任务一、IaaS云平台搭建(15分)
修改云平台IaaS各节点的系统配置,按云平台搭建步骤逐步安装,并完成相应的答题。
1.操作系统环境配置(1分)
按以下要求设置主机名、防火墙及SELinux:
(1)设置控制节点主机名为controller,计算节点主机名为compute;
(2)关闭控制节点和计算节点的防火墙,设置开机不启动;
(3)设置控制节点和计算节点的SELinux为Permissive模式;
(4)退出SecureCRT,重新通过ssh连接各节点服务器;
使用命令查询控制节点和计算节点的主机名、防火墙是否处于关闭状态及SELinux的状态。以文本形式依次将命令行及查询信息提交到答题框。
[root@controller ~]# hostnamectl set-hostname controller/compute[root@controller ~]# hostnamecontroller[root@compute ~]# hostnamecompute[root@controller ~]#systemctl stop firewalld//停止防火墙[root@controller ~]#systemctl disable firewalld//禁止开机自启=永久关闭防火墙[root@controller ~]#systemctl status firewalld//查看防火墙状态● firewalld.service - firewalld - dynamic firewall daemonLoaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)Active: inactive (dead)Docs: man:firewalld(1)[root@controller ~]# setenforce 0[root@controller ~]# getenforce //查看selinux的状态Permissive
2.上传镜像源并挂载(1分)
将提供的 CentOS-7-x86_64-DVD-1804.iso 和 chinaskill_cloud_iaas.iso光盘镜像上传到 controller 节点/root 目录下,然后在/opt 目录下分别创建centos目录和 OpenStack 目录,并将镜像文件 CentOS-7-x86_64-DVD-1804.iso 挂载到centos目录下,将镜像文件 chinaskill_cloud_iaas.iso 挂载到OpenStack 目录下;使用df命令查看挂载的信息(需显示挂载的文件系统类型)。依次将操作命令及执行结果以文本形式提交到答题框。
[root@controller ~]# mkdir /opt/{centos,openstack}//同时创建两个目录[root@controller ~]# mount -o loop CentOS-7-x86_64-DVD-1511.iso /opt/centos/ //挂载镜像到centos目录mount: /dev/loop0 is write-protected, mounting read-only//显示只读挂载成功[root@controller ~]# mount -o loop XianDian-IaaS-v2.2.iso /opt/openstack/mount: /dev/loop1 is write-protected, mounting read-only[root@controller ~]# df -Th//查看挂载的详情信息FilesystemTypeSize Used Avail Use% Mounted on/dev/vda1xfs 50G 7.6G 43G 16% /devtmpfs devtmpfs 984M0 984M 0% /devtmpfstmpfs 1001M0 1001M 0% /dev/shmtmpfstmpfs 1001M 17M 985M 2% /runtmpfstmpfs 1001M0 1001M 0% /sys/fs/cgroup/dev/loop0iso9660 4.1G 4.1G0 100% /opt/centos/dev/loop1iso9660 2.7G 2.7G0 100% /opt/openstack
3.配置本地以及远程yum源(1分)
配置控制节点本地yum源文件local.repo,搭建ftp服务并配置根目录为指向存放yum源的路径;配置计算节点yum源文件ftp.repo,使用控制节点ftp服务作为yum源,其中节点的地址以主机名表示;使用cat命令查看控制节点和计算节点的yum源全路径配置文件。依次将操作命令及返回结果以文本形式提交到答题框。
[root@controller ~]# mv /etc/yum.repos.d/* /mnt //移走所有自带yum.repo配置文件 [root@controller ~]# vi /etc/yum.repos.d/local.repo //新建本地yum源配置文件 compute节点同理 名称改为ftp.repo即可[root@controller ~]# cat /etc/yum.repos.d/local.repo[centos]name=centosbaseurl=file:///opt/centosenabled=1gpgcheck=0[iaas]name=iaasbaseurl=file:///opt/openstack/iaas-repoenabled=1gpgcheck=0[root@controller ~]# yum install vsftpd -y[root@controller ~]# vi /etc/vsftpd/vsftpd.confanon_root=/opt/ //在ftp的配置文件里添加一行 指定匿名用户的根目录在/opt下 [root@controller ~]# systemctl restart vsftpd //在linux系统里,修改完任何服务的配置文件后,想要新配置生效必须重启此服务.[root@controller ~]# systemctl enable vsftpd // 设置开机自启[root@compute ~]# cat /etc/yum.repos.d/ftp.repo[centos]name=centosbaseurl=ftp://controller/centos enabled=1gpgcheck=0[iaas]name=iaasbaseurl=ftp://controller/openstack/iaas-repoenabled=1gpgcheck=0//想要在配置文件里使用主机名去访问 就得在两个节点上配置hosts的主机名映射[root@controller ~]# vi /etc/hosts //两个节点都要是添加添加两行:controller节点IP 192.168.100.10 controllercompute节点IP192.168.100.20 compute
在Compute节点上利用centos目录中的软件包安装httpd服务器并设置开机自启动,提供yum仓库服务,并分别设置controller节点和compute节点的yum源文件http.repo,其中节点的地址使用IP形式。
[root@controller ~]# yum install httpd -y[root@controller ~]# vi /etc/httpd/conf/httpd.conf //修改配置文件 设置个http的访问主页为/opt目录120 DocumentRoot "/opt/"121 122 #123 # Relax access to content within /var/www.124 #125 <Directory "/opt/">126AllowOverride None127# Allow open access:128Require all granted129Options Indexes FollowSymLinks130 </Directory>[root@controller ~]# systemctl restart httpd[root@controller ~]# systemctl enable httpd----------------------------------http.repo文件的写法 controller/compute[centos]name=centosbaseurl=http://192.168.100.10/centosenabled=1gpgcheck=0
在compute节点上利用空白分区划分2个100G分区。
[root@compute ~]# lsblkNAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTsda8:0 0 1T 0 disk├─sda1 8:1 0 1G 0 part /boot└─sda2 8:2 0 266G 0 part├─centos-root 253:0 0 256G 0 lvm /└─centos-swap 253:1 0 10G 0 lvm [SWAP]sr0 11:0 1 4.2G 0 rom [root@compute ~]# fdisk /dev/sdaWelcome to fdisk (util-linux 2.23.2).Changes will remain in memory only, until you decide to write them.Be careful before using the write mand (m for help): nPartition type:p primary (2 primary, 0 extended, 2 free)e extendedSelect (default p): pPartition number (3,4, default 3):First sector (559947776-2147483647, default 559947776):Using default value 559947776Last sector, +sectors or +size{K,M,G} (559947776-2147483647, default 2147483647): +100GPartition 3 of type Linux and of size 100 GiB is setCommand (m for help): nPartition type:p primary (3 primary, 0 extended, 1 free)e extendedSelect (default e): pSelected partition 4First sector (769662976-2147483647, default 769662976):Using default value 769662976Last sector, +sectors or +size{K,M,G} (769662976-2147483647, default 2147483647): +100GPartition 4 of type Linux and of size 100 GiB is setCommand (m for help): pDisk /dev/sda: 1099.5 GB, 1099511627776 bytes, 2147483648 sectorsUnits = sectors of 1 * 512 = 512 bytesSector size (logical/physical): 512 bytes / 512 bytesI/O size (minimum/optimal): 512 bytes / 512 bytesDisk label type: dosDisk identifier: 0x000d4afaDevice BootStart EndBlocks Id System/dev/sda1 * 204820991991048576 83 Linux/dev/sda2 2099200 559947775 278924288 8e Linux LVM/dev/sda3 559947776 769662975 104857600 83 Linux/dev/sda4 769662976 979378175 104857600 83 LinuxCommand (m for help): wThe partition table has been altered!Calling ioctl() to re-read partition table.WARNING: Re-reading the partition table failed with error 16: Device or resource busy.The kernel still uses the old table. The new table will be used atthe next reboot or after you run partprobe(8) or kpartx(8)Syncing disks.[root@compute ~]# partprobe //刷新分区表[root@compute ~]# lsblkNAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTsda8:0 0 1T 0 disk├─sda1 8:1 0 1G 0 part /boot├─sda2 8:2 0 266G 0 part│ ├─centos-root 253:0 0 256G 0 lvm /│ └─centos-swap 253:1 0 10G 0 lvm [SWAP]├─sda3 8:3 0 100G 0 part //新建的两个分区 给后面的cinder服务和swift服务使用└─sda4 8:4 0 100G 0 partsr0 11:0 1 4.2G 0 rom
4.环境变量配置(1分)
在控制节点和计算节点分别安装iaas-xiandian软件包,根据表2完成脚本文件openrc.sh的配置。以文本形式提交脚本文件的内容到答题框中。
[root@controller ~]# yum install iaas-xiandian -y[root@compute ~]# yum install iaas-xiandian -y[root@controller ~]# vi /etc/xiandian/openrc.sh //两个节点都要修改[root@controller ~]# cat /etc/xiandian/openrc.sh // 进入vi编辑后在末行模式下输入 :%s/^#//g 可以删除所有行的第一个#号#--------------------system Config--------------------###Controller Server Manager IP. example:x.x.x.xHOST_IP=172.17.1.10//controller节点nat网卡的ip#Controller HOST Password. example:000000 HOST_PASS=000000#Controller Server hostname. example:controllerHOST_NAME=controller#Compute Node Manager IP. example:x.x.x.xHOST_IP_NODE=172.17.1.20//compute节点nat网卡IP#Compute HOST Password. example:000000 HOST_PASS_NODE=000000#Compute Node hostname. example:computeHOST_NAME_NODE=compute#--------------------Chrony Config-------------------###Controller network segment IP. example:x.x.0.0/16(x.x.x.0/24)network_segment_IP=172.17.1.0/24 //两个节点nat网卡的网段 用于时间同步服务#--------------------Rabbit Config ------------------###user for rabbit. example:openstackRABBIT_USER=openstack#Password for rabbit user .example:000000RABBIT_PASS=000000#--------------------MySQL Config---------------------###Password for MySQL root user . exmaple:000000DB_PASS=000000#--------------------Keystone Config------------------###Password for Keystore admin user. exmaple:000000DOMAIN_NAME=demoADMIN_PASS=000000DEMO_PASS=000000#Password for Mysql keystore user. exmaple:000000KEYSTONE_DBPASS=000000#--------------------Glance Config--------------------###Password for Mysql glance user. exmaple:000000GLANCE_DBPASS=000000#Password for Keystore glance user. exmaple:000000GLANCE_PASS=000000#--------------------Nova Config----------------------###Password for Mysql nova user. exmaple:000000NOVA_DBPASS=000000#Password for Keystore nova user. exmaple:000000NOVA_PASS=000000#--------------------Neturon Config-------------------###Password for Mysql neutron user. exmaple:000000NEUTRON_DBPASS=000000#Password for Keystore neutron user. exmaple:000000NEUTRON_PASS=000000#metadata secret for neutron. exmaple:000000METADATA_SECRET=000000#Tunnel Network Interface. example:x.x.x.xINTERFACE_IP=172.17.1.10//当前节点的内网IP 也就是controller节点的nat网卡IP 在compute节点就是172.17.1.20两个节点的配置文件就这里不一样 其他直接复制即可#External Network Interface. example:eth1INTERFACE_NAME=eth1 //内网网卡=nat网卡#External Network The Physical Adapter. example:providerPhysical_NAME=provider //供应商名称 默认#First Vlan ID in VLAN RANGE for VLAN Network. exmaple:101minvlan=101//VLAN id 默认#Last Vlan ID in VLAN RANGE for VLAN Network. example:200maxvlan=200//VLAN id 默认#--------------------Cinder Config--------------------###Password for Mysql cinder user. exmaple:000000CINDER_DBPASS=000000#Password for Keystore cinder user. exmaple:000000CINDER_PASS=000000#Cinder Block Disk. example:md126p3BLOCK_DISK=vda3 //compute节点分好的区 用于cinder块存储 具体区你们的compute节点上查看 查看分区命令:lsblk#--------------------Swift Config---------------------###Password for Keystore swift user. exmaple:000000SWIFT_PASS=000000#The NODE Object Disk for Swift. example:md126p4.OBJECT_DISK=vda4//compute节点分好的区 用于swift对象存储 具体区你们的compute节点上查看 查看分区命令:lsblk#The NODE IP for Swift Storage Network. example:x.x.x.x.STORAGE_LOCAL_NET_IP=172.17.1.20//swift服务运行的节点 compute节点的ip#--------------------Heat Config----------------------###Password for Mysql heat user. exmaple:000000HEAT_DBPASS=000000#Password for Keystore heat user. exmaple:000000HEAT_PASS=000000#--------------------Zun Config-----------------------###Password for Mysql Zun user. exmaple:000000ZUN_DBPASS=000000#Password for Keystore Zun user. exmaple:000000ZUN_PASS=000000#Password for Mysql Kuryr user. exmaple:000000KURYR_DBPASS=000000#Password for Keystore Kuryr user. exmaple:000000KURYR_PASS=000000#--------------------Ceilometer Config----------------###Password for Gnocchi ceilometer user. exmaple:000000CEILOMETER_DBPASS=000000#Password for Keystore ceilometer user. exmaple:000000CEILOMETER_PASS=000000#--------------------AODH Config----------------###Password for Mysql AODH user. exmaple:000000AODH_DBPASS=000000#Password for Keystore AODH user. exmaple:000000AODH_PASS=000000#--------------------Barbican Config----------------###Password for Mysql Barbican user. exmaple:000000BARBICAN_DBPASS=000000#Password for Keystore Barbican user. exmaple:000000BARBICAN_PASS=000000[root@controller ~]# source /etc/xiandian/openrc.sh //加载环境变量
5.数据库安装(2分)
使用脚本安装数据库服务,进入数据库。
(1)创建本地用户examuser,密码为000000;
(2)查询mysql数据库中的user表的host,user,password字段;
(3)赋予这个用户对所有数据库拥有“查询”“删除”“更新”“创建”的本地权限。 依次将操作命令和返回结果以文本形式提交到答题框。
[root@controller ~]# iaas-pre-host.sh //两个节点在跑脚本之前一定要先安装初始化的脚本[root@controller ~]# iaas-install-mysql.sh[root@controller ~]# mysql -uroot -p000000 //登录数据库[MariaDB [(none)]> insert into mysql.user(host,user,Password) values("localhost","examuser",Password("000000"));Query OK, 1 row affected, 4 warnings (0.00 sec)MariaDB [(none)]> use mysqlReading table information for completion of table and column namesYou can turn off this feature to get a quicker startup with -ADatabase changedMariaDB [mysql]> select host,user,password from user;+-----------+----------+-------------------------------------------+| host| user| password |+-----------+----------+-------------------------------------------+| localhost | root| *032197AE5731D4664921A6CCAC7CFCE6A0698693 || xiandian | root| *032197AE5731D4664921A6CCAC7CFCE6A0698693 || 127.0.0.1 | root| *032197AE5731D4664921A6CCAC7CFCE6A0698693 || ::1 | root| *032197AE5731D4664921A6CCAC7CFCE6A0698693 || localhost | keystone | *032197AE5731D4664921A6CCAC7CFCE6A0698693 || % | keystone | *032197AE5731D4664921A6CCAC7CFCE6A0698693 || localhost | glance | *032197AE5731D4664921A6CCAC7CFCE6A0698693 || % | glance | *032197AE5731D4664921A6CCAC7CFCE6A0698693 || localhost | nova| *032197AE5731D4664921A6CCAC7CFCE6A0698693 || % | nova| *032197AE5731D4664921A6CCAC7CFCE6A0698693 || localhost | neutron | *032197AE5731D4664921A6CCAC7CFCE6A0698693 || % | neutron | *032197AE5731D4664921A6CCAC7CFCE6A0698693 || localhost | cinder | *032197AE5731D4664921A6CCAC7CFCE6A0698693 || % | cinder | *032197AE5731D4664921A6CCAC7CFCE6A0698693 || localhost | heat| *032197AE5731D4664921A6CCAC7CFCE6A0698693 || % | heat| *032197AE5731D4664921A6CCAC7CFCE6A0698693 || localhost | aodh| *032197AE5731D4664921A6CCAC7CFCE6A0698693 || % | aodh| *032197AE5731D4664921A6CCAC7CFCE6A0698693 || localhost | examuser | *032197AE5731D4664921A6CCAC7CFCE6A0698693 |+-----------+----------+-------------------------------------------+19 rows in set (0.00 sec)MariaDB [mysql]> grant select,delete,update,create on *.* to examuser@"localhost" identified by "000000";Query OK, 0 rows affected (0.01 sec)MariaDB [mysql]> flush privileges; //刷新权限MariaDB [mysql]> exit
6.keystone安装(2分)
使用脚本安装keystone服务,创建用户testuser,密码为xiandian,将testuser用户分配给admin项目,赋予用户admin的权限。依次将操作命令和查询结果以文本形式提交到答题框。
[root@controller ~]# iaas-install-keystone.sh[root@controller ~]# source /etc/keystone/admin-openrc.sh //加载keystone的环境变量[root@controller ~]# openstack user create --domain demo --password xiandian testuser+-----------+----------------------------------+| Field| Value |+-----------+----------------------------------+| domain_id | 5a486c51bc8e4dffa4a181f6c54e0938 || enabled | True || id | ec6d67cdb3ac4b3ca827587c14be0a3e || name| testuser|+-----------+----------------------------------+[root@controller ~]# openstack role add --project admin --user testuser admin
7.glance安装(2分)
使用脚本安装glance服务。使用CentOS_6.5_x86_64_XD.qcow2文件创建名为examimage的镜像;使用openstack命令查看镜像列表;设置该镜像的标签为lastone,查询镜像详细信息。依次将操作命令和查询结果以文本形式提交到答题框。
[root@controller ~]# iaas-install-glance.sh[root@controller ~]# glance image-create --name "testone" --disk-format "qcow2" --container-format bare --progress < /root/CentOS_6.5_x86_64_XD.qcow2 [=============================>] 100%+------------------+--------------------------------------+| Property | Value |+------------------+--------------------------------------+| checksum | 3e565ace16066679ea363dde5411ed25|| container_format | bare || created_at | -01-17T09:01:36Z || disk_format| qcow2 || id| 3bb63ae0-3129-442b-b19f-9f66298132aa || min_disk | 0|| min_ram| 0|| name | examimage || owner | 0ab2dbde4f754b699e22461426cd0774|| protected | False || size | 283181056 || status | active || tags | []|| updated_at | -01-17T09:01:38Z || virtual_size| None || visibility | private|+------------------+--------------------------------------+[root@controller ~]# openstack image list+--------------------------------------+-----------+--------+| ID| Name| Status |+--------------------------------------+-----------+--------+| 3bb63ae0-3129-442b-b19f-9f66298132aa | examimage | active |+--------------------------------------+-----------+--------+[root@controller ~]# openstack image set examimage --tag lastone[root@controller ~]# openstack image show examimage+------------------+------------------------------------------------------+| Field | Value |+------------------+------------------------------------------------------+| checksum | 3e565ace16066679ea363dde5411ed25 || container_format | bare || created_at | -01-17T09:01:36Z || disk_format| qcow2 || file | /v2/images/3bb63ae0-3129-442b-b19f-9f66298132aa/file || id| 3bb63ae0-3129-442b-b19f-9f66298132aa || min_disk | 0 || min_ram| 0 || name | examimage || owner | 0ab2dbde4f754b699e22461426cd0774 || protected | False || schema | /v2/schemas/image|| size | 283181056 || status | active || tags | lastone|| updated_at | -01-18T01:15:18Z || virtual_size| None || visibility | private|+------------------+------------------------------------------------------+
8.nova管理(2分)
使用脚本安装nova服务,通过nova的相关命令创建名为exam,ID为1234,内存为1024M,硬盘为20G,虚拟内核数量为2的云主机类型,查看exam的详细信息。依次将操作命令及返回结果以文本形式提交到答题框。
[root@controller ~]# iaas-install-nova-controller.sh /iaas-install-nova-compute.sh nova服务是两个节点都要安装[root@xiandian ~]# nova flavor-create exam 1234 1024 20 2+------+------+-----------+------+-----------+------+-------+-------------+-----------+| ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |+------+------+-----------+------+-----------+------+-------+-------------+-----------+| 1234 | exam | 1024| 20 | 0 || 2| 1.0 | True|+------+------+-----------+------+-----------+------+-------+-------------+-----------+[root@xiandian ~]# nova flavor-show 1234+----------------------------+-------+| Property | Value |+----------------------------+-------+| OS-FLV-DISABLED:disabled | False || OS-FLV-EXT-DATA:ephemeral | 0|| disk | 20 || extra_specs| {} || id| 1234 || name | exam || os-flavor-access:is_public | True || ram | 1024 || rxtx_factor| 1.0 || swap | || vcpus | 2|+----------------------------+-------+
9.网络创建(2分)
使用脚本安装neutron服务,并配置为GRE网络:
(1)创建云主机外部网络为ext-net,子网为ext-subnet,虚拟机浮动IP网段为192.168.200.0/24,网关为192.168.200.1;
(2)创建云主机隧道网络int-net1,子网为int-subnet1,虚拟机子网IP网段为10.0.0.0/24,网关为10.0.0.1;
(3)创建云主机隧道网络int-net2,子网为int-subnet2,虚拟机子网IP网段为10.0.1.0/24,网关为10.0.1.1;
(4)添加名为ext-router的路由器,配置路由接口地址,完成隧道网络int-net1和外部网络ext-net的连通。
使用neutron相关命令查询子网的列表信息,并查看int-subnet1的详细信息。依次将操作命令和查询结果以文本形式提交到答题框。
[root@controller ~]# iaas-install-neutron-controller.sh/iaas-install-neutron-compute.sh neutron服务也是双节点[root@controller ~]# openstack network create --share --external \--provider-physical-network provider \--provider-network-type vlan \--provider-segment 1120 extnet //vlanid 根据自己的情况来设置[root@controller ~]# openstack subnet create --network extnet \--allocation-pool start=192.168.200.2,end=192.168.200.254 \--dns-nameserver 1.2.4.8 --gateway 192.168.200.1 \--subnet-range 192.168.200.0/24 extsubnet---------------------------------------------------------------------------------------------- [root@controller ~]# openstack network create --share \intnet1[root@controller ~]# openstack subnet create --network intnet1 \--allocation-pool start=10.10.0.2,end=10.10.0.254 \--dns-nameserver 1.2.4.8 --gateway 10.10.1.1 \--subnet-range 10.10.0.0/24 intsubnet1---------------------------------------------------------------------------------------- [root@controller ~]# openstack network create --share \intnet2[root@controller ~]# openstack subnet create --network intnet2 \--allocation-pool start=10.10.1.2,end=10.10.1.254 \--dns-nameserver 1.2.4.8 --gateway 10.10.1.1 \--subnet-range 10.10.1.0/24 intsubnet2路由配置-----------------------------------------------------------------[root@controller ~]# openstack router create ext-router[root@controller ~]# openstack router set \--enable-snat --external-gateway extnet \--fixed-ip subnet=extsubnet ext-router[root@controller ~]# openstack router add subnet ext-router intsubnet1查看------------------------------------------------------------------------------[root@controller ~]# neutron subnet-list[root@controller ~]# neutron subnet-show 6386b9ad-c446-45ae-a947-8a44b580feaf
10.dashboard配置(1分)
使用脚本安装dashboard服务,使用curl命令查询http://192.168.100.10/dashboard。依次将操作命令和查询结果以文本形式提交到答题框。
[root@controller ~]# curl http://192.168.100.10/dashboard/auth/login/
