节点为 nfs 的 client 端,要求将/mnt/test目录作为 glance 后端存储的挂载目录(高级运维)
#使用IaaS源
[root@nfs ~]# yum ‐y install nfs‐utils
[root@nfs ~]# cat /etc/exports
/mnt/test *(rw,no_root_squash,async)
[root@nfs ~]# mkdir ‐p /mnt/test
[root@nfs ~]#
[root@nfs ~]# systemctl restart nfs
[root@nfs ~]# showmount ‐e 192.168.100.3
Export list for 192.168.100.3:
/mnt/test *
[root@controller ~]# systemctl restart nfs
[root@controller ~]# mount ‐t nfs 192.168.100.3:/mnt/test /var/lib/glance/images/
[root@controller ~]# df ‐h
Filesystem Size Used Avail Use% Mounted on
/dev/vda1 100G 3.8G 97G 4% /
devtmpfs 5.8G 0 5.8G 0% /dev
tmpfs 5.8G 0 5.8G 0% /dev/shm
tmpfs 5.8G 17M 5.8G 1% /run
tmpfs 5.8G 0 5.8G 0% /sys/fs/cgroup
tmpfs 1.2G 0 1.2G 0% /run/user/0
192.168.100.3:/mnt/test 50G 0 50G 0% /var/lib/glance/images
[root@nfs ~]# touch /mnt/test/yy.txt
[root@controller ~]# ll /var/lib/glance/images/
total 0
‐rwxr‐xr‐x 1 root root 0 Mar 13 02:48 yy.txt
[root@controller images]# openstack image create ‐‐file test.img ‐‐disk‐format qcow2 ‐‐container‐format bare test
[root@controller images]# mount |grep /mnt/test
192.168.100.3:/mnt/test on /var/lib/glance/images type nfs4 (rw,relatime,vers=4.1,rsize=262144,wsize=262144,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=10.0.0.8,local_lock=none,addr=192.168.100.3)raid5
在提供的OpenStack私有云平台,创建一台云主机,flavor使用带有50G临时磁盘的,然后在云主机上对云硬盘进行操作。要求分出4个大小为5G的分区,使用这4个分区,创建名为/dev/md5、raid级别为5的磁盘阵列加一个热备盘(/dev/vdb4为热备盘)
yum install -y mdadm
参数详解:
mdadm
‐C #创建一个阵列,每个设备都具有超级块;Build可以缩写 ‐B :创建一个没有超级块得阵列
‐l 5 #Read 级别
‐n #使用几块硬盘组成Raid
‐x #使用几块磁盘或分区组成备份设备
‐a #在已经存在的Raid中加入设备
‐D #查看自盘整列详细信息
mdadm -C /dev/md5 -v -l 5 -n 4 -x 1 /dev/sdb{1,2,3,4,5}
或
mdadm -Cv /dev/md5 -l5 -n4 /dev/vdb[1-4] --spare-devices=1 /dev/vdb5
或
sudo mdadm --create /dev/md5 --level=5 --raid-devices=4 /dev/vdb1 /dev/vdb2 /dev/vdb3 /dev/vdb4 --spare-devices=1 /dev/vdc4
mdadm -D /dev/md5虚拟机管理
- 使用 opentack 命令利用 centos7.5 镜像创建一台云主机,连接 int-net 1 网络,云主机名称 为 test-02。创建成功后使用命令查看云主机详细信息,确定该云主机是处于计算节点还是控 制节点。如果云主机处于控制节点上请将其冷迁移到计算节点,如果如果云主机处于计算节 点上请将其冷迁移到控制节点。
[root@compute ~]# cd /var/lib/nova/instances/
[root@compute instances]# ls
a17185c6‐23e1‐4e23‐943f‐9190d0749517 _base compute_nodes locks snapshots
[root@compute instances]# scp ‐r a17185c6‐23e1‐4e23‐943f‐9190d0749517 controller://var/lib/nova/instances/
disk 100% 2560KB 45.9MB/s 00:00
disk.info 100% 79 94.0KB/s 00:00
console.log 100% 19KB 14.5MB/s 00:00
[root@compute instances]#
[root@controller ~]# chown nova:nova /var/lib/nova/instances/a17185c6‐23e1‐4e23‐943f‐9190d0749517
[root@controller ~]# ll /var/lib/nova/instances/
total 4
drwxr‐xr‐x. 2 nova nova 54 Mar 18 11:41 a17185c6‐23e1‐4e23‐943f‐9190d0749517
drwxr‐xr‐x. 2 nova nova 54 Mar 18 08:32 _base
‐rw‐r‐‐r‐‐. 1 nova nova 32 Mar 18 11:18 compute_nodes
drwxr‐xr‐x. 2 nova nova 93 Mar 18 08:35 locks
进入数据库跟新权限
MariaDB [(none)]> use nova;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with ‐A
Database changed
MariaDB [nova]> update instances set host="controller",node="controller" where uuid="a17185c6‐23e1‐4e2
3‐943f‐9190d0749517";
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0
MariaDB [nova]>虚拟机调整flavor
- 使用自己搭建的openstack云平台,使用cirros镜像,flavor使用1vcpu/512M内存/10G硬盘,创建云主机cscc_vm,假设在使用过程中,发现该云主机配置太低,需要调整,请修改相应配置,将dashboard界面上的云主机调整实例大小可以使用,将该云主机实例大小调整为1vcpu/1G内存/20G硬盘。
- 请修改nova配置文件,启用实例配置升级功能,完成后重启相关服务。请使用nova命令创建名为test-1、id为101,内存为1024、磁盘为20GB、vcpu为1的实例类型,完成后创建名为test-2、id为102,内存为2048、磁盘为40GB、vcpu为2的实例类型。使用dashboard界面启动一个实例,实例类型使用test-1,完成后使用openstack命令查看实例列表,确认实例处于正常状态。完成后使用openstack命令将实例配置进行升级,将实例配置升级为test-2。完成后使用openstack命令查看实例列表
vi /etc/nova/nova.conf
#resize
allow_resize_to_same_host=true
openstack flavor create --ram 1024 --disk 2 --vcpus 1 test-10
openstack flavor create --ram 2048 --disk 2 --vcpus 2 test-20
openstack server resize --flavor test-2 cscc_vm
openstack server resize confirm cscc_vm
openstack server resize --flavor flavor cscc_vm
openstack server resize confirm cscc_vm
openstack server resize confirm 确认
openstack server resize revert 放弃虚拟机cpu优化
想要优化kvm,从cpu方面就需要通过调整kvm的NUMA对应关系进行优化。查看kvm虚拟机的cpu信息
[root@localhost work-dir]# virsh vcpuinfo vm2
VCPU: 0
CPU: 1
状态: running
CPU 时间: 0.6s
CPU关系: yyyy
VCPU: 1
CPU: 2
状态: running
CPU 时间: 0.0s
CPU关系: yyyy上面的信息来看,这个虚拟机的cpu是双核的,cpu:代表着是跑在了物理机的cpu1和cpu2上,使用时间是0.6s,一个0.0s,yyyy是使用物理cpu内部的逻辑核,一个y就代表一个cpu的逻辑核。这里宿主机的逻辑核有4个。需要减少跨cpu的交互使用,从而提升虚拟机性能。
然后设置vm2的所有虚拟cpu都使用同一个宿主机的逻辑cpu
virsh vcpupin vm2 虚拟cpu号 逻辑cpu号
例如:
[root@localhost work-dir]# virsh vcpupin vm2 0 1
[root@localhost work-dir]# virsh vcpupin vm2 1 1
[root@localhost work-dir]# virsh vcpuinfo vm2
VCPU: 0
CPU: 1
状态: running
CPU 时间: 39.6s
CPU关系: -y--
VCPU: 1
CPU: 1
状态: running
CPU 时间: 24.1s
CPU关系: -y--此题使用物理iaas平台。登录compute节点,使用命令将KVM进程绑定 到特定的cpu上,将以上的命令和返回结果提交到答题框。
[root@compute ~]# virsh
virsh # list
Id Name State
----------------------------------------------------
2 instance-00000002 running
virsh # vcpupin instance-00000002 0 1 # <编号> <核心编号>
virsh # vcpupin instance-00000002
VCPU: CPU Affinity
----------------------------------
0: 1
virsh # vcpuinfo instance-00000002
VCPU: 0
CPU: 1
State: running
CPU time: 5009.6s
CPU Affinity: -y--KVM
KVM的I/O算法优化
优化KVM的I/O调度算法,将默认的模式修改为none模式。(KVM公有云主机才找得到这个)
cat /sys/block/vda/queue/scheduler | grep mq-deadline
ehco none > /sys/block/vda/queue/scheduler
如果是物理机则是:
[root@controller ~]# cat /sys/block/sda/queue/scheduler
noop [deadline] cfq #和云主机不同
ehco noop > /sys/block/vda/queue/schedulerKVM优化
OpenStack平台的虚拟化是基于KVM实现的,KVM的优化,可以直接影响到OpenStack平台的性能,在KVM调优中,有一个值得关注的点Kernel SamePage Merging(KSM)。KSM的原理是多个进程中,Linux将内核相似的内存页合并成一个内存页。这个特性,被KVM用来减少多个相似的虚拟机的内存占用,提高内存的使用效率。由于内存是共享的,所以多个虚拟机使用的内存减少了。这个特性,对于虚拟机使用相同镜像和操作系统时,效果更加明显。但是,事情总是有代价的,使用这个特性,都要增加内核开销,用时间换空间。所以为了提高效率,可以将这个特性关闭。请在计算节点,关闭系统的KSM。
[root@compute ~]# echo 0 > /sys/kernel/mm/ksm/run
[root@compute ~]# cat /sys/kernel/mm/ksm/run
0KVM优化
在自行搭建的 OpenStack 私有云平台或赛项提供的 all-in-one 平台上,修改相关配置文件,启用-device virtio-net-pci in kvm(半虚拟化)
#修改如下
cat /etc/nova/nova.conf
use_virtio_for_bridges=trueOpenStack KVM嵌套虚拟化的配置
Openstack开启二次虚拟化
方法1:
vi /etc/nova/nova.conf
[libvirt]
virt_type = qemu
cpu_mode = none
[DEFAULT]
compute_driver=libvirt.LibvirtDriver
方法2:
#intel机器
echo "options kvm-intel nested=y" > /etc/modprobe.d/dist.conf
Y
#amd机器
echo "options kvm-amd nested=1" > /etc/modprobe.d/dist.conf
1
vim /etc/nova/nova.conf
[libvirt]
cpu_mode=host-passthrough
cinder
cinder改配置
用于开启租户QoS,即在使用Cinder存储服务时,可以为不同的租户分配不同的服务质量(QoS),从而为不同的业务应用提供适当的服务质量保障。
若没有开启此选项,则无法使用租户QoS功能。
backend_allow_tenant_qos = True
选项不一致,如果实在要改可以都开
#qos
# Allow tenants to specify QOS on create (boolean value)
#instorage_mcs_allow_tenant_qos = false
# Allow tenants to specify QOS on create (boolean value)
#storwize_svc_allow_tenant_qos = false
# Allow tenants to specify QOS on create (boolean value)
#sf_allow_tenant_qos = false创建卷组
登录提供的私有云平台,创建一台 centos7.5 的云主机,flavor 使用带有附加硬盘的类型。连接到该云主机,使用附加的硬盘,要求分出两个大小为 5G 的分区。使用两个分区, 创建名为 chinaskill-vg 的卷组。
[root@compute ~]# vgcreate ‐s 5GB chinaskill‐vg /dev/vdb3
Physical volume "/dev/vdb3" successfully created.
Volume group "chinaskill‐vg" successfully created
卷组扩容:
[root@chinaskill‐vg ~]# vgextend chinaskill‐vg /dev/vdb2
Volume group "chinaskill‐vg" successfully extended
#查看存在得卷组:
[root@compute ~]# vgscan
Reading volume groups from cache.
Found volume group "cinder‐volumes" using metadata type lvm2
Found volume group "chinaskill‐vg" using metadata type lvm2
#查看卷组详细信息
[root@compute ~]# vgdisplay
‐‐‐ Volume group ‐‐‐
VG Name cinder‐volumes
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 8
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 3
Open LV 1
Max PV 0
Cur PV 1
Act PV 1
VG Size <20.00 GiB
PE Size 4.00 MiB
Total PE 5119
Alloc PE / Size 4874 / <19.04 GiB
Free PE / Size 245 / 980.00 MiB
VG UUID 0B3vt1‐Aty2‐fJWc‐FtD5‐w73g‐rUbr‐1m1ixB
‐‐‐ Volume group ‐‐‐
VG Name chinaskill‐vg
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 1
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 0
Open LV 0
Max PV 0
Cur PV 1
Act PV 1
VG Size 0
PE Size 5.00 GiB
Total PE 0
Alloc PE / Size 0 / 0
Free PE / Size 0 / 0
VG UUID peXvEJ‐Xper‐YDo0‐qAWT‐f01U‐k5Yz‐T73nvzredis
redis内存大页
使用提供的OpenStack私有云平台,申请一台centos7.9系统的云主机,使用提供的http源,自行安装Redis服务并启动。因为Redis服务采用了内存大页,生成RDB期间,即使客户端修改的数据只有50B的数据,Redis需要复制2MB的大页。当写的指令比较多的时候就会导致大量的拷贝,导致性能变慢。请修改Redis的内存大页机制,规避大量拷贝时的性能变慢问题。
echo never > /sys/kernel/mm/transparent_hugepage/enabledredis主从
使用提供的OpenStack私有云平台,申请两台CentOS7.5系统的云主机,使用提供的http源,在两个节点自行安装redis服务并启动,配置redis的访问需要密码,密码设置为123456。然后将这两个redis节点配置为redis的主从架构。
主节点
[root@master ~]# yum install -y redis
[root@master ~]# cat /etc/redis.conf
bind 0.0.0.0
protected-mode no
masterauth 123456
requirepass 123456
appendonly yes
daemonize yes
[root@master ~]# systemctl restart redis
123456789从节点
[root@node ~]# yum install -y redis
[root@node ~]# cat /etc/redis.conf
bind 0.0.0.0
protected-mode no
#主节点ip
slaveof 192.168.10.10 6379
masterauth 123456
requirepass 123456
appendonly yes
daemonize yes
[root@node ~]# systemctl restart redis
1234567891011验证
[root@master ~]# redis-cli -a 123456
127.0.0.1:6379> info Replication
# Replication
role:master
connected_slaves:1
slave0:ip=192.168.10.11,port=6379,state=online,offset=29,lag=0
master_repl_offset:29
repl_backlog_active:1
repl_backlog_size:1048576
repl_backlog_first_byte_offset:2
repl_backlog_histlen:28openstack
openstack(大页)
此题使用物理IaaS平台.登录控制器节点,使用CAT命令,只查看当前系统有多少大页,然后设置大页数量并查看,接着使用命令使配置永久生效,最后将大页挂载到/dev/hugepages/上。将上述所有命令和返回结果以文本形式提交到答题框.
[root@controller ~]# cat /proc/meminfo |grep HugePages
AnonHugePages: 2078720 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
HugePages_Surp: 0
[root@controller ~]# echo 2000 > /proc/sys/vm/nr_hugepages
[root@controller ~]# sysctl ‐w vm.nr_hugepages=2000
vm.nr_hugepages = 2000
[root@controller ~]# systemctl restart libvirtd.service
[root@controller ~]# cat /proc/meminfo |grep HugetPagesOpenStack平台内存优化
搭建完OpenStack平台后,关闭系统的内存共享,打开透明大页。
在controller节点将cat /sys/kernel/mm/transparent_hugepage/defrag命令的返回结果提交到答题框。
[root@controller ~]# echo never > /sys/kernel/mm/transparent_hugepage/enabled
[root@controller ~]# echo never > /sys/kernel/mm/transparent_hugepage/defrag
[root@controller ~]# cat /sys/kernel/mm/transparent_hugepage/enabled
always madvise [never]
/sys/kernel/mm/transparent_hugepage/enabled:该文件用于启用或禁用透明大页。将其设置为"always"表示开启透明大页,设置为"never"表示关闭透明大页。
/sys/kernel/mm/transparent_hugepage/defrag:该文件用于设置透明大页的碎片整理策略。将其设置为"always"表示总是对透明大页进行碎片整理,设置为"never"表示不进行碎片整理。云平台安全策略提升
使用OpenStack私有云平台,使用https.tar.gz中的软件包,安装必要组件,将私有云平台的访问策略从http提升至https。
[root@controller ~]# vi /etc/yum.repos.d/ssl.repo
[ssl]
name=ssl
baseurl=file:///opt/https-repo
gpgcheck=0
enabled=1
[root@controller ~]# yum clean all
yum install -y mod_wsgi httpd mod_ssl
[root@controller ~]# ls
anaconda-ks.cfg CentOS-7-x86_64-DVD-1511.iso https-repo.tar.gz XianDian-IaaS-v2.2.iso
CentOS_7.2_x86_64_XD.qcow2 cirros-0.3.4-x86_64-disk.img openssl-libs-1.0.2k-21.el7_9.x86_64.rpm
[root@controller ~]# rpm -ivh openssl-libs-1.0.2k-21.el7_9.x86_64.rpm --force
warning: openssl-libs-1.0.2k-21.el7_9.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:openssl-libs-1:1.0.2k-21.el7_9 ################################# [100%]
vi /etc/httpd/conf.d/ssl.conf
#SSLProtocol all -SSLv2 -SSLv3 //找到该行,并注释
SSLProtocol all -SSLv2 //添加该行
vi /etc/openstack-dashboard/local_settings
CSRF_COOKIE_SECURE = True //将该行的注释取消
SESSION_COOKIE_SECURE = True //将该行的注释取消
USE_SSL = True //添加该行
SESSION_COOKIE_HTTPONLY = True //添加该行
[root@controller ~]# service httpd restart
Redirecting to /bin/systemctl restart httpd.service
[root@controller ~]# service memcached restart
Redirecting to /bin/systemctl restart memcached.service
计算节点上,OpenStack的部分业务进程会在物理机运行过程中占用较高CPU。将该部分进程绑核可以稳定虚拟机性能。绑核的进程:nova-compute相关,cinder-volume相关,ovs-vswitchd相关,libvirtd相关进程,绑到CPU0-3上,用户可以根据自己需求酌情增减进程,指定绑定物理核。
ps -ef | grep -E "nova-compute|cinder-volume|ovs-vswitchd|libvirtd" | grep -v grep| awk '{print $2}' | xargs -i taskset -pc 0-3 {}服务查询
1.使用命令列出服务目录和端点,查看 glance 服务的端点。
2.使用命令列出服务目录和端点,查看所有admin接口端点。
3.使用命令列出服务目录和端点,查看glance服务的端点。openstack endpoint list --service glance
openstack endpoint list修改nova存储后端
在自行搭建的OpenStack平台上,修改nova实例的后端存储
[root@compute ~]# vim /etc/exports
/nova-backend *(rw,async,no_root_squash,no_all_squash)
[root@compute ~]# mkdir /nova-backend
[root@compute ~]# chown -R nova:nova /nova-backend/
[root@compute ~]# systemctl start nfs;systemctl enable nfs
[root@compute ~]# vim /etc/nova/nova.conf
instances_path=/nova-backend
[root@compute ~]# systemctl restart openstack-nova-*
[root@controller ~]# mkdir /nova-backend
[root@controller ~]# mount -t nfs compute:/nova-backend /nova-backend
[root@controller ~]# vim /etc/nova/nova.conf
instances_path=/nova-backend
[root@controller ~]# systemctl restart openstack-nova-*将nfs作为cinder后端存储
[root@ansible ~]# yum install -y nfs-utils
[root@ansible ~]# mkdir /nfs
[root@ansible ~]# vi /etc/exports
/nfs *(rw,async,no_root_squash)
[root@ansible ~]# systemctl start nfs
[root@compute ~]# vi /etc/cinder/nfs_shares
10.4.7.100:/nfs
[root@compute ~]# chown root:cinder /etc/cinder/nfs_shares
[root@compute ~]# chmod 644 /etc/cinder/nfs_shares
[root@compute ~]# vi /etc/cinder/cinder.conf
[DEFAULT]
enabled_backends = lvm,nfs
[nfs]
volume_backend_name = nfs
volume_driver = cinder.volume.drivers.nfs.NfsDriver
nfs_shares_config = /etc/cinder/nfs_shares
nfs_mount_point_base = $state_path/mnt
[root@compute ~]# systemctl status openstack-cinder-*
[root@controller ~]# openstack volume type create nfs --property volume_backend_name=nfs
[root@controller ~]# openstack volume create --size 1 --type nfs test
[root@ansible ~]# ll /nfs
total 0
-rw-rw-rw- 1 root root 1073741824 Mar 22 02:24 volume-1d65ffb1-5eb6-45cd-a58f-28cfdfa2bcb8swift配置glance后端存储
使用OpenStack私有云平台,使用Swift对象存储服务,修改相应的配置文件,使对象存储Swift作为glance镜像服务的后端存储,使默认上传的镜像会在swift中创建chinaskill_glance容器。
更正,正确答案
stores = glance.store.swift.Store
#stores = file,http
default_store = swift
#default_store = file
#filesystem_store_datadir = /var/lib/glance/images/
swift_store_container = swift_glance
swift_store_create_container_on_put = True
swift_store_multi_tenant = True
swift_store_admin_tenant = serviceswift做image对接外部存储
vim /etc/glance/glance-api.conf
[glance_store]
default_store = swift 默认为file 改为swift
#stores = file, http 默认不用动
#swift_store_auth_version = 2 默认版本为2
#stores=glance.store.swift.Store,glance.store.filesystem.Store 此项一定要加上,不然无法上传
stores = glance.store.swift.Store
#swift_store_auth_address = http://controller:5000/v2.0 controller的keystone认证
#swift_store_user = service:swift 使用swift用户
#swift_store_key = swift 密码
#swift_store_container = glance 将要被创建的容器
#swift_store_admin_tenants = service
swift_store_create_container_on_put = True 上传开
swift是对象存储,创建一个容器,容器里创建一个个的对象,当我们把swift作为存储的时候,则当我们上传一个镜像的时候,会为glance用户创建一个glance容器,上传的镜像会保存在这个glance容器里。glance 对接 cinder 后端存储
在自行搭建的OpenStack平台中修改相关参数,使glance可以使用cinder作为后端存储,将镜像存储于cinder 卷中。使用 cirros-0.3.4-x86_64-disk.img 文件创建 cirros-image 镜像存储于 cirros-cinder 卷中,通过 cirros-image 镜像使用 cinder 卷启动盘的方式进行创建虚拟机
vi /etc/glance/glance-api.conf
stores = file,http,cinder
default_store = cinder
show_image_direct_url = true
show_multiple_locations = true
systemctl restart openstack-glance-*
vi /etc/cinder/cinder.conf
allowed_direct_url_schemes = cinder
image_upload_use_cinder_backend = true
image_upload_use_internal_tenant = true
systemctl restart openstack-cinder*
openstack image create --disk-format qcow2 --file cirros-0.3.4-x86_64-disk.img cirros-image
| properties | direct_url='cinder://4941ac96-ca3e-456e-bb3e-4c75a21e0f41', locations='[{u'url': u'cinder://4941ac96-ca3e-456e-bb3e-4c75a21e0f41', u'metadata': {}}]', os_hash_algo='sha512', os_hash_value='1b03ca1bc3fafe448b90583c12f367949f8b0e665685979d95b004e48574b953316799e23240f4f739d1b5eb4c4ca24d38fdc6f4f9d8247a2bc64db25d6bbdb2', os_hidden='False' |
#检查返回是否有cinder
openstack volume create --image cirros-image --size 10 cirros-cinder
#openstack network create --share --external --provider-network-type flat --provider-physical-network provider net-ext
#
#openstack network create --share --internal --provider-network-type vxlan --provider-segment 10 net-int
#
#openstack subnet create --subnet-range 192.168.20.0/24 --gateway 192.168.20.1 --allocation-pool start=192.168.20.200,end=192.168.20.250 --network net-ext ext-sub1
#
#openstack subnet create --subnet-range 192.168.30.0/24 --gateway 192.168.30.1 --allocation-pool start=192.168.30.100,end=192.168.30.200 --network net-int int-sub1
#
#openstack router create router
#
#openstack router set router --external-gateway net-ext
#
#openstack router add subnet router int-sub1
openstack flavor list
openstack network list
openstack server create --flavor m1.tiny --volume cirros-cinder --nic net-id=net-int cirros-test四.私有云开发
安装 python3 环境
在 controller 节点安装 python3 环境。安装完之后查看 python3 版本,使用提供的 whl 文件安装依赖。
将 pip3 list 命令的返回结果提交到答题框。
tar -xf Python-api.tar.gz
#做yum源
yum -y install python3
cd Python-api
pip3 install certifi-2019.11.28-py2.py3-none-any.whl
pip3 install urllib3-1.25.11-py3-none-any.whl
pip3 install idna-2.8-py2.py3-none-any.whl
pip3 install chardet-3.0.4-py2.py3-none-any.whl
pip3 install requests-2.24.0-py2.py3-none-any.whl
pip3 list
certifi (2019.11.28)
chardet (3.0.4)
idna (2.8)
pip (9.0.3)
requests (2.24.0)
setuptools (39.2.0)
urllib3 (1.25.11)安装ansible环境
修改主机名 ansible 节点主机名为 ansible,host1 节点主机名为 host1,host2 节点主机名为 host2,请使用提供的软件包在 ansible 节点安装 ansible。 ansible --version
解压软件包,设置yum源
autoDeployment.tar
yum -y install ansible
ansible --version配置主机清单文件,创建 mysql 主机组,mysql 主机组内添加 host1 和 host2 主机;创建 mysql1 主机组,mysql1 组内添加 host1 主机;创建 mysql2 主机组,mysql2 组内添加 host2 主机,并配置免密登录。 ansible all -m ping
vim /ansible/xxx
[openstack]
192.168.10.10
192.168.10.20
ansible all -m pingOpenStack架构任务
1.请编写脚本floating delete.sh,完成浮动IP的删除。设置一个$1变量,当用户向$1传递一个浮动IP的id, 即可完成该浮动IP的 删 本使用curl向api端点传递参数,为了兼容性考虑不得出现openstack命令。请将floating delete.sh
2.请使用openstack命令创建一个浮动IP地址,完成后使用openstack命令查看该浮动IP的id, 请编写一个名为floating show.sh的月 该脚本$1变量为浮动ip的id, 对接neutron服务端点获取该浮动IP的详细信息。脚本使用curl向api端点传递参数,为了兼容性考虑不 openstack命令。请将floating show.sh
Redis—土二从三哨兵模式
使用提供的三台云主机,在三个节点自行安装Redis服务并启动,配置Redis的访问需要密码,密码设置为123456.然后将这三个Redis节 点配置为Redis的一主二从三哨兵架构,即一个Redis主节点,两个从节点,三个节点均为哨兵节点。配置完成后提交Redis主节点的用户名、 密码和IP地址到答题框。
Ansible 部署ftp服务
使用赛项提供的 OpenStack 私有云平台,创建 2 台系统为 centos7.5 的云主机,其中一台作为 ansible 的母机并命名为 ansible,另外一台云主机命名为 node1,通过 http 服务中的ansible.tar.gz 软件包在 ansible 节点安装 ansible 服务;并用这台母机,编写 ansible 脚本(在/root 目 录 下 创 建 ansible_ftp 目 录 作 为 ansible 工 作 目 录 , 部 署 的 入 口 文 件 命 名 为install_ftp.yaml)。install_ftp.yaml 文件中需要完成的内容为
(1)yaml 中被执行节点为 node1,执行者为 root;
(2)使用 copy 模块将 ansible 节点的 local.repo 传到 node 节点;(local.repo 用于配置2021 年职业院校技能大赛“云计算”赛项 赛卷node 节点的 yum 源,可自行创建)
(3)使用 yum 模块安装 ftp 服务;
(4)使用 service 模块启动 ftp 服务。
Ansible脚本开发
使用OpenStack私有云平台,创建4台系统为centos7.5的云主机,其中一台作为Ansible的母机并命名为ansible,另外三台云主机命名为node1、node2、node3,通过http://
Ansible部署kafka集群
使用提供的OpenStack私有云平台,创建4台系统为centos7.5的云主机,其中一台作为Ansible的母机并命名为ansible,另外三台云主机命名为node1、node2、node3,通过附件中的/ansible/ansible.tar.gz软件包在ansible节点安装Ansible服务;使用这一台母机,编写Ansible脚本(在/root目录下创建example目录作为Ansible工作目录,部署的入口文件命名为cscc_install.yaml),编写Ansible脚本使用roles的方式对其他三台云主机进行安装kafka集群的操作(zookeeper和kafka的安装压缩包在gpmall-single.tar.gz压缩包中,将zookeeper和kafka的压缩包解压到node节点的/opt目录下进行安装)。(考试系统会连接到你的ansible节点,去执行ansible脚本,请准备好环境,以便考试系统访问)
python调用api创建用户
在controller节点的/root目录下编写Python程序create_user.py文件,对接 openstack api,创建一个用户,描述为“API create user!”(如果存在同名用户,代码中需先进行删除操作)。
使用python调用api实现创建flavor
使用自己搭建的openstack云平台,在controller节点上,根据http://
使用python调用api实现创建镜像
在自行搭建的OpenStack私有云平台或提供的all-in-one平台上。在controller节点的/root目录下创建create_image.py文件,编写python代码对接OpenStack API,完成镜像的上传。要求在OpenStack私有云平台中上传镜像cirros-0.3.4-x86_64-disk.img,名字为pvm_image,disk_format为qcow2,container_format为bare。执行完代码要求输出“镜像创建成功,id为:xxxxxx”。根据上述要求编写python代码(考试系统会连接到你的controller节点,去执行python脚本,请准备好运行的环境,以便考试系统访问)
使用python调用api实现创建网络
在自行搭建的OpenStack私有云平台或提供的all-in-one平台上。在controller节点的/root目录下创建create_network.py文件,编写python代码对接OpenStack API,完成网络的创建。要求:(1)为平台创建内部网络pvm_int,子网名称为pvm_intsubnet;(2)设置云主机网络子网IP网段为192.168.x.0/24(其中x是考位号),网关为192.168.x.1(如果存在同名内网,代码中需先进行删除操作)。执行完代码要求输出“网络创建成功”。根据上述要求编写python代码(考试系统会连接到你的controller节点,去执行python脚本,请准备好运行的环境,以便考试系统访问)
Python 运维开发:基于 OpenStack Restful API 实现镜像上传
使用 OpenStack all-in-one 镜像,创建 OpenStack Python 运维开发环境。云主机的用户/ 密码为:“root/Abc@1234”,OpenStack 的域名/账号/密码为:“demo/admin/000000”。 提示说明:python 脚本文件头建议加入“#encoding:utf-8”避免编码错误;测试脚本代 码用 python3 命令执行与测试。 在 controller 节点的/root 目录下创建 api_image_manager.py 脚本,编写 python 代码对接 OpenStack API,完成镜像的创建与上传。创建之前查询是否存在“同名镜像”,如果存在 先删除该镜像。
(1)创建镜像:要求在 OpenStack 私有云平台中上传镜像 cirros-0.3.4-x86_64-disk.img, 名字为 cirros001,disk_format 为 qcow2,container_format 为 bare。
(2)查询镜像:查询 cirros001 的详细信息,并以 json 格式文本输出到控制台。 完成后提交 OpenStack Python 运维开发环境 Controller 节点的 IP 地址,用户名和密码提 交。