24年 第一部分(部分题目整理)
私有云
一.私有云环境搭建
集群主机环境配置
1.控制节点主机名为controller,设置计算节点主机名为compute;
2.hosts文件将IP地址映射为主机名。
3.配置yum源。
使用提供的用户名密码,登录提供的OpenStack私有云平台,在当前租户下,使用CentOS7.9镜像,创建 两台云主机,云主机类型使用4vCPU/12G/100G_50G类型。当前租户下默认存在一张网卡,自行创建第 二张网卡并连接至controller和compute节点(第二张网卡的网段为10.10.X.0/24 ,X为工位号,不需要 创建路由)。自行检查安全组策略,以确保网络正常通信与ssh连接,然后按以下要求配置服务器:
(1)设置控制节点主机名为controller,设置计算节点主机名为compute;
(2)修改hosts文件将IP地址映射为主机名;
(3)使用提供的http服务地址,分别设置controller节点和compute节点的yum源文件http.repo。
(4)配置controller节点可以无秘钥访问compute节点
设置控制节点主机名为controller,设置计算节点主机名为compute
[root@localhost ~]# hostnamectl set-hostname controller
[root@localhost ~]# hostnamectl set-hostname compute
修改hosts文件将IP地址映射为主机名
[root@controller ~]# echo -e "192.168.10.10 controller\n192.168.10.20 compute" >> /etc/hosts
使用提供的http服务地址,分别设置controller节点和compute节点的yum源文件http.repo
[root@controller ~]# mkdir yum
[root@controller ~]# mv /etc/yum.repos.d/* yum/
[http]
name=http
baseurl=http://**
gpgcheck=0
enabled=1
[root@controller ~]# yum clean all
[root@controller ~]# yum repolist
配置controller节点可以无秘钥访问compute节点
[root@controller ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:7PZY38YCU+esE1SijdZkhN44sjiCDEjdA8616+AZNbY root@controller
The key's randomart image is:
+---[RSA 2048]----+
| ..o. o. |
| .o..o. . + . |
|o o =. . X o |
|o o +.. B * . |
| o + E .S+ + + |
| + * o.. o . o |
| o o .o .o + |
| . + .+.o |
| . . .+. |
+----[SHA256]-----+
[root@controller ~]# ssh-copy-id root@compute
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'compute (192.168.10.20)' can't be established.
ECDSA key fingerprint is SHA256:h7mlxxAkTQwdomWe+35lb5kVnP2B9xdzSTpklVasDVA.
ECDSA key fingerprint is MD5:b1:cb:95:82:4c:74:98:c5:2f:9f:3e:ba:ad:f0:4b:93.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@compute's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@compute'"
and check to make sure that only the key(s) you wanted were added.基础软件包安装
在控制节点和计算节点上分别安装openstack-iaas软件包。
在控制节点和计算节点上分别安装openstack-iaas软件包,根据表2配置两个节点脚本文件中的基本变量 (配置脚本文件为/etc/openstack/openrc.sh)。
[root@controller ~]# yum -y install openstack-iaas
[root@controller ~]# vi /etc/openstack/openrc.sh
#--------------------system Config--------------------##
#Controller Server Manager IP. example:x.x.x.x
HOST_IP=192.168.10.10
#Controller HOST Password. example:000000
HOST_PASS=000000
#Controller Server hostname. example:controller
HOST_NAME=controller
#Compute Node Manager IP. example:x.x.x.x
HOST_IP_NODE=192.168.10.20
#Compute HOST Password. example:000000
HOST_PASS_NODE=000000
#Compute Node hostname. example:compute
HOST_NAME_NODE=compute
#--------------------Chrony Config-------------------##
#Controller network segment IP. example:x.x.0.0/16(x.x.x.0/24)
network_segment_IP=192.168.10.0/24
#--------------------Rabbit Config ------------------##
#user for rabbit. example:openstack
RABBIT_USER=openstack
#Password for rabbit user .example:000000
RABBIT_PASS=000000
#--------------------MySQL Config---------------------##
#Password for MySQL root user . exmaple:000000
DB_PASS=000000
#--------------------Keystone Config------------------##
#Password for Keystore admin user. exmaple:000000
DOMAIN_NAME=demo
ADMIN_PASS=000000
DEMO_PASS=000000
#Password for Mysql keystore user. exmaple:000000
KEYSTONE_DBPASS=000000
#--------------------Glance Config--------------------##
#Password for Mysql glance user. exmaple:000000
GLANCE_DBPASS=000000
#Password for Keystore glance user. exmaple:000000
GLANCE_PASS=000000
#--------------------Placement Config----------------------##
#Password for Mysql placement user. exmaple:000000
PLACEMENT_DBPASS=000000
#Password for Keystore placement user. exmaple:000000
PLACEMENT_PASS=000000
#--------------------Nova Config----------------------##
#Password for Mysql nova user. exmaple:000000
NOVA_DBPASS=000000
#Password for Keystore nova user. exmaple:000000
NOVA_PASS=000000
#--------------------Neutron Config-------------------##
#Password for Mysql neutron user. exmaple:000000
NEUTRON_DBPASS=000000
#Password for Keystore neutron user. exmaple:000000
NEUTRON_PASS=000000
#metadata secret for neutron. exmaple:000000
METADATA_SECRET=000000
#External Network Interface. example:eth1
INTERFACE_NAME=ens34
#External Network The Physical Adapter. example:provider
Physical_NAME=provider
#First Vlan ID in VLAN RANGE for VLAN Network. exmaple:101
minvlan=101
#Last Vlan ID in VLAN RANGE for VLAN Network. example:200
maxvlan=200
#--------------------Cinder Config--------------------##
#Password for Mysql cinder user. exmaple:000000
CINDER_DBPASS=000000
#Password for Keystore cinder user. exmaple:000000
CINDER_PASS=000000
#Cinder Block Disk. example:md126p3
BLOCK_DISK=sdb1
#--------------------Swift Config---------------------##
#Password for Keystore swift user. exmaple:000000
SWIFT_PASS=000000
#The NODE Object Disk for Swift. example:md126p4.
OBJECT_DISK=sdb2
#The NODE IP for Swift Storage Network. example:x.x.x.x.
STORAGE_LOCAL_NET_IP=192.168.10.20
#--------------------Trove Config----------------------##
#Password for Mysql trove user. exmaple:000000
TROVE_DBPASS=000000
#Password for Keystore trove user. exmaple:000000
TROVE_PASS=000000
#--------------------Heat Config----------------------##
#Password for Mysql heat user. exmaple:000000
HEAT_DBPASS=000000
#Password for Keystore heat user. exmaple:000000
HEAT_PASS=000000
#--------------------Ceilometer Config----------------##
#Password for Gnocchi ceilometer user. exmaple:000000
CEILOMETER_DBPASS=000000
#Password for Keystore ceilometer user. exmaple:000000
CEILOMETER_PASS=000000
#--------------------AODH Config----------------##
#Password for Mysql AODH user. exmaple:000000
AODH_DBPASS=000000
#Password for Keystore AODH user. exmaple:000000
AODH_PASS=000000
#--------------------ZUN Config----------------##
#Password for Mysql ZUN user. exmaple:000000
ZUN_DBPASS=000000
#Password for Keystore ZUN user. exmaple:000000
ZUN_PASS=000000
#Password for Keystore KURYR user. exmaple:000000
KURYR_PASS=000000
#--------------------OCTAVIA Config----------------##
#Password for Mysql OCTAVIA user. exmaple:000000
OCTAVIA_DBPASS=000000
#Password for Keystore OCTAVIA user. exmaple:000000
OCTAVIA_PASS=000000
#--------------------Manila Config----------------##
#Password for Mysql Manila user. exmaple:000000
MANILA_DBPASS=000000
#Password for Keystore Manila user. exmaple:000000
MANILA_PASS=000000
#The NODE Object Disk for Manila. example:md126p5.
SHARE_DISK=sdb3
#--------------------Cloudkitty Config----------------##
#Password for Mysql Cloudkitty user. exmaple:000000
CLOUDKITTY_DBPASS=000000
#Password for Keystore Cloudkitty user. exmaple:000000
CLOUDKITTY_PASS=000000
#--------------------Barbican Config----------------##
#Password for Mysql Barbican user. exmaple:000000
BARBICAN_DBPASS=000000
#Password for Keystore Barbican user. exmaple:000000
BARBICAN_PASS=000000
###############################################################
#####在vi编辑器中执行:%s/^.\{1\}// 删除每行前1个字符(#号)#####
###############################################################
[root@controller ~]# scp /etc/openstack/openrc.sh compute:/etc/openstack/openrc.sh
[root@controller ~]# iaas-pre-host.sh 数据库及消息服务安装与使用
在控制节点上使用安装Mariadb、 RabbitMQ等服务。并进行相关操作。
在controller节点上使用iaas-install-mysql.sh 脚本安装Mariadb、 Memcached、 RabbitMQ等服务。安 装服务完毕后,修改/etc/my.cnf文件,完成下列要求:
1.设置数据库支持大小写;
2.设置数据库缓存innodb表的索引,数据,插入数据时的缓冲为4G;
3.设置数据库的log buffer为64MB;
4.设置数据库的redo log大小为256MB;
5.设置数据库的redo log文件组为2。
6.修改Memcached的相关配置,将内存占用大小设置为512MB,调整最大连接数参数为2048;
7.调整Memcached的数据摘要算法(hash)为md5;
[root@controller ~]# vi /etc/my.cnf
[mysqld]
#设置数据库支持大小写
lower_case_table_names=1
#设置数据库缓存innodb表的索引,数据,插入数据时的缓冲为4G
innodb_buffer_pool_size=4G
#设置数据库的log buffer为64MB
innodb_log_buffer_size=64M
#设置数据库的redo log大小为256MB
innodb_log_file_size=256M
#设置数据库的redo log文件组为2
innodb_log_files_in_group=2
[root@controller ~]# vi /etc/sysconfig/memcached
#修改Memcached的相关配置
PORT="11211"
USER="memcached"
MAXCONN="2048" # 调整最大连接数参数为2048
CACHESIZE="512" # 内存占用大小设置为512MB
OPTIONS="-l 127.0.0.1,::1,controller -o hash_algorithm=md5" # 调整Memcached的数据摘要算法(hash)为md5
Keystone服务安装与使用
在控制节点上安装Keystone服务并创建用户。
在controller节点上使用iaas-install-keystone.sh脚本安装Keystone服务。
然后创建OpenStack域210Demo,其中包含Engineering与Production项目,在域210Demo中创建组 Devops,其中需包含以下用户:
1.Robert用户是Engineering项目的用户(member)与管理员(admin),email地址为:Robert@lab.example.com。
2.George用户是Engineering项目的用户(member), email地址为:George@lab.example.com。
3.William用户是Production项目的用户(member)与管理员(admin),email地址为: William@lab.example.com。
4.John用户是Production项目的用户(member), email地址为:John@lab.example.com。
[root@controller ~]# source /etc/openstack/openrc.sh
[root@controller ~]# iaas-install-keystone.sh
[root@controller ~]# source /etc/keystone/admin-openrc.sh
[root@controller ~]# openstack domain create 210Demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | de10f09cbbaf4e8db474db49f8859c27 |
| name | 210Demo |
| options | {} |
| tags | [] |
+-------------+----------------------------------+
[root@controller ~]# openstack project create --domain 210Demo Engineering
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| domain_id | de10f09cbbaf4e8db474db49f8859c27 |
| enabled | True |
| id | ac9e2d0c38504797ba6c289d969de622 |
| is_domain | False |
| name | Engineering |
| options | {} |
| parent_id | de10f09cbbaf4e8db474db49f8859c27 |
| tags | [] |
+-------------+----------------------------------+
[root@controller ~]# openstack project create --domain 210Demo Production
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| domain_id | de10f09cbbaf4e8db474db49f8859c27 |
| enabled | True |
| id | 5e8f279d5b8e47c9820d273bc63dd59e |
| is_domain | False |
| name | Production |
| options | {} |
| parent_id | de10f09cbbaf4e8db474db49f8859c27 |
| tags | [] |
+-------------+----------------------------------+
[root@controller ~]# openstack group create --domain 210Demo Devops
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| domain_id | de10f09cbbaf4e8db474db49f8859c27 |
| id | 3a7bfca0ebfb472e922f06d4579172b8 |
| name | Devops |
+-------------+----------------------------------+
[root@controller ~]# openstack user create --domain 210Demo --password 000000 --email Robert@lab.example.com Robert
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | de10f09cbbaf4e8db474db49f8859c27 |
| email | Robert@lab.example.com |
| enabled | True |
| id | 49e1eeef0058472c9cec05fa49e5e457 |
| name | Robert |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project Engineering --user Robert member
[root@controller ~]# openstack role add --project Engineering --user Robert admin
[root@controller ~]# openstack group add user Devops Robert
[root@controller ~]# openstack user create --domain 210Demo --password 000000 --email George@lab.example.com George
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | de10f09cbbaf4e8db474db49f8859c27 |
| email | George@lab.example.com |
| enabled | True |
| id | e301b6d4a354422982c9e81a30b9f4a0 |
| name | George |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project Engineering --user George member
[root@controller ~]# openstack group add user Devops George
[root@controller ~]# openstack user create --domain 210Demo --password 000000 --email William@lab.example.com William
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | de10f09cbbaf4e8db474db49f8859c27 |
| email | William@lab.example.com |
| enabled | True |
| id | 681625f39fe74207b8e65c2edf576323 |
| name | William |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project Production --user William member
[root@controller ~]# openstack role add --project Production --user William admin
[root@controller ~]# openstack group add user Devops William
[root@controller ~]# openstack user create --domain 210Demo --password 000000 --email John@lab.example.com John
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | de10f09cbbaf4e8db474db49f8859c27 |
| email | John@lab.example.com |
| enabled | True |
| id | 64bd05c6364841a695b2c39f456e007a |
| name | John |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project Production --user John member
[root@controller ~]# openstack group add user Devops JohnGlance安装与使用
在controller节点上使用iaas-install-glance.sh脚本安装glance服务。然后将cirros-0.5.2-x86_64-disk.img镜像上传到OpenStack平台中,镜像名称为cirros-0.5.2。
[root@controller ~]# source /etc/openstack/openrc.sh
[root@controller ~]# iaas-install-glance.sh
[root@controller ~]# source /etc/keystone/admin-openrc.sh
[root@controller ~]# openstack image create --disk-format qcow2 --file cirros-0.5.2-x86_64-disk.img cirros-0.5.2
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| checksum | b874c39491a2377b8490f5f1e89761a4 |
| container_format | bare |
| created_at | 2024-05-15T16:25:52Z |
| disk_format | qcow2 |
| file | /v2/images/b108f1f6-ff01-490f-8418-2ea5bb4f6aef/file |
| id | b108f1f6-ff01-490f-8418-2ea5bb4f6aef |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros-0.5.2 |
| owner | edf9f53e006e44729bd46ccf8eb0f4f4 |
| properties | os_hash_algo='sha512', os_hash_value='6b813aa46bb90b4da216a4d19376593fa3f4fc7e617f03a92b7fe11e9a3981cbe8f0959dbebe36225e5f53dc4492341a4863cac4ed1ee0909f3fc78ef9c3e869', os_hidden='False' |
| protected | False |
| schema | /v2/schemas/image |
| size | 16300544 |
| status | active |
| tags | |
| updated_at | 2024-05-15T16:25:53Z |
| virtual_size | None |
| visibility | shared |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+Nova安装
在控制节点和计算节点上分别安装Nova服务。安装完成后,完成Nova相关配置。
在controller节点和compute节点上分别使用iaas-install-placement.sh脚本、 iaas-install-nova -controller.sh脚本、iaas-install-nova-compute.sh脚本安装Nova服务。在OpenStack中,修改相关配置文件,修改调度器规则采用缓存调度器,缓存主机信息,提升调度时间。
[root@controller ~]# source /etc/openstack/openrc.sh
[root@controller ~]# iaas-install-nova-controller.sh
[root@compute ~]# source /etc/openstack/openrc.sh
[root@compute ~]# iaas-install-nova-compute.sh
[root@controller ~]# source /etc/keystone/admin-openrc.sh
[root@controller ~]# vim /etc/nova/nova.conf
修改
[scheduler]
# The class of the driver used by the scheduler. This should be chosen from one
# of the entrypoints under the namespace 'nova.scheduler.driver' of file
# 'setup.cfg'. If nothing is specified in this option, the 'filter_scheduler' is
# used. For more information, refer to the documentation. (string value)
# Deprecated group;name - DEFAULT;scheduler_driver
# 意思是未修改默认使用filter_scheduler
driver=caching_scheduler
#scheduler_driver = caching_scheduler #添加 缓存调度器(caching scheduler)
#[DEFAULT]
#scheduler_driver = caching_scheduler #添加 缓存调度器(caching scheduler)Neutron安装
在控制和计算节点上正确安装Neutron服务。
使用提供的脚本iaas-install-neutron-controller.sh和iaas-install-neutron-compute.sh,在controller和 compute节点上安装neutron服务。
[root@controller ~]# source /etc/openstack/openrc.sh
[root@controller ~]# iaas-install-neutron-controller.sh
[root@compute ~]# source /etc/openstack/openrc.sh
[root@compute ~]# iaas-install-neutron-compute.sh Dashboard安装
在控制节点上安装Dashboard服务。安装完成后,将Dashboard中的 Django数据修改为存储在文件中。
在controller节点上使用iaas-install-dashboad.sh脚本安装Dashboard服务。安装完成后,修改相关配置文件,完成下列两个操作:
1.使得登录Dashboard平台的时候不需要输入域名(domain 域 );
2.将Dashboard中的Django数据修改为存储在文件中。
[root@controller ~]# source /etc/openstack/openrc.sh
[root@controller ~]# iaas-install-dashboard.sh
[root@controller ~]# mkdir /var/lib/openstack-dashboard/sessions
[root@controller ~]# vim /etc/openstack-dashboard/local_settings
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False
ESSION_ENGINE = 'django.contrib.sessions.backends.file'
SESSION_FILE_PATH = '/var/lib/openstack-dashboard/sessions'
[root@controller ~]# systemctl restart httpdSwift安装
在控制节点和计算节点上分别安装Swift服务。安装完成后,将cirros镜像进行分片存储。
在控制节点和计算节点上分别使用iaas-install-swift-controller.sh和iaas-install-swift-compute.sh脚本 安装Swift服务。安装完成后,使用命令创建一个名叫examcontainer的容器,将cirros-0.3.4-x86_64-disk.img镜像上传到examcontainer容器中,并设置分段存放,每一段大小为10M。
[root@controller ~]# source /etc/openstack/openrc.sh
[root@controller ~]# iaas-install-swift-controller.sh
[root@compute ~]# source /etc/openstack/openrc.sh
[root@compute ~]# iaas-install-swift-compute.sh
[root@compute ~]# echo "/dev/$OBJECT_DISK /swift/node/$OBJECT_DISK xfs defaults 0 0" >> /etc/fstab
[root@controller ~]# swift post examcontainer
[root@controller ~]# swift upload examcontainer -S 10M cirros-0.3.4-x86_64-disk.img
cirros-0.3.4-x86_64-disk.img segment 0
cirros-0.3.4-x86_64-disk.img segment 1
cirros-0.3.4-x86_64-disk.img如果使用chinaskills_cloud_iaas_v2.0.1.iso - chinaskills_cloud_iaas_v2.0.3.iso版本请注意检查compute 的 swift 节点, 经常会出现挂载没有持久化,或者连接没有持久化等问题,导致关机重启后总会出问题,且难以修复(从来没修好过)
Cinder安装与创建硬盘
在控制节点和计算节点分别安装Cinder服务,请在计算节点,对块存储进行扩容操作。
在控制节点和计算节点分别使用iaas-install-cinder-controller.sh、iaas-install-cinder-compute.sh脚本安装Cinder服务,请在计算节点,对块存储进行扩容操作,即在计算节点再分出一个5G的分区,加入到 cinder块存储的后端存储中去。
[root@controller ~]# source /etc/openstack/openrc.sh
[root@controller ~]# iaas-install-cinder-controller.sh
[root@compute ~]# source /etc/openstack/openrc.sh
[root@compute ~]# iaas-install-cinder-compute.sh
[root@compute ~]# pvcreate /dev/sdb4
Physical volume "/dev/sdb4" successfully created.
[root@compute ~]# vgs
VG #PV #LV #SN Attr VSize VFree
centos 1 3 0 wz--n- <199.00g 4.00m
cinder-volumes 1 1 0 wz--n- <20.00g 980.00m
[root@compute ~]# vgextend cinder-volumes /dev/sdb4
Volume group "cinder-volumes" successfully extended
[root@compute ~]# vgs
VG #PV #LV #SN Attr VSize VFree
centos 1 3 0 wz--n- <199.00g 4.00m
cinder-volumes 2 1 0 wz--n- 39.99g 20.95g
[root@compute ~]# vgdisplay
--- Volume group ---
VG Name cinder-volumes
System ID
Format lvm2
Metadata Areas 2
Metadata Sequence No 5
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 1
Open LV 0
Max PV 0
Cur PV 2
Act PV 2
VG Size 39.99 GiB
PE Size 4.00 MiB
Total PE 10238
Alloc PE / Size 4874 / <19.04 GiB
Free PE / Size 5364 / 20.95 GiB
VG UUID WndzEu-ae3u-x5bM-io2G-Vy5L-nCLd-zpfxav
--- Volume group ---
VG Name centos
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 4
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 3
Open LV 3
Max PV 0
Cur PV 1
Act PV 1
VG Size <199.00 GiB
PE Size 4.00 MiB
Total PE 50943
Alloc PE / Size 50942 / 198.99 GiB
Free PE / Size 1 / 4.00 MiB
VG UUID fOF9H7-ZSnG-zovj-JyxT-q6oq-ajwr-tXb4pb
二.私有云服务运维
Linux系统调优
修改系统配置文件,要求将回写磁盘的时间临时调整为60秒。
Linux系统内存中会存在脏数据,一般系统默认脏数据30秒后会回写磁盘,修改系统配置文件,要求将回写磁盘的时间临时调整为60秒。
[root@controller ~]# echo "vm.dirty_expire_centisecs=6000" >> /etc/sysctl.conf Linux系统调优
修改controller节点的配置文件,要求永久生效swappiness为20。
在Linux生产环境中, 一般会希望少用swap而多用内存,修改controller节点的配置文件,要求永久生效 swappiness为20。
[root@controller ~]# echo "vm.swappiness = 20" >> /etc/sysctl.conf 使用Heat模板创建用户
编写Heat模板create_user.yaml,创建名为heat-user的用户。
使用自己搭建的OpenStack私有云平台,使用heat编写摸板(heat_template_version: 2016-04-08)创建名为”chinaskills”的domain,在此domain下创建名为beijing_group的租户,在此租户下创建名为cloud的用户,将此文件命名及保存在/root/user_create.yml
[root@controller ~]# vim create_user.yaml
heat_template_version: 2016-04-08
resources:
KeystoneDomain:
properties:
name: chinaskills
type: OS::Keystone::Domain
KeystoneGroup:
properties:
domain: { get_resource: KeystoneDomain }
name: beijing_group
type: OS::Keystone::Group
KeystoneUser:
properties:
domain: { get_resource: KeystoneDomain }
groups:
- { get_resource: KeystoneGroup }
name: cloud
password: 000000
type: OS::Keystone::User
[root@controller ~]# openstack stack create -t create_user.yaml user
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| id | 609e2deb-3fa4-4247-b7c6-8c363145c428 |
| stack_name | user |
| description | No description |
| creation_time | 2024-05-18T16:09:08Z |
| updated_time | None |
| stack_status | CREATE_IN_PROGRESS |
| stack_status_reason | Stack CREATE started |
+---------------------+--------------------------------------+使用Heat模板创建网络
在自行搭建的OpenStack私有云平台上,编写Heat模板文件,完成网络的创建。
在自行搭建的OpenStack私有云平台上,在/root目录下编写Heat模板create_net.yaml,创建名为Heat-Network网络,选择不共享;创建子网名为Heat-Subnet,子网网段设置为10.20.2.0/24,开启DHCP服务,地址池为10.20.2.20-10.20.2.100。完成后提交控制节点的用户名、密码和IP地址到答题框。(在提交信息前请准备好yaml模板执行的环境)
[root@controller ~]# vim create_net.yaml
heat_template_version: 2018-08-31
resources:
Net:
properties:
name: Heat-Network
shared: false
type: OS::Neutron::Net
Subnet:
properties:
allocation_pools:
- start: 10.20.2.20
end: 10.20.2.100
cidr: 10.20.2.0/24
enable_dhcp: true
gateway_ip: 10.20.2.1
name: Heat-Subnet
network: { get_resource: Net }
type: OS::Neutron::Subnet
[root@controller ~]# openstack stack create -t create_net.yaml net
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| id | cb9d550e-8d08-4a8f-ab9e-5931a10c1a1c |
| stack_name | net |
| description | No description |
| creation_time | 2024-05-18T16:11:29Z |
| updated_time | None |
| stack_status | CREATE_IN_PROGRESS |
| stack_status_reason | Stack CREATE started |
+---------------------+--------------------------------------+Keystone优化
请修改相关配置,将Keystone的失效列表缓存时间增加到原来的两倍。
openstack api server在处理请求前会校验token是否合法,除了校验token是否过期,同时还校验token是否在token失效列表里面;这个token失效列表会在本地缓存,如果过期,则会去keystone重新获取,在并发的时候, keystone会成为瓶颈点。请修改相关配置,将Keystone的失效列表缓存时间增加到原来的两倍。
[root@controller ~]# vim /etc/keystone/keystone.conf
# Time to cache the revocation list and the revocation events (in seconds).
# This has no effect unless global and `[revoke] caching` are both enabled.
# (integer value)
# Deprecated group/name - [token]/revocation_cache_time
cache_time = 7200OpenStack镜像压缩
在HTTP文件服务器中存在一个镜像为CentOS7.5-compress.qcow2的镜像,请对该镜像进行压缩操作。
使用自行搭建的OpenStack平台。在HTTP服务中存在一个镜像为CentOS7.5-compress.qcow2的镜像, 请使用qemu相关命令,对该镜像进行压缩,压缩后的镜像命名为chinaskill-js-compress.qcow2并存放在/root目录下。
[root@controller ~]# qemu-img convert -c -O qcow2 CentOS_7.5_x86_64_XD.qcow2 /root/chinaskill-js-compress.qcow2Glance调优
在OpenStack平台中,修改相关配置文件,将子进程数量相应的配置修改成2。
在OpenStack平台中, glance-api处理请求的子进程数量默认是0,只有一个主进程,请修改相关配置文件,将子进程数量相应的配置修改成2,这样的话有一个主进程加2个子进程来并发处理请求。
[root@controller ~]# vim /etc/glance/glance-api.conf
workers = 2Ceph云存储系统部署
使用提供的ceph.tar.gz软件包,安装ceph服务并完成初始化操作。
使用提供的ceph-14.2.22.tar.gz软件包,在OpenStack平台上创建三台CentOS7.9系统的云主机,使用这三个节点安装ceph服务并完成初始化操作,第一个节点为mon/osd节点,第二、三个节点为osd节点,部署完ceph后,创建vms、images、volumes三个pool。
[root@localhost ~]# hostnamectl set-hostname ceph-node1
[root@localhost ~]# bash
[root@ceph-node1 ~]#
[root@localhost ~]# hostnamectl set-hostname ceph-node2
[root@localhost ~]# bash
[root@ceph-node2 ~]#
[root@localhost ~]# hostnamectl set-hostname ceph-node3
[root@localhost ~]# bash
[root@ceph-node3 ~]#
[root@ceph-node1 ~]# echo -e "192.168.10.10 ceph-node1\n192.168.10.20 ceph-node2\n192.168.10.30 ceph-node3" >> /etc/hosts
[root@ceph-node1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.10.10 ceph-node1
192.168.10.20 ceph-node2
192.168.10.30 ceph-node3
# 关闭防火墙,seliunx,配置ssh免密
[root@ceph-node1 ~]# tar -xf ceph-14.2.22.tar.gz -C /opt/
[root@ceph-node1 ~]# mount -O loop CentOS-7-x86_64-DVD-2009.iso /mnt/
mount: /dev/loop0 is write-protected, mounting read-only
[root@ceph-node1 ~]# cp -rf /mnt/* /opt/centos/
[root@ceph-node1 ~]# umount /mnt/
[root@ceph-node1 ~]# mkdir yum
[root@ceph-node1 ~]# mv /etc/yum.repos.d/* yum/
[root@ceph-node1 ~]# vi /etc/yum.repos.d/local.repo
[centos]
name=centos
baseurl=file:///opt/centos
gpgcheck=0
enabled=1
[ceph]
name=ceph
baseurl=file:///opt/ceph
gpgcheck=0
enabled=1
[root@ceph-node1 ~]# yum -y install vsftpd
[root@ceph-node1 ~]# echo "anon_root=/opt">>/etc/vsftpd/vsftpd.conf
[root@ceph-node1 ~]# systemctl enable vsftpd
Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.
[root@ceph-node1 ~]# systemctl restart vsftpd
Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.
[root@ceph-node1 ~]# scp yum.repo ceph-node2:/etc/yum.repos.d/yum.repo
yum.repo 100% 143 95.1KB/s 00:00
[root@ceph-node1 ~]# scp yum.repo ceph-node3:/etc/yum.repos.d/yum.repo
yum.repo 100% 143 74.1KB/s 00:00
#[root@ceph-node1 ~]# yum install -y ceph-deploy
[root@ceph-node1 ceph]# yum install python-setuptools ceph-deploy -y
[root@ceph-node1 ceph]# ceph-deploy --version
2.0.1
### 补齐 python 缺失包 暂略
[root@ceph-node1 ceph]# ceph-deploy install ceph-node1 ceph-node2 ceph-node3 --no-adjust-repos
......
[ceph-node3][DEBUG ] Complete!
[ceph-node3][INFO ] Running command: ceph --version
[ceph-node3][DEBUG ] ceph version 14.2.22 (ca74598065096e6fcbd8433c8779a2be0c889351) nautilus (stable)
[root@ceph-node1 ceph]# ceph -v
ceph version 14.2.22 (ca74598065096e6fcbd8433c8779a2be0c889351) nautilus (stable)
[root@ceph-node2 ~]# ceph -v
ceph version 14.2.22 (ca74598065096e6fcbd8433c8779a2be0c889351) nautilus (stable)
[root@ceph-node3 ~]# ceph -v
ceph version 14.2.22 (ca74598065096e6fcbd8433c8779a2be0c889351) nautilus (stable)
[root@ceph-node1 ceph]# ceph-deploy mon create-initial
......
[ceph_deploy.gatherkeys][INFO ] Storing ceph.client.admin.keyring
[ceph_deploy.gatherkeys][INFO ] Storing ceph.bootstrap-mds.keyring
[ceph_deploy.gatherkeys][INFO ] Storing ceph.bootstrap-mgr.keyring
[ceph_deploy.gatherkeys][INFO ] keyring 'ceph.mon.keyring' already exists
[ceph_deploy.gatherkeys][INFO ] Storing ceph.bootstrap-osd.keyring
[ceph_deploy.gatherkeys][INFO ] Storing ceph.bootstrap-rgw.keyring
[ceph_deploy.gatherkeys][INFO ] Destroy temp directory /tmp/tmp37ft_f
[root@ceph-node1 ceph]# ceph -s
cluster:
id: f0368b18-833b-439a-845f-c4b53799b7c1
health: HEALTH_WARN
mon is allowing insecure global_id reclaim
services:
mon: 1 daemons, quorum ceph-node1 (age 30s)
mgr: no daemons active
osd: 0 osds: 0 up, 0 in
data:
pools: 0 pools, 0 pgs
objects: 0 objects, 0 B
usage: 0 B used, 0 B / 0 B avail
pgs:
[root@ceph-node1 ceph]# ceph-deploy disk list ceph-node1
[ceph_deploy.conf][DEBUG ] found configuration file at: /root/.cephdeploy.conf
[ceph_deploy.cli][INFO ] Invoked (2.0.1): /usr/bin/ceph-deploy disk list ceph-node1
[ceph_deploy.cli][INFO ] ceph-deploy options:
[ceph_deploy.cli][INFO ] username : None
[ceph_deploy.cli][INFO ] verbose : False
[ceph_deploy.cli][INFO ] debug : False
[ceph_deploy.cli][INFO ] overwrite_conf : False
[ceph_deploy.cli][INFO ] subcommand : list
[ceph_deploy.cli][INFO ] quiet : False
[ceph_deploy.cli][INFO ] cd_conf : <ceph_deploy.conf.cephdeploy.Conf instance at 0x7f553a0e9248>
[ceph_deploy.cli][INFO ] cluster : ceph
[ceph_deploy.cli][INFO ] host : ['ceph-node1']
[ceph_deploy.cli][INFO ] func : <function disk at 0x7f553a12a938>
[ceph_deploy.cli][INFO ] ceph_conf : None
[ceph_deploy.cli][INFO ] default_release : False
[ceph-node1][DEBUG ] connected to host: ceph-node1
[ceph-node1][DEBUG ] detect platform information from remote host
[ceph-node1][DEBUG ] detect machine type
[ceph-node1][DEBUG ] find the location of an executable
[ceph-node1][INFO ] Running command: fdisk -l
[ceph-node1][INFO ] Disk /dev/sdb: 21.5 GB, 21474836480 bytes, 41943040 sectors
[ceph-node1][INFO ] Disk /dev/sda: 214.7 GB, 214748364800 bytes, 419430400 sectors
[ceph-node1][INFO ] Disk /dev/mapper/centos-root: 53.7 GB, 53687091200 bytes, 104857600 sectors
[ceph-node1][INFO ] Disk /dev/mapper/centos-swap: 8455 MB, 8455716864 bytes, 16515072 sectors
[ceph-node1][INFO ] Disk /dev/mapper/centos-home: 151.5 GB, 151523426304 bytes, 295944192 sectors
# 所有机器sdb硬盘格式化3个5g出来 略
[root@ceph-node1 ceph]# ceph-deploy osd create --data /dev/sdb1 ceph-node1
......
[ceph-node1][INFO ] checking OSD status...
[ceph-node1][DEBUG ] find the location of an executable
[ceph-node1][INFO ] Running command: /bin/ceph --cluster=ceph osd stat --format=json
[ceph_deploy.osd][DEBUG ] Host ceph-node1 is now ready for osd use.
[root@ceph-node1 ceph]# ceph-deploy osd create --data /dev/sdb1 ceph-node2
[root@ceph-node1 ceph]# ceph-deploy osd create --data /dev/sdb1 ceph-node3
[root@ceph-node1 ceph]# ceph -s
cluster:
id: f0368b18-833b-439a-845f-c4b53799b7c1
health: HEALTH_WARN
no active mgr
mon is allowing insecure global_id reclaim
services:
mon: 1 daemons, quorum ceph-node1 (age 5m)
mgr: no daemons active
osd: 2 osds: 2 up (since 24s), 2 in (since 24s)
data:
pools: 0 pools, 0 pgs
objects: 0 objects, 0 B
usage: 0 B used, 0 B / 0 B avail
pgs:
[root@ceph-node1 ceph]# ceph-deploy mgr create ceph-node1 ceph-node2 ceph-node3
......
[ceph-node3][INFO ] Running command: ceph --cluster ceph --name client.bootstrap-mgr --keyring /var/lib/ceph/bootstrap-mgr/ceph.keyring auth get-or-create mgr.ceph-node3 mon allow profile mgr osd allow * mds allow * -o /var/lib/ceph/mgr/ceph-ceph-node3/keyring
[ceph-node3][INFO ] Running command: systemctl enable ceph-mgr@ceph-node3
[ceph-node3][WARNIN] Created symlink from /etc/systemd/system/ceph-mgr.target.wants/ceph-mgr@ceph-node3.service to /usr/lib/systemd/system/ceph-mgr@.service.
[ceph-node3][INFO ] Running command: systemctl start ceph-mgr@ceph-node3
[ceph-node3][INFO ] Running command: systemctl enable ceph.target
[root@ceph-node1 ceph]# ceph -s
cluster:
id: f0368b18-833b-439a-845f-c4b53799b7c1
health: HEALTH_WARN
OSD count 2 < osd_pool_default_size 3
mon is allowing insecure global_id reclaim
services:
mon: 1 daemons, quorum ceph-node1 (age 6m)
mgr: ceph-node1(active, since 48s), standbys: ceph-node2, ceph-node3
osd: 2 osds: 2 up (since 91s), 2 in (since 91s)
data:
pools: 0 pools, 0 pgs
objects: 0 objects, 0 B
usage: 2.0 GiB used, 8.0 GiB / 10 GiB avail
pgs:
[root@ceph-node1 ceph]# ceph config set mon auth_allow_insecure_global_id_reclaim false
[root@ceph-node1 ceph]# ceph -s
cluster:
id: f0368b18-833b-439a-845f-c4b53799b7c1
health: HEALTH_OK
services:
mon: 1 daemons, quorum ceph-node1 (age 7m)
mgr: ceph-node1(active, since 2m), standbys: ceph-node2, ceph-node3
osd: 3 osds: 3 up (since 5s), 3 in (since 5s)
data:
pools: 0 pools, 0 pgs
objects: 0 objects, 0 B
usage: 3.0 GiB used, 12 GiB / 15 GiB avail
pgs:
[root@ceph-node1 ceph]# ceph-deploy admin ceph-node{1,2,3}
......
[ceph_deploy.admin][DEBUG ] Pushing admin keys and conf to ceph-node3
[ceph-node3][DEBUG ] connected to host: ceph-node3
[ceph-node3][DEBUG ] detect platform information from remote host
[ceph-node3][DEBUG ] detect machine type
[ceph-node3][DEBUG ] write cluster configuration to /etc/ceph/{cluster}.conf
[root@ceph-node1 ceph]# chmod +r /etc/ceph/ceph.client.admin.keyring
[root@ceph-node1 ceph]# ceph osd stat
3 osds: 3 up (since 81s), 3 in (since 81s); epoch: e13
root@ceph-node1 ceph]# ceph osd stat
3 osds: 3 up (since 81s), 3 in (since 81s); epoch: e13
[root@ceph-node1 ceph]# ceph osd pool create vms 64
pool 'vms' created
[root@ceph-node1 ceph]# ceph osd pool create images 64
pool 'images' created
[root@ceph-node1 ceph]# ceph osd pool create volumes 64
pool 'volumes' created
[root@ceph-node1 ceph]# ceph osd lspools
1 vms
2 images
3 volumesGlance对接Ceph存储
修改OpenStack平台中Glance服务的配置文件,将Glance后端存储改为Ceph存储。
在自己搭建的OpenStack平台中修改glance服务的相关配置文件,将glance后端存储改为ceph存储。也就是所以的镜像会上传至ceph的images pool中。通过命令使用cirros-0.3.4-x86_64-disk.img镜像文件上传至云平台中,镜像命名为cirros。
[root@ceph-node1 ~]# rbd pool init images
[root@ceph-node1 ~]# ceph auth get-or-create client.glance mon 'allow *' osd 'allow *' mgr 'allow *' | ssh 192.168.10.10 tee /etc/ceph/ceph.client.glance.keyring
[root@ceph-node1 ceph]# scp ceph.conf controller:/etc/ceph/
[root@ceph-node1 ceph]# scp ceph.conf compute:/etc/ceph/
# 配置ceph yum源 略
[root@controller ceph]# yum install -y ceph-common python-rbd
[root@compute ceph]# yum install -y ceph-common python-rbd
[root@controller ceph]# chown -R glance:glance ceph.client.glance.keyring
vim /etc/glance/glance-api.conf
[glance_store]
#stores = rbd,file,http
#demo_store = file
#filesystem_store_datadir = /var/lib/glance/images/
stores = rbd,file,http
default_store = rbd
rbd_store_chunk_size = 8
rbd_store_pool = images
rbd_store_user = glance
rbd_store_ceph_conf = /etc/ceph/ceph.conf
show_image_direct_url = True
# 重启服务
[root@controller ~]# systemctl restart openstack-glance*Nova调度器管理
在OpenStack中,修改调度器规则为会将VM放置到load最低的节点上的调度器。(不知道load最低是啥,workload?)
在controller节点和compute节点上分别使用iaas-install-placement.sh脚本、 iaas-install-nova - controller.sh脚本、iaas-install-nova-compute.sh脚本安装Nova服务。在OpenStack中,默认调度器有三种,修改相关配置文件,修改调度器规则为会将VM放置到load最低的节点上的调度器。
# 取消掉这些的注释
# 过滤器,使用筛选器
driver=filter_scheduler
# 配置scheduler可用的过滤器,默认就是开启所有
available_filters=nova.scheduler.filters.all_filters
# 配置过滤
enabled_filters=AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter
# 设置权重
#weight_classes=nova.scheduler.weights.io_ops.IoOpsWeigher,其他权重类...
weight_classes=nova.scheduler.weights.all_weighers
io_ops_weight_multiplier=-1.0 # 放到工作强度低的
过滤流程:
Nova资源优化
编辑nova.conf文件,将内存预留量配置为4GB。
在OpenStack中,默认的CPU超配比例是1:16,内存超配比例是1:1.5。当宿主机使用swap交换分区来为 虚拟机分配内存的时候,则虚拟机的性能将急速下降。生产环境上一般不建议开启内存超售(建议配置 比例1:1)。请编辑nova.conf文件,将内存预留量配置为4GB,保证该部分内存不能被虚拟机使用。
[root@controller ~]# vim /etc/nova/nova.conf
reserved_host_memory_mb=4096Nova优化数据库连接
修改nova相关配置文件,修改连接池大小和最大允许超出的连接数为10。
在controller节点和compute节点上分别使用iaas-install-placement.sh脚本、 iaas-install-nova - controller.sh脚本、iaas-install-nova-compute.sh脚本安装Nova服务。当并发业务处理,需要连接数据库,并发度高的时候,提示数据库连接超过了上限 。解决思路:调整各组件的数据库连接数配置,下面通过修改nova相关配置文件,修改连接池大小和最大允许超出的连接数为10。
[root@controller ~]# vim /etc/nova/nova.conf
max_pool_size = 10
max_overflow = 10
max_pool_size表示连接池的最大数量
max_overflow表示允许的最大超出连接数Linux命名空间网络互通
在controller节点创建两个网络命名空间,分别命名为“ns05”和“ns06”,然后创建虚拟以太网设备对“tap05”、“tap06”,将“tap05”连接到ns05命名空间,“tap06”连接到到“ns06”命名空间。最后为命名空间“ns05“分IP为172.128.99.42,命名空间”ns06“分配IP为172.128.99.43 ,实现2个命名空间的网络互通。
yum install -y iproute
Linux 命名空间网络互通
创建两个网络命名空间:
[root@controller ~]# ip netns add ns05
[root@controller ~]# ip netns add ns06
[root@controller ~]# ip netns list
ns06
ns05
qdhcp-8cf1cffb-e1b0-42e4-93ea-9cd1be59956c (id: 0)
创建虚拟以太网设备并连接到相应的命名空间:
[root@controller ~]# ip link add tap05 type veth peer name tap06
[root@controller ~]# ip link list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:75:f1:29 brd ff:ff:ff:ff:ff:ff
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:75:f1:33 brd ff:ff:ff:ff:ff:ff
5: tapfd245a1e-b3@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master brq8cf1cffb-e1 state UP mode DEFAULT group default qlen 1000
link/ether 4e:4b:46:ea:b0:55 brd ff:ff:ff:ff:ff:ff link-netnsid 0
6: vxlan-101: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master brq8cf1cffb-e1 state UNKNOWN mode DEFAULT group default qlen 1000
link/ether fa:c2:8c:ea:ac:06 brd ff:ff:ff:ff:ff:ff
7: brq8cf1cffb-e1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 4e:4b:46:ea:b0:55 brd ff:ff:ff:ff:ff:ff
[root@controller ~]# ip link set tap05 netns ns05
[root@controller ~]# ip netns exec ns05 ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
11: tap05@if10: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether e2:f0:ad:09:8a:9a brd ff:ff:ff:ff:ff:ff link-netnsid 1
[root@controller ~]# ip link set tap06 netns ns06
[root@controller ~]# ip netns exec ns06 ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
10: tap06@if11: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 3e:8d:83:85:01:e9 brd ff:ff:ff:ff:ff:ff link-netnsid 0
为命名空间分配 IP 地址并启用虚拟以太网设备:
[root@controller ~]# ip netns exec ns05 ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
11: tap05@if10: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether e2:f0:ad:09:8a:9a brd ff:ff:ff:ff:ff:ff link-netnsid 1
[root@controller ~]# ip netns exec ns05 ip addr add 172.128.99.42/24 dev tap05
[root@controller ~]# ip netns exec ns05 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
11: tap05@if10: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether e2:f0:ad:09:8a:9a brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet 172.128.99.42/24 scope global tap05
valid_lft forever preferred_lft forever
[root@controller ~]# ip netns exec ns06 ip addr add 172.128.99.43/24 dev tap06
[root@controller ~]# ip netns exec ns06 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
10: tap06@if11: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 3e:8d:83:85:01:e9 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.128.99.43/24 scope global tap06
valid_lft forever preferred_lft forever
[root@controller ~]# ip netns exec ns05 ip link set tap05 up
[root@controller ~]# ip netns exec ns05 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
11: tap05@if10: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state LOWERLAYERDOWN group default qlen 1000
link/ether e2:f0:ad:09:8a:9a brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet 172.128.99.42/24 scope global tap05
valid_lft forever preferred_lft forever
[root@controller ~]# ip netns exec ns06 ip link set tap06 up
[root@controller ~]# ip netns exec ns06 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
10: tap06@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 3e:8d:83:85:01:e9 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.128.99.43/24 scope global tap06
valid_lft forever preferred_lft forever
inet6 fe80::3c8d:83ff:fe85:1e9/64 scope link
valid_lft forever preferred_lft forever
测试两个命名空间的网络互通:
[root@controller ~]# ip netns exec ns05 ping -c 4 172.128.99.43
PING 172.128.99.43 (172.128.99.43) 56(84) bytes of data.
64 bytes from 172.128.99.43: icmp_seq=1 ttl=64 time=0.196 ms
64 bytes from 172.128.99.43: icmp_seq=2 ttl=64 time=0.098 ms
64 bytes from 172.128.99.43: icmp_seq=3 ttl=64 time=0.082 ms
64 bytes from 172.128.99.43: icmp_seq=4 ttl=64 time=0.077 ms
--- 172.128.99.43 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.077/0.113/0.196/0.048 ms
[root@controller ~]# ip netns exec ns06 ping -c 4 172.128.99.42
PING 172.128.99.42 (172.128.99.42) 56(84) bytes of data.
64 bytes from 172.128.99.42: icmp_seq=1 ttl=64 time=0.073 ms
64 bytes from 172.128.99.42: icmp_seq=2 ttl=64 time=0.075 ms
64 bytes from 172.128.99.42: icmp_seq=3 ttl=64 time=0.037 ms
64 bytes from 172.128.99.42: icmp_seq=4 ttl=64 time=0.075 ms
--- 172.128.99.42 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 0.037/0.065/0.075/0.016 msLinux Bridge网络互通
在controller节点创建两个网络命名空间,分别命名为“ns01”和“ns02”,然后创建名为“br-skill”的Linux Bridge网络桥,关闭Spanning Tree Protocol( STP)并启用该网络桥,接着创建两组端口对,每组包含两个虚拟以太网设备, 一个设备连接到网络桥,另一个设备连接到相应的命名空间 。最后为命名空间“ns01“分配IP为172.128.9.7,命名空间”ns02“分配IP为172.128.9.8 ,实现2个命名空间的网络互通。
yum install -y bridge-utils
Linux Bridge网络互通
创建两个网络命名空间:
[root@controller ~]# ip netns add ns01
[root@controller ~]# ip netns add ns02
[root@controller ~]# ip netns list
ns02
ns01
创建 Linux Bridge 网络桥并关闭 STP:
#使用这种需要安装 bridge-utils 离线环境可能没有
#brctl addbr br-skill
#brctl stp br-skill off
#ifconfig br-skill up
[root@controller ~]# ip link add name br-skill type bridge
[root@controller ~]# ip link set dev br-skill type bridge stp_state 0
[root@controller ~]# ip link set dev br-skill up
[root@controller ~]# ip link show br-skill
14: br-skill: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/ether 52:87:b8:6b:ea:7c brd ff:ff:ff:ff:ff:ff
创建端口对并连接到相应的命名空间:
[root@controller ~]# ip link add veth1-br type veth peer name veth1-ns01
[root@controller ~]# ip link add veth2-br type veth peer name veth2-ns02
[root@controller ~]# ip link list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:75:f1:29 brd ff:ff:ff:ff:ff:ff
3: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:75:f1:33 brd ff:ff:ff:ff:ff:ff
5: tapfd245a1e-b3@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master brq8cf1cffb-e1 state UP mode DEFAULT group default qlen 1000
link/ether 4e:4b:46:ea:b0:55 brd ff:ff:ff:ff:ff:ff link-netnsid 0
6: vxlan-101: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue master brq8cf1cffb-e1 state UNKNOWN mode DEFAULT group default qlen 1000
link/ether fa:c2:8c:ea:ac:06 brd ff:ff:ff:ff:ff:ff
7: brq8cf1cffb-e1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 4e:4b:46:ea:b0:55 brd ff:ff:ff:ff:ff:ff
14: br-skill: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/ether 52:87:b8:6b:ea:7c brd ff:ff:ff:ff:ff:ff
15: veth1-ns01@veth1-br: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 52:87:63:46:90:2b brd ff:ff:ff:ff:ff:ff
16: veth1-br@veth1-ns01: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 4e:81:ee:43:60:34 brd ff:ff:ff:ff:ff:ff
17: veth2-ns02@veth2-br: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 2e:c7:b9:d4:a0:77 brd ff:ff:ff:ff:ff:ff
18: veth2-br@veth2-ns02: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 4a:0d:99:be:d0:19 brd ff:ff:ff:ff:ff:ff
[root@controller ~]# ip link set veth1-br master br-skill
[root@controller ~]# ip link set veth2-br master br-skill
[root@controller ~]# ip link show master br-skill
16: veth1-br@veth1-ns01: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop master br-skill state DOWN mode DEFAULT group default qlen 1000
link/ether 4e:81:ee:43:60:34 brd ff:ff:ff:ff:ff:ff
18: veth2-br@veth2-ns02: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop master br-skill state DOWN mode DEFAULT group default qlen 1000
link/ether 4a:0d:99:be:d0:19 brd ff:ff:ff:ff:ff:ff
[root@controller ~]# ip link set dev veth1-br up
[root@controller ~]# ip link set dev veth2-br up
[root@controller ~]# ip link show master br-skill
16: veth1-br@veth1-ns01: <NO-CARRIER,BROADCAST,MULTICAST,UP,M-DOWN> mtu 1500 qdisc noqueue master br-skill state LOWERLAYERDOWN mode DEFAULT group default qlen 1000
link/ether 4e:81:ee:43:60:34 brd ff:ff:ff:ff:ff:ff
18: veth2-br@veth2-ns02: <NO-CARRIER,BROADCAST,MULTICAST,UP,M-DOWN> mtu 1500 qdisc noqueue master br-skill state LOWERLAYERDOWN mode DEFAULT group default qlen 1000
link/ether 4a:0d:99:be:d0:19 brd ff:ff:ff:ff:ff:ff
[root@controller ~]# ip link set veth1-ns01 netns ns01
[root@controller ~]# ip netns exec ns01 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
15: veth1-ns01@if16: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 52:87:63:46:90:2b brd ff:ff:ff:ff:ff:ff link-netnsid 0
[root@controller ~]# ip link set veth2-ns02 netns ns02
[root@controller ~]# ip netns exec ns02 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
17: veth2-ns02@if18: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 2e:c7:b9:d4:a0:77 brd ff:ff:ff:ff:ff:ff link-netnsid 0
为命名空间分配 IP 地址并启用虚拟以太网设备:
[root@controller ~]# ip netns exec ns01 ip addr add 172.128.9.7/24 dev veth1-ns01
[root@controller ~]# ip netns exec ns01 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
15: veth1-ns01@if16: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 52:87:63:46:90:2b brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.128.9.7/24 scope global veth1-ns01
valid_lft forever preferred_lft forever
[root@controller ~]# ip netns exec ns02 ip addr add 172.128.9.8/24 dev veth2-ns02
[root@controller ~]# ip netns exec ns02 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
17: veth2-ns02@if18: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 2e:c7:b9:d4:a0:77 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.128.9.8/24 scope global veth2-ns02
valid_lft forever preferred_lft forever
[root@controller ~]# ip netns exec ns01 ip link set veth1-ns01 up
[root@controller ~]# ip netns exec ns01 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
15: veth1-ns01@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 52:87:63:46:90:2b brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.128.9.7/24 scope global veth1-ns01
valid_lft forever preferred_lft forever
inet6 fe80::5087:63ff:fe46:902b/64 scope link
valid_lft forever preferred_lft forever
[root@controller ~]# ip netns exec ns02 ip link set veth2-ns02 up
[root@controller ~]# ip netns exec ns02 ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
17: veth2-ns02@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 2e:c7:b9:d4:a0:77 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.128.9.8/24 scope global veth2-ns02
valid_lft forever preferred_lft forever
inet6 fe80::2cc7:b9ff:fed4:a077/64 scope link
valid_lft forever preferred_lft forever
测试两个命名空间的网络互通:
[root@controller ~]# ip netns exec ns01 ping -c 4 172.128.9.8
PING 172.128.9.8 (172.128.9.8) 56(84) bytes of data.
64 bytes from 172.128.9.8: icmp_seq=1 ttl=64 time=0.138 ms
64 bytes from 172.128.9.8: icmp_seq=2 ttl=64 time=0.109 ms
64 bytes from 172.128.9.8: icmp_seq=3 ttl=64 time=0.088 ms
64 bytes from 172.128.9.8: icmp_seq=4 ttl=64 time=0.122 ms
--- 172.128.9.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3001ms
rtt min/avg/max/mdev = 0.088/0.114/0.138/0.019 ms
[root@controller ~]# ip netns exec ns02 ping -c 4 172.128.9.7
PING 172.128.9.7 (172.128.9.7) 56(84) bytes of data.
64 bytes from 172.128.9.7: icmp_seq=1 ttl=64 time=0.103 ms
64 bytes from 172.128.9.7: icmp_seq=2 ttl=64 time=0.126 ms
64 bytes from 172.128.9.7: icmp_seq=3 ttl=64 time=0.122 ms
64 bytes from 172.128.9.7: icmp_seq=4 ttl=64 time=0.120 ms
--- 172.128.9.7 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2998ms
rtt min/avg/max/mdev = 0.103/0.117/0.126/0.015 msLinux逻辑卷的使用
使用CentOS7.9 镜像创建一台云主机,安装LVM逻辑卷软件包,使用LVM创建一个卷组bk_volumes, 在卷组bk_volumes上创建逻辑卷500MB的逻辑卷bk_lvms;然后使用ext4文件系统格式该逻辑卷。
[root@localhost ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 200G 0 disk
├─sda1 8:1 0 1G 0 part /boot
└─sda2 8:2 0 199G 0 part
├─centos-root 253:0 0 50G 0 lvm /
├─centos-swap 253:1 0 7.9G 0 lvm [SWAP]
└─centos-home 253:2 0 141.1G 0 lvm /home
sdb 8:16 0 20G 0 disk
sr0 11:0 1 4.4G 0 rom
[root@localhost ~]# pvcreate /dev/sdb
Physical volume "/dev/sdb" successfully created.
[root@localhost ~]# pvdisplay /dev/sdb
--- Physical volume ---
PV Name /dev/sdb
VG Name bk_volumes
PV Size 20.00 GiB / not usable 4.00 MiB
Allocatable yes
PE Size 4.00 MiB
Total PE 5119
Free PE 4994
Allocated PE 125
PV UUID AXwgRq-oIvj-VuJf-Srer-bC9w-1mTa-sMQ5gf
[root@localhost ~]# vgcreate bk_volumes /dev/sdb
Volume group "bk_volumes" successfully created
[root@localhost ~]# vgdisplay bk_volumes
--- Volume group ---
VG Name bk_volumes
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 2
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 1
Open LV 0
Max PV 0
Cur PV 1
Act PV 1
VG Size <20.00 GiB
PE Size 4.00 MiB
Total PE 5119
Alloc PE / Size 125 / 500.00 MiB
Free PE / Size 4994 / <19.51 GiB
VG UUID EvTqne-Zte2-rcbn-ootd-Csx1-4Ja6-A0SgNt
[root@localhost ~]# lvcreate -L 500M -n bk_lvms bk_volumes
Logical volume "bk_lvms" created.
[root@localhost ~]# lvdisplay /dev/bk_volumes/bk_lvms
--- Logical volume ---
LV Path /dev/bk_volumes/bk_lvms
LV Name bk_lvms
VG Name bk_volumes
LV UUID dwIgkm-7ibH-bLhW-8POk-aUlz-pQeX-rR23V7
LV Write Access read/write
LV Creation host, time localhost.localdomain, 2024-05-19 16:37:25 -0400
LV Status available
# open 0
LV Size 500.00 MiB
Current LE 125
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 8192
Block device 253:3
[root@localhost ~]# mkfs.ext4 /dev/bk_volumes/bk_lvms
mke2fs 1.42.9 (28-Dec-2013)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
Stride=0 blocks, Stripe width=0 blocks
128016 inodes, 512000 blocks
25600 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=34078720
63 block groups
8192 blocks per group, 8192 fragments per group
2032 inodes per group
Superblock backups stored on blocks:
8193, 24577, 40961, 57345, 73729, 204801, 221185, 401409
Allocating group tables: done
Writing inode tables: done
Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information: done
[root@localhost ~]# blkid /dev/bk_volumes/bk_lvms
/dev/bk_volumes/bk_lvms: UUID="dc9e83cd-1b54-45cc-8bc7-b5fd3bd14791" TYPE="ext4"
额外
挂载
mkdir /mnt/bk_lvms
mount /dev/bk_volumes/bk_lvms /mnt/bk_lvms
自动挂载
echo '/dev/bk_volumes/bk_lvms /mnt/bk_lvms ext4 defaults 0 0' >> /etc/fstabMinio分布式文件系统部署
使用提供的OpenStack云平台,申请一台云主机,使用提供的软件包安装部署MINIO服务并使用 systemctl管理。 使用提供的OpenStack云平台,申请一台CentOS7.9系统的云主机,使用提供的软件包,在这台云主机上 安装部署MINIO服务,部署完毕后,添加MINIO服务到系统,即该服务可以使用systemctl管理。最后启动MINIO服务并使用。
[root@localhost ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
tar -xf minio.tar.gz -C /opt/
cd /opt/
chmod +x minio
mv minio /usr/local/bin/
vi /usr/lib/systemd/system/minio.service
[Unit]
Description=MinIO
Documentation=https://minio.org.cn/docs/minio/linux/index.html
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/usr/local/bin/minio
[Service]
WorkingDirectory=/usr/local
User=minio-user
Group=minio-user
#ProtectProc=invisible #这个参数
EnvironmentFile=-/etc/default/minio
ExecStartPre=/bin/bash -c "if [ -z \"${MINIO_VOLUMES}\" ]; then echo \"Variable MINIO_VOLUMES not set in /etc/default/minio\"; exit 1; fi"
ExecStart=/usr/local/bin/minio server $MINIO_OPTS $MINIO_VOLUMES
# MinIO RELEASE.2023-05-04T21-44-30Z adds support for Type=notify (https://www.freedesktop.org/software/systemd/man/systemd.service.html#Type=)
# This may improve systemctl setups where other services use `After=minio.server`
# Uncomment the line to enable the functionality
# Type=notify
# Let systemd restart this service always
Restart=always
# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65536
# Specifies the maximum number of threads this process can create
TasksMax=infinity
# Disable timeout logic and wait until process is stopped
TimeoutStopSec=infinity
SendSIGKILL=no
[Install]
WantedBy=multi-user.target
# Built for ${project.name}-${project.version} (${project.name})
mkdir -p /mnt/data
groupadd -r minio-user
useradd -M -r -g minio-user minio-user
chown minio-user:minio-user /mnt/data
mkdir -p /etc/default
vi /etc/default/minio
# MINIO_ROOT_USER and MINIO_ROOT_PASSWORD sets the root account for the MinIO server.
# This user has unrestricted permissions to perform S3 and administrative API operations on any resource in the deployment.
# Omit to use the default values 'minioadmin:minioadmin'.
# MinIO recommends setting non-default values as a best practice, regardless of environment
MINIO_ROOT_USER=myminioadmin
MINIO_ROOT_PASSWORD=minio-secret-key-change-me
# MINIO_VOLUMES sets the storage volume or path to use for the MinIO server.
MINIO_VOLUMES="/mnt/data"
# MINIO_OPTS sets any additional commandline options to pass to the MinIO server.
# 例如, `--console-address :9001` sets the MinIO Console listen port
MINIO_OPTS="--console-address :9001"
# MINIO_SERVER_URL sets the hostname of the local machine for use with the MinIO Server
# MinIO assumes your network control plane can correctly resolve this hostname to the local machine
# Uncomment the following line and replace the value with the correct hostname for the local machine and port for the MinIO server (9000 by default).
#MINIO_SERVER_URL="http://minio.example.net:9000"
source /etc/default/minio
sudo systemctl start minio.service
sudo systemctl status minio.service
journalctl -f -u minio.service
[root@localhost ~]# mc alias set myminio http://localhost:9000 myminioadmin minio-secret-key-change-me
Added `myminio` successfully.
[root@localhost ~]# mc admin info myminio
● localhost:9000
Uptime: 13 minutes
Version: 2022-05-08T23:50:31Z
三.私有云运维开发
实现镜像管理
编写Python代码,实现OpenStack镜像增删查改。 在controller节点的/root目录下创建create_image.py文件,编写python代码对接OpenStack API,完成镜像的上传与查询。 (1)创建镜像:要求在OpenStack私有云平台中上传镜像cirros-0.3.4-x86_64-disk.img,名字为pvm_image,disk_format为qcow2,container_format为bare。 (2)查询镜像:查询pvm_image的详细信息,并控制台输出。
import json
import requests
ip = "192.168.10.10"
authUrl = f"http://{ip}:5000/v3/auth/tokens"
authBody = {
"auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "admin",
"password": "000000",
"domain": {
"name": "demo"
}
}
}
},
"scope": {
"project": {
"name": "admin",
"domain": {
"name": "demo"
}
}
}
}
}
header = {
"X-Auth-Token": requests.post(authUrl, json.dumps(authBody)).headers["X-Subject-Token"],
"Content-Type": "application/json"
}
imageUrl = f"http://{ip}:9292/v2/images"
imageBody = {
"name": "pvm_image",
"container_format": "bare",
"disk_format": "qcow2"
}
images = requests.get(imageUrl, headers=header).json()["images"]
for i in images:
if i["name"] == "image_api":
requests.delete(f"{imageUrl}/{i['id']}", headers=header)
image = requests.post(imageUrl, json.dumps(imageBody), headers=header).json()
header["Content-Type"] = "application/octet-stream"
if requests.put(f"{imageUrl}/{image['id']}/file", open("cirros-0.3.4-x86_64-disk.img", "rb").read(), headers=header).ok:
for i in image:
print(f"{i}: {image[i]}")
实现网络创建
编写Python代码,创建OpenStack网络。 在controller节点的/root目录下创建create_network.py文件,编写python代码对接OpenStack API,完成网络的创建。要求: (1)为平台创建内部网络pvm_int,子网名称为pvm_intsubnet; (2)设置云主机网络子网IP网段为192.168.x.0/24 (其中x是考位号),网关为192.168.x.1 (如果存在同名内网,代码中需先进行删除操作)。
import json
import requests
ip = "192.168.10.10"
authUrl = f"http://{ip}:5000/v3/auth/tokens"
authBody = {
"auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "admin",
"password": "000000",
"domain": {
"name": "demo"
}
}
}
},
"scope": {
"project": {
"name": "admin",
"domain": {
"name": "demo"
}
}
}
}
}
header = {
"X-Auth-Token": requests.post(authUrl, json.dumps(authBody)).headers["X-Subject-Token"],
"Content-TYpe": "application/json"
}
networkUrl = f"http://{ip}:9696/v2.0/networks"
networkBody = {
"network": {
"name": "pvm_int"
}
}
networks = requests.get(networkUrl, headers=header).json()["networks"]
for i in networks:
if i["name"] == "network_api":
requests.delete(f"{networkUrl}/{i['id']}", headers=header)
network = requests.post(networkUrl, json.dumps(networkBody), headers=header).json()["network"]["id"]
print(f"network_id: {network}")
print()
subnetUrl = f"http://{ip}:9696/v2.0/subnets"
subnetBody = {
"subnet": {
"name": "pvm_intsubnet",
"network_id": network,
"ip_version": 4,
"cidr": "192.168.100.0/24",
"gateway_ip": "192.168.100.1"
}
}
subnets = requests.get(subnetUrl, headers=header).json()["subnets"]
for i in subnets:
if i["name"] == "subnet_api":
requests.delete(f"{subnetUrl}/{i['id']}", headers=header)
subnet = requests.post(subnetUrl, json.dumps(subnetBody), headers=header).json()["subnet"]
for i in subnet:
print(f"{i}:{subnet[i]}")
OpenStack命令行管理工具开发
使用已建好的OpenStack Python运维开发环境,在OpenStack Python3.7.3运维开发环境中,使用FastAPI框架和argparse库,服务端口为9046,在/root/onecloud目录下编写onecloud.py文件,基于OpenStack flavor资源封装命令行客户端,代码编写完成后,自行启动该服务。 命令行参数说明要求:位置参数“stack”表示解析器,位置参数“flavor”表示操作类型,动作类型包括“list”“show”“create”“delete”; (1)“list”:查看所有的flavor; (2)“show”:查看flavor的详细信息; (3)“create”:表示创建规格,后续参数有“--name”、“--ram”、“--disk”、“--vcpus”、“--id”;“delete”:
OpenStack 数据库操作开发
使用已建好的OpenStack Python运维开发环境,在/root目录下创建mysql_db_manager.py脚本,基于 python的sqlalchemy库进行数据库的管理,实现对OpenStack内指定服务的MariaDB数据库管理功能, 实现该数据库下创建、删除、数据、插入、更新等操作, OpenStack MariaDB数据库的账户root、密码000000保存不变:
该表(table)用于描述OpenStack成员信息,表结构如下:
表名称"member",该表有4个字段:
id INTEGER 主键,自动递增;
name VARCHAR(256);level INTEGER;place varchar(256);
(1) mysql_db_manager内部实现DM_Manager类,类初始化方法def init(self, db_name),参数 db_name是OpenStack内部指定的某一服务数据库名称。
(2) DM_Manager类实现create_table(self)方法。实现创建表功能,表指member表。
(3) DM_Manager类实现insert_table_data(self,**kwargs)方法。实现表中表数据插入功能,参数 kwargs参数为要插入数据记录信息, key与表字段名称一致。
(4) DM_Manager类实现update_table_data(self,**kwargs)方法。实现表中数据记录更新功能,参数 kwargs参数为要更新数据记录信息, key与表字段名称一致。
(5) DM_Manager类实现run_table_raw_sql(self, raw_sql:str): 方法,无参数。实现表中直接执行sql语 句功能, raw_sql参数为sql语句。
(6) DM_Manager类实现delete_table(self)方法。实现删除表功能,表指member表。
Ansible部署zabbix服务
编写Ansible脚本,部署zabbix服务。(*重点镜像使用1804非2009,否则会出现大量依赖问题)
使用赛项提供的OpenStack私有云平台,创建2台系统为centos7.5的云主机,其中一台作为Ansible的母机并命名为ansible,另一台云主机命名为node,通过http服务中的ansible.tar.gz软件包在ansible节点安装Ansible服务;并用这台母机,补全Ansible脚本(在HTTP中下载install_zabbix.tar.gz并解压到/root 目录下),补全Ansible脚本使得执行install_zabbix.yaml可以在node节点上完成zabbix服务的安装。
[root@localhost ~]# hostnamectl set-hostname ansible
[root@localhost ~]# bash
[root@ansible ~]#
[root@localhost ~]# hostnamectl set-hostname node
[root@localhost ~]# bash
[root@node ~]#
[root@ansible ~]# systemctl disable firewalld --now
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@ansible ~]# echo -e "192.168.10.10 ansible\n192.168.10.20 node" >> /etc/hosts
[root@ansible ~]#
[root@node ~]# echo -e "192.168.10.10 ansible\n192.168.10.20 node" >> /etc/hosts
[root@node ~]#
[root@ansible ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:kLCtPBK4WEWtiHlbynlB4o/lg5dAtgKmIEUEoGVSSio root@ansible
The key's randomart image is:
+---[RSA 2048]----+
|=BB.+. |
|BB+..+.. |
|E*o=..+ |
|Bo*o=. . |
|o+.%+o S |
| B.B. |
| o . |
| |
| |
+----[SHA256]-----+
[root@ansible ~]#
[root@ansible ~]# ssh-copy-id ansible
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'ansible (192.168.10.10)' can't be established.
ECDSA key fingerprint is SHA256:XJRJA7l3+EPjoqdVL1YcVB4dXWfI6REd9NtA+03Qpbk.
ECDSA key fingerprint is MD5:d6:15:18:c4:a9:5f:03:ca:9c:0c:80:cd:c4:9d:78:48.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@ansible's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'ansible'"
and check to make sure that only the key(s) you wanted were added.
[root@ansible ~]# ssh-copy-id node
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'node (192.168.10.20)' can't be established.
ECDSA key fingerprint is SHA256:h7mlxxAkTQwdomWe+35lb5kVnP2B9xdzSTpklVasDVA.
ECDSA key fingerprint is MD5:b1:cb:95:82:4c:74:98:c5:2f:9f:3e:ba:ad:f0:4b:93.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'node'"
and check to make sure that only the key(s) you wanted were added.
[root@ansible ~]# tar -xf ansible.tar.gz -C /opt/
[root@ansible ~]# mount -O loop CentOS-7-x86_64-DVD-2009.iso /mnt/
mount: /dev/loop0 is write-protected, mounting read-only
[root@ansible ~]# mkdir /opt/centos
[root@ansible ~]# cp -rf /mnt/* /opt/centos/
[root@ansible ~]# umount /mnt/
[root@ansible ~]# tar -xf install_zabbix.tar.gz
[root@ansible ~]# tar -xf install_zabbix/roles/zabbix/files/zabbix.tar.gz -C /opt/
[root@ansible ~]# mkdir yum
[root@ansible ~]# mv /etc/yum.repos.d/* yum/
[root@ansible ~]# vi /etc/yum.repos.d/local.repo
[ansible]
name=ansible
baseurl=file:///opt/ansible
gpgcheck=0
enabled=1
[zabbix]
name=zabbix
baseurl=file:///opt/zabbix
gpgcheck=0
enabled=1
[centos]
name=centos
baseurl=file:///opt/centos
gpgcheck=0
enabled=1
[root@ansible ~]# yum repolist
Loaded plugins: fastestmirror
Determining fastest mirrors
ansible | 2.9 kB 00:00
centos | 3.6 kB 00:00
zabbix | 2.9 kB 00:00
(1/4): centos/group_gz | 153 kB 00:00
(2/4): ansible/primary_db | 13 kB 00:00
(3/4): centos/primary_db | 3.3 MB 00:00
(4/4): zabbix/primary_db | 54 kB 00:00
repo id repo name status
ansible ansible 22
centos centos 4,070
zabbix zabbix 65
repolist: 4,157
[root@controller ~]# yum -y install ansible
[root@controller ~]# ansible --version
ansible 2.9.10
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Nov 16 2020, 22:23:17) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
[root@controller ~]# vim /etc/ansible/hosts
[ansible]
192.168.10.10
192.168.10.20
[master]
192.168.10.10
[node]
192.168.10.20
[root@controller ~]# ansible all -m ping
192.168.10.20 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.10.10 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@ansible ~]# yum -y install vsftpd
[root@ansible ~]# echo "anon_root=/opt" >> /etc/vsftpd/vsftpd.conf
[root@ansible ~]# systemctl enable vsftpd --now
Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.
[root@ansible ~]# vi install_zabbix/group_vars/all
DB_PASS: '000000'
DB_HOST: localhost
[root@ansible ~]# vi install_zabbix/roles/zabbix/files/yum.repo
[zabbix]
name=zabbix
baseurl=ftp://ansible/zabbix
gpgcheck=0
enabled=1
[root@ansible ~]# vi install_zabbix/roles/zabbix/tasks/main.yaml
# 见下方
[root@ansible ~]# vi install_zabbix/install_zabbix.yaml
---
- hosts: node #看这需不需要改
remote_user: root
roles:
- zabbix
[root@ansible ~]# vi install_zabbix/roles/zabbix/templates/zabbix_server.conf.j2
DBName=zabbix
DBHost= {{ DB_HOST }}
DBPassword=zabbix
DBSocket=/var/lib/mysql/mysql.sock
# 直接运行 测试大概率报错
[root@ansible install_zabbix]# ansible-playbook install_zabbix.yaml[root@ansible ~]# vi install_zabbix/roles/zabbix/tasks/main.yaml
---
- name: selinux config
shell: "{{item}}"
with_items:
- sed -i "s/^SELINUX=.*/SELINUX=disabled/g" /etc/selinux/config
- name: Selinux Config Setenforce
shell: getenforce
register: info
ignore_errors: yes
- debug:
var: info
- name: when_Selinux
shell: setenforce 0
when: info.stdout is defined and info.stdout == 'Enforcing'
# when: info.stdout == 'Enforcing'
- name: firewalld
shell: systemctl stop firewalld && systemctl disable firewalld
ignore_errors: yes
- name: mv yum config
shell: mv /etc/yum.repos.d/* /media/
ignore_errors: yes
- name: copy repo
copy: src=yum.repo dest=/etc/yum.repos.d/yum.repo
- name: Copy Repo Tar
copy: src=zabbix.tar.gz dest=/opt/
- name: Decompression Package
shell: tar -zxvf /opt/zabbix.tar.gz -C /opt
- name: Yum Install httpd
yum:
name:
- httpd
state: present
- name: Start Service
systemd:
name: httpd
state: restarted
enabled: yes
- name: Install Mariadb
yum:
name:
- mariadb-server
- mariadb
state: present
- name: Start Service
systemd:
name: mariadb
state: restarted
enabled: yes
- name: Config Mariadb User
shell: mysqladmin -uroot password {{ DB_PASS }}
ignore_errors: yes
- name: Mariadb Create zabbix
shell: mysql -uroot -p{{ DB_PASS }} -e "create database zabbix character set utf8 collate utf8_bin;"
ignore_errors: yes
- name: privileages mariadb
shell: "{{ item }}"
with_items:
- mysql -uroot -p{{ DB_PASS }} -e "grant all privileges on zabbix.* to zabbix@localhost identified by '000000';"
- mysql -uroot -p{{ DB_PASS }} -e "grant all privileges on zabbix.* to zabbix@localhost identified by '000000';"
- name: Install zabbix
yum:
name:
- zabbix-agent
- zabbix-server
- zabbix-server-mysql
- zabbix-web-mysql
state: present
- name: sql config mariadb
shell: chdir=/usr/share/doc/zabbix-server-mysql-3.4.15/ zcat create.sql.gz |mysql -uroot -p{{ DB_PASS }} zabbix
ignore_errors: yes
- name: Php Timezone
shell: "{{item}}"
with_items:
- sed -i "s/^;date.timezone.*/;date.timezone=RPC/g" /etc/php.ini
- sed -i "s/#\ php_value/php_value/g" /etc/httpd/conf.d/zabbix.conf
- sed -i "s/date.timezone.*/date.timezone Asia\/Shanghai/g" /etc/httpd/conf.d/zabbix.conf
- name: Config zabbix_server.conf
template: src=zabbix_server.conf.j2 dest=/etc/zabbix/zabbix_server.conf
- name: Restart Httpd And zabbix-server
systemd:
name: "{{item}}"
state: restarted
enabled: yes
with_items:
- httpd
- zabbix-server
