[root@minikube ~]# minikube start --driver=docker
[root@minikube ~]# minikube config set driver docker
[root@minikube ~]# minikube kubectl -- get po -A
[root@minikube ~]# kubectl get po -A
[root@controller ~]# cp kuryr-kubernetes/devstack/local.conf.sample devstack/local.conf
[root@controller ~]# cat devstack/local.conf
# Credentials
ADMIN_PASSWORD=tera123
DATABASE_PASSWORD=tera123
RABBIT_PASSWORD=tera123
SERVICE_PASSWORD=tera123
SERVICE_TOKEN=tera123
# Enable Keystone v3
IDENTITY_API_VERSION=3
# In pro of speed and being lightweight, we will be explicit in regards to
# which services we enable
SERVICE_HOST=192.168.4.220
MYSQL_HOST=192.168.4.220
RABBIT_HOST=192.168.4.220
GLANCE_HOSTPORT=192.168.4.220:9292
Q_HOST=192.168.4.220
KEYSTONE_AUTH_HOST=192.168.4.220
KEYSTONE_SERVICE_HOST=192.168.4.220
CEILOMETER_BACKEND=mongodb
DATABASE_TYPE=mysql
ENABLED_SERVICES=n-cpu,n-net,n-api-meta,c-vol
[root@controller ~]# vi devstack/stack.sh
SUPPORTED_DISTROS="bionic|focal|f31|f32|opensuse-15.2|opensuse-tumbleweed|rhel8|rhel7"
if [[ ! ${DISTRO} =~ $SUPPORTED_DISTROS ]]; then
echo "WARNING: this script has not been tested on $DISTRO"
if [[ "$FORCE" != "yes" ]]; then
die $LINENO "If you wish to run this script anyway run with FORCE=yes"
fi
fi
6.11 执行Devstack脚本
执行Devsyack安装脚本,脚本执行完成后会输出安装信息以及操作系统的版本信息。
[root@controller ~]# ./devstack/stack.sh
DevStack Component Timing
(times are in seconds)
=========================
run_process 28
test_with_retry 4
apt-get-update 17
async_wait 0
osc 482
wait_for_service 14
dbsync 77
pip_install 98
apt-get 9
-------------------------
Unaccounted time 951
=========================
Total runtime 1680
This is your host IP address: 192.168.4.220
This is your host IPv6 address: ::1
Keystone is serving at http://192.168.4.220/identity/
The default users are: admin and demo
The password: tera123
Services are running under systemd unit files.
For more information see:
https://docs.openstack.org/devstack/latest/systemd.html
DevStack Version: wallaby
Change: 83821a11ac1d6738b63cb10878b8aaa02e153374 Merge "Address feedback from glance-remote patch" 2021-03-23 16:56:21 +0000
OS Version: CentOS Linux release 7.8.2003 (Core)
7 配置OpenStack-ironic
7.1 上传Deploy Images(控制节点)
镜像通过disk-image-create命令构建。
[root@controller ~]# glance image-create --name deploy-vmlinuz --visibility public --disk-format aki --container-format aki < coreos_production_pxe.vmlinuz
[root@controller ~]# glance image-create --name deploy-initrd --visibility public --disk-format ari --container-format ari < coreos_production_pxe_image-oem.cpio.gz
[root@controller ~]# glance image-create --name my-image.vmlinuz --visibility public --disk-format aki --container-format aki < my-image.vmlinuz
[root@controller ~]# glance image-create --name my-image.initrd --visibility public --disk-format ari --container-format ari < my-image.initrd
[root@controller ~]# export MY_VMLINUZ_UUID=$(openstack image list | awk '/my-image.vmlinuz/ { print $2 }')
[root@controller ~]# export MY_INITRD_UUID=$(openstack image list | awk '/my-image.initrd/ { print $2 }')
[root@controller ~]# glance image-create --name my-image --visibility \
public --disk-format qcow2 --container-format bare --property \
kernel_id=$MY_VMLINUZ_UUID --property ramdisk_id=$MY_INITRD_UUID < my-image.qcow2
为了OpenStack-Helm项目的快速部署、验证与研究,本次部署采用AIO(All in one)模式,因此需要注意的是,若要安装所有的功能模块至少保证服务器的内存资源不小于16G,否则可能会导致部署失败。
3.3 实施部署前的环境准备
进行实施部署前的环境准备工作,包括系统基础环境和网络代理配置。
配置Sudo免密:
noone@noone-virtual-machine:~$ chmod +w /etc/sudoers
noone@noone-virtual-machine:~$ sudo vim /etc/sudoers
noone@noone-virtual-machine:~$ sudo cat /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
noone ALL=(ALL) NOPASSWD:ALL
#includedir /etc/sudoers.d
noone@noone-virtual-machine:~$
配置Ubuntu的软件源列表、更新系统中的软件包:
noone@noone-virtual-machine:~$ cd /etc/apt/
noone@noone-virtual-machine:/etc/apt$ cat sources.list
deb http://mirrors.163.com/ubuntu/ bionic main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ bionic-security main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ bionic-updates main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ bionic-backports main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ bionic main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ bionic-security main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ bionic-updates main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ bionic-proposed main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ bionic-backports main restricted universe multiverse
noone@noone-virtual-machine:/etc/apt$ sudo apt update
noone@noone-virtual-machine:/etc/apt$ sudo apt upgrade
noone@noone-virtual-machine:~$ sudo vim /etc/privoxy/config
......
# Suppose you are running Privoxy on an IPv6-capable machine and
# you want it to listen on the IPv6 address of the loopback
# device:
#
# listen-address [::1]:8118
#
listen-address 127.0.0.1:8118
listen-address [::1]:8118
#
......
# To chain Privoxy and Tor, both running on the same system, you
# would use something like:
#
# forward-socks5t / 127.0.0.1:9050 .
#
注释:
此处的配置,将本地转发到8118端口的流量,转发到192.168.0.60:10808,此接口是局域网中代理软件提供的
forward-socks5 / 192.168.0.60:10808 .
#
# Note that if you got Tor through one of the bundles, you may
# have to change the port from 9050 to 9150 (or even another
# one). For details, please check the documentation on the Tor
# website.
#
# The public Tor network can't be used to reach your local
# network, if you need to access local servers you therefore
# might want to make some exceptions:
#
# forward 192.168.*.*/ .
# forward 10.*.*.*/ .
# forward 127.*.*.*/ .
#
forward 192.168.*.*/ .
forward 10.*.*.*/ .
forward 127.*.*.*/ .
forward 172.24.*.*/ .
#
......
# Examples:
#
# forwarded-connect-retries 1
#
forwarded-connect-retries 1
#
......
noone@noone-virtual-machine:/tmp$ wget www.google.com
--2021-03-24 10:21:45-- http://www.google.com/
Connecting to 127.0.0.1:8118... connected.
Proxy request sent, awaiting response... 200 OK
Length: 12823 (13K) [text/html]
Saving to: ‘index.html’
index.html 100%[=====>] 12.52K --.-KB/s in 0s
2021-03-24 10:21:47 (187 MB/s) - ‘index.html’ saved [12823/12823]
noone@noone-virtual-machine:/tmp$
修改NSSwitch配置文件指定行:
noone@noone-virtual-machine:~$ cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
……
hosts: files dns
……
noone@noone-virtual-machine:~$
[root@controller ~]# mysql -uroot -p
MariaDB [(none)]> CREATE DATABASE zun;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON zun.* TO 'zun'@'localhost' \
IDENTIFIED BY 'ZUN_PASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON zun.* TO 'zun'@'%' \
IDENTIFIED BY 'ZUN_PASS';