1818IP-服务器技术教程,云服务器评测推荐,服务器系统排错处理,环境搭建,攻击防护等

当前位置:首页 - Linux系统 - centos - 正文

君子好学,自强不息!

1.准备实验环境

#使用vagrant创建虚拟机,并修改sshd配置
# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.require_version ">= 1.6.0"

boxes = [
    {
        :name => "stack",
        :eth1 => "192.168.1.220",
        :mem => "16384",
        :cpu => "8"
    }
]

Vagrant.configure(2) do |config|

  config.vm.box = "centos7"

  boxes.each do |opts|
      config.vm.define opts[:name] do |config|
        config.vm.hostname = opts[:name]
        config.vm.provider "vmware_fusion" do |v|
          v.vmx["memsize"] = opts[:mem]
          v.vmx["numvcpus"] = opts[:cpu]
        end

        config.vm.provider "virtualbox" do |v|
          v.customize ["modifyvm", :id, "--memory", opts[:mem]]
          v.customize ["modifyvm", :id, "--cpus", opts[:cpu]]
        end

        config.vm.network :public_network, ip: opts[:eth1]
      end
  end
end

#修改ssh配置
[root@stack ~]# grep Password  /etc/ssh/sshd_config
PasswordAuthentication yes

[root@stack ~]# grep PermitRoot /etc/ssh/sshd_config
PermitRootLogin yes
[root@stack ~]#

#关闭selinux,NetwokMnager,firewalld
sed -i 's/enforcing/disabled/g' /etc/selinux/config
systemctl stop firewalld
systemctl disable firewalld
systemctl stop NetworkManager
systemctl disable NetworkManager

#设置hosts
[root@stack ~]# cat /etc/hosts
127.0.0.1	stack	stack
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.220 stack

#配置yum源
[root@stack yum.repos.d]# cat Aliyun-openstack.repo 
[Aliyun-openstack]
name=Aliyun-openstack
baseurl=https://mirrors.aliyun.com/centos/$releasever/cloud/$basearch/openstack-rocky/
gpgcheck=0
enabled=1
cost=88

[Aliyun-qemu-ev]
name=Aliyun-qemu-ev
baseurl=https://mirrors.aliyun.com/centos/$releasever/virt/$basearch/kvm-common/
https://mirrors.aliyun.com/centos
gpgcheck=0
enabled=1
-----------------------------------------------------------------------------------------
[root@stack yum.repos.d]# cat epel.repo 
[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
baseurl=http://mirrors.aliyun.com/epel/7/$basearch
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
 
[epel-debuginfo]
name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
baseurl=http://mirrors.aliyun.com/epel/7/$basearch/debug
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=0
 
[epel-source]
name=Extra Packages for Enterprise Linux 7 - $basearch - Source
baseurl=http://mirrors.aliyun.com/epel/7/SRPMS
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=0
-----------------------------------------------------------------------------------------
[root@stack yum.repos.d]#  cat CentOS-Base.repo 
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the 
# remarked out baseurl= line instead.
#
#
 
[base]
name=CentOS-$releasever - Base - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
 
#released updates 
[updates]
name=CentOS-$releasever - Updates - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
 
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
 
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
gpgcheck=1
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
 
#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/contrib/$basearch/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
gpgcheck=1
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7

2.安装packstack相关软件

#重装leatherman
yum -y remove leatherman\*
yum -y install leatherman-1.3.0\*

#安装packstack
yum -y install openstack-utils
yum -y install openstack-packstack

3.生成并修改packstack应答文件

#生成应答文件
packstack --gen-answer-file=aa.txt

#修改应答文件(若没有ifconfig命令,安装net-tools)
[root@stack ~]# cat preinstall.sh 
#!/bin/bash
#packstack --gen-answer-file=aa.txt
IP=$(ifconfig eth1 | awk '/inet /{print $2}')

sed -i '/^CONFIG_COMPUTE_HOSTS=/cCONFIG_COMPUTE_HOSTS='$IP'' aa.txt
sed -i '/^CONFIG_PROVISION_DEMO=/cCONFIG_PROVISION_DEMO=n' aa.txt
sed -i '/^CONFIG_NEUTRON_ML2_TYPE_DRIVERS=/cCONFIG_NEUTRON_ML2_TYPE_DRIVERS=flat,vxlan' aa.txt
sed -i '/^CONFIG_NEUTRON_ML2_FLAT_NETWORKS=/cCONFIG_NEUTRON_ML2_FLAT_NETWORKS=datacentre' aa.txt
sed -i '/^CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=/cCONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=datacentre:br-ex' aa.txt
#sed -i '/^CONFIG_HEAT_INSTALL=/cCONFIG_HEAT_INSTALL=y' aa.txt
sed -i.bak -r 's/(.+_PW)=[0-9a-z]+/\1=redhat/g' aa.txt
cat <<EOF
	请把下面两句话添加控制节点和计算节点的/etc/hosts
	$IP	$(hostname)	$(hostname -s)
	
	运行下面的命令安装opensteack
	packstack --answer-file=aa.txt
EOF

#ps:若ping不通百度,查看默认路由是否准确

4.安装openstack

packstack --answer-file=aa.txt

5.创建桥接网络

[root@stack ~]# cat postinstall.sh 
#!/bin/bash
IP=$(ifconfig eth1 | awk '/inet /{print $2}')
GW=$(echo $IP | awk -F. '{print $1"."$2"."$3"."2}')
dir="/etc/sysconfig/network-scripts/"
cat > $dir/ifcfg-br-ex <<EOF
DEVICE=br-ex
DEVICETYPE=ovs
TYPE=OVSBridge
BOOTPROTO=none
IPADDR=$IP
NETMASK=255.255.255.0
GATEWAY=$GW
DNS1=$GW
ONBOOT=yes
EOF

cat > $dir/ifcfg-eth1 <<EOF
DEVICE=eth1
DEVICETYPE=ovs
TYPE=OVSPort
ONBOOT=yes
BOOTPROTO=none
OVS_BRIDGE=br-ex
EOF

echo "请执行 systemctl restart network重启网络,且保证网络正常启动"

6.创建实例验证openstack可用性

#创建用户
[root@stack ~(keystone_admin)]# openstack user create --password redhat test
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 1d1941d6b4f94ec8a1219c88ae15ee35 |
| name                | test                             |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

#创建项目
[root@stack ~(keystone_admin)]# openstack project create test
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description |                                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 605b0cf0f33a46f08a27ae953b19ba94 |
| is_domain   | False                            |
| name        | test                             |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+

#用户关联项目(role)
[root@stack ~(keystone_admin)]# openstack role add --user test --project test admin
[root@stack ~(keystone_admin)]# openstack role assignment list --name
+---------------+--------------------+-------+------------------+--------+--------+-----------+
| Role          | User               | Group | Project          | Domain | System | Inherited |
+---------------+--------------------+-------+------------------+--------+--------+-----------+
| admin         | test@Default       |       | test@Default     |        |        | False     |
| admin         | cinder@Default     |       | services@Default |        |        | False     |
| admin         | swift@Default      |       | services@Default |        |        | False     |
| ResellerAdmin | ceilometer@Default |       | services@Default |        |        | False     |
| admin         | ceilometer@Default |       | services@Default |        |        | False     |
| admin         | gnocchi@Default    |       | services@Default |        |        | False     |
| admin         | neutron@Default    |       | services@Default |        |        | False     |
| admin         | aodh@Default       |       | services@Default |        |        | False     |
| admin         | admin@Default      |       | admin@Default    |        |        | False     |
| admin         | placement@Default  |       | services@Default |        |        | False     |
| admin         | glance@Default     |       | services@Default |        |        | False     |
| admin         | nova@Default       |       | services@Default |        |        | False     |
| admin         | admin@Default      |       |                  |        | all    | False     |
+---------------+--------------------+-------+------------------+--------+--------+-----------+

创建桥接网络

#确认桥接网络是否创建,查看网卡配置文件
[root@stack network-scripts(keystone_admin)]# cat ifcfg-eth0 
DEVICE=eth0
DEVICETYPE=ovs
TYPE=OVSPort
ONBOOT=yes
BOOTPROTO=none
OVS_BRIDGE=br-ex
[root@stack network-scripts(keystone_admin)]# cat ifcfg-br-ex 
DEVICE=br-ex
DEVICETYPE=ovs
TYPE=OVSBridge
BOOTPROTO=none
IPADDR=192.168.1.220
NETMASK=255.255.255.0
GATEWAY=192.168.1.2
DNS1=192.168.1.2
ONBOOT=yes

#查看桥接网络
[root@stack network-scripts(keystone_admin)]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP qlen 1000
    link/ether 52:54:00:ca:e4:8b brd ff:ff:ff:ff:ff:ff
    inet6 fe80::5054:ff:feca:e48b/64 scope link 
       valid_lft forever preferred_lft forever
3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 96:ea:82:07:36:81 brd ff:ff:ff:ff:ff:ff
4: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 66:0e:e2:4f:c3:4b brd ff:ff:ff:ff:ff:ff
5: br-ex: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN qlen 1000
    link/ether a6:02:6d:5a:e4:43 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.220/24 brd 192.168.1.255 scope global br-ex
       valid_lft forever preferred_lft forever
    inet6 2408:8256:3885:303a:a402:6dff:fe5a:e443/64 scope global mngtmpaddr dynamic 
       valid_lft 259190sec preferred_lft 172790sec
    inet6 fe80::a402:6dff:fe5a:e443/64 scope link 
       valid_lft forever preferred_lft forever
6: br-tun: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 86:45:49:02:72:40 brd ff:ff:ff:ff:ff:ff

管理员创建外部网络
openstack在centos上安装---单机模式安装的--packstack

登录用户test

创建内部网络后查看拓扑

openstack在centos上安装---单机模式安装的--packstack

#上传镜像
openstack image create "demo" --file cirros-0.3.4-x86_64-disk.img  --disk-format qcow2  --container-format bare  --public 
openstack image list
#创建实例规格
openstack flavor create --disk 1 --vcpus 1 --ram 64 --public --project-domain test s1.tiny
#查看实例前置资源
#查看image
[root@stack ~(keystone_admin)]# openstack image list
+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| cd82f5b8-f531-4a6d-bdec-52bca312b7ff | cirros | active |
| 8c881671-689b-4800-b75c-bedac09ff255 | demo   | active |
+--------------------------------------+--------+--------+

#查看flavor
openstack flavor list
[root@stack ~(keystone_admin)]# openstack flavor list
+--------------------------------------+-----------+-------+------+-----------+-------+-----------+
| ID                                   | Name      |   RAM | Disk | Ephemeral | VCPUs | Is Public |
+--------------------------------------+-----------+-------+------+-----------+-------+-----------+
| 1                                    | m1.tiny   |   512 |    1 |         0 |     1 | True      |
| 2                                    | m1.small  |  2048 |   20 |         0 |     1 | True      |
| 3                                    | m1.medium |  4096 |   40 |         0 |     2 | True      |
| 4                                    | m1.large  |  8192 |   80 |         0 |     4 | True      |
| 5                                    | m1.xlarge | 16384 |  160 |         0 |     8 | True      |
| 945270de-a01a-48ae-bb5e-c43d2cd1d493 | s.tiny    |    64 |    1 |         0 |     1 | True      |
| e60139de-3a24-4bd5-b52c-09eab4a3c457 | s1.small  |   128 |    1 |         0 |     1 | True      |
+--------------------------------------+-----------+-------+------+-----------+-------+-----------+

#可创建
openstack flavor create --disk 1 --vcpus 1 --ram 64 --public --project-domain test s.tiny

#查看安全组
[root@stack ~(keystone_admin)]# openstack security group list
+--------------------------------------+---------+------------------------+----------------------------------+------+
| ID                                   | Name    | Description            | Project                          | Tags |
+--------------------------------------+---------+------------------------+----------------------------------+------+
| 1cb85427-4e56-49e1-bb83-85585bfb6140 | demo-sg |                        | 605b0cf0f33a46f08a27ae953b19ba94 | []   |
| 3d1f1c15-972c-40b7-9d9b-b997cf60c76e | default | Default security group | 605b0cf0f33a46f08a27ae953b19ba94 | []   |
| 8874f333-f086-43ef-8c7e-d50da432c4bf | default | Default security group | df5999672201403aa31fb955f10adde6 | []   |
| 8cc809bb-ce0e-401e-8692-0b831d08b614 | default | Default security group | 7dadee390b244dbbbca03a58a59cfc6c | []   |
| bfbdae01-f499-41c7-a754-34a47a38aad6 | default | Default security group |                                  | []   |
+--------------------------------------+---------+------------------------+----------------------------------+------+

#查看网络
[root@stack ~(keystone_admin)]# openstack network list
+--------------------------------------+---------+--------------------------------------+
| ID                                   | Name    | Subnets                              |
+--------------------------------------+---------+--------------------------------------+
| 331d986e-7b0a-4d2c-acd0-cffe4c64beeb | net-ex  | 69712017-1037-442d-a2c1-d02cdc5b5970 |
| dc7da17a-83ce-4f66-91d9-ec299a6538cc | pub-int | 67f4e13c-14bf-46b8-a82d-5f34580b4de4 |
+--------------------------------------+---------+--------------------------------------+

#创建实例
openstack server create --image demo --flavor s.tiny  --security-group demo-sg --network pub-int  vm01

#分配浮动ip
openstack network list
openstack floating ip create net-ex
openstack floating ip list

#绑定浮动ip
openstack server add floating ip vm01 192.168.1.27 

#浮动ip在路由接口上
[root@stack ~(test_admin)]# ip netns exec qrouter-06593c2e-fa20-44dd-ba37-030b9fa57837 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
11: qg-eb9df27e-52: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN qlen 1000
    link/ether fa:16:3e:15:0b:bb brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.29/24 brd 192.168.1.255 scope global qg-eb9df27e-52
       valid_lft forever preferred_lft forever
    inet 192.168.1.22/32 brd 192.168.1.22 scope global qg-eb9df27e-52
       valid_lft forever preferred_lft forever
    inet 192.168.1.27/32 brd 192.168.1.27 scope global qg-eb9df27e-52
       valid_lft forever preferred_lft forever
    inet6 2408:8256:3885:303a:f816:3eff:fe15:bbb/64 scope global mngtmpaddr dynamic 
       valid_lft 259192sec preferred_lft 172792sec
    inet6 fe80::f816:3eff:fe15:bbb/64 scope link 
       valid_lft forever preferred_lft forever
12: qr-7f7369b9-1c: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN qlen 1000
    link/ether fa:16:3e:84:96:e3 brd ff:ff:ff:ff:ff:ff
    inet 10.0.10.1/24 brd 10.0.10.255 scope global qr-7f7369b9-1c
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe84:96e3/64 scope link 
       valid_lft forever preferred_lft forever

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

packstack –allinone –provision-demo=n –os-neutron-ovs-bridge-mappings=extnet:br-ex –os-neutronml2-type-drivers=vxlan,flat

 

#记录一台单节点物理服务器使用PackStack部署OpenStack-Train版的操作

戴尔R720
系统:centos7.8.2003
cpu型号: E5-2670v2
2C8核32线程
内存 32G
网络环境:
eth0 192.168.100.106 物理外网
eth1 172.16.0.106 私有内网
1
2
3
4
5
6
7
8
#服务器基础优化

echo ‘net.ipv4.ip_forward=1 ‘ >>/etc/sysctl.conf
echo ‘net.ipv4.tcp_tw_recycle=1 ‘ >>/etc/sysctl.conf
echo ‘net.ipv4.tcp_tw_reuse=1 ‘ >>/etc/sysctl.conf
sysctl -p
chmod +x /etc/rc.d/rc.local
yum install -y mlocate lrzsz tree vim nc nmap wget bash-completion bash-completion-extras cowsay sl htop iotop iftop lsof net-tools sysstat unzip bc psmisc ntpdate wc telnet-server bind-utils sshpass
echo ‘localhost 192.168.100.106’ >>/etc/hosts
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i ‘s#SELINUX=enforcing#SELINUX=disabled#g’ /etc/selinux/config
systemctl stop NetworkManager
systemctl disable NetworkManager
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum install -y mlocate lrzsz tree vim nc nmap wget bash-completion bash-completion-extras cowsay sl htop iotop iftop lsof net-tools sysstat unzip bc psmisc ntpdate wc telnet-server bind-utils sshpass
sed -i ‘s#keepcache=0#keepcache=1#g’ /etc/yum.conf
yum clean all
yum makecache
ntpdate ntp1.aliyun.com
echo ‘*/30 * * * * /sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1’ >>/var/spool/cron/root
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#安装train版yum源

yum install centos-release-openstack-train -y
1
#安装openstack-packstack工具用于生成openstack应答文件

yum install openstack-packstack -y
packstack –gen-answer-file=openstack.txt

packstack –allinone  #allinone模式
packstack –gen-answer-file=<file>  #生成部署配置文件
packstack –answer-file=<file>    #选择应答文件
1
2
3
4
5
6
#packstack每个版本的配置文件均有小改动,不要修改错位置
可以详细学习一下配置文件的各个模块的配置参数,可根据自己实际需求更改

[19:57 root@localhost ~]# vim openstack.txt
41行: y-n #SWIFT是OpenStack的对象存储组件,默认是Y,在生产环境中一般是不装,所以改n
50行: y-n #不安装该服务
97行: 10.0.1.120,10.0.1.130 #计算节点ip地址
808 openvswitch
813: physnet1 #flat网络这边要设置物理网卡名字
840 openvswitch #L2网络的代理模式,也可选择linuxbridge
858: physnet1:br-ex #这边要设置物理网卡的名字
869: br-ex:eth0 #这边br-ex:eth0是网络节点的nat网卡,到时候安装完毕之后IP地址会漂到这个上
1181: y-n #DEMO是OpenStack联网下载一个测试镜像,这边没联网。说以改成n
1
2
3
4
5
6
7
8
9
10
##更改密码(123456)

sed -i -r ‘s/(.+_PW)=.+/\1=123456/’ openstack.txt
1
#备份配置文件

egrep -v “^#|^$” openstack.txt >openstack.txt.bak1
1
#查看所有的主机ip地址是否都指定到eth0网卡

[20:01 root@localhost ~]# grep ‘HOST=’ openstack.txt
CONFIG_CONTROLLER_HOST=192.168.100.106
CONFIG_VCENTER_HOST=
CONFIG_STORAGE_HOST=192.168.100.106
CONFIG_SAHARA_HOST=192.168.100.106
CONFIG_AMQP_HOST=192.168.100.106
CONFIG_MARIADB_HOST=192.168.100.106
CONFIG_TEMPEST_HOST=
CONFIG_REDIS_HOST=192.168.100.106
1
2
3
4
5
6
7
8
9
#一键部署单节点

[20:15 root@localhost ~]# packstack –answer-file=openstack.txt
Welcome to the Packstack setup utility

The installation log file is available at: /var/tmp/packstack/20200614-205624-uEmdI2/openstack-setup.log

Installing:
Clean Up [ DONE ]
Discovering ip protocol version [ DONE ]
Setting up ssh keys [ DONE ]
Preparing servers [ DONE ]
Pre installing Puppet and discovering hosts’ details [ DONE ]
Preparing pre-install entries [ DONE ]
Setting up CACERT [ DONE ]
Preparing AMQP entries [ DONE ]
Preparing MariaDB entries [ DONE ]
Fixing Keystone LDAP config parameters to be undef if empty[ DONE ]
Preparing Keystone entries [ DONE ]
Preparing Glance entries [ DONE ]
Checking if the Cinder server has a cinder-volumes vg[ DONE ]
Preparing Cinder entries [ DONE ]
Preparing Nova API entries [ DONE ]
Creating ssh keys for Nova migration [ DONE ]
Gathering ssh host keys for Nova migration [ DONE ]
Preparing Nova Compute entries [ DONE ]
Preparing Nova Scheduler entries [ DONE ]
Preparing Nova VNC Proxy entries [ DONE ]
Preparing OpenStack Network-related Nova entries [ DONE ]
Preparing Nova Common entries [ DONE ]
Preparing Neutron API entries [ DONE ]
Preparing Neutron L3 entries [ DONE ]
Preparing Neutron L2 Agent entries [ DONE ]
Preparing Neutron DHCP Agent entries [ DONE ]
Preparing Neutron Metering Agent entries [ DONE ]
Checking if NetworkManager is enabled and running [ DONE ]
Preparing OpenStack Client entries [ DONE ]
Preparing Horizon entries [ DONE ]
Preparing Gnocchi entries [ DONE ]
Preparing Redis entries [ DONE ]
Preparing Ceilometer entries [ DONE ]
Preparing Puppet manifests [ DONE ]
Copying Puppet modules and manifests [ DONE ]
Applying 192.168.100.106_controller.pp
192.168.100.106_controller.pp: [ DONE ]
Applying 192.168.100.106_network.pp
192.168.100.106_network.pp: [ DONE ]
Applying 192.168.100.106_compute.pp
192.168.100.106_compute.pp: [ DONE ]
Applying Puppet manifests [ DONE ]
Finalizing [ DONE ]

**** Installation completed successfully ******

Additional information:
* Time synchronization installation was skipped. Please note that unsynchronized time on server instances might be problem for some OpenStack components.
* File /root/keystonerc_admin has been created on OpenStack client host 192.168.100.106. To use the command line tools you need to source the file.
* To access the OpenStack Dashboard browse to http://192.168.100.106/dashboard .
Please, find your login credentials stored in the keystonerc_admin in your home directory.
* The installation log file is available at: /var/tmp/packstack/20200614-205624-uEmdI2/openstack-setup.log
* The generated manifests are available at: /var/tmp/packstack/20200614-205624-uEmdI2/manifests
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
#packstack部署禁止了openstack的dashbrard界面对域的支持,需要可打开

vim /etc/openstack-dashboard/local_settings
79 OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
85 OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = ‘Default’
461 TIME_ZONE = “Asia/Shanghai” #配置时区为亚洲上海

systemctl restart httpd.service memcached.service
1
2
3
4
5
6

#故障报错

facter: error while loading shared libraries: leatherman_curl.so.1.3.0: cannot open shared object file: No such file or directory

leatherman rpm包版本问题
[20:06 root@localhost ~/openstack]# yum list | grep leatherman
leatherman.x86_64 1.10.0-1.el7 @epel
leatherman-devel.x86_64 1.10.0-1.el7 epel

而facter需要1.3.0
[20:09 root@localhost ~/openstack]# facter -p
facter: error while loading shared libraries: leatherman_curl.so.1.3.0: cannot open shared object file: No such file or directory

回退leatherman版本
yum downgrade leatherman -y

 

 

packstack --gen-answer-file=answers_default_allin1.txt \
 --allinone --timeout=999999 --default-password=password \
 --provision-demo=n \
 --os-neutron-ovs-bridge-mappings=extnet:br-ex \
 --os-neutron-ovs-bridge-interfaces=br-ex:ens3 \
 --os-neutron-ml2-type-drivers=vxlan,flat \
 --os-neutron-ml2-tenant-network-types=vxlan \
 --os-heat-install=y --os-heat-cfn-install=y \
 --os-magnum-install=y \
 --os-neutron-l2-agent=openvswitch





参照别人的一篇教程在Ubuntu上配置OpenStack,前边进行的都很顺利,当配置到keystone-manage db_sync时,产生如下的错误:

注意看最后一句,Access denied for user ‘keystone’@’10.0.2.15’ (using password: YES)”) None None

访问被拒绝了,然后我试着直接用keystone访问数据库,发现也不行

由此想到可能是我的密码设置错了,然后利用root用户登陆到mysql数据库中使用如下命令:
select host,user from mysql.user;
找出数据库中的所有用户,情况如下:

果然,虽然密码那一列被加密了,但还是能看出keystone设置的密码和root设置的密码是不一样的,因为按照正常情况,我是按照他们的密码相同访问的,所以要把keystone的密码改过来。
使用如下的命令:
grant all privileges on keystone.* to ‘keystone’@’%’ identified by ‘这里写你的密码’;

利用相同的方法把nova和glance的密码也都改过,改好后再次查看:

利用下面的命令刷新一下权限列表:
flush privileges;
然后service mysql restart重启数据库服务,再次执行命令keystone-manage db_sync,没有任何的输出,说明执行正确了。

 

错误1:

bash: line 7: restorecon: command not found

解决办法: yum install policycoreutils2.5-29.el7_6.1.x86_64

错误2:

Error: Package: audit-libs-python-2.8.4-4.el7.x86_64

rpm -aq | grpe audit-libs 发现已经装了高版本

解决办法:

rpm -e audit-2.8.5-4.el7.x86_64

yum downgrade audit-libs-2.8.4-4.el7.x86_64

错误3:

ERROR : Error appeared during Puppet run: 10.70.1.208_controller.pp

Error: Execution of ‘/usr/bin/yum -d 0 -e 0 -y install iptables-services’ returned 1: Error: Package: glibc-2.17-260.el7_6.3.i686 (CTyun-Yum-Updates)

You will find full trace in log /var/tmp/packstack/20200922-141756-fV0nKk/manifests/10.70.1.208_controller.pp.log

解决办法:

yum downgrade glibc-2.17-260.el7_6.3.x86_64 glibc-common-2.17-260.el7_6.3.x86_64 glibc-headers-2.17-260.el7_6.3.x86_64 glibc-devel-2.17-260.el7_6.3.x86_64

 

错误4:

ERROR : Error appeared during Puppet run: 10.70.1.208_controller.pp

Error: Execution of ‘/usr/bin/yum -d 0 -e 0 -y install iptables-services’ returned 1: Error:  Multilib version problems found. This often means that the root

解决办法:

yum downgrade iptables-1.4.21-28.el7.x86_64

错误5:

Parameter CONFIG_NEUTRON_L2_AGENT: You have chosen OVN Neutron backend. Note that this backend does not support the ***aaS or FWaaS services. Geneve will be used as the encapsulation method for tenant networks

解决办法:

修改yum源配置

将mariadb的percona配置的enable改为0,重新yum clean all;yum makecache;yum update

 
openstack在centos上安装---单机模式安装的--packstack
 

错误6:

Error: Execution of ‘/usr/bin/yum -d 0 -e 0 -y install openstack-cinder’ returned 1: Transaction check error:

You will find full trace in log /var/tmp/packstack/20200922-153644-qYYvPO/manifests/10.70.1.208_controller.pp.log

查看后台提示包冲突:

from install of python-paramiko-2.1.1-9.el7.noarch conflicts with file from package python2-paramiko-1.16.1-2.el7.noarch

解决办法:

yum erase python2-paramiko-1.16.1-2.el7.noarch

yum install python-paramiko-2.1.1-9.el7.noarch

错误7:

mError: Execution of ‘/usr/bin/yum -d 0 -e 0 -y install python2-placement’ returned 1: Error: Nothing to do^[[0m

不明白为什么要下载这个包,

http://rpm.pbone.net/index.php3

解决办法:我是下载的1.0.0版本:python2-placement-1.0.0-1.el7.noarch.rpm

然后依次下载或者更新依赖包

错误8:

httpd服务启动失败:python[122833]: ERROR:scss.ast:Function not found: function-exists:1″).

解决办法:搜了下,基本没有找到办法,不过有个说注释了这里就可以启动

vi /usr/lib/systemd/system/httpd.service.d/openstack-dashboard.conf

 
openstack在centos上安装---单机模式安装的--packstack
 

错误9:

httpd启动失败:

Sep 23 16:32:45 controller-node httpd[13551]: (98)Address already in use: AH00072: make_sock: could not bind to address [::]:8778

Sep 23 16:32:45 controller-node httpd[13551]: (98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:8778

解决办法:

1.先禁用ipv6,禁用的方法:https://www.jianshu.com/p/d5d4008d25bb (后来看应该和ipv6没有关系)

2.关闭iptables(之前是关闭过,不知道什么时候又被打开了)

systemctl stop iptables.service

systemctl stop ip6tables.service

systemctl disable iptables.service

systemctl disable ip6tables.service

还是没有解决

然后发现httpd配置下端口配置8778确实存在冲突

 
openstack在centos上安装---单机模式安装的--packstack
 

修改成8779(找一个没有用到的端口)

 
openstack在centos上安装---单机模式安装的--packstack
 

问题最终解决

错误10:

内存不足:

Error: Failed to apply catalog: Cannot allocate memory – fork(2)

You will find full trace in log /var/tmp/packstack/20200924-105039-_v_Tzr/manifests/10.70.1.208_controller.pp.log

Please check log file /var/tmp/packstack/20200924-105039-_v_Tzr/openstack-setup.log for more information

虚机内存只分配了2G。。。重新分配了8G内存解决

错误11:

Error: Failed to apply catalog: Execution of ‘/usr/bin/openstack image list –quiet –format csv –long’ returned 1: Internal Server Error (HTTP 500) (Request-ID: req-922d4682-17e7-4eec-b79c-abc2bdc8e6ce) (tried 26, for a total of 170 seconds)

You will find full trace in log /var/tmp/packstack/20200924-133243-SGGe7X/manifests/10.70.1.208_controller.pp.log

Please check log file /var/tmp/packstack/20200924-133243-SGGe7X/openstack-setup.log for more information

解决办法:

执行了一次这个命令,然后–debug看好戏是keystoneauth时没有通过,然后去glance的api.log查看发现swift有error信息

 
openstack在centos上安装---单机模式安装的--packstack
 

于是把swift关了重新执行

 
openstack在centos上安装---单机模式安装的--packstack
 

但是仍然没有解决,然后直接执行 /usr/bin/openstack –debug image list –quiet –format csv –long报500的内部错误,直接根据请求号再/var/log/glance/api.log去找发现数据库查询时没有数据库表

 
openstack在centos上安装---单机模式安装的--packstack
 

比较奇怪的是发现数据库都有,但是库中没有任何表,简单查找了资料没有找到,直接手动同步算了

keystone-manage db_sync

cinder-manage db sync

glance-manage db sync

nova-manage db sync

然后检查数据库表都有了,再次执行

错误12:

Error: Parameter name failed on Sshkey[ecdsa-sha2-nistp256.controller-node,localhost]: No comma in resourcename allowed. If you want to specify aliases use the host_aliases property (file: /var/tmp/packstack/3b0a36ae5fcb404fac5aad2fb87debcc/manifests/10.70.1.208_compute.pp, line: 13)

You will find full trace in log /var/tmp/packstack/20200924-151356-JXd1hM/manifests/10.70.1.208_compute.pp.log

应该是我的hosts文件配置的问题

x.x.x.x control-node,localhost

其他所有问题参考:https://openstack.redhat.com/Workarounds

错误13:

ERROR : Error appeared during Puppet run: 10.70.1.208_compute.pp

Error: Execution of ‘/usr/bin/yum -d 0 -e 0 -y install openstack-nova-migration’ returned 1: Error: Package: cryptsetup-2.0.3-3.el7.x86_64 (CTyun-Yum-Base)

You will find full trace in log /var/tmp/packstack/20200924-153903-kRHZ3D/manifests/10.70.1.208_compute.pp.log

 
openstack在centos上安装---单机模式安装的--packstack
 

yum downgrade cryptsetup-2.0.3-3.el7.x86_64 cryptsetup-libs-2.0.3-3.el7.x86_64

最后终于完成了

本文来源:1818IP

本文地址:https://www.1818ip.com/post/32891.html

免责声明:本文由用户上传,如有侵权请联系删除!

发表评论

必填

选填

选填

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。