2023年全国职业院校技能大赛高职组云计算赛项-私有云基础部署

任务 1 私有云服务搭建[5 分]

1.1.1 基础环境配置[0.2 分]

1.控制节点主机名为 controller，设置计算节点主机名为 compute；
2.hosts 文件将 IP 地址映射为主机名。
使用提供的用户名密码，登录提供的 OpenStack 私有云平台，在当前租户下，
使用 CentOS7.9镜像，创建两台云主机，云主机类型使用 4vCPU/12G/100G_50G
类型。当前租户下默认存在一张网卡，自行创建第二张网卡并连接至 controller
和 compute 节点（第二张网卡的网段为 10.10.X.0/24，X 为工位号，不需要创建
路由）。自行检查安全组策略，以确保网络正常通信与 ssh连接，然后按以下要
求配置服务器：
（1）设置控制节点主机名为 controller，设置计算节点主机名为 compute；
（2）修改 hosts 文件将 IP 地址映射为主机名；

1.查看控制节点名字为 controller，查看 hosts 文件中有正确的主机名和 IP 映射计 0.1 分
2.控制节点正确使用两块网卡计 0.1 分

[root@controller ~]# hostnamectl set-hostname controller
[root@compute ~]# hostnamectl set-hostname compute

[root@controller ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.10 controller
192.168.100.20 compute

[root@controller ~]#

1.1.2 Yum 源配置[0.2 分]

使用提供的 http 服务地址，分别设置 controller 节点和 compute 节点的 yum
源文件 http.repo。
使用提供的 http 服务地址，在 http 服务下，存在 centos7.9 和 iaas 的网络
yum 源，使用该 http 源作为安装 iaas 平台的网络源。分别设置 controller 节点和
compute 节点的 yum 源文件 http.repo。

1.查看/etc/yum.repos.d/http.repo 文件，有正确的 baseurl 路径，计 0.2 分

[root@controller ~]# mv /etc/yum.repos.d/* /media/ //把自带的源移除，compute也需要执行此操作
[root@controller ~]# cat /etc/yum.repos.d/http.repo
[centos]
name=centos
baseurl=http://192.168.200.68/opt/centos  //以实际应用为准
gpgcheck=0
enabled=1
[iaas]
name=iaas
baseurl=http://192.168.200.68/opt/iaas-repo //以实际应用为准
gpgcheck=0
enabled=1
[root@controller ~]#
[root@controller ~]# scp /etc/yum.repos.d/http.repo compute:/etc/yum.repos.d/http.repo  //把yum源复制给compute一份

1.1.3 配置无秘钥 ssh[0.2 分]

配置 controller 节点可以无秘钥访问 compute 节点。
配置 controller节点可以无秘钥访问 compute节点，配置完成后，尝试 ssh连
接 compute 节点的 hostname 进行测试。

1.查看控制节点允许计算节点无秘钥登录计 0.2 分

[root@controller ~]# ssh-keygen 
Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:M9sL18aFuSvR9KnJYWm+q9TYFK7/WT5FdNi+VxgwU7I root@controller
The key's randomart image is:
+---[RSA 2048]----+
|            =o.o |
|             =o +|
|            E  =.|
|           ..+. +|
|        S  o=o.oo|
|         =.O*oo.o|
|        o **B+  +|
|         +.+=. = |
|          oo=+o o|
+----[SHA256]-----+
[root@controller ~]#
[root@controller ~]# ssh-copy-id compute
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'compute (10.26.3.201)' can't be established.
ECDSA key fingerprint is SHA256:8GwdWEj3jIRI+LYGPoQJQ3F4DMchLaoo7mfzXBr4yMM.
ECDSA key fingerprint is MD5:6a:8d:f8:b5:40:33:33:13:84:92:2b:7f:4a:5a:87:7c.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

root@compute's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'compute'"
and check to make sure that only the key(s) you wanted were added.

[root@controller ~]# 

1.1.4 基础安装[0.2 分]

在控制节点和计算节点上分别安装 openstack-iaas 软件包。
在控制节点和计算节点上分别安装 openstack-iaas 软件包，根据表 2 配置两个节点脚本文件中的基本变量（配置脚本文件为/etc/openstack/openrc.sh，即密码默认000000）。

1.检查环境变量文件配置正确计 0.2 分

[root@controller ~]# yum install -y openstack-iaas
Loaded plugins: fastestmirror
Determining fastest mirrors
centos                                                                                           | 3.6 kB  00:00:00
iaas                                                                                             | 2.9 kB  00:00:00
Package openstack-iaas-2.0.1-2.noarch already installed and latest version
Nothing to do
[root@controller ~]# sed -i 's/^.//'g /etc/openstack/openrc.sh
#去点第一行的注释符
[root@controller ~]# sed -i 's/PASS=/PASS=000000/'g /etc/openstack/openrc.sh
[root@controller ~]# cat /etc/openstack/openrc.sh 
#--------------------system Config--------------------##
#Controller Server Manager IP. example:x.x.x.x
HOST_IP=192.168.100.10

#Controller HOST Password. example:000000 
HOST_PASS=000000

#Controller Server hostname. example:controller
HOST_NAME=controller

#Compute Node Manager IP. example:x.x.x.x
HOST_IP_NODE=192.168.100.20

#Compute HOST Password. example:000000 
HOST_PASS_NODE=000000

#Compute Node hostname. example:compute
HOST_NAME_NODE=compute

#--------------------Chrony Config-------------------##
#Controller network segment IP.  example:x.x.0.0/16(x.x.x.0/24)
network_segment_IP=192.168.100.0/24

#--------------------Rabbit Config ------------------##
#user for rabbit. example:openstack
RABBIT_USER=openstack

#Password for rabbit user .example:000000
RABBIT_PASS=000000

#--------------------MySQL Config---------------------##
#Password for MySQL root user . exmaple:000000
DB_PASS=000000

#--------------------Keystone Config------------------##
#Password for Keystore admin user. exmaple:000000
DOMAIN_NAME=demo
ADMIN_PASS=000000
DEMO_PASS=000000

#Password for Mysql keystore user. exmaple:000000
KEYSTONE_DBPASS=000000

#--------------------Glance Config--------------------##
#Password for Mysql glance user. exmaple:000000
GLANCE_DBPASS=000000
#Password for Keystore glance user. exmaple:000000
GLANCE_PASS=000000

#--------------------Placement Config----------------------##
#Password for Mysql placement user. exmaple:000000
PLACEMENT_DBPASS=000000

#Password for Keystore placement user. exmaple:000000
PLACEMENT_PASS=000000

#--------------------Nova Config----------------------##
#Password for Mysql nova user. exmaple:000000
NOVA_DBPASS=000000

#Password for Keystore nova user. exmaple:000000
NOVA_PASS=000000

#--------------------Neutron Config-------------------##
#Password for Mysql neutron user. exmaple:000000
NEUTRON_DBPASS=000000

#Password for Keystore neutron user. exmaple:000000
NEUTRON_PASS=000000

#metadata secret for neutron. exmaple:000000
METADATA_SECRET=000000

#External Network Interface. example:eth1
INTERFACE_NAME=eth1

#External Network The Physical Adapter. example:provider
Physical_NAME=provider

#First Vlan ID in VLAN RANGE for VLAN Network. exmaple:101
minvlan=1

#Last Vlan ID in VLAN RANGE for VLAN Network. example:200
maxvlan=200

#--------------------Cinder Config--------------------##
#Password for Mysql cinder user. exmaple:000000
CINDER_DBPASS=000000

#Password for Keystore cinder user. exmaple:000000
CINDER_PASS=000000

#Cinder Block Disk. example:md126p3
BLOCK_DISK=vdb1

#--------------------Swift Config---------------------##
#Password for Keystore swift user. exmaple:000000
SWIFT_PASS=000000

#The NODE Object Disk for Swift. example:md126p4.
OBJECT_DISK=vdb2

#The NODE IP for Swift Storage Network. example:x.x.x.x.
STORAGE_LOCAL_NET_IP=10.26.3.201

#--------------------Trove Config----------------------##
#Password for Mysql trove user. exmaple:000000
TROVE_DBPASS=000000
#Password for Keystore trove user. exmaple:000000
TROVE_PASS=000000

#--------------------Heat Config----------------------##
#Password for Mysql heat user. exmaple:000000
HEAT_DBPASS=000000

#Password for Keystore heat user. exmaple:000000
HEAT_PASS=000000

#--------------------Ceilometer Config----------------##
#Password for Gnocchi ceilometer user. exmaple:000000
CEILOMETER_DBPASS=000000

#Password for Keystore ceilometer user. exmaple:000000
CEILOMETER_PASS=000000

#--------------------AODH Config----------------##
#Password for Mysql AODH user. exmaple:000000
AODH_DBPASS=000000

#Password for Keystore AODH user. exmaple:000000
AODH_PASS=000000
#--------------------ZUN Config----------------##
#Password for Mysql ZUN user. exmaple:000000
ZUN_DBPASS=000000

#Password for Keystore ZUN user. exmaple:000000
ZUN_PASS=000000

#Password for Keystore KURYR user. exmaple:000000
KURYR_PASS=000000

#--------------------OCTAVIA Config----------------##
#Password for Mysql OCTAVIA user. exmaple:000000
OCTAVIA_DBPASS=000000

#Password for Keystore OCTAVIA user. exmaple:000000
OCTAVIA_PASS=000000

#--------------------Manila Config----------------##
#Password for Mysql Manila user. exmaple:000000
MANILA_DBPASS=000000

#Password for Keystore Manila user. exmaple:000000
MANILA_PASS=000000

#The NODE Object Disk for Manila. example:md126p5.
SHARE_DISK=vdb3

#--------------------Cloudkitty Config----------------##
#Password for Mysql Cloudkitty user. exmaple:000000
CLOUDKITTY_DBPASS=000000

#Password for Keystore Cloudkitty user. exmaple:000000
CLOUDKITTY_PASS=000000

#--------------------Barbican Config----------------##
#Password for Mysql Barbican user. exmaple:000000
BARBICAN_DBPASS=000000

#Password for Keystore Barbican user. exmaple:000000
BARBICAN_PASS=000000
###############################################################
#####在vi编辑器中执行:%s/^.\{1\}//  删除每行前1个字符(#号)#####
###############################################################
[root@controller ~]#
[root@controller ~]# scp /etc/openstack/openrc.sh compute:/etc/openstack/openrc.sh //将配置文件复制给compute一份

• compute磁盘分区

  [root@compute ~]# fdisk /dev/vdb
  Welcome to fdisk (util-linux 2.23.2).
  
  Changes will remain in memory only, until you decide to write them.
  Be careful before using the write command.
  
  Device does not contain a recognized partition table
  Building a new DOS disklabel with disk identifier 0xe2e054cd.
  
  Command (m for help): n
  Partition type:
   p   primary (0 primary, 0 extended, 4 free)
   e   extended
  Select (default p): 
  Using default response p
  Partition number (1-4, default 1): 
  First sector (2048-41943039, default 2048): 
  Using default value 2048
  Last sector, +sectors or +size{K,M,G} (2048-41943039, default 41943039): +5G
  Partition 1 of type Linux and of size 5 GiB is set
  
  Command (m for help): n
  Partition type:
   p   primary (1 primary, 0 extended, 3 free)
   e   extended
  Select (default p): 
  Using default response p
  Partition number (2-4, default 2): 
  First sector (10487808-41943039, default 10487808): 
  Using default value 10487808
  Last sector, +sectors or +size{K,M,G} (10487808-41943039, default 41943039): +5G
  Partition 2 of type Linux and of size 5 GiB is set
  
  Command (m for help): n
  Partition type:
   p   primary (2 primary, 0 extended, 2 free)
   e   extended
  Select (default p): 
  Using default response p
  Partition number (3,4, default 3): 
  First sector (20973568-41943039, default 20973568): 
  Using default value 20973568
  Last sector, +sectors or +size{K,M,G} (20973568-41943039, default 41943039): +5G
  Partition 3 of type Linux and of size 5 GiB is set
  
  Command (m for help): p
  
  Disk /dev/vdb: 21.5 GB, 21474836480 bytes, 41943040 sectors
  Units = sectors of 1 * 512 = 512 bytes
  Sector size (logical/physical): 512 bytes / 512 bytes
  I/O size (minimum/optimal): 512 bytes / 512 bytes
  Disk label type: dos
  Disk identifier: 0xe2e054cd
  
   Device Boot      Start         End      Blocks   Id  System
  /dev/vdb1            2048    10487807     5242880   83  Linux
  /dev/vdb2        10487808    20973567     5242880   83  Linux
  /dev/vdb3        20973568    31459327     5242880   83  Linux
  
  Command (m for help): w
  The partition table has been altered!
  
  Calling ioctl() to re-read partition table.
  Syncing disks.
  [root@compute ~]# 

1.1.5 数据库安装与调优[0.5 分]

在控制节点上使用安装 Mariadb、RabbitMQ 等服务。并进行相关操作。在 controller 节点上使用 iaas-install-mysql.sh 脚本安装 Mariadb、Memcached、RabbitMQ 等服务。安装服务完毕后，修改/etc/my.cnf 文件，完成下列要求：
1.设置数据库支持大小写；
2.设置数据库缓存 innodb 表的索引，数据，插入数据时的缓冲为 4G；
3.设置数据库的 log buffer 为 64MB；
4.设置数据库的 redo log 大小为 256MB；
5.设置数据库的 redo log 文件组为 2。
6.修改 Memcached 的相关配置，将内存占用大小设置为 512MB，调整最大
连接数参数为 2048；
7.调整 Memcached 的数据摘要算法（hash）为 md5；

1.检查数据库和 memcached 配置正确计 0.5 分

[root@controller ~]# iaas-pre-host.sh
[root@compute ~]# iaas-pre-host.sh
//执行完毕后根据提示重新连接终端
[root@controller ~]# iaas-install-mysql.sh //使用脚本安装mysql等服务
//安装完成后在/etc/my.cnf配置文件的[mysqld]下添加以下配置项
lower_case_table_names = 1
innodb_buffer_pool_size = 4G
innodb_log_buffer_size = 64M
innodb_log_file_size = 256M
innodb_log_files_in_group = 2
[root@controller ~]# systemctl restart mariadb //重启数据库服务
[root@controller ~]#
[root@controller ~]# cat /etc/sysconfig/memcached 
PORT="11211"
USER="memcached"
MAXCONN="2048"
CACHESIZE="512"
OPTIONS="-l 127.0.0.1,::1,controller"
hash_algorithm=md5
[root@controller ~]# 
[root@controller ~]# systemctl restart memcached

1.1.6 Keystone 服务安装与使用[0.5 分]

在控制节点上安装 Keystone 服务并创建用户。
在 controller 节点上使用 iaas-install-keystone.sh 脚本安装 Keystone 服务。然后创建OpenStack域210Demo，其中包含Engineering与Production项目，
在域 210Demo 中创建组 Devops，其中需包含以下用户：
1.Robert 用户是 Engineering 项目的用户（member）与管理员（admin），email 地址为：Robert@lab.example.com。
2.George 用户是 Engineering 项目的用户（member），email 地址为：George@lab.example.com。
3.William 用户是 Production 项目的用户（member）与管理员（admin），email 地址为：William@lab.example.com。
4.John 用户是 Production 项目的用户（ member ） ， email 地址为：John@lab.example.com。

1.检查平台中的 210Demo 域中是否有题目所需的用户与项目，正确计 0.5 分

[root@controller ~]# iaas-install-keystone.sh //安装keystone服务
[root@controller ~]# 
[root@controller ~]# openstack domain create 210Demo
[root@controller ~]# openstack project create Engineering --domain 210Demo
[root@controller ~]# openstack project create Production --domain 210Demo
[root@controller ~]# openstack user create Robert --domain 210Demo --project-domain 210Demo --project Engineering --email Robert@lab.example.com
[root@controller ~]# openstack role add --user Robert --user-domain 210Demo --project Engineering --project-domain 210Demo admin
[root@controller ~]# openstack role add --user Robert --user-domain 210Demo --project Engineering --project-domain 210Demo member
[root@controller ~]# openstack user create George --domain 210Demo --project-domain 210Demo --project Engineering --email George@lab.example.com
[root@controller ~]# openstack role add --user George --user-domain 210Demo --project Engineering --project-domain 210Demo member
[root@controller ~]# openstack user create William --domain 210Demo --project-domain 210Demo --project Production --email William@lab.example.com
[root@controller ~]# openstack role add --user William --user-domain 210Demo --project Production --project-domain 210Demo member
[root@controller ~]# openstack role add --user William --user-domain 210Demo --project Production --project-domain 210Demo admin
[root@controller ~]# openstack user create John --domain 210Demo --project-domain 210Demo --project Production --email John@lab.example.com
[root@controller ~]# openstack role add --user John --user-domain 210Demo --project Production --project-domain 210Demo member
[root@controller ~]# openstack group create --domain 210Demo devops
[root@controller ~]# openstack group add user --group-domain 210Demo --user-domain 210Demo devops Robert
[root@controller ~]# openstack group add user --group-domain 210Demo --user-domain 210Demo devops George
[root@controller ~]# openstack group add user --group-domain 210Demo --user-domain 210Demo devops William
[root@controller ~]# openstack group add user --group-domain 210Demo --user-domain 210Demo devops John
[root@controller ~]# 

1.1.7 Glance 安装与使用[0.5 分]

在控制节点上安装 Glance 服务。上传镜像至平台，并设置镜像启动的要求参数。在 controller 节点上使用 iaas-install-glance.sh 脚本安装 glance 服务。然后使用提供的coreos_production_pxe.vmlinuz 镜像（该镜像为 Ironic Deploy 镜像，是一个 AWS 内核格式的镜像，在 OpenStack Ironic 裸金属服务时需要用到）上传到 OpenStack 平台中，命名为 deploy-vmlinuz。

1.检查 glance 服务安装正确计 0.1 分
2.检查 deploy-vmlinuz 镜像内核格式正确计 0.4 分

[root@controller ~]# iaas-install-glance.sh //安装glance服务
[root@controller ~]# source /etc/keystone/admin-openrc.sh 
[root@controller ~]# glance image-create --name deploy-vmlinuz --file coreos_production_pxe.vmlinuz --disk-format aki --container-format aki --progress

1.1.8 Nova 安装与优化[0.5 分]

在控制节点和计算节点上分别安装 Nova 服务。安装完成后，完成 Nova 相关配置。在 controller 节点和 compute 节点上分别使用 iaas-install-placement.sh 脚本、iaas-install-nova -controller.sh 脚本、iaas-install-nova-compute.sh 脚本安装 Nova 服务。在 OpenStack 中，修改相关配置文件，修改调度器规则采用缓存调度器，缓存主机信息，提升调度时间。

1.检查 nova 服务调度器配置正确计 0.5 分

[root@controller ~]# iaas-install-placement.sh
[root@controller ~]# iaas-install-nova-controller.sh 
[root@compute ~]# iaas-install-nova-compute.sh
[root@controller ~]# vi /etc/nova/nova.conf

driver=caching_scheduler

1.1.9 Neutron 安装[0.2 分]

在控制和计算节点上正确安装 Neutron 服务。使用提供的脚本 iaas-install-neutron-controller.sh 和 iaas-install-neutroncompute.sh，在 controller 和 compute 节点上安装 neutron 服务。

1.检查 neutron 服务安装正确计 0.1 分
2.检查 neutron 服务的 linuxbridge 网桥服务启动正确计 0.1 分

[root@controller ~]# iaas-install-neutron-controller.sh
[root@compute~]# iaas-install-neutron-compute.sh

1.1.10 Dashboard 安装[0.5 分]

在控制节点上安装 Dashboard 服务。安装完成后，将 Dashboard 中的 Django数据修改为存储在文件中。在controller节点上使用iaas-install-dashboad.sh脚本安装Dashboard服务。安装完成后，修改相关配置文件，完成下列两个操作：
1.使得登录 Dashboard 平台的时候不需要输入域名；
2.将 Dashboard 中的 Django 数据修改为存储在文件中。

1.检查 Dashboard 服务中 Djingo 数据修改为存储在文件中配置正确计 0.2 分
2.检查 Dashboard 服务中登陆平台不输入域名配置正确计 0.3 分

[root@controller ~]# iaas-install-dashboard.sh
[root@controller ~]# vi /etc/openstack-dashboard/local_settings

SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
改为
SESSION_ENGINE = 'django.contrib.sessions.backends.file'

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
改为
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False