openstack iaas试题
2020****年全国职业院校技能大赛改革试点赛高职组
“云计算”竞赛赛卷
第一场次题目:OpenStack平台部署与运维
某企业拟使用OpenStack搭建一个企业云平台,以实现资源池化弹性管理、企业应用集中管理、统一安全认证和授权等管理。
系统架构如图1所示,IP地址规划如表1所示。
图1系统架构图
表1 IP地址规划
| 设备名称 | 主机名 | 接口 | IP地址 | 说明 |
|---|---|---|---|---|
| 云服务器1 | Controller | eth0 | 192.168.x.10/24 | Vlan 10 |
| eth1 | 192.168.y.10/24 | Vlan 20 | ||
| 云服务器2 | Compute | eth0 | 192.168.x.20/24 | Vlan 10 |
| eth1 | 192.168.y.20/24 | Vlan 20 | ||
| PC-1 | 本地连接 | 172.24.z.2/24 | Vlan 1 | |
| 交换机 | Vlan 1 | 172.24.z.1/24 | PC机使用 | |
| Vlan 10 | 192.168.x.1/24 | 服务器使用 | ||
| Vlan 20 | 192.168.y.1/24 | 虚拟机使用 |
说明:
1.表中的x,y为vlan号,每人有两个vlan号;z为工位号;
2.根据图表给出的信息,检查硬件连线及网络设备配置,确保网络连接正常;
3.考试所需要的资源包与附件均在考位信息表中给出;
4.竞赛过程中,为确保服务器的安全,请自行修改服务器密码;在考试系统提交信息时,请确认自己的IP地址,用户名和密码。
任务1 基础运维任务(5分)
1.根据表1中的IP地址规划,设置各服务器节点的IP地址,确保网络正常通信,设置云服务器1主机名为Controller,云服务器2主机名为Compute,并修改hosts文件将IP地址映射为主机名,关闭防火墙并设置为开机不启动,设置SELinux为Permissive 模式。
2.将提供的CentOS-7-x86_64-DVD-1804.iso和chinaskill_cloud_iaas.iso光盘镜像上传到Controller节点/root目录下,然后在/opt目录下分别创建centos目录和openstack目录,并将镜像文件CentOS-7-x86_64-DVD-1804.iso挂载到centos目录下,将镜像文件chinaskill_cloud_iaas.iso挂载到openstack目录下。
3.在Controller节点上利用centos目录中的软件包安装vsftp服务器,设置开机自启动,并使用ftp提供yum仓库服务,分别设置controller节点和compute节点的yum源文件ftp.repo,其中ftp服务器地址使用IP形式。
4.在Controller节点上部署chrony服务器,允许其他节点同步时间,启动服务并设置为开机启动;在compute节点上指定controller节点为上游NTP服务器,重启服务并设为开机启动。
5.在compute节点上利用空白分区划分2个100G分区。
任务2 OpenStack搭建任务(10分)
1.在控制节点和计算节点上分别安装quickinstall软件包,根据表2配置脚本文件中基本变量(配置脚本文件为/etc/cloudconfig/openrc.sh)。
表2 云平台配置信息
| 服务名称 | 变量 | 参数/密码 |
|---|---|---|
| Mysql | root | 000000 |
| Keystone | 000000 | |
| Glance | 000000 | |
| Nova | 000000 | |
| Neutron | 000000 | |
| Heat | 000000 | |
| Zun | 000000 | |
| Keystone | DOMAIN_NAME | demo |
| Admin | 000000 | |
| Rabbit | 000000 | |
| Glance | 000000 | |
| Nova | 000000 | |
| Neutron | 000000 | |
| Heat | 000000 | |
| Zun | 000000 | |
| Neutron | Metadata | 000000 |
| External Network | enp9s0(外网卡名) |
2.在controller节点上使用/usr/local/bin/openstack-install-mysql.sh 脚本安装Mariadb、Memcached、etcd服务。
[root@controller ~]# sh /usr/local/bin/openstack-install-mysql.sh
3.在controller节点上使用 /usr/local/bin/openstack-install-keystone.sh 脚本安装Keystone服务。
4.在controller节点上使用/usr/local/bin/openstack-install-glance.sh脚本安装glance 服务。
5.在controller节点和compute节点上分别使用/usr/local/bin/openstack-install-nova -controller.sh脚本、/usr/local/bin/openstack-install-nova-compute.sh脚本安装Nova 服务。
6.在controller节点和compute节点上分别修改/usr/local/bin/openstack-install-neutron -controller.sh脚本、/usr/local/bin/openstack-install-neutron-compute.sh脚本分别安装 Neutron 服务,网络选用vlan模式。
7.在controller节点上使用/usr/local/bin/openstack-install-dashboad.sh脚本安装dashboad服务。
8.在controller节点和compute节点上分别修改/usr/local/bin/openstack-install–cinder -controller.sh脚本、/usr/local/bin/openstack-install -cinder-compute.sh脚本安装cinder服务。
任务3 OpenStack云平台运维(10分)
1.在openstack私有云平台上,基于cirros-0.3.4-x86_64-disk.img镜像,使用命令创建一个名为cirros的镜像。
[root@controller ~]# source /etc/keystone/admin-openrc.sh
[root@controller ~]# glance image-create --name cirros --disk-format qcow2 --container-format bare --file cirros-0.3.4-x86_64-disk.img
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | 443b7623e27ecf03dc9e01ee93f67afe |
| container_format | bare |
| created_at | 2022-03-04T02:17:25Z |
| disk_format | qcow2 |
| id | 782d2e39-4a1d-4b11-9992-b2989f073cdd |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | f641f1ab736249c28b4ccd262bbcc5b7 |
| protected | False |
| size | 12716032 |
| status | active |
| tags | [] |
| updated_at | 2022-03-04T02:17:25Z |
| virtual_size | None |
| visibility | shared |
+------------------+--------------------------------------+
2.在openstack私有云平台上,使用命令创建一个名为Fmin,ID为1,内存为1024 MB,磁盘为10 GB,vcpu数量为1的云主机类型。
[root@controller ~]# source /etc/keystone/admin-openrc.sh
[root@controller ~]# openstack flavor create --id 1 --ram 1024 --disk 10 --vcpus 1 Fmin
+----------------------------+-------+
| Field | Value |
+----------------------------+-------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 10 |
| id | 1 |
| name | Fmin |
| os-flavor-access:is_public | True |
| properties | |
| ram | 1024 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+-------+
[root@controller ~]#
3.在openstack私有云平台上,使用命令创建云主机网络extnet,子网extsubnet,虚拟机浮动 IP 网段为192.168.y.0/24(其中y是vlan号),网关为192.168.y.1,网络使用vlan模式。
[root@controller ~]# openstack network create --provider-network-type vlan --provider-physical-network provider --external extnet
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2022-03-04T02:25:29Z |
| description | |
| dns_domain | None |
| id | 936209e3-a4a4-4440-93b0-1e5d2cd0ce48 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| mtu | 1500 |
| name | extnet |
| port_security_enabled | True |
| project_id | f641f1ab736249c28b4ccd262bbcc5b7 |
| provider:network_type | vlan |
| provider:physical_network | provider |
| provider:segmentation_id | 134 |
| qos_policy_id | None |
| revision_number | 5 |
| router:external | External |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2022-03-04T02:25:29Z |
+---------------------------+--------------------------------------+
[root@controller ~]# openstack subnet create --subnet-range 192.168.20.0/24 --gateway 192.168.20.1 --network extnet extsubnet
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 192.168.20.2-192.168.20.254 |
| cidr | 192.168.20.0/24 |
| created_at | 2022-03-04T02:25:40Z |
| description | |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 192.168.20.1 |
| host_routes | |
| id | d98d0b9b-1c34-4726-991b-4cf848eb63de |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | extsubnet |
| network_id | 936209e3-a4a4-4440-93b0-1e5d2cd0ce48 |
| project_id | f641f1ab736249c28b4ccd262bbcc5b7 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2022-03-04T02:25:40Z |
+-------------------+--------------------------------------+
[root@controller ~]#
4.在openstack私有云平台上,使用命令创建云主机内网intnet,子网inttsubnet,虚拟机子网网段为10.10.x.0/24(其中x是考位号), 网关为10.10.x.1
[root@controller ~]# openstack network create --internal --provider-network-type vxlan intnet
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2022-03-04T02:31:05Z |
| description | |
| dns_domain | None |
| id | c788def4-2829-4b84-9cfe-3583ec3cd8b7 |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| mtu | 1450 |
| name | intnet |
| port_security_enabled | True |
| project_id | f641f1ab736249c28b4ccd262bbcc5b7 |
| provider:network_type | vxlan |
| provider:physical_network | None |
| provider:segmentation_id | 179 |
| qos_policy_id | None |
| revision_number | 2 |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2022-03-04T02:31:05Z |
+---------------------------+--------------------------------------+
[root@controller ~]# openstack subnet create --subnet-range 10.10.20.0/24 --gateway 10.10.20.1 --network intnet intsubnet
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| allocation_pools | 10.10.20.2-10.10.20.254 |
| cidr | 10.10.20.0/24 |
| created_at | 2022-03-04T02:32:21Z |
| description | |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 10.10.20.1 |
| host_routes | |
| id | 1b7e56b7-1365-4b18-8082-c4623a44bbb0 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | intsubnet |
| network_id | c788def4-2829-4b84-9cfe-3583ec3cd8b7 |
| project_id | f641f1ab736249c28b4ccd262bbcc5b7 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2022-03-04T02:32:21Z |
+-------------------+--------------------------------------+
[root@controller ~]#
5.添加名为ext-router的路由器,配置路由接口地址,完成内网子网intsubnet和外部网络extnet的连通
[root@controller ~]# openstack router create ext-router
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | |
| created_at | 2022-03-04T02:34:03Z |
| description | |
| distributed | False |
| external_gateway_info | None |
| flavor_id | None |
| ha | False |
| id | 0b96b68a-06b6-4349-ba29-edead021a775 |
| name | ext-router |
| project_id | f641f1ab736249c28b4ccd262bbcc5b7 |
| revision_number | 1 |
| routes | |
| status | ACTIVE |
| tags | |
| updated_at | 2022-03-04T02:34:03Z |
+-------------------------+--------------------------------------+
[root@controller ~]# openstack router set --external-gateway extnet ext-router
[root@controller ~]# openstack router add subnet ext-router intsubnet
[root@controller ~]#
6.在openstack私有云平台上,基于“cirros”镜像、1vCPU/1G /10G 的flavor、intsubnet的网络,绑定浮动IP,使用命令创建一台虚拟机VM1,启动VM1,并使用PC机能远程登录到VM1。
[root@controller ~]# openstack server create VM1 --flavor Fmin --image cirros --nic net-id=c788def4-2829-4b84-9cfe-3583ec3cd8b7 --security-group 4e7657df-023f-4291-a2f8-abcfa7de8fd8
[root@controller ~]# openstack floating ip create extnet
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| created_at | 2022-03-04T02:41:49Z |
| description | |
| fixed_ip_address | None |
| floating_ip_address | 192.168.20.3 |
| floating_network_id | 936209e3-a4a4-4440-93b0-1e5d2cd0ce48 |
| id | 1f11bce0-f4ea-4614-a590-e46701a42e02 |
| name | 192.168.20.3 |
| port_id | None |
| project_id | f641f1ab736249c28b4ccd262bbcc5b7 |
| qos_policy_id | None |
| revision_number | 0 |
| router_id | None |
| status | DOWN |
| subnet_id | None |
| updated_at | 2022-03-04T02:41:49Z |
+---------------------+--------------------------------------+
[root@controller ~]# openstack server add floating ip VM1 192.168.20.3
# 远程登录实例需要在安全组中开放所有ICMP协议和SSH协议 如下图
# 如果比赛用到命令行创建安全组
# egress是出口 ingress是入口
[root@controller ~]# openstack security group rule create 668e8b7a-2df5-442d-9fed-fb5f1539868c --protocol icmp --ingress --remote-ip 0.0.0.0/0
[root@controller ~]# openstack security group rule create 668e8b7a-2df5-442d-9fed-fb5f1539868c --protocol tcp --dst-port 22 --ingress --remote-ip 0.0.0.0/0
7.在openstack私有云平台上,创建一个名为“lvm”的卷类型,创建1块卷类型为lvm的40G云盘,并附加到虚拟机VM1上。
[root@controller ~]# openstack volume type create lvm
+-------------+--------------------------------------+
| Field | Value |
+-------------+--------------------------------------+
| description | None |
| id | f9ff2d93-9e40-4d6b-8d25-b72672be8a92 |
| is_public | True |
| name | lvm |
+-------------+--------------------------------------+
[root@controller ~]# openstack volume type create lvm
+-------------+--------------------------------------+
| Field | Value |
+-------------+--------------------------------------+
| description | None |
| id | f9ff2d93-9e40-4d6b-8d25-b72672be8a92 |
| is_public | True |
| name | lvm |
+-------------+--------------------------------------+
[root@controller ~]# openstack volume create --size 40 --type lvm lvm
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2022-03-04T03:14:17.000000 |
| description | None |
| encrypted | False |
| id | 7fcd040c-9486-4fae-a001-582133489f0d |
| migration_status | None |
| multiattach | False |
| name | lvm |
| properties | |
| replication_status | None |
| size | 40 |
| snapshot_id | None |
| source_volid | None |
| status | creating |
| type | lvm |
| updated_at | None |
| user_id | 4ae4f0be853d4792808c96921d6f747a |
+---------------------+--------------------------------------+
[root@controller ~]# openstack server add volume VM1 lvm
[root@controller ~]#
8.在虚拟机VM1上,使用附加的云盘,划分为4个10G的分区,创建一个raid 5,其中1个分区作为热备。
9.在Controller节点中编写/root/openstack/deletevm.sh的shell脚本,释放虚拟机VM1,执行脚本完成实例释放。
在这里插入代码片
[root@controller ~]# mkdir openstack
[root@controller ~]# cd openstack/
[root@controller openstack]# cat deletevm.sh
#!/bin/bash
source /etc/keystone/admin-openrc.sh
openstack server shelve VM1
[root@controller openstack]# chmod +x deletevm.sh
10.使用镜像 Openstack-error-1 重建云主机“all-in-one”(账号: root 密码: 000000)。重建后的云主机内有错误的openstack平台,其中有已经创建好的云主机vm-test无法启动,请排除错误,启动vm-test云主机。
# 因没有该镜像所有无法创建模拟,只能给出方案
1.首先到控制节点检查
2.查看glance日志
/var/log/glance/
3.查看/var/lib/glance/下的文件的权限750 所属主和所属者是不是glance
任务4 OpenStack云平台运维开发(10分,本任务只公布考试范围,不公布赛题)
此任务包含2-4个子任务,内容涉及编写Python脚本调用OpenStack API对Openstack云平台进行管理和运维。使用自动化运维工具ansible对云主机进行批量系统配置、批量程序部署、批量运行命令等运维操作。