DevOps学院

DevOps学院

中国新一代IT在线教育平台
运维知识体系

运维知识体系

运维知识体系总结,持续更新,欢迎转载。
缓存知识体系

缓存知识体系

运维知识体系之缓存,分层多级缓存体系。
速云科技

速云科技

DevOps咨询、企业内训、落地解决方案。

2018年12月15日运维技术沙龙【北京站】

寻找运维的下一站-腾讯蓝鲸技术沙龙改变中国运维行业  BLUEKING   活动时间:2018.12.15 13:30~18:00 主办单位:蓝鲸智云 承办单位:DevOps学院 协办单位:元鼎科技 地点:北京市海淀区知春路49号希格玛大厦B1小礼
继续阅读 »
寻找运维的下一站-腾讯蓝鲸技术沙龙改变中国运维行业  BLUEKING
 
活动时间:2018.12.15 13:30~18:00
主办单位:蓝鲸智云
承办单位:DevOps学院
协办单位:元鼎科技
地点:北京市海淀区知春路49号希格玛大厦B1小礼堂
 
 
报名地址:https://www.bagevent.com/event/1292447
 
  收起阅读 »

Linux下常用SNMP OID

1.服务器负载: 1 minute Load: .1.3.6.1.4.1.2021.10.1.3.1 5 minute Load: .1.3.6.1.4.1.2021.10.1.3.2 15 minute Load: .1.3.6.1.4.1.2021.10
继续阅读 »
1.服务器负载:

1 minute Load: .1.3.6.1.4.1.2021.10.1.3.1
5 minute Load: .1.3.6.1.4.1.2021.10.1.3.2
15 minute Load: .1.3.6.1.4.1.2021.10.1.3.3

2.CPU信息:
percentage of user CPU time: .1.3.6.1.4.1.2021.11.9.0
raw user cpu time: .1.3.6.1.4.1.2021.11.50.0
percentages of system CPU time: .1.3.6.1.4.1.2021.11.10.0
raw system cpu time: .1.3.6.1.4.1.2021.11.52.0
percentages of idle CPU time: .1.3.6.1.4.1.2021.11.11.0
raw idle cpu time: .1.3.6.1.4.1.2021.11.53.0
raw nice cpu time: .1.3.6.1.4.1.2021.11.51.0
 
3。内存使用:
Total Swap Size: .1.3.6.1.4.1.2021.4.3.0
Available Swap Space: .1.3.6.1.4.1.2021.4.4.0
Total RAM in machine: .1.3.6.1.4.1.2021.4.5.0
Total RAM used: .1.3.6.1.4.1.2021.4.6.0
Total RAM Free: .1.3.6.1.4.1.2021.4.11.0
Total RAM Shared: .1.3.6.1.4.1.2021.4.13.0
Total RAM Buffered: .1.3.6.1.4.1.2021.4.14.0
Total Cached Memory: .1.3.6.1.4.1.2021.4.15.0

4.硬盘使用:

Path where the disk is mounted: .1.3.6.1.4.1.2021.9.1.2.1
Path of the device for the partition: .1.3.6.1.4.1.2021.9.1.3.1
Total size of the disk/partion (kBytes): .1.3.6.1.4.1.2021.9.1.6.1
Available space on the disk: .1.3.6.1.4.1.2021.9.1.7.1
Used space on the disk: .1.3.6.1.4.1.2021.9.1.8.1
Percentage of space used on disk: .1.3.6.1.4.1.2021.9.1.9.1
Percentage of inodes used on disk: .1.3.6.1.4.1.2021.9.1.10.1


5.系统运行时间:

.1.3.6.1.2.1.1.3.0


6.SNMP System Group:

sysDescr 1.3.6.1.2.1.1.1
sysObjectID 1.3.6.1.2.1.1.2
sysUpTime 1.3.6.1.2.1.1.3
sysContact 1.3.6.1.2.1.1.4
sysName 1.3.6.1.2.1.1.5
sysLocation 1.3.6.1.2.1.1.6
sysServices 1.3.6.1.2.1.1.7








SNMP Interfaces Group:


ifNumber 1.3.6.1.2.1.2.1
ifTable 1.3.6.1.2.1.2.2
ifEntry 1.3.6.1.2.1.2.2.1
ifIndex 1.3.6.1.2.1.2.2.1.1
ifDescr 1.3.6.1.2.1.2.2.1.2
ifType 1.3.6.1.2.1.2.2.1.3
ifMtu 1.3.6.1.2.1.2.2.1.4
ifSpeed 1.3.6.1.2.1.2.2.1.5
ifPhysAddress 1.3.6.1.2.1.2.2.1.6
ifAdminStatus 1.3.6.1.2.1.2.2.1.7
ifOperStatus 1.3.6.1.2.1.2.2.1.8
ifLastChange 1.3.6.1.2.1.2.2.1.9
ifInOctets 1.3.6.1.2.1.2.2.1.10
ifInUcastPkts 1.3.6.1.2.1.2.2.1.11
ifInNUcastPkts 1.3.6.1.2.1.2.2.1.12
ifInDiscards 1.3.6.1.2.1.2.2.1.13
ifInErrors 1.3.6.1.2.1.2.2.1.14
ifInUnknownProtos 1.3.6.1.2.1.2.2.1.15
ifOutOctets 1.3.6.1.2.1.2.2.1.16
ifOutUcastPkts 1.3.6.1.2.1.2.2.1.17
ifOutNUcastPkts 1.3.6.1.2.1.2.2.1.18
ifOutDiscards 1.3.6.1.2.1.2.2.1.19
ifOutErrors 1.3.6.1.2.1.2.2.1.20
ifOutQLen 1.3.6.1.2.1.2.2.1.21
ifSpecific 1.3.6.1.2.1.2.2.1.22




SNMP IP Group


ipForwarding 1.3.6.1.2.1.4.1
ipDefaultTTL 1.3.6.1.2.1.4.2
ipInReceives 1.3.6.1.2.1.4.3
ipInHdrErrors 1.3.6.1.2.1.4.4
ipInAddrErrors 1.3.6.1.2.1.4.5
ipForwDatagrams 1.3.6.1.2.1.4.6
ipInUnknownProtos 1.3.6.1.2.1.4.7
ipInDiscards 1.3.6.1.2.1.4.8
ipInDelivers 1.3.6.1.2.1.4.9
ipOutRequests 1.3.6.1.2.1.4.10
ipOutDiscards 1.3.6.1.2.1.4.11
ipOutNoRoutes 1.3.6.1.2.1.4.12
ipReasmTimeout 1.3.6.1.2.1.4.13
ipReasmReqds 1.3.6.1.2.1.4.14
ipReasmOKs 1.3.6.1.2.1.4.15
ipReasmFails 1.3.6.1.2.1.4.16
ipFragsOKs 1.3.6.1.2.1.4.17
ipFragsFails 1.3.6.1.2.1.4.18
ipFragCreates 1.3.6.1.2.1.4.19
ipAddrTable 1.3.6.1.2.1.4.20
ipAddrEntry 1.3.6.1.2.1.4.20.1
ipAdEntAddr 1.3.6.1.2.1.4.20.1.1
ipAdEntIfIndex 1.3.6.1.2.1.4.20.1.2
ipAdEntNetMask 1.3.6.1.2.1.4.20.1.3
ipAdEntBcastAddr 1.3.6.1.2.1.4.20.1.4
ipAdEntReasmMaxSize 1.3.6.1.2.1.4.20.1.5




SNMP ICMP Group


icmpInMsgs 1.3.6.1.2.1.5.1
icmpInErrors 1.3.6.1.2.1.5.2
icmpInDestUnreachs 1.3.6.1.2.1.5.3
icmpInTimeExcds 1.3.6.1.2.1.5.4
icmpInParmProbs 1.3.6.1.2.1.5.5
icmpInSrcQuenchs 1.3.6.1.2.1.5.6
icmpInRedirects 1.3.6.1.2.1.5.7
icmpInEchos 1.3.6.1.2.1.5.8
icmpInEchoReps 1.3.6.1.2.1.5.9
icmpInTimestamps 1.3.6.1.2.1.5.10
icmpInTimestampReps 1.3.6.1.2.1.5.11
icmpInAddrMasks 1.3.6.1.2.1.5.12
icmpInAddrMaskReps 1.3.6.1.2.1.5.13
icmpOutMsgs 1.3.6.1.2.1.5.14
icmpOutErrors 1.3.6.1.2.1.5.15
icmpOutDestUnreachs 1.3.6.1.2.1.5.16
icmpOutTimeExcds 1.3.6.1.2.1.5.17
icmpOutParmProbs 1.3.6.1.2.1.5.18
icmpOutSrcQuenchs 1.3.6.1.2.1.5.19
icmpOutRedirects 1.3.6.1.2.1.5.20
icmpOutEchos 1.3.6.1.2.1.5.21
icmpOutEchoReps 1.3.6.1.2.1.5.22
icmpOutTimestamps 1.3.6.1.2.1.5.23
icmpOutTimestampReps 1.3.6.1.2.1.5.24
icmpOutAddrMasks 1.3.6.1.2.1.5.25
icmpOutAddrMaskReps 1.3.6.1.2.1.5.26




SNMP TCP Group:


tcpRtoAlgorithm 1.3.6.1.2.1.6.1
tcpRtoMin 1.3.6.1.2.1.6.2
tcpRtoMax 1.3.6.1.2.1.6.3
tcpMaxConn 1.3.6.1.2.1.6.4
tcpActiveOpens 1.3.6.1.2.1.6.5
tcpPassiveOpens 1.3.6.1.2.1.6.6
tcpAttemptFails 1.3.6.1.2.1.6.7
tcpEstabResets 1.3.6.1.2.1.6.8
tcpCurrEstab 1.3.6.1.2.1.6.9
tcpInSegs 1.3.6.1.2.1.6.10
tcpOutSegs 1.3.6.1.2.1.6.11
tcpRetransSegs 1.3.6.1.2.1.6.12
tcpConnTable 1.3.6.1.2.1.6.13
tcpConnEntry 1.3.6.1.2.1.6.13.1
tcpConnState 1.3.6.1.2.1.6.13.1.1
tcpConnLocalAddress 1.3.6.1.2.1.6.13.1.2
tcpConnLocalPort 1.3.6.1.2.1.6.13.1.3
tcpConnRemAddress 1.3.6.1.2.1.6.13.1.4
tcpConnRemPort 1.3.6.1.2.1.6.13.1.5
tcpInErrs 1.3.6.1.2.1.6.14
tcpOutRsts 1.3.6.1.2.1.6.15




SNMP UDP Group


udpInDatagrams 1.3.6.1.2.1.7.1
udpNoPorts 1.3.6.1.2.1.7.2
udpInErrors 1.3.6.1.2.1.7.3
udpOutDatagrams 1.3.6.1.2.1.7.4
udpTable 1.3.6.1.2.1.7.5
udpEntry 1.3.6.1.2.1.7.5.1
udpLocalAddress 1.3.6.1.2.1.7.5.1.1
udpLocalPort 1.3.6.1.2.1.7.5.1.2




SNMP Group:


snmpInPkts 1.3.6.1.2.1.11.1
snmpOutPkts 1.3.6.1.2.1.11.2
snmpInBadVersions 1.3.6.1.2.1.11.3
snmpInBadCommunityNames 1.3.6.1.2.1.11.4
snmpInBadCommunityUses 1.3.6.1.2.1.11.5
snmpInASNParseErrs 1.3.6.1.2.1.11.6
NOT USED 1.3.6.1.2.1.11.7
snmpInTooBigs 1.3.6.1.2.1.11.8
snmpInNoSuchNames 1.3.6.1.2.1.11.9
snmpInBadValues 1.3.6.1.2.1.11.10
snmpInReadOnlys 1.3.6.1.2.1.11.11
snmpInGenErrs 1.3.6.1.2.1.11.12
snmpInTotalReqVars 1.3.6.1.2.1.11.13
snmpInTotalSetVars 1.3.6.1.2.1.11.14
snmpInGetRequests 1.3.6.1.2.1.11.15
snmpInGetNexts 1.3.6.1.2.1.11.16
snmpInSetRequests 1.3.6.1.2.1.11.17
snmpInGetResponses 1.3.6.1.2.1.11.18
snmpInTraps 1.3.6.1.2.1.11.19
snmpOutTooBigs 1.3.6.1.2.1.11.20
snmpOutNoSuchNames 1.3.6.1.2.1.11.21
snmpOutBadValues 1.3.6.1.2.1.11.22
NOT USED 1.3.6.1.2.1.11.23
snmpOutGenErrs 1.3.6.1.2.1.11.24
snmpOutGetRequests 1.3.6.1.2.1.11.25
snmpOutGetNexts 1.3.6.1.2.1.11.26
snmpOutSetRequests 1.3.6.1.2.1.11.27
snmpOutGetResponses 1.3.6.1.2.1.11.28
snmpOutTraps 1.3.6.1.2.1.11.29
snmpEnableAuthenTraps 1.3.6.1.2.1.11.30




应用示例:
查看服务器1分钟平均负载:


snmpwalk -v1 -c public 127.0.0.1  .1.3.6.1.4.1.2021.10.1.3.1
UCD-SNMP-MIB::laLoad.1 = STRING: 0.25




查看服务器当前连接:


snmpwalk -v1 -c public 127.0.0.1  1.3.6.1.2.1.6.13.1.1


TCP-MIB::tcpConnState.0.0.0.0.22.0.0.0.0.0 = INTEGER: listen(2)
TCP-MIB::tcpConnState.0.0.0.0.80.0.0.0.0.0 = INTEGER: listen(2)
TCP-MIB::tcpConnState.0.0.0.0.111.0.0.0.0.0 = INTEGER: listen(2)
TCP-MIB::tcpConnState.0.0.0.0.443.0.0.0.0.0 = INTEGER: listen(2)
TCP-MIB::tcpConnState.0.0.0.0.3306.0.0.0.0.0 = INTEGER: listen(2)
TCP-MIB::tcpConnState.127.0.0.1.25.0.0.0.0.0 = INTEGER: listen(2)
TCP-MIB::tcpConnState.127.0.0.1.199.0.0.0.0.0 = INTEGER: listen(2)
TCP-MIB::tcpConnState.192.168.1.2.22.192.168.1.16.5035 = INTEGER: established(5)
TCP-MIB::tcpConnState.192.168.1.2.22.192.168.1.16.10518 = INTEGER: established(5)
TCP-MIB::tcpConnState.192.168.1.2.22.192.168.1.16.24713 = INTEGER: established(5) --------------------- 收起阅读 »

海外网络运维工程师

薪资:13K-18K ,13薪,老员工有期权奖金 职责范围; 1.负责公司办公业务的正常运行 2.负责公司线上业务的正常运行 岗位要求: 1、熟悉AD/DNS server部署和管理,在系统集成商或者cisco/h3c代理商待个2-3年,有一定的项目经验
继续阅读 »

薪资:13K-18K ,13薪,老员工有期权奖金
职责范围;
1.负责公司办公业务的正常运行
2.负责公司线上业务的正常运行


岗位要求:
1、熟悉AD/DNS server部署和管理,在系统集成商或者cisco/h3c代理商待个2-3年,有一定的项目经验,不然没有好的解决方案,最好在培训机构培训过ccnp 或以上科目。
2、公司有大约100台物理linux服务器,热烈欢迎对linux感兴趣的人员,也是一个方向
3、具备较强的学习能力,沟通能力,应变能力、组织协调能和抗压能力。
4、对工作要负责,主动......为人低调,纯搞技术那种,不要忽悠........
5、可能会有桌面的一些技术支持,主要是应急一下,有负责桌面技术支持的专用人员
  收起阅读 »

Nginx 日志转为Json格式

在早期的版本中,有一种降低 logstash 过滤器的 CPU 负载消耗的做法盛行于社区直接输入预定义好的 JSON 数据,这样就可以省略掉 filter/grok 配置! 这个建议依然有效,不过在当前版本中需要稍微做一点配置变动 —— 因为现在有专门的 co
继续阅读 »
在早期的版本中,有一种降低 logstash 过滤器的 CPU 负载消耗的做法盛行于社区直接输入预定义好的 JSON 数据,这样就可以省略掉 filter/grok 配置!
这个建议依然有效,不过在当前版本中需要稍微做一点配置变动 —— 因为现在有专门的 codec 设置。
[root@linux-node1 ~]# vim /usr/local/nginx/conf/nginx.conf
log_format json '{"@timestamp":"$time_iso8601",'
'"@version":"1",'
'"client":"$remote_addr",'
'"url":"$uri",'
'"status":"$status",'
'"domain":"$host",'
'"host":"$server_addr",'
'"size":$body_bytes_sent,'
'"responsetime":$request_time,'
'"referer": "$http_referer",'
'"ua": "$http_user_agent"'
'}';
access_log logs/access_json.log json;




  收起阅读 »

基于OpenStack构建企业私有云(8)Cinder

控制节点部署 1.Cinder安装[root@linux-node1 ~]# yum install -y openstack-cinder 2.数据库配置[root@linux-node1 ~]# vim /etc/cinder/cinder.conf #
继续阅读 »
控制节点部署

1.Cinder安装
[root@linux-node1 ~]# yum install -y openstack-cinder

2.数据库配置
[root@linux-node1 ~]# vim /etc/cinder/cinder.conf
#在 [database] 部分,配置数据库访问。
connection=mysql+pymysql://cinder:cinder@192.168.56.11/cinder
同步数据库
[root@linux-node1 ~]# su -s /bin/sh -c "cinder-manage db sync" cinder
验证数据库状态
[root@linux-node1 ~]# mysql -h 192.168.56.11 -ucinder -pcinder -e "use cinder;show tables;"

3.Keystone相关配置
[root@linux-node1 ~]# vim /etc/cinder/cinder.conf
[DEFAULT]
auth_strategy=keystone
[keystone_authtoken]
auth_uri = http://192.168.56.11:5000
auth_url = http://192.168.56.11:35357
memcached_servers = 192.168.56.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = cinder

4.RabbitMQ相关配置
[root@linux-node1 ~]# vim /etc/cinder/cinder.conf
[DEFAULT]
transport_url = rabbit://openstack:openstack@192.168.56.11

5.其它配置
[oslo_concurrency] 部分,配置锁路径:
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp

6.配置Nova以使用块设备存储,注意所有
    编辑文件 /etc/nova/nova.conf 并添加如下到其中:
[cinder]
os_region_name = RegionOne

7.重启nova-api服务
[root@linux-node1 ~]# systemctl restart openstack-nova-api.service

8.启动cinder服务,并设置为开机自动启动。
# systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
# systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service

9.Cinder注册Service和Endpoint
# openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
# openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3
# openstack endpoint create --region RegionOne \
volumev2 public http://192.168.56.11:8776/v2/%\(project_id\)s
# openstack endpoint create --region RegionOne \
volumev2 internal http://192.168.56.11:8776/v2/%\(project_id\)s
# openstack endpoint create --region RegionOne \
volumev2 admin http://192.168.56.11:8776/v2/%\(project_id\)s
 
 
# openstack endpoint create --region RegionOne \
volumev3 public http://192.168.56.11:8776/v3/%\(project_id\)s
# openstack endpoint create --region RegionOne \
volumev3 internal http://192.168.56.11:8776/v3/%\(project_id\)s
# openstack endpoint create --region RegionOne \
volumev3 admin http://192.168.56.11:8776/v3/%\(project_id\)s

存储节点配置
对于CentOS环境,默认是已经安装了LVM。如果没有可以使用以下命令安装并启动。
    安装 LVM 包:
[root@linux-node1 ~]# yum install -y lvm2 device-mapper-persistent-data

    启动LVM的metadata服务并且设置该服务随系统启动:
[root@linux-node1 ~]# systemctl enable lvm2-lvmetad.service
[root@linux-node1 ~]# systemctl start lvm2-lvmetad.service

把/dev/sdb创建为LVM的物理卷:
[root@linux-node2 ~]# pvcreate /dev/sdb
Physical volume "/dev/sdb" successfully created


创建名为cinder-volumes的逻辑卷组
[root@linux-node2 ~]# vgcreate cinder-volumes /dev/sdb
Volume group "cinder-volumes" successfully created
[root@linux-node2 ~]# vim /etc/lvm/lvm.conf
    在``devices``部分,添加一个过滤器,只接受``/dev/sdb``设备,拒绝其他所有设备:
    devices {
    ...
    filter = [ "a/sdb/", "r/.*/"]
    filter = [ "a/sda/", "a/sdb/", "r/.*/"]
    filter = [ "a/sda/", "r/.*/"]


存储节点安装

   存储节点安装和控制节点类型,还是分为两步:
1.    软件安装。
2.    从控制节点SCP配置文件。
安装isci-target和cinder
[root@linux-node2 ~]# yum install -y openstack-cinder targetcli python-keystone

同步控制节点配置文件
由于存储节点大多数配置和控制节点相同,可以直接使用控制节点配置好的cinder.conf。再此基础上进行小的变动。
[root@linux-node1 ~]# scp /etc/cinder/cinder.conf 192.168.56.12:/etc/cinder/

设置Cinder后端驱动
[root@linux-node2 ~]# vim /etc/cinder/cinder.conf
[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm
volume_backend_name=iSCSI-Storage

在 [DEFAULT] 部分,启用 LVM 后端:
[DEFAULT]
...
enabled_backends = lvm


[DEFAULT]
glance_api_servers = http://192.168.56.11:9292

启动块存储卷服务及其依赖的服务,并将其配置为随系统启动:
 # systemctl enable openstack-cinder-volume.service target.service
# systemctl start openstack-cinder-volume.service target.service

  收起阅读 »

基于OpenStack创建企业私有云(7)Horizon

1.安装Horizon[root@linux-node2 ~]# yum install -y openstack-dashboard 2.Horizon配置[root@linux-node2 ~]# vim /etc/openstack-dashboard/
继续阅读 »
1.安装Horizon
[root@linux-node2 ~]# yum install -y openstack-dashboard

2.Horizon配置
[root@linux-node2 ~]# vim /etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "192.168.56.11"
#允许所有主机访问
ALLOWED_HOSTS = ['*', ]
#设置API版本
OPENSTACK_API_VERSIONS = {
"identity": 3,
"volume": 2,
"compute": 2,
}
开启多域支持
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
设置默认的域
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default'
#设置Keystone地址
OPENSTACK_HOST = "192.168.56.11"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
#为通过仪表盘创建的用户配置默认的 user 角色
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

#设置Session存储到Memcached
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '192.168.56.11:11211',
}
}
#启用Web界面上修改密码
OPENSTACK_HYPERVISOR_FEATURES = {
'can_set_mount_point': True,
'can_set_password': True,
'requires_keypair': False,
}
#设置时区
TIME_ZONE = "Asia/Shanghai"
#禁用自服务网络的一些高级特性
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}

3.启动服务
[root@linux-node2 ~]# systemctl enable httpd.service
[root@linux-node2 ~]# systemctl restart httpd.service

好的,现在你就可以使用http://192.168.56.12/dashaboard来访问仪表盘了。用户名和密码可以使用admin或者demo。需要你亲自来体验他们到底有什么不同。 收起阅读 »

基于OpenStack构建企业私有云(6)创建第一台云主机

1.创建网络[root@linux-node1 ~]# openstack network create --share --external \ --provider-physical-network provider \ --provider-n
继续阅读 »
1.创建网络
[root@linux-node1 ~]# openstack network create  --share --external \
--provider-physical-network provider \
--provider-network-type flat provider

2.创建子网
[root@linux-node1 ~]# openstack subnet create --network provider \
--allocation-pool start=192.168.56.100,end=192.168.56.200 \
--dns-nameserver 223.5.5.5 --gateway 192.168.56.2 \
--subnet-range 192.168.56.0/24 provider-subnet

3. 创建云主机类型
[root@linux-node1 ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano

4.创建密钥对
[root@linux-node1 ~]# source demo-openstack.sh
[root@linux-node1 ~]# ssh-keygen -q -N ""
[root@linux-node1 ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
[root@linux-node1 ~]# openstack keypair list

5.添加安全组规则
 [root@linux-node1 ~]# openstack security group rule create --proto icmp default
[root@linux-node1 ~]# openstack security group rule create --proto tcp --dst-port 22 default

启动实例
[root@linux-node1 ~]# source demo-openstack.sh
[root@linux-node1 ~]# openstack flavor list

1.查看可用的镜像
[root@linux-node1 ~]# openstack image list

2.查看可用的网络
[root@linux-node1 ~]# openstack network list

3.查看可用的安全组
[root@linux-node1 ~]# openstack security group list

4.创建虚拟机
[root@linux-node1 ~]# openstack server create --flavor m1.nano --image cirros \
--nic net-id=5c4d0706-24cd-4d42-ba78-36a05b6c81c8 --security-group default \
--key-name mykey demo-instance
#注意指定网络的时候需要使用ID,而不是名称

5.查看虚拟机
[root@linux-node1 ~]# openstack server list
[root@linux-node1 ~]# openstack console url show demo-instance


  收起阅读 »

基于OpenStack构建企业私有云(5)Neutron

1.Neutron安装[root@linux-node1 ~]# yum install -y openstack-neutron openstack-neutron-ml2 \ openstack-neutron-linuxbridge ebtables 2
继续阅读 »
1.Neutron安装
[root@linux-node1 ~]# yum install -y openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables

2.Neutron数据库配置
[root@linux-node1 ~]# vim /etc/neutron/neutron.conf
[database]
connection = mysql+pymysql://neutron:neutron@192.168.56.11:3306/neutron

3.Keystone连接配置
[DEFAULT]

auth_strategy = keystone

[keystone_authtoken]
auth_uri = http://192.168.56.11:5000
auth_url = http://192.168.56.11:35357
memcached_servers = 192.168.56.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron

4.RabbitMQ相关设置
[root@linux-node1 ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:openstack@192.168.56.11

5.Neutron网络基础配置
[DEFAULT]
core_plugin = ml2
service_plugins =

6.网络拓扑变化Nova通知配置
[DEFAULT]
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True

[nova]
auth_url = http://192.168.56.11:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova

7.在 [oslo_concurrency] 部分,配置锁路径:
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

8.Neutron ML2配置
[root@linux-node1 ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,gre,vxlan,geneve #支持多选,所以把所有的驱动都选择上。
tenant_network_types = flat,vlan,gre,vxlan,geneve #支持多项,所以把所有的网络类型都选择上。
mechanism_drivers = linuxbridge,openvswitch,l2population #选择插件驱动,支持多选,开源的有linuxbridge和openvswitch
#启用端口安全扩展驱动
extension_drivers = port_security,qos

[ml2_type_flat]
#设置网络提供
flat_networks = provider

[securitygroup]
#启用ipset
enable_ipset = True

9.Neutron Linuxbridge配置
[root@linux-node1 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth0

[vxlan]
#禁止vxlan网络
enable_vxlan = False

[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
enable_security_group = True


10.Neutron DHCP-Agent配置
[root@linux-node1 ~]# vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True


11.Neutron metadata配置
   
[root@linux-node1 ~]# vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = 192.168.56.11

metadata_proxy_shared_secret = unixhot.com

12.Neutron相关配置在nova.conf
[root@linux-node1 ~]# vim /etc/nova/nova.conf
[neutron]
url = http://192.168.56.11:9696
auth_url = http://192.168.56.11:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = unixhot.com

[root@linux-node1 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

同步数据库
[root@linux-node1 ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

13.重启计算API 服务
# systemctl restart openstack-nova-api.service

启动网络服务并配置他们开机自启动。
# systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
# systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service

14.Neutron服务注册
# openstack service create --name neutron --description "OpenStack Networking" network
创建endpoint
# openstack endpoint create --region RegionOne network public http://192.168.56.11:9696
# openstack endpoint create --region RegionOne network internal http://192.168.56.11:9696
# openstack endpoint create --region RegionOne network admin http://192.168.56.11:9696

15.测试Neutron安装
[root@linux-node1 ~]# openstack network agent list

Neutron计算节点部署

安装软件包
 [root@linux-node2 ~]# yum install -y openstack-neutron openstack-neutron-linuxbridge ebtables


1.Keystone连接配置
[root@linux-node2 ~]# vim /etc/neutron/neutron.conf
[DEFAULT]

auth_strategy = keystone

[keystone_authtoken]
auth_uri = http://192.168.56.11:5000
auth_url = http://192.168.56.11:35357
memcached_servers = 192.168.56.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron

2.RabbitMQ相关设置
[root@linux-node2 ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:openstack@192.168.56.11
#请注意是在DEFAULT配置栏目下,因为该配置文件有多个transport_url的配置

3.锁路径
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

4.配置LinuxBridge配置
[root@linux-node1 ~]# scp /etc/neutron/plugins/ml2/linuxbridge_agent.ini 192.168.56.12:/etc/neutron/plugins/ml2/

5.设置计算节点的nova.conf
[root@linux-node2 ~]# vim /etc/nova/nova.conf
[neutron]
url = http://192.168.56.11:9696
auth_url = http://192.168.56.11:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron


重启计算服务
[root@linux-node2 ~]# systemctl restart openstack-nova-compute.service

启动计算节点linuxbridge-agent
[root@linux-node2 ~]# systemctl enable neutron-linuxbridge-agent.service
[root@linux-node2 ~]# systemctl start neutron-linuxbridge-agent.service

在控制节点上测试Neutron安装
[root@linux-node1 ~]# source admin-openstack.sh
[root@linux-node1 ~]# openstack network agent list

看是否有linux-node2.example.com的Linux bridge agent

  收起阅读 »

基于OpenStack构建企业私有云(4)Nova

1.控制节点安装[root@linux-node1 ~]# yum install -y openstack-nova-api openstack-nova-placement-api \ openstack-nova-conductor openstac
继续阅读 »
1.控制节点安装
[root@linux-node1 ~]# yum install -y openstack-nova-api openstack-nova-placement-api \
openstack-nova-conductor openstack-nova-console \
openstack-nova-novncproxy openstack-nova-scheduler

2.数据库配置
[root@linux-node1 ~]# vim /etc/nova/nova.conf
[api_database]
connection= mysql+pymysql://nova:nova@192.168.56.11/nova_api
[database]
connection= mysql+pymysql://nova:nova@192.168.56.11/nova

3.RabbitMQ配置
[root@linux-node1 ~]# vim /etc/nova/nova.conf
[DEFAULT]
transport_url = rabbit://openstack:openstack@192.168.56.11

4.Keystone相关配置
[root@linux-node1 ~]# vim /etc/nova/nova.conf
[api]
auth_strategy=keystone
[keystone_authtoken]
auth_uri = http://192.168.56.11:5000
auth_url = http://192.168.56.11:35357
memcached_servers = 192.168.56.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova

5.关闭Nova的防火墙功能
[DEFAULT]
use_neutron=true
firewall_driver = nova.virt.firewall.NoopFirewallDriver

6.VNC配置
[root@linux-node1 ~]# vim /etc/nova/nova.conf
[vnc]
enabled=true
server_listen = 0.0.0.0
server_proxyclient_address = 192.168.56.11

7.设置glance
[glance]
api_servers = http://192.168.56.11:9292

8.在 [oslo_concurrency] 部分,配置锁路径:
[oslo_concurrency]
lock_path=/var/lib/nova/tmp

9.设置启用的api
[DEFAULT]
enabled_apis=osapi_compute,metadata

10.设置placement
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://192.168.56.11:35357/v3
username = placement
password = placement

11.修改nova-placement-api.conf
[root@linux-node1 ~]# vim /etc/httpd/conf.d/00-nova-placement-api.conf
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
# systemctl restart httpd


12.同步数据库
[root@linux-node1 ~]# su -s /bin/sh -c "nova-manage api_db sync" nova

注册cell0数据库
[root@linux-node1 ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova

13.创建cell1的cell
[root@linux-node1 ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova

14.同步nova数据库
[root@linux-node1 ~]# su -s /bin/sh -c "nova-manage db sync" nova

15.验证cell0和cell1的注册是否正确
[root@linux-node1 ~]# nova-manage cell_v2 list_cells

16.测试数据库同步情况
[root@linux-node1 ~]#mysql -h 192.168.56.11 -unova -pnova -e " use nova;show tables;"
[root@linux-node1 ~]#mysql -h 192.168.56.11 -unova -pnova -e " use nova_api;show tables;"

17.启动Nova Service
# systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service \
openstack-nova-scheduler.service \
openstack-nova-conductor.service \
openstack-nova-novncproxy.service

# systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service \
openstack-nova-scheduler.service openstack-nova-conductor.service \
openstack-nova-novncproxy.service

11.Nova服务注册
# source admin-openstack.sh
# openstack service create --name nova --description "OpenStack Compute" compute
# openstack endpoint create --region RegionOne compute public http://192.168.56.11:8774/v2.1
# openstack endpoint create --region RegionOne compute internal http://192.168.56.11:8774/v2.1
# openstack endpoint create --region RegionOne compute admin http://192.168.56.11:8774/v2.1

# openstack service create --name placement --description "Placement API" placement
# openstack endpoint create --region RegionOne placement public http://192.168.56.11:8778
# openstack endpoint create --region RegionOne placement internal http://192.168.56.11:8778
# openstack endpoint create --region RegionOne placement admin http://192.168.56.11:8778
验证控制节点服务
[root@linux-node1 ~]# openstack host list

计算节点安装
[root@linux-node2 ~]# yum install -y openstack-nova-compute sysfsutils

[root@linux-node1 ~]# scp /etc/nova/nova.conf 192.168.56.12:/etc/nova/nova.conf
[root@linux-node2 ~]# chown root:nova /etc/nova/nova.conf

1.删除多余的数据配置

2.修改VNC配置
计算节点需要监听所有IP,同时设置novncproxy的访问地址
[vnc]
enabled=true
server_listen = 0.0.0.0
server_proxyclient_address = 192.168.56.12
novncproxy_base_url = http://192.168.56.11:6080/vnc_auto.html
3.虚拟化适配
[root@linux-node2 ~]# egrep -c '(vmx|svm)' /proc/cpuinfo
[libvirt]
virt_type=qemu
如果返回的是非0的值,那么表示计算节点服务器支持硬件虚拟化,需要在nova.conf里面设置
[libvirt]
virt_type=kvm

启动nova-compute
# systemctl enable libvirtd.service openstack-nova-compute.service
# systemctl start libvirtd.service openstack-nova-compute.service

验证计算节点
[root@linux-node1 ~]# openstack host list

计算节点加入控制节点
[root@linux-node1 ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova





  收起阅读 »

基于OpenStack构建企业私有云(3)Glance

1.安装Glance[root@linux-node1 ~]# yum install -y openstack-glance 2.Glance数据库配置 Glance-api.conf[root@linux-node1 ~]# vim /etc/glanc
继续阅读 »
1.安装Glance
[root@linux-node1 ~]# yum install -y openstack-glance

2.Glance数据库配置

Glance-api.conf
[root@linux-node1 ~]# vim /etc/glance/glance-api.conf
[database]
connection= mysql+pymysql://glance:glance@192.168.56.11/glance

glance-registry.conf
[root@linux-node1 ~]# vim /etc/glance/glance-registry.conf
[database]
connection= mysql+pymysql://glance:glance@192.168.56.11/glance


3.设置Keystone
[root@linux-node1 ~]# vim /etc/glance/glance-api.conf
[keystone_authtoken]
auth_uri = http://192.168.56.11:5000
auth_url = http://192.168.56.11:35357
memcached_servers = 192.168.56.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance

[paste_deploy]
flavor=keystone

glance-registry.conf配置
[root@linux-node1 ~]# vim /etc/glance/glance-registry.conf
[keystone_authtoken]
auth_uri = http://192.168.56.11:5000
auth_url = http://192.168.56.11:35357
memcached_servers = 192.168.56.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance

[paste_deploy]
flavor=keystone

4.设置Glance镜像存储
[root@linux-node1 ~]# vim /etc/glance/glance-api.conf
[glance_store]
stores = file,http
default_store=file
filesystem_store_datadir=/var/lib/glance/images/

5.同步数据库
[root@linux-node1 ~]# su -s /bin/sh -c "glance-manage db_sync" glance

6.启动Glance服务
# systemctl enable openstack-glance-api.service
# systemctl enable openstack-glance-registry.service
# systemctl start openstack-glance-api.service
# systemctl start openstack-glance-registry.service

7.Glance服务注册
   想要让别的服务可以使用Glance,就需要在Keystone上完成服务的注册。注意需要先source一下admin的环境变量。
[root@linux-node1 ~]# source admin-openstack.sh
# openstack service create --name glance --description "OpenStack Image service" image
# openstack endpoint create --region RegionOne image public http://192.168.56.11:9292
# openstack endpoint create --region RegionOne image internal http://192.168.56.11:9292
# openstack endpoint create --region RegionOne image admin http://192.168.56.11:9292

8.测试Glance状态
[root@linux-node1 ~]# source admin-openstack.sh
[root@linux-node1 ~]# openstack image list

9.Glance镜像
在刚开始实施OpenStack平台阶段,如果没有制作镜像。可以使用一个实验的镜像进行测试,这是一个小的Linux系统。
[root@linux-node1 ~]# cd /usr/local/src
[root@linux-node1 src]# wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img

[root@linux-node1 src]# openstack image create "cirros" --disk-format qcow2 \
--container-format bare --file cirros-0.3.5-x86_64-disk.img --public
[root@linux-node1 src]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| cf154a84-a73a-451b-bcb3-83c98e7c0d3e | cirros | active |
+--------------------------------------+--------+--------+



  收起阅读 »