2022金砖国家职业技能大赛样题 A 场次题目:OpenStack 平台部署与运维 任务 1 私有云平台环境初始化(5 分) 1.初始化操作系统 使用提供的用户名密码,登录竞赛云平台。根据表 1 中的 IP 地址规划,设 置各服务器节点的 IP 地址,确保网络正常通信,设置控制节点主机名为 Contro ller,计算节点主机名为 Compute,并修改 hosts 文件将 IP 地址映射为主机名, 关闭防火墙并设置为开机不启动,设置 SELinux 为 Permissive 模式并设置永久 关闭。请查看控制节点和计算节点主机名,使用命令查看 SELinux 状态,使用 head 命令、tail 命令和 cut 命令提取出永久关闭 SELinux 的关键信息。 将以上命令及返回结果提交到答题框。【2 分】
配置hosts
1 2 3 4 5 6 [root@controller ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.20.105 controller 192.168.20.103 compute
关闭防火墙并设置为开机不启动
1 2 [root@controller ~]# systemctl stop firewalld [root@controller ~]# systemctl disable firewalld
设置 SELinux 为 Permissive 模式并设置永久 关闭
1 2 [root@controller ~]# setenforce 0 [root@controller ~]# sed -i 's/SELINUX=permissive/SELINUX=disabled/g' /etc/selinux/config
使用命令查看 SELinux 状态
1 2 [root@controller ~]# getenforce Disabled
2.挂载安装光盘镜像 将提供的 CentOS-7-x86_64-DVD-1804.iso 和 chinaskills_cloud_iaas.iso 光盘镜像上传到 Controller 节点 /root 目录下,然后在 /opt 目录下使用一条 命令创建/centos 目录和/iaas 目录,并将镜像文件 CentOS-7-x86_64-DVD-1804. iso 挂载到 /centos 目录下,将镜像文件 chinaskills_cloud_iaas.iso 挂载到 /iaas 目录下。 请将以上命令及返回结果返回到答题框。【1 分】
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 [root@controller ~]# curl -O http://172.19.25.11/middle/CentOS-7-x86_64-DVD-1804.iso % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 4263M 100 4263M 0 0 111M 0 0:00:38 0:00:38 --:--:-- 111M [root@controller ~]# curl -O http://172.19.25.11/middle/chinaskills_cloud_iaas_v1.0.1.iso % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 3622M 100 3622M 0 0 111M 0 0:00:32 0:00:32 --:--:-- 109M [root@controller ~]# ls CentOS-7-x86_64-DVD-1804.iso chinaskills_cloud_iaas_v1.0.1.iso [root@controller ~]# mount CentOS-7-x86_64-DVD-1804.iso /mnt/ mount: /dev/loop0 is write-protected, mounting read-only [root@controller ~]# mkdir -p /opt/centos [root@controller ~]# mkdir -p /opt/iaas [root@controller ~]# cp -rf /mnt/* /opt/centos/ [root@controller ~]# umount /mnt/ [root@controller ~]# mount chinaskills_cloud_iaas_v1.0.1.iso /mnt/ mount: /dev/loop0 is write-protected, mounting read-only [root@controller ~]# cp -rf /mnt/* /opt/iaas/ [root@controller ~]# umount /mnt/
3.搭建文件共享服务器 在 Controller 节点上安装 vsftp 服务器,设置开机自启动,请将以上命令 及返回结果提交到答题框。【0.5 分】
配置yum源
1 2 3 4 5 6 7 8 9 10 11 12 [root@controller ~]# cat /etc/yum.repos.d/local.repo [centos] name=centos baseurl=file:///opt/centos gpgcheck=0 enabled=1 [iaas] name=iaas baseurl=file:///opt/iaas/iaas-repo gpgcheck=0 enabled=1
安装vsftpd
1 [root@controller ~]# yum install -y vsftpd
设置开机自启动
1 2 [root@controller ~]# systemctl enable vsftpd Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.
4.设置 yum 源 将 ftp 仓库设置为 /opt/,为 controller 节点设置本地 yum 源,yum 源文 件名为 local.repo;为 compute 配置 ftp 源,yum 源文件名称为 ftp.repo,其 中 ftp 服务器地址为 controller 节点 IP。 请将两个节点的 yum 源文件内容提交到答题框。【0.5 分】
设置 yum 源 将 ftp 仓库设置为 /opt/
1 2 [root@controller ~]# echo anon_root=/opt/ >> /etc/vsftpd/vsftpd.conf [root@controller ~]# systemctl restart vsftpd
为 compute 配置 ftp 源,yum 源文件名称为 ftp.repo
1 2 3 4 5 6 7 8 9 10 11 12 [root@compute ~]# cat /etc/yum.repos.d/ftp.repo [centos] name=centos baseurl=ftp://controller/centos gpgcheck=0 enabled=1 [iaas] name=iaas baseurl=ftp://controller/iaas/iaas-repo gpgcheck=0 enabled=1
5.部署时间同步服务器 在 Controller 节点上部署 chrony 服务器,允许其他节点同步时间,启动服 务并设置为开机启动;在 compute 节点上指定 controller 节点为上游 NTP 服务 器,重启服务并设为开机启动。 请在控制节点上使用 chronyc 命令同步控制节点的系统时间。【1 分】
controller配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 [root@controller ~]# cat /etc/chrony.conf # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst server controller iburst # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift # Allow the system clock to be stepped in the first three updates # if its offset is larger than 1 second. makestep 1.0 3 # Enable kernel synchronization of the real-time clock (RTC). rtcsync # Enable hardware timestamping on all interfaces that support it. #hwtimestamp * # Increase the minimum number of selectable sources required to adjust # the system clock. #minsources 2 # Allow NTP client access from local network. #allow 192.168.0.0/16 # Serve time even if not synchronized to a time source. #local stratum 10 # Specify file containing keys for NTP authentication. #keyfile /etc/chrony.keys # Specify directory for log files. logdir /var/log/chrony # Select which information is logged. #log measurements statistics tracking allow 192.168.20.0/24 local stratum 10
启动服 务并设置为开机启动
[root@controller ~]# systemctl restart chronyd
compute节点配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 [root@compute ~]# cat /etc/chrony.conf # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst server controller iburst # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift # Allow the system clock to be stepped in the first three updates # if its offset is larger than 1 second. makestep 1.0 3 # Enable kernel synchronization of the real-time clock (RTC). rtcsync # Enable hardware timestamping on all interfaces that support it. #hwtimestamp * # Increase the minimum number of selectable sources required to adjust # the system clock. #minsources 2 # Allow NTP client access from local network. #allow 192.168.0.0/16 # Serve time even if not synchronized to a time source. #local stratum 10 # Specify file containing keys for NTP authentication. #keyfile /etc/chrony.keys # Specify directory for log files. logdir /var/log/chrony # Select which information is logged. #log measurements statistics tracking
启动服 务并设置为开机启动
1 2 [root@compute ~]# systemctl restart chronyd [root@compute ~]# systemctl enable chronyd
任务 2 OpenStack 搭建任务(10 分) 1.修改变量文件 在控制节点和计算节点上分别安装 iaas-xiandian 软件包,修改配置脚本文件中基本变量(配置脚本文件为/etc/xiandian/openrc.sh)。修改完成后使用 命令生效该变量文件,然后执行 echo $INTERFACE_IP 命令。 请将命令和返回结果提交到答题框。【0.5 分】
1 [root@controller ~]# yum install -y iaas-xiandian
1 [root@compute ~]# yum install -y iaas-xiandian
修改脚本 注意两个节点都要
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 [root@controller ~]# cat /etc/xiandian/openrc.sh #--------------------system Config--------------------## #Controller Server Manager IP. example:x.x.x.x HOST_IP=192.168.20.105 #Controller HOST Password. example:000000 HOST_PASS=000000 #Controller Server hostname. example:controller HOST_NAME=controller #Compute Node Manager IP. example:x.x.x.x HOST_IP_NODE=192.168.20.103 #Compute HOST Password. example:000000 HOST_PASS_NODE=000000 #Compute Node hostname. example:compute HOST_NAME_NODE=compute #--------------------Chrony Config-------------------## #Controller network segment IP. example:x.x.0.0/16(x.x.x.0/24) network_segment_IP=192.168.20.0/24 #--------------------Rabbit Config ------------------## #user for rabbit. example:openstack RABBIT_USER=openstack #Password for rabbit user .example:000000 RABBIT_PASS=000000 #--------------------MySQL Config---------------------## #Password for MySQL root user . exmaple:000000 DB_PASS=000000 #--------------------Keystone Config------------------## #Password for Keystore admin user. exmaple:000000 DOMAIN_NAME=demo ADMIN_PASS=000000 DEMO_PASS=000000 #Password for Mysql keystore user. exmaple:000000 KEYSTONE_DBPASS=000000 #--------------------Glance Config--------------------## #Password for Mysql glance user. exmaple:000000 GLANCE_DBPASS=000000 #Password for Keystore glance user. exmaple:000000 GLANCE_PASS=000000 #--------------------Nova Config----------------------## #Password for Mysql nova user. exmaple:000000 NOVA_DBPASS=000000 #Password for Keystore nova user. exmaple:000000 NOVA_PASS=000000 #--------------------Neturon Config-------------------## #Password for Mysql neutron user. exmaple:000000 NEUTRON_DBPASS=000000 #Password for Keystore neutron user. exmaple:000000 NEUTRON_PASS=000000 #metadata secret for neutron. exmaple:000000 METADATA_SECRET=000000 #Tunnel Network Interface. example:x.x.x.x INTERFACE_IP=192.168.20.105 #(192.168.20.103) #External Network Interface. example:eth1 INTERFACE_NAME=eth1 #External Network The Physical Adapter. example:provider Physical_NAME=provider #First Vlan ID in VLAN RANGE for VLAN Network. exmaple:101 minvlan=101 #Last Vlan ID in VLAN RANGE for VLAN Network. example:200 maxvlan=200 #--------------------Cinder Config--------------------## #Password for Mysql cinder user. exmaple:000000 CINDER_DBPASS=000000 #Password for Keystore cinder user. exmaple:000000 CINDER_PASS=000000 #Cinder Block Disk. example:md126p3 BLOCK_DISK=vdb1 #--------------------Swift Config---------------------## #Password for Keystore swift user. exmaple:000000 SWIFT_PASS=000000 #The NODE Object Disk for Swift. example:md126p4. OBJECT_DISK=vdb2 #The NODE IP for Swift Storage Network. example:x.x.x.x. STORAGE_LOCAL_NET_IP=000000 #--------------------Heat Config----------------------## #Password for Mysql heat user. exmaple:000000 HEAT_DBPASS=000000 #Password for Keystore heat user. exmaple:000000 HEAT_PASS=000000 #--------------------Zun Config-----------------------## #Password for Mysql Zun user. exmaple:000000 ZUN_DBPASS=000000 #Password for Keystore Zun user. exmaple:000000 ZUN_PASS=000000 #Password for Mysql Kuryr user. exmaple:000000 KURYR_DBPASS=000000 #Password for Keystore Kuryr user. exmaple:000000 KURYR_PASS=000000 #--------------------Ceilometer Config----------------## #Password for Gnocchi ceilometer user. exmaple:000000 CEILOMETER_DBPASS=000000 #Password for Keystore ceilometer user. exmaple:000000 CEILOMETER_PASS=000000 #--------------------AODH Config----------------## #Password for Mysql AODH user. exmaple:000000 AODH_DBPASS=000000 #Password for Keystore AODH user. exmaple:000000 AODH_PASS=000000 #--------------------Barbican Config----------------## #Password for Mysql Barbican user. exmaple:000000 BARBICAN_DBPASS=000000 #Password for Keystore Barbican user. exmaple:000000 BARBICAN_PASS=000000
生效该变量文件,然后执行 echo $INTERFACE_IP 命令
1 2 3 [root@controller ~]# source /etc/xiandian/openrc.sh [root@controller ~]# echo $INTERFACE_IP 192.168.20.105
执行脚本
1 [root@controller ~]# iaas-pre-host.sh
1 [root@compute ~]# iaas-pre-host.sh
2.搭建数据库组件 使用提供的脚本框架 iaas-install-mysql.sh 填充脚本,在 controller 节点上安装 mariadb、mencached、rabbitmq 等服务并完成相关配置。完成后修 改配置文件将 mencached 最大连接数修改为 2048。 请将修改后的配置文件提交到答题框。【1 分】
1 [root@controller ~]# iaas-install-mysql.sh
1 2 3 4 5 6 [root@controller ~]# cat /etc/sysconfig/memcached PORT="11211" USER="memcached" MAXCONN="2048" CACHESIZE="64" OPTIONS="-l 127.0.0.1,::1,controller"
3.搭建认证服务组件 使用提供的脚本框架 iaas-install-keystone.sh 填充脚本,在 controlle r 节点上安装 keystone 服务并完成相关配置。完成后使用 openstack 命令请求 一个 token。 请将以上命令和返回结果提交到答题框。【1 分】
1 [root@controller ~]# iaas-install-keystone.sh
1 2 3 4 5 6 7 8 9 [root@controller ~]# openstack token issue +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2022-09-02T22:55:39+0000 | | id | gAAAAABjEnvb7SeEOXtFuO4RiJ7fRCcIK6Eh_LTwtH9uHjdOblLrJFOjbhiw3ukzo7Tey8jSQGwO2XIwBXrxU4AoMseIaFvzVQAiUdtWZjt5mKlXrGkbtUJTR5bhn9ktgqWHC5DsQtlxmmBLJq8-SUL5RG1CKGmknq-hOOFSsFaBQfbSH2fDeWQ | | project_id | 4350b89460a148d7bf1b2ae63296a6bd | | user_id | 4aec1580c77d4222964b7947d3239a88 | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
4.搭建镜像服务组件 使用提供的脚本框架 iaas-install-glance.sh 填充脚本,在 controller 节点上安装 glance 服务并完成相关配置。完成后请将 cirros-0.3.4-x86_64-d isk.img 上传到控制节点的 /root 目录下,然后使用 openstack 命令将该镜像 上传到 openstack 平台镜像命名为 cirros。 请将镜像上传的操作命令和返回结果提交到答题框。【1 分】
1 [root@controller ~]# iaas-install-glance.sh
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 [root@controller ~]# openstack image create cirros --disk-format qcow2 --container bare < cirros-0.3.4-x86_64-disk.img +------------------+------------------------------------------------------+ | Field | Value | +------------------+------------------------------------------------------+ | checksum | ee1eca47dc88f4879d8a229cc70a07c6 | | container_format | bare | | created_at | 2022-09-02T21:59:43Z | | disk_format | qcow2 | | file | /v2/images/cbfdbd87-71df-4be7-8eb2-6904f781239c/file | | id | cbfdbd87-71df-4be7-8eb2-6904f781239c | | min_disk | 0 | | min_ram | 0 | | name | cirros | | owner | 4350b89460a148d7bf1b2ae63296a6bd | | protected | False | | schema | /v2/schemas/image | | size | 13287936 | | status | active | | tags | | | updated_at | 2022-09-02T21:59:44Z | | virtual_size | None | | visibility | shared | +------------------+------------------------------------------------------+
5.搭建计算服务组件 使用提供的脚本框架 iaas-install-nova-controller.sh 和 iaas-install -nova-compute.sh 填充脚本,在 controller 和 compute 节点上安装 nova 服 务并完成配置。完成后请将控制节点的计算资源也加入集群。然后使用 openstack 命令列出能提供计算资源的节点。 将列出计算资源的命令和返回结果提交到答题框。【1.5 分】
1 [root@controller ~]# iaas-install-nova-controller.sh
1 [root@compute ~]# iaas-install-nova-compute.sh
修改openrc.sh
HOST_IP_NODE=192.168.20.105
HOST_NAME_NODE=controller
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 [root@controller ~]# cat /etc/xiandian/openrc.sh #--------------------system Config--------------------## #Controller Server Manager IP. example:x.x.x.x HOST_IP=192.168.20.105 #Controller HOST Password. example:000000 HOST_PASS=000000 #Controller Server hostname. example:controller HOST_NAME=controller #Compute Node Manager IP. example:x.x.x.x HOST_IP_NODE=192.168.20.105 #Compute HOST Password. example:000000 HOST_PASS_NODE=000000 #Compute Node hostname. example:compute HOST_NAME_NODE=controller #--------------------Chrony Config-------------------## #Controller network segment IP. example:x.x.0.0/16(x.x.x.0/24) network_segment_IP=192.168.20.0/24 #--------------------Rabbit Config ------------------## #user for rabbit. example:openstack RABBIT_USER=openstack #Password for rabbit user .example:000000 RABBIT_PASS=000000 #--------------------MySQL Config---------------------## #Password for MySQL root user . exmaple:000000 DB_PASS=000000 #--------------------Keystone Config------------------## #Password for Keystore admin user. exmaple:000000 DOMAIN_NAME=demo ADMIN_PASS=000000 DEMO_PASS=000000 #Password for Mysql keystore user. exmaple:000000 KEYSTONE_DBPASS=000000 #--------------------Glance Config--------------------## #Password for Mysql glance user. exmaple:000000 GLANCE_DBPASS=000000 #Password for Keystore glance user. exmaple:000000 GLANCE_PASS=000000 #--------------------Nova Config----------------------## #Password for Mysql nova user. exmaple:000000 NOVA_DBPASS=000000 #Password for Keystore nova user. exmaple:000000 NOVA_PASS=000000 #--------------------Neturon Config-------------------## #Password for Mysql neutron user. exmaple:000000 NEUTRON_DBPASS=000000 #Password for Keystore neutron user. exmaple:000000 NEUTRON_PASS=000000 #metadata secret for neutron. exmaple:000000 METADATA_SECRET=000000 #Tunnel Network Interface. example:x.x.x.x INTERFACE_IP=192.168.20.105 #(192.168.20.103) #External Network Interface. example:eth1 INTERFACE_NAME=eth1 #External Network The Physical Adapter. example:provider Physical_NAME=provider #First Vlan ID in VLAN RANGE for VLAN Network. exmaple:101 minvlan=101 #Last Vlan ID in VLAN RANGE for VLAN Network. example:200 maxvlan=200 #--------------------Cinder Config--------------------## #Password for Mysql cinder user. exmaple:000000 CINDER_DBPASS=000000 #Password for Keystore cinder user. exmaple:000000 CINDER_PASS=000000 #Cinder Block Disk. example:md126p3 BLOCK_DISK=vdb1 #--------------------Swift Config---------------------## #Password for Keystore swift user. exmaple:000000 SWIFT_PASS=000000 #The NODE Object Disk for Swift. example:md126p4. OBJECT_DISK=vdb2 #The NODE IP for Swift Storage Network. example:x.x.x.x. STORAGE_LOCAL_NET_IP=000000 #--------------------Heat Config----------------------## #Password for Mysql heat user. exmaple:000000 HEAT_DBPASS=000000 #Password for Keystore heat user. exmaple:000000 HEAT_PASS=000000 #--------------------Zun Config-----------------------## #Password for Mysql Zun user. exmaple:000000 ZUN_DBPASS=000000 #Password for Keystore Zun user. exmaple:000000 ZUN_PASS=000000 #Password for Mysql Kuryr user. exmaple:000000 KURYR_DBPASS=000000 #Password for Keystore Kuryr user. exmaple:000000 KURYR_PASS=000000 #--------------------Ceilometer Config----------------## #Password for Gnocchi ceilometer user. exmaple:000000 CEILOMETER_DBPASS=000000 #Password for Keystore ceilometer user. exmaple:000000 CEILOMETER_PASS=000000 #--------------------AODH Config----------------## #Password for Mysql AODH user. exmaple:000000 AODH_DBPASS=000000 #Password for Keystore AODH user. exmaple:000000 AODH_PASS=000000 #--------------------Barbican Config----------------## #Password for Mysql Barbican user. exmaple:000000 BARBICAN_DBPASS=000000 #Password for Keystore Barbican user. exmaple:000000 BARBICAN_PASS=000000
1 [root@controller ~]# iaas-install-nova-compute.sh
1 2 3 4 5 6 7 [root@controller ~]# openstack compute service list --service nova-compute +----+--------------+------------+------+---------+-------+----------------------------+ | ID | Binary | Host | Zone | Status | State | Updated At | +----+--------------+------------+------+---------+-------+----------------------------+ | 6 | nova-compute | compute | nova | enabled | up | 2022-09-02T22:17:25.000000 | | 7 | nova-compute | controller | nova | enabled | up | 2022-09-02T22:17:18.000000 | +----+--------------+------------+------+---------+-------+----------------------------+
6.搭建网络组件并初始化网络 使用提供的脚本框架 iaas-install-neutron-controller.sh 和 iaas-insta ll-neutron-compute.sh,填充脚本,在 controller 和 compute 节点上安装 neutron 服务并完成配置。创建云主机外部网络 ext-net,子网为 ext-subnet, 云主机浮动 IP 可用网段为 172.18.x.100172.18.x.200,网关为 172.18.x.1。 创建云主机内部网络 int-net1,子网为 int-subnet1,云主机子网 IP 可用网段 为 10.0.0.10010.0.0.200,网关为 10.0.0.1;创建云主机内部网络int-net2, 子网为 int-subnet2,云主机子网 IP 可用网段为 10.0.1.100 ~ 10.0.1.200, 网关为 10.0.1.1。添加名为 ext-router 的路由器,添加网关在 ext-net 网络, 添加内部端口到 int-net1 网络,完成内部网络 int-net1 和外部网络的连通。 请使用 openstack 命令完成以下任务,完成后将命令和返回结果提交到答题框。【4 分】
云主机外部网络 ext-net创建
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 [root@controller ~]# openstack network create ext-net --share --external --provider-physical-network provider --provider-network-type vlan +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2022-09-03T02:12:17Z | | description | | | dns_domain | None | | id | 2ba422fb-1ad9-4509-b9a4-643b82112ce6 | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | False | | is_vlan_transparent | None | | mtu | 1500 | | name | ext-net | | port_security_enabled | True | | project_id | 4350b89460a148d7bf1b2ae63296a6bd | | provider:network_type | vlan | | provider:physical_network | provider | | provider:segmentation_id | 182 | | qos_policy_id | None | | revision_number | 5 | | router:external | External | | segments | None | | shared | True | | status | ACTIVE | | subnets | | | tags | | | updated_at | 2022-09-03T02:12:18Z | +---------------------------+--------------------------------------+ [root@controller ~]# openstack subnet create --network ext-net --subnet-range 172.18.7.0/24 --gateway 172.18.7.1 --allocation-pool start=172.18.7.100,end=172.18.7.200 ext-subnet +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | allocation_pools | 172.18.7.100-172.18.7.200 | | cidr | 172.18.7.0/24 | | created_at | 2022-09-03T02:16:52Z | | description | | | dns_nameservers | | | enable_dhcp | True | | gateway_ip | 172.18.7.1 | | host_routes | | | id | 72ec3fbe-05b5-4282-a01a-7f22b1d432ca | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | ext-subnet | | network_id | 2ba422fb-1ad9-4509-b9a4-643b82112ce6 | | project_id | 4350b89460a148d7bf1b2ae63296a6bd | | revision_number | 0 | | segment_id | None | | service_types | | | subnetpool_id | None | | tags | | | updated_at | 2022-09-03T02:16:52Z | +-------------------+--------------------------------------+
创建云主机内部网络 int-net1
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 [root@controller ~]# openstack network create int-net1 +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2022-09-03T02:20:07Z | | description | | | dns_domain | None | | id | 89062681-1008-4083-8dfb-a5c6763eec7f | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | False | | is_vlan_transparent | None | | mtu | 1450 | | name | int-net1 | | port_security_enabled | True | | project_id | 4350b89460a148d7bf1b2ae63296a6bd | | provider:network_type | vxlan | | provider:physical_network | None | | provider:segmentation_id | 170 | | qos_policy_id | None | | revision_number | 2 | | router:external | Internal | | segments | None | | shared | False | | status | ACTIVE | | subnets | | | tags | | | updated_at | 2022-09-03T02:20:07Z | +---------------------------+--------------------------------------+ [root@controller ~]# openstack subnet create --network int-net1 --subnet-range 10.0.0.0/24 --gateway 10.0.0.1 --allocation-pool start=10.0.0.100,end=10.0.0.200 int-subnet1 +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | allocation_pools | 10.0.0.100-10.0.0.200 | | cidr | 10.0.0.0/24 | | created_at | 2022-09-03T02:22:08Z | | description | | | dns_nameservers | | | enable_dhcp | True | | gateway_ip | 10.0.0.1 | | host_routes | | | id | 95eefbdd-5669-4840-a1e6-2bcd67ae1208 | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | int-subnet1 | | network_id | 89062681-1008-4083-8dfb-a5c6763eec7f | | project_id | 4350b89460a148d7bf1b2ae63296a6bd | | revision_number | 0 | | segment_id | None | | service_types | | | subnetpool_id | None | | tags | | | updated_at | 2022-09-03T02:22:08Z | +-------------------+--------------------------------------+
创建云主机内部网络 int-net2
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 [root@controller ~]# openstack network create int-net2 +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2022-09-03T02:22:49Z | | description | | | dns_domain | None | | id | e74600ae-a303-4804-b82b-c4401d308246 | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | False | | is_vlan_transparent | None | | mtu | 1450 | | name | int-net2 | | port_security_enabled | True | | project_id | 4350b89460a148d7bf1b2ae63296a6bd | | provider:network_type | vxlan | | provider:physical_network | None | | provider:segmentation_id | 165 | | qos_policy_id | None | | revision_number | 2 | | router:external | Internal | | segments | None | | shared | False | | status | ACTIVE | | subnets | | | tags | | | updated_at | 2022-09-03T02:22:49Z | +---------------------------+--------------------------------------+ [root@controller ~]# openstack subnet create --network int-net2 --subnet-range 10.0.1.0/24 --gateway 10.0.1.1 --allocation-pool start=10.0.1.100,end=10.0.1.200 int-subnet2 +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | allocation_pools | 10.0.1.100-10.0.1.200 | | cidr | 10.0.1.0/24 | | created_at | 2022-09-03T02:24:19Z | | description | | | dns_nameservers | | | enable_dhcp | True | | gateway_ip | 10.0.1.1 | | host_routes | | | id | 4a736169-b4e4-4c88-bd7b-b8ea02443fdf | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | int-subnet2 | | network_id | e74600ae-a303-4804-b82b-c4401d308246 | | project_id | 4350b89460a148d7bf1b2ae63296a6bd | | revision_number | 0 | | segment_id | None | | service_types | | | subnetpool_id | None | | tags | | | updated_at | 2022-09-03T02:24:19Z | +-------------------+--------------------------------------+
添加名为 ext-router 的路由器
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 [root@controller ~]# openstack router create ext-router +-------------------------+--------------------------------------+ | Field | Value | +-------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | | | created_at | 2022-09-03T02:27:25Z | | description | | | distributed | False | | external_gateway_info | None | | flavor_id | None | | ha | False | | id | b42861e5-5dd5-4c48-b225-212a9d567030 | | name | ext-router | | project_id | 4350b89460a148d7bf1b2ae63296a6bd | | revision_number | 1 | | routes | | | status | ACTIVE | | tags | | | updated_at | 2022-09-03T02:27:25Z | +-------------------------+--------------------------------------+
添加内部端口到 int-net1 网络,完成内部网络 int-net1 和外部网络的连通
1 2 [root@controller ~]# openstack router add subnet ext-router int-subnet1 [root@controller ~]# openstack router set ext-router --external-gateway ext-net
7.搭建图形化界面 使用提供的脚本框架 iaas-install-dashboard.sh,填充脚本,在 control ler 节点上安装 dashboard 服务并完成相关配置。 请使用 curl 指令获取 dashboard 首页信息,将获取到的首页信息提交到答 题框。【1 分】
1 [root@controller ~]# iaas-install-dashboard.sh
1 2 3 4 5 6 7 8 9 10 [root@controller ~]# curl -i http://192.168.20.105/dashboard HTTP/1.1 302 Found Date: Sat, 03 Sep 2022 02:57:56 GMT Server: Apache/2.4.6 (CentOS) mod_wsgi/3.4 Python/2.7.5 Content-Language: en Vary: Accept-Language,Cookie X-Frame-Options: SAMEORIGIN Content-Length: 0 Location: http://192.168.20.105/dashboard/auth/login/?next=/dashboard/ Content-Type: text/html; charset=utf-8
任务 3 OpenStack 运维任务(15 分) 1.用户管理 在 keystone 中创建用户 testuser,密码为 password。创建好之后,使用 命令修改 testuser 密码为 000000,并查看 testuser 的详细信息。添加将该 用户添加到 admin 项目并赋予普通用户权限,完成后测试登录。 使用 testuser 用登录系统完成后截图并提交到答题框。【1 分】
创建用户 testuser,密码为 password
1 2 3 4 5 6 7 8 9 10 11 [root@controller ~]# openstack user create --password password testuser --domain demo +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | 79342087fd364c72a664c0ed6590154d | | enabled | True | | id | fc4ae8a457ec486dbb5c07b977d17833 | | name | testuser | | options | {} | | password_expires_at | None | +---------------------+----------------------------------+
使用 命令修改 testuser 密码为 000000,并查看 testuser 的详细信息
1 2 3 4 5 6 7 8 9 10 11 12 [root@controller ~]# openstack user set testuser --password 000000 [root@controller ~]# openstack user show testuser +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | 79342087fd364c72a664c0ed6590154d | | enabled | True | | id | fc4ae8a457ec486dbb5c07b977d17833 | | name | testuser | | options | {} | | password_expires_at | None | +---------------------+----------------------------------+
添加将该 用户添加到 admin 项目并赋予普通用户权限
1 [root@controller ~]# openstack user set testuser --project admin
1 [root@controller ~]# openstack role add user --user testuser --domain demo
2.服务查询 使用命令列出服务目录和端点,查看 glance 服务的端点。将以上命令和返 回结果提交到答题框。【0.5 分】
1 2 3 4 5 6 7 8 [root@controller ~]# openstack endpoint list --service glance +----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------+ | ID | Region | Service Name | Service Type | Enabled | Interface | URL | +----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------+ | 0388bc7714f04cd89e3ca579f43a67e4 | RegionOne | glance | image | True | admin | http://controller:9292 | | 0500f3b7152747f6853542a3723766dd | RegionOne | glance | image | True | public | http://controller:9292 | | 7047188a53f04073acdb1a60722fe2d7 | RegionOne | glance | image | True | internal | http://controller:9292 | +----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------+
3.镜像管理 登录 controller 节点,使用 glance 相关命令,上传镜像,源使用 CentO S_6.5_x86_64_XD.qcow2,名字为 testone,然后使用 openstack 命令修改这个 镜像名改为 examimage,然后给这个镜像打一个标签,标签名字为 lastone 改 完后使用 openstack 命令查看镜像列表。 将以上命令和返回结果提交到答题框。【2 分】
使用 glance 相关命令,上传镜像
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 [root@controller ~]# glance image-create --name testone --disk-format qcow2 --container-format bare < /opt/iaas/images/CentOS_6.5_x86_64_XD.qcow2 +------------------+--------------------------------------+ | Property | Value | +------------------+--------------------------------------+ | checksum | 3e565ace16066679ea363dde5411ed25 | | container_format | bare | | created_at | 2022-09-03T03:18:23Z | | disk_format | qcow2 | | id | df61b71f-4077-4374-a143-331b73377f18 | | min_disk | 0 | | min_ram | 0 | | name | testone | | owner | 4350b89460a148d7bf1b2ae63296a6bd | | protected | False | | size | 283181056 | | status | active | | tags | [] | | updated_at | 2022-09-03T03:18:25Z | | virtual_size | None | | visibility | shared | +------------------+--------------------------------------+
使用 openstack 命令修改这个 镜像名改为 examimage
1 [root@controller ~]# openstack image set testone --name examimage
给这个镜像打一个标签
1 [root@controller ~]# openstack image set examimage --tag lastone
使用 openstack 命令查看镜像列表
1 2 3 4 5 6 7 [root@controller ~]# openstack image list +--------------------------------------+-----------+--------+ | ID | Name | Status | +--------------------------------------+-----------+--------+ | cbfdbd87-71df-4be7-8eb2-6904f781239c | cirros | active | | df61b71f-4077-4374-a143-331b73377f18 | examimage | active | +--------------------------------------+-----------+--------+
4.后端配置文件管理 进入到glance 后端存储目录中,使用 qemu 命令查看任意的一个镜像信息。 使用 du 命令查看 nova 主配置文件大小。 将以上命令和返回结果提交到答题框。【0.5 分】
1 2 3 4 5 6 7 8 9 [root@controller ~]# qemu-img info /var/lib/glance/images/cbfdbd87-71df-4be7-8eb2-6904f781239c image: /var/lib/glance/images/cbfdbd87-71df-4be7-8eb2-6904f781239c file format: qcow2 virtual size: 39M (41126400 bytes) disk size: 13M cluster_size: 65536 Format specific information: compat: 0.10 refcount bits: 16
1 2 [root@controller ~]# du -h /etc/nova/nova.conf 364K /etc/nova/nova.conf
5.存储服务管理 创建一个卷类型,然后创建一块带这个卷类型标识的云硬盘,查询该云硬盘 的详细信息。将该云硬盘挂载到虚拟机中,将该云硬盘格式化为 xfs。创建一个 文件文件名为工位号内容为工位号,然后将该云硬盘卸载,使用 openstack 命令 将该云硬盘修改为只读状态,再次挂载后查看是否存在原始文件,然后再次向该 云硬盘中创建一个文件,文件名为工位号_02。 将返回结果及解题过程提交到答题框。【2 分】
创建一个卷类型,然后创建一块带这个卷类型标识的云硬盘,查询该云硬盘 的详细信息
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 [root@controller ~]# openstack volume type create lvm +-------------+--------------------------------------+ | Field | Value | +-------------+--------------------------------------+ | description | None | | id | d0b4c01e-9454-453e-8b54-599d94108d19 | | is_public | True | | name | lvm | +-------------+--------------------------------------+ [root@controller ~]# openstack volume create --type lvm --size 10 blcok +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | attachments | [] | | availability_zone | nova | | bootable | false | | consistencygroup_id | None | | created_at | 2022-09-03T03:34:47.000000 | | description | None | | encrypted | False | | id | 0a576f20-1ecf-4b7a-999c-37daa899bf8e | | migration_status | None | | multiattach | False | | name | blcok | | properties | | | replication_status | None | | size | 10 | | snapshot_id | None | | source_volid | None | | status | creating | | type | lvm | | updated_at | None | | user_id | dcf33a463e07489c817f0467f13e968b | +---------------------+--------------------------------------+ [root@controller ~]# openstack volume show blcok +--------------------------------+--------------------------------------+ | Field | Value | +--------------------------------+--------------------------------------+ | attachments | [] | | availability_zone | nova | | bootable | false | | consistencygroup_id | None | | created_at | 2022-09-03T03:34:47.000000 | | description | None | | encrypted | False | | id | 0a576f20-1ecf-4b7a-999c-37daa899bf8e | | migration_status | None | | multiattach | False | | name | blcok | | os-vol-host-attr:host | compute@lvm#LVM | | os-vol-mig-status-attr:migstat | None | | os-vol-mig-status-attr:name_id | None | | os-vol-tenant-attr:tenant_id | 6c6ebc8aab7144eeb3c0f56ae76568e4 | | properties | | | replication_status | None | | size | 10 | | snapshot_id | None | | source_volid | None | | status | available | | type | lvm | | updated_at | 2022-09-03T03:34:48.000000 | | user_id | dcf33a463e07489c817f0467f13e968b | +--------------------------------+--------------------------------------+
将该云硬盘挂载到虚拟机中,将该云硬盘格式化为 xfs
1 [root@controller ~]# openstack server add volume controller blcok
1 2 3 4 5 6 7 8 9 10 [root@controller ~]# mkfs.xfs /dev/vdb meta-data=/dev/vdb isize=512 agcount=4, agsize=655360 blks = sectsz=512 attr=2, projid32bit=1 = crc=1 finobt=0, sparse=0 data = bsize=4096 blocks=2621440, imaxpct=25 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0 ftype=1 log =internal log bsize=4096 blocks=2560, version=2 = sectsz=512 sunit=0 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0
创建一个 文件文件名为工位号内容为工位号,然后将该云硬盘卸载,使用 openstack 命令 将该云硬盘修改为只读状态
1 2 3 4 [root@controller ~]# mount /dev/vdb /mnt/ [root@controller ~]# cd /mnt/ [root@controller mnt]# touch 777 [root@controller ~]# umount /mnt/
1 2 [root@controller ~]# openstack server remove volume controller blcok [root@controller ~]# openstack volume set blcok --read-only
再次挂载后查看是否存在原始文件,然后再次向该 云硬盘中创建一个文件,文件名为工位号_02
1 [root@controller ~]# openstack server add volume controller blcok
1 2 3 4 [root@controller ~]# mount /dev/vdb /mnt/ mount: /dev/vdb is write-protected, mounting read-only [root@controller ~]# ls /mnt/ 777
1 2 3 4 5 [root@controller ~]# cd /mnt/ [root@controller mnt]# ls 777 [root@controller mnt]# touch 777_2 touch: cannot touch ‘777_2’: Read-only file system
6.存储服务管理 使用命令创建一个 5GB 的云硬盘,名称为 disk-2,将云硬盘挂载到云虚拟 机内,然后格式化为 ext4,挂载到虚拟机的 /mnt/ 目录下,使用 df -h 将命令 和返回信息提交到答题框。将该云硬盘使用命令卸载,使用命令将该云硬盘扩容 到 10GB,使用命令将云硬盘挂载到云主机上,将命令及返回信息提交到答题框。 进入云主机使用命令扩容文件系统,扩容后再次挂载到 /mnt/。 使用 df -hT 命令并将命令和返回信息提交到答题框。【2 分】
使用命令创建一个 5GB 的云硬盘,名称为 disk-2,将云硬盘挂载到云虚拟 机内,然后格式化为 ext4,挂载到虚拟机的 /mnt/ 目录下,使用 df -h 将命令 和返回信息提交到答题框
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 [root@controller ~]# openstack volume create disk-2 --size 5 +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | attachments | [] | | availability_zone | nova | | bootable | false | | consistencygroup_id | None | | created_at | 2022-09-03T03:50:20.000000 | | description | None | | encrypted | False | | id | eb48e3aa-3661-456a-90c0-bad30491a3eb | | migration_status | None | | multiattach | False | | name | disk-2 | | properties | | | replication_status | None | | size | 5 | | snapshot_id | None | | source_volid | None | | status | creating | | type | None | | updated_at | None | | user_id | dcf33a463e07489c817f0467f13e968b | +---------------------+--------------------------------------+ [root@controller ~]# openstack server add volume controller disk-2
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 [root@controller ~]# mkfs.ext4 /dev/vdb mke2fs 1.42.9 (28-Dec-2013) Filesystem label= OS type: Linux Block size=4096 (log=2) Fragment size=4096 (log=2) Stride=0 blocks, Stripe width=0 blocks 327680 inodes, 1310720 blocks 65536 blocks (5.00%) reserved for the super user First data block=0 Maximum filesystem blocks=1342177280 40 block groups 32768 blocks per group, 32768 fragments per group 8192 inodes per group Superblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912, 819200, 884736 Allocating group tables: done Writing inode tables: done Creating journal (32768 blocks): done Writing superblocks and filesystem accounting information: done [root@controller ~]# mount /dev/vdb /mnt/ [root@controller ~]# df -h /mnt/ Filesystem Size Used Avail Use% Mounted on /dev/vdb 4.8G 20M 4.6G 1% /mnt
将该云硬盘使用命令卸载,使用命令将该云硬盘扩容 到 10GB,使用命令将云硬盘挂载到云主机上,将命令及返回信息提交到答题框
1 [root@controller ~]# umount /mnt/
1 2 3 [root@controller ~]# openstack server remove volume controller disk-2 [root@controller ~]# openstack volume set disk-2 --size 10 [root@controller ~]# openstack server add volume controller disk-2
进入云主机使用命令扩容文件系统,扩容后再次挂载到 /mnt/。 使用 df -hT 命令并将命令和返回信息提交到答题框
1 2 3 4 [root@controller ~]# mount /dev/vdb /mnt/ [root@controller ~]# df -hT /dev/vdb Filesystem Type Size Used Avail Use% Mounted on /dev/vdb ext4 9.8G 37M 9.2G 1% /mnt
7.对象存储管理 使用 swift 相关命令,创建一个容器,然后往这个容器中上传一个文件(文 件可以自行创建),上传完毕后,使用命令查看容器。 将以上命令和返回结果提交到答题框。【0.5 分】
1 2 3 [root@controller ~]# swift post chinaskill [root@controller ~]# swift upload chinaskill cirros-0.3.4-x86_64-disk.img [root@controller ~]# swift list chinaskill
8.安全组管理 使用命令创建名称为 group_web 的安全组该安全组的描述为工位号,为该安 全组添加一条规则允许任意 ip 地址访问 web 流量,完成后查看该安全组的详细 信息。 将以上命令和返回结果提交到答题框。【2 分】
1 2 3 4 5 6 7 8 9 10 11 12 13 14 [root@controller ~]# openstack security group create group_web --description 777 +-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+ | created_at | 2022-09-03T04:12:13Z | | description | 777 | | id | f31a44fe-5e5c-47d2-9925-e2a1a8b6cb92 | | name | group_web | | project_id | 4350b89460a148d7bf1b2ae63296a6bd | | revision_number | 2 | | rules | created_at='2022-09-03T04:12:13Z', direction='egress', ethertype='IPv6', id='4acce720-f30c-472e-a5d8-4e133c9c3e3d', updated_at='2022-09-03T04:12:13Z' | | | created_at='2022-09-03T04:12:13Z', direction='egress', ethertype='IPv4', id='966133fd-099f-4b18-a2a0-0023fa9a8226', updated_at='2022-09-03T04:12:13Z' | | updated_at | 2022-09-03T04:12:13Z | +-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 [root@controller ~]# openstack security group rule create group_web --ingress --ethertype IPv4 --protocol tcp --dst-port 80:80 +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2022-09-03T04:22:45Z | | description | | | direction | ingress | | ether_type | IPv4 | | id | 35ebf6fa-9668-4155-bf90-09623279c17f | | name | None | | port_range_max | 80 | | port_range_min | 80 | | project_id | 4350b89460a148d7bf1b2ae63296a6bd | | protocol | tcp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 0 | | security_group_id | f31a44fe-5e5c-47d2-9925-e2a1a8b6cb92 | | updated_at | 2022-09-03T04:22:45Z | +-------------------+--------------------------------------+ [root@controller ~]# openstack security group rule create group_web --ingress --ethertype IPv4 --protocol tcp --dst-port 443:443 +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2022-09-03T04:23:09Z | | description | | | direction | ingress | | ether_type | IPv4 | | id | 24780db0-b8f7-4630-a5b0-ec576be11909 | | name | None | | port_range_max | 443 | | port_range_min | 443 | | project_id | 4350b89460a148d7bf1b2ae63296a6bd | | protocol | tcp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 0 | | security_group_id | f31a44fe-5e5c-47d2-9925-e2a1a8b6cb92 | | updated_at | 2022-09-03T04:23:09Z | +-------------------+--------------------------------------+ [root@controller ~]# openstack security group show group_web +-----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +-----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | created_at | 2022-09-03T04:12:13Z | | description | 777 | | id | f31a44fe-5e5c-47d2-9925-e2a1a8b6cb92 | | name | group_web | | project_id | 4350b89460a148d7bf1b2ae63296a6bd | | revision_number | 4 | | rules | created_at='2022-09-03T04:23:09Z', direction='ingress', ethertype='IPv4', id='24780db0-b8f7-4630-a5b0-ec576be11909', port_range_max='443', port_range_min='443', protocol='tcp', remote_ip_prefix='0.0.0.0/0', updated_at='2022-09-03T04:23:09Z' | | | created_at='2022-09-03T04:22:45Z', direction='ingress', ethertype='IPv4', id='35ebf6fa-9668-4155-bf90-09623279c17f', port_range_max='80', port_range_min='80', protocol='tcp', remote_ip_prefix='0.0.0.0/0', updated_at='2022-09-03T04:22:45Z' | | | created_at='2022-09-03T04:12:13Z', direction='egress', ethertype='IPv6', id='4acce720-f30c-472e-a5d8-4e133c9c3e3d', updated_at='2022-09-03T04:12:13Z' | | | created_at='2022-09-03T04:12:13Z', direction='egress', ethertype='IPv4', id='966133fd-099f-4b18-a2a0-0023fa9a8226', updated_at='2022-09-03T04:12:13Z' | | updated_at | 2022-09-03T04:23:09Z | +-----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
9.网络管理 使用命令将int-net1网络设置为共享,然后查看int-net1网络的详细信息。 将命令和返回信息提交到答题框。【0.5 分】
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 [root@controller ~]# openstack network set int-net1 --share [root@controller ~]# openstack network show int-net1 +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | nova | | created_at | 2022-09-03T02:20:07Z | | description | | | dns_domain | None | | id | 89062681-1008-4083-8dfb-a5c6763eec7f | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | None | | is_vlan_transparent | None | | mtu | 1450 | | name | int-net1 | | port_security_enabled | True | | project_id | 4350b89460a148d7bf1b2ae63296a6bd | | provider:network_type | vxlan | | provider:physical_network | None | | provider:segmentation_id | 170 | | qos_policy_id | None | | revision_number | 4 | | router:external | Internal | | segments | None | | shared | True | | status | ACTIVE | | subnets | 95eefbdd-5669-4840-a1e6-2bcd67ae1208 | | tags | | | updated_at | 2022-09-03T04:25:28Z | +---------------------------+--------------------------------------+
10.网络管理 使用 dashboard 界面使用 centos7.5 镜像创建一台云主机,云主机命名为 test-01,使用命令查看浮动 IP 地址池,使用命令创建一个浮动 IP,然后将浮动 IP 绑定到云主机上。 将命令和返回信息提交到答题框。【1 分】
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 [root@controller ~]# openstack floating ip create ext-net --subnet ext-subnet +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | created_at | 2022-09-03T04:32:48Z | | description | | | fixed_ip_address | None | | floating_ip_address | 172.18.7.101 | | floating_network_id | 2ba422fb-1ad9-4509-b9a4-643b82112ce6 | | id | d896a909-e912-4bd3-9545-4193eb6636b6 | | name | 172.18.7.101 | | port_id | None | | project_id | 4350b89460a148d7bf1b2ae63296a6bd | | qos_policy_id | None | | revision_number | 0 | | router_id | None | | status | DOWN | | subnet_id | 72ec3fbe-05b5-4282-a01a-7f22b1d432ca | | updated_at | 2022-09-03T04:32:48Z | +---------------------+--------------------------------------+ [root@controller ~]# openstack port list +--------------------------------------+------+-------------------+-----------------------------------------------------------------------------+--------+ | ID | Name | MAC Address | Fixed IP Addresses | Status | +--------------------------------------+------+-------------------+-----------------------------------------------------------------------------+--------+ | 165a8658-212f-4d5c-9f57-34e6bfc191fb | | fa:16:3e:af:b7:9b | ip_address='172.18.7.102', subnet_id='72ec3fbe-05b5-4282-a01a-7f22b1d432ca' | ACTIVE | | 268a1196-3f7d-46f7-a253-c5dd35e02d36 | | fa:16:3e:da:05:46 | ip_address='10.0.0.106', subnet_id='95eefbdd-5669-4840-a1e6-2bcd67ae1208' | DOWN | | 2ce34897-ec52-4078-8cb0-698b86ab8150 | | fa:16:3e:42:a4:6a | ip_address='172.18.7.100', subnet_id='72ec3fbe-05b5-4282-a01a-7f22b1d432ca' | ACTIVE | | 7bae72cd-cd60-4507-8390-6ee41294232d | | fa:16:3e:24:e7:d5 | ip_address='172.18.7.101', subnet_id='72ec3fbe-05b5-4282-a01a-7f22b1d432ca' | N/A | | 7db84b25-4b39-4865-9ac0-86331f2f0723 | | fa:16:3e:b9:a4:ba | ip_address='10.0.0.1', subnet_id='95eefbdd-5669-4840-a1e6-2bcd67ae1208' | ACTIVE | | 853035c4-c428-4f3c-b855-bf9fa6909c7e | | fa:16:3e:f7:6c:8b | ip_address='10.0.0.104', subnet_id='95eefbdd-5669-4840-a1e6-2bcd67ae1208' | ACTIVE | | e77ba178-5500-4f8d-b4e9-de61e42dc387 | | fa:16:3e:27:0d:fd | ip_address='10.0.1.100', subnet_id='4a736169-b4e4-4c88-bd7b-b8ea02443fdf' | ACTIVE | | ef84f74d-acef-4eb6-893b-d1dc4996f7f9 | | fa:16:3e:62:af:e0 | ip_address='10.0.0.100', subnet_id='95eefbdd-5669-4840-a1e6-2bcd67ae1208' | ACTIVE | +--------------------------------------+------+-------------------+-----------------------------------------------------------------------------+--------+ [root@controller ~]# openstack floating ip list +--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+ | ID | Floating IP Address | Fixed IP Address | Port | Floating Network | Project | +--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+ | d896a909-e912-4bd3-9545-4193eb6636b6 | 172.18.7.101 | None | None | 2ba422fb-1ad9-4509-b9a4-643b82112ce6 | 4350b89460a148d7bf1b2ae63296a6bd | +--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+ [root@controller ~]# openstack floating ip set 172.18.7.101 --port 853035c4-c428-4f3c-b855-bf9fa6909c7e
11.虚拟机管理 使用 openstack 命令利用 centos7.5 镜像创建一台云主机,连接 int-net1 网 络,云主机名称为 test-02。创建成功后使用命令查看云主机详细信息,确定该 云主机是处于计算节点还是控制节点。如果云主机处于控制节点上请将其冷迁移 到计算节点,如果如果云主机处于计算节点上请将其冷迁移到控制节点。 本题全部流程请使用命令完成,请将全部命令和结果粘贴到答题框。【3 分】
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 [root@controller ~]# openstack server create test-02 --network int-net1 --flavor flavor1 --image cirros +-------------------------------------+------------------------------------------------+ | Field | Value | +-------------------------------------+------------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | | | OS-EXT-SRV-ATTR:host | None | | OS-EXT-SRV-ATTR:hypervisor_hostname | None | | OS-EXT-SRV-ATTR:instance_name | | | OS-EXT-STS:power_state | NOSTATE | | OS-EXT-STS:task_state | scheduling | | OS-EXT-STS:vm_state | building | | OS-SRV-USG:launched_at | None | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | | | adminPass | 4jH8K2fgLce9 | | config_drive | | | created | 2022-09-03T04:53:28Z | | flavor | flavor1 (471938fe-abdd-4ec1-8c59-3f81e703d3c9) | | hostId | | | id | 7c9cc958-b2a1-4b24-bb0a-eb8de9c1612a | | image | cirros (cbfdbd87-71df-4be7-8eb2-6904f781239c) | | key_name | None | | name | test-02 | | progress | 0 | | project_id | 4350b89460a148d7bf1b2ae63296a6bd | | properties | | | security_groups | name='default' | | status | BUILD | | updated | 2022-09-03T04:53:28Z | | user_id | 4aec1580c77d4222964b7947d3239a88 | | volumes_attached | | +-------------------------------------+------------------------------------------------+ [root@controller ~]# openstack server show test-02 +-------------------------------------+----------------------------------------------------------+ | Field | Value | +-------------------------------------+----------------------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | nova | | OS-EXT-SRV-ATTR:host | compute | | OS-EXT-SRV-ATTR:hypervisor_hostname | compute | | OS-EXT-SRV-ATTR:instance_name | instance-00000003 | | OS-EXT-STS:power_state | Running | | OS-EXT-STS:task_state | None | | OS-EXT-STS:vm_state | active | | OS-SRV-USG:launched_at | 2022-09-03T04:53:35.000000 | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | int-net1=10.0.0.103 | | config_drive | | | created | 2022-09-03T04:53:28Z | | flavor | flavor1 (471938fe-abdd-4ec1-8c59-3f81e703d3c9) | | hostId | 2f20d41597d1aadaae23573c0d04d519d2bbad28e3c962ed11f16545 | | id | 7c9cc958-b2a1-4b24-bb0a-eb8de9c1612a | | image | cirros (cbfdbd87-71df-4be7-8eb2-6904f781239c) | | key_name | None | | name | test-02 | | progress | 0 | | project_id | 4350b89460a148d7bf1b2ae63296a6bd | | properties | | | security_groups | name='default' | | status | ACTIVE | | updated | 2022-09-03T04:53:35Z | | user_id | 4aec1580c77d4222964b7947d3239a88 | | volumes_attached | | +-------------------------------------+----------------------------------------------------------+
1 [root@controller ~]# openstack server stop test-02
1 [root@compute ~]# scp -r /var/lib/nova/instances/7c9cc958-b2a1-4b24-bb0a-eb8de9c1612a root@controller:/var/lib/nova/instances/
1 [root@controller ~]# chown -R nova:nova /var/lib/nova/instances/7c9cc958-b2a1-4b24-bb0a-eb8de9c1612a
1 2 3 MariaDB [nova]> update instances set host='controller',node='controller' where uuid='7c9cc958-b2a1-4b24-bb0a-eb8de9c1612a'; Query OK, 1 row affected (0.00 sec) Rows matched: 1 Changed: 1 Warnings: 0
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 [root@controller ~]# openstack server show test-02 +-------------------------------------+----------------------------------------------------------+ | Field | Value | +-------------------------------------+----------------------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | nova | | OS-EXT-SRV-ATTR:host | controller | | OS-EXT-SRV-ATTR:hypervisor_hostname | controller | | OS-EXT-SRV-ATTR:instance_name | instance-00000003 | | OS-EXT-STS:power_state | Shutdown | | OS-EXT-STS:task_state | None | | OS-EXT-STS:vm_state | stopped | | OS-SRV-USG:launched_at | 2022-09-03T04:53:35.000000 | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | int-net1=10.0.0.103 | | config_drive | | | created | 2022-09-03T04:53:28Z | | flavor | flavor1 (471938fe-abdd-4ec1-8c59-3f81e703d3c9) | | hostId | f389bf51bf4a9682dd0667b3a4e643427d68c0f3373c065e3a9e2f15 | | id | 7c9cc958-b2a1-4b24-bb0a-eb8de9c1612a | | image | cirros (cbfdbd87-71df-4be7-8eb2-6904f781239c) | | key_name | None | | name | test-02 | | project_id | 4350b89460a148d7bf1b2ae63296a6bd | | properties | | | security_groups | name='default' | | status | SHUTOFF | | updated | 2022-09-03T05:01:54Z | | user_id | 4aec1580c77d4222964b7947d3239a88 | | volumes_attached | | +-------------------------------------+----------------------------------------------------------+