CL201 classroom notes - the road to RCHA certification - OpenStack DAY ONE - PM

Keywords: Operation & Maintenance Docker OpenStack

DAY ONE - PM

There are two ways to modify the container configuration file:

  1. Log in to DOCKER and modify the corresponding configuration file

    [root@controller0 ~] docker exec -it keystone bash
    ()[root@controller0 /] vi /etc/keystone/keystone.conf
    
  2. Log in to controller0 to modify the configuration of container mapping. The following directory is the mapping directory of docker configuration file, and the docker directory corresponds to the running docker name

cd /var/lib/config-data/puppet-generated/

View the ip address of the dashboard (docker:horizon)

(undercloud) [stack@director ~]$ cat overcloudrc
# Clear any old environment that may conflict.
for key in $( set | awk '{FS="="}  /^OS_/ {print $1}' ); do unset $key ; done
export OS_NO_CACHE=True
export COMPUTE_API_VERSION=1.1
export OS_USERNAME=admin
export no_proxy=,172.25.250.50,172.25.249.50
export OS_USER_DOMAIN_NAME=Default
export OS_VOLUME_API_VERSION=3
export OS_CLOUDNAME=overcloud
export OS_AUTH_URL=http://172.25.250.50:5000//v3 # access to the Internet is keystone and dashboard IP
export NOVA_VERSION=1.1
export OS_IMAGE_API_VERSION=2
export OS_PASSWORD=redhat                        #
export OS_PROJECT_DOMAIN_NAME=Default
export OS_IDENTITY_API_VERSION=3
export OS_PROJECT_NAME=admin
export OS_AUTH_TYPE=password
export PYTHONWARNINGS="ignore:Certificate has no, ignore:A true SSLContext object is not available"

# Add OS_CLOUDNAME to PS1
if [ -z "${CLOUDPROMPT_ENABLED:-}" ]; then
    export PS1=${PS1:-""}
    export PS1=\${OS_CLOUDNAME:+"(\$OS_CLOUDNAME)"}\ $PS1
    export CLOUDPROMPT_ENABLED=1
fi

During the exam, I won't tell the dashboard's IP address: export OS_AUTH_URL=http://172.25.250.50:5000//v3

User name: export OS_USERNAME=admin

Password: export OS_PASSWORD=redhat

  1. Look at the IP address of the overcloud RC file.

  2. dashboard container name: horizon, on controller0

  3. Most of them will encounter during the exam. They can't visit and open it. You need to restart the horizon container. Or after modifying horizon, you also need to restart docker.

    Instruction: docker restart horizon

Exercise: viewing the underground architecture

The special user heat admin is a secret free user. sudo -i can directly switch to root.

Note: the status of all containers except swift container should be normal.

About network view commands

(undercloud) [stack@director ~]$ openstack subnet list
+--------------------------------------+---------------------+--------------------------------------+-----------------+
| ID                                   | Name                | Network                              | Subnet          |
+--------------------------------------+---------------------+--------------------------------------+-----------------+
| 1653cf28-1da7-4bb7-b060-872a0da6c0d1 | external_subnet     | 444ad6f9-7ad8-43d6-a825-37ff9cbc63c5 | 172.25.250.0/24 |
| 243a4564-e344-4d80-9eeb-972287a4b8ae | management_subnet   | 37a81453-9f5e-415d-90e5-14bdb1858806 | 172.24.5.0/24   |
| 30e75947-64c2-4961-9b49-67b066e54fe8 | internal_api_subnet | 60c574f1-cb7d-4f37-8dd6-4f76a2d0218c | 172.24.1.0/24   |
| 45dce459-6e9d-40dc-a4d5-ef2e91de6ec7 | ctlplane-subnet     | 2c9cee9a-e797-462e-ba76-efaa564b7b7f | 172.25.249.0/24 |
| be6d8ef9-ea6a-436f-a1f7-2d085336667c | storage_mgmt_subnet | 7029b988-a1a2-405d-9809-d051c8a726d8 | 172.24.4.0/24   |
| d551f63e-d144-4c0a-8a1b-8892aa40ae78 | tenant_subnet       | d1cc495b-dda5-4c0e-812a-bd79708716d4 | 172.24.2.0/24   |
| f8b997e4-f5f5-46ac-92a2-079340aa0dde | storage_subnet      | 352efe55-3af2-4e26-abf6-6f2d388c6a1a | 172.24.3.0/24   |
+--------------------------------------+---------------------+--------------------------------------+-----------------+
(undercloud) [stack@director ~]$ openstack subnet show external_subnet
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| allocation_pools  | 172.25.250.60-172.25.250.99          |
| cidr              | 172.25.250.0/24                      |
| created_at        | 2018-10-23T13:55:27Z                 |
| description       |                                      |
| dns_nameservers   |                                      |
| enable_dhcp       | False                                |
| gateway_ip        | 172.25.250.254                       |
| host_routes       |                                      |
| id                | 1653cf28-1da7-4bb7-b060-872a0da6c0d1 |
| ip_version        | 4                                    |
| ipv6_address_mode | None                                 |
| ipv6_ra_mode      | None                                 |
| name              | external_subnet                      |
| network_id        | 444ad6f9-7ad8-43d6-a825-37ff9cbc63c5 |
| project_id        | f50fbd0341134b97a5a735cca5d6255c     |
| revision_number   | 0                                    |
| segment_id        | None                                 |
| service_types     |                                      |
| subnetpool_id     | None                                 |
| tags              |                                      |
| updated_at        | 2018-10-23T13:55:27Z                 |
+-------------------+--------------------------------------+

Practice command

  1. openstack subnet list – > view self network information:
  2. openstack subnet show external_subnet – > view self network details
  3. docker images – > lists the images used to create the server;
  4. docker inspect – > inspect containers
  5. docker logs – > check the keystone startup log file;
  6. Docker exec – > determine the status of OpenStack server in Keystone container: docker exec -it keystone /openstack/healthcheck;
  7. docker stop – > stop the container;

Describe OVERCLOUD

Openstack core components

Private management platform - > IAAs management platform

OpenStack core services on the controller node

Component nameeffectdescribe
★ keystoneAuthenticationAll components require authentication
★ glanceMirror serviceVirtual machine image startup
★ novaCore computing services controller and computeRole of control node: resource management and scheduling
heatlayoutTemplate, batch creation of host and Application
swiftObject storageDefault 3 copy
cinderBlock storageAdditional storage, formatting required
★ neutronnetwork serviceIt is equivalent to public cloud VPC SDN, virtual network, subnet, router and firewall
mysql/mariadbdatabase
RabbitMQMessage queueMessaging services provide internal communication between a variety of OpenStack services.
ceilmetercharging
manilaShared file system service
octaviaLoad balancing service
gnocchiIndicator serviceProvide intelligent analysis of cloud usage, billing, placement, refund and capacity planning.
mistralWorkflow services
redisMemory database
memcachedCache database
pacemakerCluster softwareKey services and components are clustered.
noVNCTerminal software consoleAccess complex graphical SPICE (equivalent to RDP)

Operation on OVERCLOUD

openstack user list – > each component corresponds to a keystone user;

Create virtual machine

  1. Create project

  2. Divide resources to project

  3. Create a user, assign it to the project, and select a role

  4. What resources are needed to create an instance? Image, private network, specification (vcpu\mem\storage), security group and keypair (OpenStack can only log in with key), public network address (floating ip).

    Operation: select – > amdin – > project – > create project - > create user at the top

    Login user1 - > image – > create image – > first select – > amdin - > flavor - > own network - > create router - > Add interface - > Security Group - > Add Rule - > compute - > keypairs - > instance - > Manage floating IP Associates - > view log - > SSH - I key1.pem cloud- user@172.25.250.X

    Configure the overcloud RC file, CP overcloud RC overcloud rc-user1, and modify the OS_PROJECT_NAME=project1,OS_USERNAME=user1, verify openstack server list

Image address: osp-small.qcow2 in materials.example.com, and download it to the current host

wget http://materials.example.com/osp-small.qcow2

View image details

[root@foundation9 ~]# qemu-img info osp-small.qcow2
image: osp-small.qcow2
file format: qcow2
virtual size: 10G (10737418240 bytes)
disk size: 1.5G
cluster_size: 65536
Format specific information:
 compat: 0.10
 refcount bits: 16

The private network does not have a gateway. DHCP must be enabled. Don't forget to build virtual routers internally and externally

Change the key permission to 600, otherwise you may log in and prompt for key security, * * refuse to log in * *.

[root@foundation9 Downloads]# ssh -i user-bash: warning: setlocale: LC_CTYPE: cannot change locale (zh_CN.UTF-8)
-bash: warning: setlocale: LC_CTYPE: cannot change locale (zh_CN.UTF-8)
1-key1.pem cloud-user@172.25.250.108
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for 'user1-key1.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "user1-key1.pem": bad permissions
cloud-user@172.25.250.108: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
[root@foundation9 Downloads]# chmod 600 user1-key1.pem
[root@foundation9 Downloads]# ssh -i user1-key1.pem cloud-user@172.25.250.108
[cloud-user@user1-instance1 ~]$

create volume

Volume - > create volume - > Manage attachment - > OS: format

Attachment storage: after the instance is deleted, the additional storage still exists and can be loaded into the new instance.

Chapter 2 openstack control plane

keystone service three elements

  1. user
  2. service
  3. Terminal

Common instructions

Openstack catalog list – lists the endpiont of each service

There are 3 url addresses:

1. Public (Internet address);

2. internal (intranet address);

3. admin (Network Management)

(overcloud) [stack@director ~]$ openstack catalog list
+------------+----------------+------------------------------------------------------------------------------+
| Name       | Type           | Endpoints                                                                    |
+------------+----------------+------------------------------------------------------------------------------+
| cinderv2   | volumev2       | regionOne                                                                    |
|            |                |   internal: http://172.24.1.50:8776/v2/42eecbfbaf684f909abfe5304434fc77      |
|            |                | regionOne                                                                    |
|            |                |   admin: http://172.24.1.50:8776/v2/42eecbfbaf684f909abfe5304434fc77         |
|            |                | regionOne                                                                    |
|            |                |   public: http://172.25.250.50:8776/v2/42eecbfbaf684f909abfe5304434fc77      |
|            |                |                                                                              |
| octavia    | load-balancer  | regionOne                                                                    |
|            |                |   public: http://172.25.250.50:9876                                          |
|            |                | regionOne                                                                    |
|            |                |   admin: http://172.24.1.50:9876                                             |
|            |                | regionOne                                                                    |
|            |                |   internal: http://172.24.1.50:9876                                          |
|            |                |                                                                              |
| cinderv3   | volumev3       | regionOne                                                                    |
|            |                |   public: http://172.25.250.50:8776/v3/42eecbfbaf684f909abfe5304434fc77      |
|            |                | regionOne                                                                    |
|            |                |   internal: http://172.24.1.50:8776/v3/42eecbfbaf684f909abfe5304434fc77      |
|            |                | regionOne                                                                    |
|            |                |   admin: http://172.24.1.50:8776/v3/42eecbfbaf684f909abfe5304434fc77         |

Message queue RabbitMQ

Test content: create and launch.

concept

  1. binding key: parameters of the filter
  2. exchange: information metadata, which publishes the generated by the application to the message routing queue.
  3. routing key: applies the specified message metadata (keyword).

Common centralized message queues

Direct (default)The user subscribes to a queue and associates it with a binding key. The server sets the routing key and binding key to associate with the queue subscribed by the user. (exact match)
TopicThe queue subscribed by the user has wildcards (generalized), and the server can send data to the corresponding queue. (partial matching)
FanoutMessage broadcast all subscribed queue s, regardless of whether the routing key and binding key match. There is no routing key. (broadcast)
HeaderUse the header feature of the message to bind the queue. (message header information)

How to manage and create RabbitMQ

Log in to controller0 and execute the RabbitMQ command

[root@controller0 ~] docker exec -it rabbitmq-bundle-docker-0 bash
rabbitmqctl help
()[root@controller0 /] rabbitmqctl list_users
Listing users
guest	[administrator]

Test site:

Tracking RabbitMQ messages: a built-in function. When this function is enabled, all messages entering RabbitMQ will be copied to amq.rabbitmq.tarce exchange. It is convenient for users to analyze messages. The instruction rabbitmqctl trace_on

P97 exercise in the book, exam example: create a rabbitmq user ash with a password of redhat. The user can create, operate and query RabbitMQ queues and exchanges.

Assign the administrator role, specify permissions, and start trace_on.

[root@controller0 ~] docker exec -it rabbitmq-bundle-docker-0 bash
()[root@controller0 /] rabbitmqctl add_user ash redhat
Creating user "ash"
()[root@controller0 /] rabbitmqctl set_permissions ash ".*" ".*" ".*"
Setting permissions for user "ash" in vhost "/"
()[root@controller0 /] rabbitmqctl set_user_tags ash administrator
Setting tags for user "ash" to [administrator]
()[root@controller0 /] rabbitmqctl list_users
Listing users
ash	[]
guest	[administrator]
()[root@controller0 /] rabbitmqctl trace_on
Starting tracing for vhost "/"

Accessing VM flowchart using VNC

Close OpenStack

  1. Close all instances on the overcloud openstack server list -- all projects openstack server stop ID
  2. Turn off the poweroff of the undercloud compute node
  3. Close the poweroff of the underlying cloud control node
  4. Close the control parameter ceph osd set noout ceph osd set norecover ceph osd set norebalance ceph osd set nobackfill ceph osd set nodown ceph osd set pause stored on controller0
  5. Close ceph0
  6. Storage node poweroff
  7. Close controller0 cluster pcs cluster stop – all poweroff
  8. Close director poweroff

Test example: query redis service password

ssh controller0
docker exec -it redis-bundle-docker-0 bash
cat /etc/redis.conf |grep -i pass

Posted by adx on Sat, 20 Nov 2021 12:53:54 -0800